You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by mm...@apache.org on 2018/11/16 22:58:18 UTC
[geode-native] branch develop updated: GEODE-6043: Improve Auth
example (#405)
This is an automated email from the ASF dual-hosted git repository.
mmartell pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-native.git
The following commit(s) were added to refs/heads/develop by this push:
new f19b552 GEODE-6043: Improve Auth example (#405)
f19b552 is described below
commit f19b552c9c9ec68c3f2abeb227b8b0e1e90012ea
Author: Michael Martell <mm...@pivotal.io>
AuthorDate: Fri Nov 16 14:58:14 2018 -0800
GEODE-6043: Improve Auth example (#405)
* Improve Auth example
- Implement end to end authentication
- Updated function-execution script deploy command
- Rename DummyAuth to SimpleAuth
- Remove unneccessary java class comments
- Checkin clang-format change to ExecutionImpl.cpp to fix Tracis CI.
---
cppcache/src/ExecutionImpl.cpp | 5 +-
examples/cpp/function-execution/startserver.sh | 2 +-
.../dotnet/AuthInitialize/ExampleAuthInitialize.cs | 4 +-
examples/dotnet/AuthInitialize/README.md | 29 ++++----
examples/dotnet/AuthInitialize/startserver.ps1 | 10 ++-
examples/utilities/CMakeLists.txt | 3 +
examples/utilities/CMakeLists.txt.in | 3 +-
examples/utilities/SimpleAuthenticator.java | 84 ++++++++++++++++++++++
examples/utilities/UserPasswordAuthInit.java | 81 +++++++++++++++++++++
examples/utilities/UsernamePrincipal.java | 43 +++++++++++
10 files changed, 242 insertions(+), 22 deletions(-)
diff --git a/cppcache/src/ExecutionImpl.cpp b/cppcache/src/ExecutionImpl.cpp
index 10de65b..516a5d5 100644
--- a/cppcache/src/ExecutionImpl.cpp
+++ b/cppcache/src/ExecutionImpl.cpp
@@ -131,9 +131,8 @@ std::shared_ptr<ResultCollector> ExecutionImpl::execute(
serverOptimizeForWrite = ((attr->at(2) == 1) ? true : false);
LOGDEBUG(
- "ExecutionImpl::execute got functionAttributes from server for function = "
- "%s serverHasResult = %d "
- " serverIsHA = %d serverOptimizeForWrite = %d ",
+ "ExecutionImpl::execute got functionAttributes from server for function "
+ "= %s serverHasResult = %d serverIsHA = %d serverOptimizeForWrite = %d ",
func.c_str(), serverHasResult, serverIsHA, serverOptimizeForWrite);
if (serverHasResult == false) {
diff --git a/examples/cpp/function-execution/startserver.sh b/examples/cpp/function-execution/startserver.sh
index 057c379..9f6c8e8 100755
--- a/examples/cpp/function-execution/startserver.sh
+++ b/examples/cpp/function-execution/startserver.sh
@@ -29,6 +29,6 @@ else
fi
fi
-$GFSH_PATH -e "start locator --name=locator" -e "deploy --jar=./example.jar" -e "start server --name=the-server --server-port=50505" -e "create region --name=partition_region --type=PARTITION"
+$GFSH_PATH -e "start locator --name=locator" -e "deploy --jar=../../utilities/example.jar" -e "start server --name=the-server --server-port=50505" -e "create region --name=partition_region --type=PARTITION"
diff --git a/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs b/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs
index 022937f..103e6ff 100644
--- a/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs
+++ b/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs
@@ -40,8 +40,8 @@ namespace Apache.Geode.Examples.AuthInitialize
Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
var credentials = new Properties<string, object>();
- credentials.Insert("username", "john");
- credentials.Insert("password", "secret");
+ credentials.Insert("security-username", "root");
+ credentials.Insert("security-password", "root");
return credentials;
}
}
diff --git a/examples/dotnet/AuthInitialize/README.md b/examples/dotnet/AuthInitialize/README.md
index 3298edf..45da800 100644
--- a/examples/dotnet/AuthInitialize/README.md
+++ b/examples/dotnet/AuthInitialize/README.md
@@ -1,24 +1,29 @@
# AuthInitialize Example
This example shows how to create and register a custom `IAuthIntialize` authentication
-handler.
+handler on the client that authenticates against a server that was started with the corresponding authenticator.
