You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2018/01/04 20:55:33 UTC

[geode] branch develop updated: GEODE-4193: fix password file security in JMX (#1227)

This is an automated email from the ASF dual-hosted git repository.

jinmeiliao pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git


The following commit(s) were added to refs/heads/develop by this push:
     new 57baff1  GEODE-4193: fix password file security in JMX (#1227)
57baff1 is described below

commit 57baff15fc9b987be1869ee507f0a430111cadc9
Author: jinmeiliao <ji...@pivotal.io>
AuthorDate: Thu Jan 4 12:55:29 2018 -0800

    GEODE-4193: fix password file security in JMX (#1227)
---
 .../internal/cli/shell/JmxOperationInvoker.java    | 11 ++++-
 .../internal/security/JmxPasswordFileTest.java     | 55 ++++++++++++++++++++++
 2 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
index 6c0b304..f77c2e4 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
@@ -51,6 +51,7 @@ import org.apache.geode.management.internal.MBeanJMXAdapter;
 import org.apache.geode.management.internal.ManagementConstants;
 import org.apache.geode.management.internal.cli.CommandRequest;
 import org.apache.geode.management.internal.cli.LogWrapper;
+import org.apache.geode.management.internal.security.ResourceConstants;
 
 /**
  * OperationInvoker JMX Implementation
@@ -100,7 +101,15 @@ public class JmxOperationInvoker implements OperationInvoker {
       final Map<String, Object> env = new HashMap<>();
 
       env.put(JMXConnectionListener.CHECK_PERIOD_PROP, JMXConnectionListener.CHECK_PERIOD);
-      env.put(JMXConnector.CREDENTIALS, gfProperties);
+
+      // when not using JMXShiroAuthenticator in the integrated security, JMX own password file
+      // authentication requires the credentials been sent in String[] format.
+      // Our JMXShiroAuthenticator handles both String[] and Properties format
+      String username = gfProperties.getProperty(ResourceConstants.USER_NAME);
+      String password = gfProperties.getProperty(ResourceConstants.PASSWORD);
+      if (username != null) {
+        env.put(JMXConnector.CREDENTIALS, new String[] {username, password});
+      }
 
       SSLConfig sslConfig = SSLConfigurationFactory.getSSLConfigForComponent(gfProperties,
           SecurableCommunicationChannel.JMX);
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/JmxPasswordFileTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/JmxPasswordFileTest.java
new file mode 100644
index 0000000..2a96b37
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/JmxPasswordFileTest.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.security;
+
+import static org.apache.geode.test.junit.rules.GfshCommandRule.PortType.jmxManager;
+
+import java.io.File;
+import java.util.Collections;
+
+import org.apache.commons.io.FileUtils;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TemporaryFolder;
+
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.rules.GfshCommandRule;
+import org.apache.geode.test.junit.rules.LocatorStarterRule;
+
+
+@Category(IntegrationTest.class)
+public class JmxPasswordFileTest {
+  @Rule
+  public LocatorStarterRule locator = new LocatorStarterRule();
+
+  @Rule
+  public GfshCommandRule gfsh = new GfshCommandRule();
+
+  @Rule
+  public TemporaryFolder temporaryFolder = new TemporaryFolder();
+
+  @Test
+  public void connectWhenJmxManagerSecuredWithPasswordFile() throws Exception {
+    File passwordFile = temporaryFolder.newFile("password.properties");
+    FileUtils.writeLines(passwordFile, Collections.singleton("user user"));
+    locator.withProperty("jmx-manager-password-file", passwordFile.getAbsolutePath());
+
+    locator.startLocator();
+
+    gfsh.secureConnectAndVerify(locator.getJmxPort(), jmxManager, "user", "user");
+  }
+}

-- 
To stop receiving notification emails like this one, please contact
['"commits@geode.apache.org" <co...@geode.apache.org>'].