You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by je...@apache.org on 2016/03/21 21:40:23 UTC
[52/54] [abbrv] incubator-geode git commit: Merge branch 'develop'
into feature/GEODE-17-2
Merge branch 'develop' into feature/GEODE-17-2
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/da7a76de
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/da7a76de
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/da7a76de
Branch: refs/heads/feature/GEODE-17-2
Commit: da7a76defd44b172ed8d7987c93e2d39576289bf
Parents: 386ace7 ff55590
Author: Jens Deppe <jd...@pivotal.io>
Authored: Fri Mar 18 07:20:59 2016 -0700
Committer: Jens Deppe <jd...@pivotal.io>
Committed: Fri Mar 18 07:20:59 2016 -0700
----------------------------------------------------------------------
.travis.yml | 7 +-
README.md | 16 +-
extensions/geode-modules-assembly/build.gradle | 10 +-
extensions/geode-modules/build.gradle | 3 +-
geode-assembly/build.gradle | 27 +-
.../LauncherLifecycleCommandsDUnitTest.java | 10 +-
.../rest/internal/web/RestFunctionTemplate.java | 23 +
...stAPIOnRegionFunctionExecutionDUnitTest.java | 479 +-
.../web/controllers/RestAPITestBase.java | 209 +-
...tAPIsOnGroupsFunctionExecutionDUnitTest.java | 310 +-
...APIsOnMembersFunctionExecutionDUnitTest.java | 299 +-
geode-core/build.gradle | 13 +-
.../com/gemstone/gemfire/DataSerializable.java | 2 +-
.../internal/doc-files/config-hierarchy.fig | 156 -
.../admin/internal/doc-files/health-classes.fig | 233 -
.../admin/internal/doc-files/health-classes.gif | Bin 8973 -> 0 bytes
.../gemfire/admin/internal/package.html | 4 +-
.../client/doc-files/example-client-cache.xml | 46 -
.../gemfire/cache/client/internal/Endpoint.java | 2 +-
.../internal/PdxRegistryRecoveryListener.java | 6 +-
.../gemfire/cache/client/internal/PoolImpl.java | 5 +-
.../gemfire/cache/client/internal/PutAllOp.java | 8 +-
.../gemfire/cache/client/internal/PutOp.java | 15 +-
.../doc-files/ConnectionManagerImpl.dia | Bin 2034 -> 0 bytes
.../doc-files/ConnectionManagerImpl.png | Bin 11825 -> 0 bytes
.../client/internal/doc-files/PoolImpl.dia | Bin 3083 -> 0 bytes
.../internal/doc-files/QueueManagerImpl.dia | Bin 2180 -> 0 bytes
.../internal/doc-files/QueueManagerImpl.png | Bin 15075 -> 0 bytes
.../doc-files/client_static_diagram.png | Bin 29430 -> 0 bytes
.../gemfire/cache/client/internal/package.html | 6 +-
.../gemstone/gemfire/cache/client/package.html | 2 +-
.../gemfire/cache/doc-files/architecture.fig | 170 -
.../gemfire/cache/doc-files/architecture.gif | Bin 9983 -> 0 bytes
.../cache/doc-files/entry-life-cycle.fig | 64 -
.../cache/doc-files/entry-life-cycle.gif | Bin 3357 -> 0 bytes
.../gemfire/cache/doc-files/example-cache.xml | 98 -
.../gemfire/cache/doc-files/example2-cache.xml | 63 -
.../gemfire/cache/doc-files/example3-cache.xml | 60 -
.../cache/doc-files/partitioned-regions.fig | 267 -
.../cache/doc-files/partitioned-regions.gif | Bin 9494 -> 0 bytes
.../operations/PutAllOperationContext.java | 275 +-
.../internal/GetOperationContextImpl.java | 24 +-
.../operations/internal/UpdateOnlyMap.java | 304 +
.../com/gemstone/gemfire/cache/package.html | 8 +-
.../query/internal/index/AbstractIndex.java | 8 +-
.../query/internal/index/DummyQRegion.java | 14 +-