## Prerequisites
* Install [Apache Geode](https://geode.apache.org)
* Build and install [Apache Geode Native](https://github.com/apache/geode-native)
+* Apache Geode Native examples, built and installed.
+* A `GEODE_HOME` environment variable set to the location of the Apache Geode installation.
+* `GEODE_HOME/bin` in the execution path.
## Running
-* Start Geode Server and create region.
+1. Set the current directory to the `AuthInitialize` directory in your example workspace.
+
```
- gfsh>start locator --name=locator
- gfsh>start server --name=server
- gfsh>create region --name=region --type=PARTITION
+ $ cd workspace/examples/dotnet/AuthInitialize
```
-* Execute `Apache.Geode.Examples.AuthInitialize.exe`.
-
- output:
+
+2. Run the `startserver.ps1` script to start the Geode cluster with authentication and create a region.
+
+3. Execute `AuthInitialize.exe`:
+
```
- ExampleAuthInitialize::ExampleAuthInitialize called
- ExampleAuthInitialize::GetCredentials called
- a = 1
- b = 2
+.\AuthInitialize.exe
+ExampleAuthInitialize::ExampleAuthInitialize called
+ExampleAuthInitialize::GetCredentials called
+a = 1
+b = 2
```
diff --git a/examples/dotnet/AuthInitialize/startserver.ps1 b/examples/dotnet/AuthInitialize/startserver.ps1
index 8c99be1..354e7c3 100644
--- a/examples/dotnet/AuthInitialize/startserver.ps1
+++ b/examples/dotnet/AuthInitialize/startserver.ps1
@@ -35,5 +35,11 @@ else
if ($GFSH_PATH -ne "")
{
- Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator' -e 'start server --name=server --dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'"
-}
\ No newline at end of file
+ # Set this variable to include your java object that implements the Authenticator class
+ $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
+
+ # Set this variable to the full name of your Authenticator.create function
+ $AUTHENTICATOR = 'javaobject.SimpleAuthenticator.create'
+
+ Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator' -e 'start server --name=server --classpath=$RESOLVEDPATH --J=-Dgemfire.security-client-authenticator=$AUTHENTICATOR --dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'"
+}
diff --git a/examples/utilities/CMakeLists.txt b/examples/utilities/CMakeLists.txt
index 824a8ff..0fe49ba 100644
--- a/examples/utilities/CMakeLists.txt
+++ b/examples/utilities/CMakeLists.txt
@@ -22,5 +22,8 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMakeLists.txt.in ${CMAKE_CURRENT_BIN
install(FILES
${CMAKE_CURRENT_BINARY_DIR}/CMakeLists.txt
${CMAKE_CURRENT_SOURCE_DIR}/ExampleMultiGetFunction.java
+ ${CMAKE_CURRENT_SOURCE_DIR}/SimpleAuthenticator.java
+ ${CMAKE_CURRENT_SOURCE_DIR}/UserPasswordAuthInit.java
+ ${CMAKE_CURRENT_SOURCE_DIR}/UsernamePrincipal.java
DESTINATION examples/utilities)
diff --git a/examples/utilities/CMakeLists.txt.in b/examples/utilities/CMakeLists.txt.in
index 48cdc1a..c46dfa8 100644
--- a/examples/utilities/CMakeLists.txt.in
+++ b/examples/utilities/CMakeLists.txt.in
@@ -26,6 +26,5 @@ file(GLOB_RECURSE SOURCES "*.java")
add_jar(example ${SOURCES}
INCLUDE_JARS ${Geode_CLASSPATH}
- OUTPUT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../cpp/function-execution
+ OUTPUT_DIR ${CMAKE_CURRENT_SOURCE_DIR}../
)
-
diff --git a/examples/utilities/SimpleAuthenticator.java b/examples/utilities/SimpleAuthenticator.java
new file mode 100644
index 0000000..68f0909
--- /dev/null
+++ b/examples/utilities/SimpleAuthenticator.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javaobject;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import org.apache.geode.LogWriter;
+import org.apache.geode.distributed.DistributedMember;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.Authenticator;
+import javaobject.UserPasswordAuthInit;
+import javaobject.UsernamePrincipal;
+
+/**
+ * A dummy implementation of the {@link Authenticator} interface that expects a
+ * user name and password allowing authentication depending on the format of the
+ * user name.