.../cache/query/internal/index/HashIndex.java | 6 +-
.../query/internal/index/IndexElemArray.java | 34 +-
.../query/internal/index/IndexManager.java | 10 +-
.../gemfire/distributed/ServerLauncher.java | 56 +-
.../ServerLauncherCacheProvider.java | 34 +
.../DefaultServerLauncherCacheProvider.java | 57 +
.../internal/DistributionConfigImpl.java | 33 +-
.../internal/InternalDistributedSystem.java | 22 +-
.../internal/LonerDistributionManager.java | 4 +-
.../internal/direct/DirectChannel.java | 31 +-
.../internal/doc-files/config-classes.fig | 138 -
.../internal/doc-files/config-classes.gif | Bin 4205 -> 0 bytes
.../doc-files/distribution-managers.fig | 76 -
.../doc-files/distribution-managers.gif | Bin 3267 -> 0 bytes
.../internal/locks/doc-files/elder.fig | 84 -
.../internal/locks/doc-files/elder.jpg | Bin 55182 -> 0 bytes
.../internal/locks/doc-files/turks.fig | 128 -
.../internal/locks/doc-files/turks.jpg | Bin 79859 -> 0 bytes
.../distributed/internal/locks/package.html | 4 +-
.../membership/gms/auth/GMSAuthenticator.java | 98 +-
.../membership/gms/fd/GMSHealthMonitor.java | 2 +-
.../membership/gms/membership/GMSJoinLeave.java | 29 +-
.../gms/messages/JoinResponseMessage.java | 15 -
.../gms/messenger/JGroupsMessenger.java | 5 +
.../gemfire/distributed/internal/package.html | 2 +-
.../internal/tcpserver/TcpClient.java | 16 +-
.../internal/tcpserver/TcpServer.java | 0
.../doc-files/data-serialization-exceptions.fig | 135 -
.../doc-files/data-serialization-exceptions.gif | Bin 3666 -> 0 bytes
.../gemfire/internal/AbstractConfig.java | 2 +
.../gemfire/internal/SocketCreator.java | 2 +-
.../admin/doc-files/class-hierarchy.fig | 224 -
.../admin/doc-files/class-hierarchy.gif | Bin 11971 -> 0 bytes
.../internal/cache/AbstractRegionEntry.java | 107 +-
.../internal/cache/AbstractRegionMap.java | 81 +-
.../gemfire/internal/cache/BucketRegion.java | 36 +-
.../cache/BytesAndBitsForCompactor.java | 18 +-
.../internal/cache/CachedDeserializable.java | 8 +
.../cache/CachedDeserializableFactory.java | 4 +-
.../gemfire/internal/cache/DiskEntry.java | 113 +-
.../gemfire/internal/cache/DiskStoreImpl.java | 4 -
.../internal/cache/DistributedRegion.java | 12 +-
.../gemfire/internal/cache/EntryEventImpl.java | 161 +-
.../gemfire/internal/cache/LocalRegion.java | 18 +-
.../gemstone/gemfire/internal/cache/Oplog.java | 12 +-
.../internal/cache/PartitionedRegion.java | 1 -
.../cache/PartitionedRegionQueryEvaluator.java | 391 +-
.../cache/PreferBytesCachedDeserializable.java | 11 +-
.../gemfire/internal/cache/RegionEntry.java | 9 +-
.../internal/cache/RemoteDestroyMessage.java | 4 +-
.../cache/SearchLoadAndWriteProcessor.java | 8 +-
.../cache/StoreAllCachedDeserializable.java | 11 +-
.../gemfire/internal/cache/TXManagerImpl.java | 3 +-
.../gemfire/internal/cache/UpdateOperation.java | 2 +-
.../internal/cache/VMCachedDeserializable.java | 9 +-
.../SnappyCompressedCachedDeserializable.java | 10 +
.../cache/control/HeapMemoryMonitor.java | 14 +-
.../cache/control/OffHeapMemoryMonitor.java | 45 +-
.../cache/doc-files/BucketAdvisor-state.png | Bin 39148 -> 0 bytes
.../internal/cache/doc-files/eventmatrix.xls | Bin 24576 -> 0 bytes
.../cache/doc-files/extensible-hashing.fig | 159 -
.../cache/doc-files/extensible-hashing.gif | Bin 6605 -> 0 bytes
.../cache/doc-files/jcache-get-flow.fig | 349 --
.../cache/doc-files/jcache-get-flow.pdf | Bin 7519 -> 0 bytes
.../cache/doc-files/jcache-put-flow.fig | 359 --
.../cache/doc-files/jcache-put-flow.pdf | Bin 7667 -> 0 bytes
.../doc-files/jcache-update-message-flow.fig | 334 -
.../doc-files/jcache-update-message-flow.pdf | Bin 5937 -> 0 bytes
.../cache/doc-files/partitioned-regions.fig | 255 -
.../cache/doc-files/partitioned-regions.gif | Bin 9273 -> 0 bytes
.../internal/cache/doc-files/properties.html | 3937 ------------
.../cache/doc-files/region-implementation.fig | 262 -
.../gemfire/internal/cache/package.html | 8 +-
.../cache/partitioned/FetchEntriesMessage.java | 10 +-
.../internal/cache/partitioned/PutMessage.java | 8 +-
.../gemfire/internal/cache/properties.html | 3937 ++++++++++++
.../cache/tier/sockets/AcceptorImpl.java | 9 +-
.../cache/tier/sockets/CacheClientProxy.java | 8 +-
.../tier/sockets/ClientUpdateMessageImpl.java | 2 +-
.../internal/cache/tier/sockets/HandShake.java | 3 +-
.../internal/cache/tier/sockets/Message.java | 2 +-
.../internal/cache/tier/sockets/Part.java | 51 +-
.../cache/tier/sockets/command/Get70.java | 19 +-
.../cache/tier/sockets/command/PutAll.java | 4 +
.../cache/tier/sockets/command/PutAll70.java | 4 +
.../cache/tier/sockets/command/PutAll80.java | 4 +
.../cache/tier/sockets/command/Request.java | 8 +-
.../doc-files/communication-architecture.fig | 158 -
.../doc-files/communication-architecture.gif | Bin 5485 -> 0 bytes
.../AbstractGatewaySenderEventProcessor.java | 48 +-
.../cache/wan/GatewaySenderEventImpl.java | 81 +-
.../parallel/ParallelGatewaySenderQueue.java | 74 +-
.../gemfire/internal/doc-files/cs-maps.fig | 150 -
.../gemfire/internal/doc-files/cs-maps.gif | Bin 5951 -> 0 bytes
.../gemfire/internal/doc-files/ds-map.fig | 105 -
.../gemfire/internal/doc-files/ds-map.gif | Bin 4867 -> 0 bytes
.../internal/doc-files/merge-log-files.fig | 153 -
.../internal/doc-files/merge-log-files.gif | Bin 2646 -> 0 bytes
.../gemfire/internal/i18n/LocalizedStrings.java | 6 +-
.../gemfire/internal/logging/MergeLogFiles.java | 2 +-
.../internal/offheap/AbstractStoredObject.java | 24 +
.../offheap/AddressableMemoryChunk.java | 29 -
.../offheap/AddressableMemoryChunkFactory.java | 27 -
.../offheap/AddressableMemoryManager.java | 261 +
.../internal/offheap/ByteArrayMemoryChunk.java | 77 -
.../internal/offheap/ByteBufferMemoryChunk.java | 90 -
.../gemfire/internal/offheap/DataAsAddress.java | 131 -
.../gemfire/internal/offheap/Fragment.java | 14 +-
.../internal/offheap/FreeListManager.java | 281 +-
.../internal/offheap/LifecycleListener.java | 20 +-
.../internal/offheap/MemoryAllocator.java | 18 +-
.../internal/offheap/MemoryAllocatorImpl.java | 507 ++
.../gemfire/internal/offheap/MemoryBlock.java | 2 +-
.../internal/offheap/MemoryBlockNode.java | 26 +-
.../gemfire/internal/offheap/MemoryChunk.java | 47 -
.../offheap/MemoryChunkWithRefCount.java | 34 -
.../gemfire/internal/offheap/ObjectChunk.java | 737 ---
.../internal/offheap/ObjectChunkSlice.java | 44 -
.../offheap/ObjectChunkWithHeapForm.java | 40 -
.../offheap/OffHeapCachedDeserializable.java | 142 -
.../gemfire/internal/offheap/OffHeapHelper.java | 24 +-
.../internal/offheap/OffHeapMemoryStats.java | 8 +-