+ *
+ */
+public class SimpleAuthenticator implements Authenticator {
+
+ public static Authenticator create() {
+ return new SimpleAuthenticator();
+ }
+
+ public SimpleAuthenticator() {
+ }
+
+ public void init(Properties systemProps, LogWriter systemLogger,
+ LogWriter securityLogger) throws AuthenticationFailedException {
+ }
+
+ public static boolean testValidName(String userName) {
+
+ return (userName.startsWith("user") || userName.startsWith("reader")
+ || userName.startsWith("writer") || userName.equals("admin")
+ || userName.equals("root") || userName.equals("administrator"));
+ }
+
+ public Principal authenticate(Properties props, DistributedMember member)
+ throws AuthenticationFailedException {
+
+ String userName = props.getProperty(UserPasswordAuthInit.USER_NAME);
+ if (userName == null) {
+ throw new AuthenticationFailedException(
+ "SimpleAuthenticator: user name property ["
+ + UserPasswordAuthInit.USER_NAME + "] not provided");
+ }
+ String password = props.getProperty(UserPasswordAuthInit.PASSWORD);
+ if (password == null) {
+ throw new AuthenticationFailedException(
+ "SimpleAuthenticator: password property ["
+ + UserPasswordAuthInit.PASSWORD + "] not provided");
+ }
+
+ if (userName.equals(password) && testValidName(userName)) {
+ return new UsernamePrincipal(userName);
+ }
+ else {
+ throw new AuthenticationFailedException(
+ "SimpleAuthenticator: Invalid user name [" + userName
+ + "], password supplied.");
+ }
+ }
+
+ public void close() {
+ }
+
+}
diff --git a/examples/utilities/UserPasswordAuthInit.java b/examples/utilities/UserPasswordAuthInit.java
new file mode 100644
index 0000000..d40ba67
--- /dev/null
+++ b/examples/utilities/UserPasswordAuthInit.java
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javaobject;
+
+import java.util.Properties;
+
+import org.apache.geode.LogWriter;
+import org.apache.geode.distributed.DistributedMember;
+import org.apache.geode.security.AuthInitialize;
+import org.apache.geode.security.AuthenticationFailedException;
+
+/**
+ * An {@link AuthInitialize} implementation that obtains the user name and
+ * password as the credentials from the given set of properties.
+ *
+ * To use this class the <c>security-client-auth-init</c> property should be
+ * set to the fully qualified name the static <code>create</code> function
+ * viz. <code>templates.security.UserPasswordAuthInit.create</code>
+ *
+ */
+public class UserPasswordAuthInit implements AuthInitialize {
+
+ public static final String USER_NAME = "security-username";
+
+ public static final String PASSWORD = "security-password";
+
+ protected LogWriter securitylog;
+
+ protected LogWriter systemlog;
+
+ public static AuthInitialize create() {
+ return new UserPasswordAuthInit();
+ }
+
+ public void init(LogWriter systemLogger, LogWriter securityLogger)
+ throws AuthenticationFailedException {
+ this.systemlog = systemLogger;
+ this.securitylog = securityLogger;
+ }
+
+ public UserPasswordAuthInit() {
+ }
+
+ public Properties getCredentials(Properties props, DistributedMember server,
+ boolean isPeer) throws AuthenticationFailedException {
+
+ Properties newProps = new Properties();
+ String userName = props.getProperty(USER_NAME);
+ if (userName == null) {
+ throw new AuthenticationFailedException(
+ "UserPasswordAuthInit: user name property [" + USER_NAME
+ + "] not set.");
+ }
+ newProps.setProperty(USER_NAME, userName);
+ String passwd = props.getProperty(PASSWORD);
+ // If password is not provided then use empty string as the password.
+ if (passwd == null) {
+ passwd = "";
+ }
+ newProps.setProperty(PASSWORD, passwd);
+ return newProps;
+ }
+
+ public void close() {
+ }
+
+}
diff --git a/examples/utilities/UsernamePrincipal.java b/examples/utilities/UsernamePrincipal.java
new file mode 100644
index 0000000..faeb770
--- /dev/null
+++ b/examples/utilities/UsernamePrincipal.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javaobject;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * An implementation of {@link Principal} class for a simple user name.
+ *
+ */
+public class UsernamePrincipal implements Principal, Serializable {
+
+ private final String userName;
+
+ public UsernamePrincipal(String userName) {
+ this.userName = userName;
+ }
+
+ public String getName() {
+ return this.userName;
+ }
+
+ @Override
+ public String toString() {
+ return this.userName;
+ }
+
+}