.../offheap/OffHeapRegionEntryHelper.java | 28 +-
.../internal/offheap/OffHeapStorage.java | 67 +-
.../internal/offheap/OffHeapStoredObject.java | 718 +++
.../OffHeapStoredObjectAddressStack.java | 141 +
.../offheap/OffHeapStoredObjectSlice.java | 44 +
.../OffHeapStoredObjectWithHeapForm.java | 41 +
.../internal/offheap/RefCountChangeInfo.java | 2 +-
.../internal/offheap/ReferenceCountHelper.java | 4 +-
.../offheap/SimpleMemoryAllocatorImpl.java | 511 --
.../gemstone/gemfire/internal/offheap/Slab.java | 39 +
.../gemfire/internal/offheap/SlabFactory.java | 27 +
.../gemfire/internal/offheap/SlabImpl.java | 61 +
.../gemfire/internal/offheap/StoredObject.java | 117 +-
.../internal/offheap/SyncChunkStack.java | 141 -
.../internal/offheap/TinyStoredObject.java | 229 +
.../internal/offheap/UnsafeMemoryChunk.java | 217 -
.../internal/tcp/ByteBufferInputStream.java | 74 +-
.../tcp/ImmutableByteBufferInputStream.java | 4 +-
.../gemfire/internal/util/BlobHelper.java | 4 +-
.../internal/util/doc-files/call-stack.fig | 34 -
.../internal/util/doc-files/class-loaders.fig | 49 -
.../internal/beans/MemberMBeanBridge.java | 2 +-
.../management/internal/cli/shell/Gfsh.java | 2 +-
.../gemfire/pdx/internal/PdxInputStream.java | 4 +-
.../gemstone/gemfire/pdx/internal/PdxType.java | 2 +-
.../security/GemFireSecurityException.java | 112 +-
.../security/NotAuthorizedException.java | 118 +-
.../javadoc-images/BucketAdvisor-state.png | Bin 0 -> 39148 bytes
.../javadoc-images/ConnectionManagerImpl.dia | Bin 0 -> 2034 bytes
.../javadoc-images/ConnectionManagerImpl.png | Bin 0 -> 11825 bytes
.../javadoc-images/QueueManagerImpl.dia | Bin 0 -> 2180 bytes
.../javadoc-images/QueueManagerImpl.png | Bin 0 -> 15075 bytes
.../javadoc-images/class-hierarchy.fig | 224 +
.../javadoc-images/class-hierarchy.gif | Bin 0 -> 11971 bytes
.../javadoc-images/client_static_diagram.png | Bin 0 -> 29430 bytes
.../data-serialization-exceptions.fig | 135 +
.../data-serialization-exceptions.gif | Bin 0 -> 3666 bytes
.../javadoc-images/distribution-managers.fig | 76 +
.../javadoc-images/distribution-managers.gif | Bin 0 -> 3267 bytes
.../src/main/resources/javadoc-images/elder.fig | 84 +
.../src/main/resources/javadoc-images/elder.jpg | Bin 0 -> 55182 bytes
.../javadoc-images/entry-life-cycle.fig | 64 +
.../javadoc-images/entry-life-cycle.gif | Bin 0 -> 3357 bytes
.../resources/javadoc-images/eventmatrix.xls | Bin 0 -> 24576 bytes
.../resources/javadoc-images/example-cache.xml | 98 +
.../javadoc-images/example-client-cache.xml | 46 +
.../resources/javadoc-images/example2-cache.xml | 63 +
.../resources/javadoc-images/example3-cache.xml | 60 +
.../javadoc-images/extensible-hashing.fig | 159 +
.../javadoc-images/extensible-hashing.gif | Bin 0 -> 6605 bytes
.../resources/javadoc-images/health-classes.gif | Bin 0 -> 8973 bytes
.../javadoc-images/jcache-get-flow.fig | 349 ++
.../javadoc-images/jcache-get-flow.pdf | Bin 0 -> 7519 bytes
.../javadoc-images/jcache-put-flow.fig | 359 ++
.../javadoc-images/jcache-put-flow.pdf | Bin 0 -> 7667 bytes
.../jcache-update-message-flow.fig | 334 +
.../jcache-update-message-flow.pdf | Bin 0 -> 5937 bytes
.../javadoc-images/merge-log-files.fig | 153 +
.../javadoc-images/merge-log-files.gif | Bin 0 -> 2646 bytes
.../javadoc-images/partitioned-regions.fig | 255 +
.../javadoc-images/partitioned-regions.gif | Bin 0 -> 9273 bytes
.../src/main/resources/javadoc-images/turks.fig | 128 +
.../src/main/resources/javadoc-images/turks.jpg | Bin 0 -> 79859 bytes
.../gemfire/SystemFailureJUnitTest.java | 5 +-
.../cache/ConnectionPoolAutoDUnitTest.java | 54 +
.../gemfire/cache/ConnectionPoolDUnitTest.java | 5880 ++++++++++++++++++
.../CacheServerSSLConnectionDUnitTest.java | 124 +-
.../internal/index/IndexElemArrayJUnitTest.java | 66 +-
.../gemfire/cache30/CacheXml80DUnitTest.java | 2 +
.../cache30/ClientMembershipDUnitTest.java | 213 +-
.../gemfire/cache30/ClientServerTestCase.java | 12 +-
.../DistributedMulticastRegionDUnitTest.java | 12 +-
.../gemfire/cache30/MultiVMRegionTestCase.java | 36 +-
.../gemfire/distributed/LauncherTestSuite.java | 2 +-
.../MockServerLauncherCacheProvider.java | 42 +
.../ServerLauncherWithProviderJUnitTest.java | 92 +
.../ServerLauncherWithSpringJUnitTest.java | 99 -
.../internal/DistributionAdvisorDUnitTest.java | 3 +-
.../gms/fd/GMSHealthMonitorJUnitTest.java | 20 +-
.../gms/membership/GMSJoinLeaveJUnitTest.java | 14 +-
.../gms/membership/GMSJoinLeaveTestHelper.java | 24 +
.../TcpServerBackwardCompatDUnitTest.java | 97 +-
.../disttx/DistTXManagerImplJUnitTest.java | 6 +
.../internal/SSLConfigIntegrationJUnitTest.java | 2 +-
.../gemfire/internal/SSLConfigJUnitTest.java | 73 +-
.../AbstractDistributedRegionJUnitTest.java | 166 +
.../internal/cache/BucketRegionJUnitTest.java | 186 +-
.../cache/ChunkValueWrapperJUnitTest.java | 188 -
.../cache/ClientServerGetAllDUnitTest.java | 4 +-
.../cache/ClientServerTransactionDUnitTest.java | 58 +-
.../cache/DistributedRegionJUnitTest.java | 101 +
.../gemfire/internal/cache/OffHeapTestUtil.java | 8 +-
.../cache/OffHeapValueWrapperJUnitTest.java | 188 +
.../cache/OldValueImporterTestBase.java | 40 +-
.../internal/cache/TXManagerImplJUnitTest.java | 11 +
.../FetchEntriesMessageJUnitTest.java | 93 +
.../sockets/DurableClientBug39997DUnitTest.java | 6 +
.../cache/tier/sockets/MessageJUnitTest.java | 1 -
.../cache/wan/AsyncEventQueueTestBase.java | 86 +-
.../asyncqueue/AsyncEventListenerDUnitTest.java | 21 +-
.../offheap/ByteArrayMemoryChunkJUnitTest.java | 30 -
.../offheap/DataAsAddressJUnitTest.java | 368 --
.../DirectByteBufferMemoryChunkJUnitTest.java | 33 -
.../internal/offheap/FragmentJUnitTest.java | 22 +-
.../internal/offheap/FreeListManagerTest.java | 448 +-
.../offheap/FreeListOffHeapRegionJUnitTest.java | 2 +-
.../HeapByteBufferMemoryChunkJUnitTest.java | 33 -
.../offheap/LifecycleListenerJUnitTest.java | 50 +-
...moryAllocatorFillPatternIntegrationTest.java | 246 +
.../MemoryAllocatorFillPatternJUnitTest.java | 183 +
.../offheap/MemoryAllocatorJUnitTest.java | 594 ++
.../offheap/MemoryBlockNodeJUnitTest.java | 54 +-
.../offheap/MemoryChunkJUnitTestBase.java | 290 -
.../internal/offheap/MemoryChunkTestSuite.java | 32 -
.../offheap/NullOffHeapMemoryStats.java | 8 +-
.../internal/offheap/ObjectChunkJUnitTest.java | 902 ---
.../offheap/ObjectChunkSliceJUnitTest.java | 72 -
.../ObjectChunkWithHeapFormJUnitTest.java | 64 -
.../offheap/OffHeapHelperJUnitTest.java | 21 +-
.../internal/offheap/OffHeapIndexJUnitTest.java | 2 +-
.../internal/offheap/OffHeapRegionBase.java | 22 +-
.../OffHeapRegionEntryHelperJUnitTest.java | 94 +-
.../offheap/OffHeapStorageJUnitTest.java | 36 +-
...ffHeapStoredObjectAddressStackJUnitTest.java | 290 +
.../offheap/OffHeapStoredObjectJUnitTest.java | 867 +++
.../OffHeapStoredObjectSliceJUnitTest.java | 72 +
...ffHeapStoredObjectWithHeapFormJUnitTest.java | 64 +
.../offheap/OffHeapValidationJUnitTest.java | 10 +-
.../OffHeapWriteObjectAsByteArrayJUnitTest.java | 18 +-
.../OldFreeListOffHeapRegionJUnitTest.java | 2 +-
.../offheap/OutOfOffHeapMemoryDUnitTest.java | 2 +-
...moryAllocatorFillPatternIntegrationTest.java | 246 -
...mpleMemoryAllocatorFillPatternJUnitTest.java | 183 -
.../offheap/SimpleMemoryAllocatorJUnitTest.java | 631 --
.../internal/offheap/StoredObjectTestSuite.java | 8 +-
.../offheap/SyncChunkStackJUnitTest.java | 289 -
.../offheap/TinyMemoryBlockJUnitTest.java | 244 +
.../offheap/TinyStoredObjectJUnitTest.java | 353 ++
.../TxReleasesOffHeapOnCloseJUnitTest.java | 2 +-
.../offheap/UnsafeMemoryChunkJUnitTest.java | 87 -
.../internal/process/PidFileJUnitTest.java | 4 +-
.../management/OffHeapManagementDUnitTest.java | 54 +-
...ersalMembershipListenerAdapterDUnitTest.java | 85 +-
.../OffHeapByteBufferByteSourceJUnitTest.java | 10 +-
.../gemfire/pdx/OffHeapByteSourceJUnitTest.java | 16 +-
.../gemfire/pdx/PdxClientServerDUnitTest.java | 46 +-
.../security/ClientAuthenticationDUnitTest.java | 7 +-
.../security/ClientAuthorizationDUnitTest.java | 40 +-
.../security/ClientAuthorizationTestBase.java | 56 +-
.../security/ClientMultiUserAuthzDUnitTest.java | 5 +-
.../DeltaClientAuthorizationDUnitTest.java | 5 +-
.../DeltaClientPostAuthorizationDUnitTest.java | 5 +-
.../security/GemFireSecurityExceptionTest.java | 167 +
.../security/NotAuthorizedExceptionTest.java | 198 +
.../security/P2PAuthenticationDUnitTest.java | 11 +-
.../gemfire/security/SecurityTestUtil.java | 44 +
.../generator/AuthzCredentialGenerator.java | 446 ++
.../security/generator/CredentialGenerator.java | 332 +
.../DummyAuthzCredentialGenerator.java | 129 +
.../generator/DummyCredentialGenerator.java | 89 +
.../generator/LdapUserCredentialGenerator.java | 163 +
.../generator/PKCSCredentialGenerator.java | 115 +
.../generator/SSLCredentialGenerator.java | 121 +
.../UserPasswordWithExtraPropsAuthInit.java | 69 +
.../generator/XmlAuthzCredentialGenerator.java | 257 +
.../security/templates/DummyAuthenticator.java | 75 +
.../security/templates/DummyAuthorization.java | 122 +
.../templates/FunctionSecurityPrmsHolder.java | 50 +
.../templates/LdapUserAuthenticator.java | 106 +
.../security/templates/PKCSAuthInit.java | 119 +
.../security/templates/PKCSAuthenticator.java | 157 +
.../security/templates/PKCSPrincipal.java | 40 +
.../security/templates/PKCSPrincipalTest.java | 48 +
.../templates/UserPasswordAuthInit.java | 75 +
.../security/templates/UsernamePrincipal.java | 44 +
.../templates/UsernamePrincipalTest.java | 48 +
.../security/templates/XmlAuthorization.java | 614 ++
.../security/templates/XmlErrorHandler.java | 74 +
.../gemfire/test/dunit/DistributedTestCase.java | 5 +-
.../test/dunit/DistributedTestUtils.java | 1 +
.../gemfire/test/dunit/NamedCallable.java | 41 +
.../gemfire/test/dunit/NamedRunnable.java | 41 +
.../com/gemstone/gemfire/test/dunit/VM.java | 61 +
.../dunit/rules/DistributedDisconnectRule.java | 44 +-
.../rules/DistributedExternalResource.java | 27 +-
.../DistributedRestoreSystemProperties.java | 5 +-
.../gemfire/test/dunit/rules/RemoteInvoker.java | 10 +-
.../test/dunit/tests/BasicDUnitTest.java | 66 +
.../com/gemstone/gemfire/test/fake/Fakes.java | 5 +-
.../java/security/AuthzCredentialGenerator.java | 462 --
.../test/java/security/CredentialGenerator.java | 343 -
.../security/DummyAuthzCredentialGenerator.java | 145 -
.../java/security/DummyCredentialGenerator.java | 94 -
.../security/LdapUserCredentialGenerator.java | 160 -
.../java/security/PKCSCredentialGenerator.java | 112 -
.../java/security/SSLCredentialGenerator.java | 117 -
.../UserPasswordWithExtraPropsAuthInit.java | 77 -
.../security/XmlAuthzCredentialGenerator.java | 264 -
.../templates/security/DummyAuthenticator.java | 87 -
.../templates/security/DummyAuthorization.java | 118 -
.../security/FunctionSecurityPrmsHolder.java | 55 -
.../security/LdapUserAuthenticator.java | 117 -
.../java/templates/security/PKCSAuthInit.java | 133 -
.../templates/security/PKCSAuthenticator.java | 167 -
.../java/templates/security/PKCSPrincipal.java | 42 -
.../security/UserPasswordAuthInit.java | 84 -
.../templates/security/UsernamePrincipal.java | 46 -
.../templates/security/XmlAuthorization.java | 675 --
.../templates/security/XmlErrorHandler.java | 82 -
...fire.distributed.ServerLauncherCacheProvider | 1 +
.../gemfire/codeAnalysis/excludedClasses.txt | 1 +
.../sanctionedDataSerializables.txt | 6 +-
.../codeAnalysis/sanctionedSerializables.txt | 10 +-
.../gemfire/security/generator/authz-dummy.xml | 124 +
.../gemfire/security/generator/authz-ldap.xml | 83 +
.../generator/authz-multiUser-dummy.xml | 104 +
.../security/generator/authz-multiUser-ldap.xml | 81 +
.../security/generator/keys/gemfire1.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire10.keystore | Bin 0 -> 1546 bytes
.../security/generator/keys/gemfire11.keystore | Bin 0 -> 1546 bytes
.../security/generator/keys/gemfire2.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire3.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire4.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire5.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire6.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire7.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire8.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire9.keystore | Bin 0 -> 1536 bytes
.../generator/keys/ibm/gemfire1.keystore | Bin 0 -> 1426 bytes
.../generator/keys/ibm/gemfire10.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire11.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire2.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire3.keystore | Bin 0 -> 1426 bytes
.../generator/keys/ibm/gemfire4.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire5.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire6.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire7.keystore | Bin 0 -> 1426 bytes
.../generator/keys/ibm/gemfire8.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire9.keystore | Bin 0 -> 1426 bytes
.../security/generator/keys/ibm/publickeyfile | Bin 0 -> 4535 bytes
.../security/generator/keys/publickeyfile | Bin 0 -> 4535 bytes
.../gemfire/security/templates/authz5_5.dtd | 105 +
.../gemfire/security/templates/authz6_0.dtd | 110 +
.../src/test/resources/lib/authz-dummy.xml | 126 -
.../src/test/resources/lib/authz-ldap.xml | 85 -
.../resources/lib/authz-multiUser-dummy.xml | 106 -
.../test/resources/lib/authz-multiUser-ldap.xml | 83 -
.../test/resources/lib/keys/gemfire1.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire10.keystore | Bin 1546 -> 0 bytes
.../test/resources/lib/keys/gemfire11.keystore | Bin 1546 -> 0 bytes
.../test/resources/lib/keys/gemfire2.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire3.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire4.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire5.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire6.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire7.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire8.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire9.keystore | Bin 1536 -> 0 bytes
.../resources/lib/keys/ibm/gemfire1.keystore | Bin 1426 -> 0 bytes
.../resources/lib/keys/ibm/gemfire10.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire11.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire2.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire3.keystore | Bin 1426 -> 0 bytes
.../resources/lib/keys/ibm/gemfire4.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire5.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire6.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire7.keystore | Bin 1426 -> 0 bytes
.../resources/lib/keys/ibm/gemfire8.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire9.keystore | Bin 1426 -> 0 bytes
.../test/resources/lib/keys/ibm/publickeyfile | Bin 4535 -> 0 bytes
.../src/test/resources/lib/keys/publickeyfile | Bin 4535 -> 0 bytes
.../resources/spring/spring-gemfire-context.xml | 42 -
.../resources/templates/security/authz5_5.dtd | 105 -
.../resources/templates/security/authz6_0.dtd | 110 -
.../internal/cache/PutAllCSDUnitTest.java | 225 +-
.../tier/sockets/DurableClientTestCase.java | 9 +-
.../security/ClientAuthzObjectModDUnitTest.java | 16 +-
.../ClientCQPostAuthorizationDUnitTest.java | 5 +-
.../ClientPostAuthorizationDUnitTest.java | 4 +-
.../gemfire/security/MultiuserAPIDUnitTest.java | 6 +-
.../MultiuserDurableCQAuthzDUnitTest.java | 7 +-
geode-junit/build.gradle | 1 +
.../gemfire/test/junit/ConditionalIgnore.java | 1 -
.../gemfire/test/junit/IgnoreCondition.java | 1 -
.../gemfire/test/junit/IgnoreUntil.java | 1 -
.../com/gemstone/gemfire/test/junit/Repeat.java | 3 +-
.../com/gemstone/gemfire/test/junit/Retry.java | 4 +-
.../test/junit/categories/ContainerTest.java | 3 +-
.../test/junit/categories/DistributedTest.java | 3 +-
.../categories/DistributedTransactionsTest.java | 3 +-
.../test/junit/categories/HydraTest.java | 3 +-
.../test/junit/categories/IntegrationTest.java | 3 +-
.../test/junit/categories/PerformanceTest.java | 3 +-
.../gemfire/test/junit/categories/UITest.java | 3 +-
.../gemfire/test/junit/categories/UnitTest.java | 13 +-
.../gemfire/test/junit/categories/WanTest.java | 5 +-
.../test/junit/rules/ConditionalIgnoreRule.java | 1 -
.../test/junit/rules/ExpectedTimeout.java | 180 -
.../test/junit/rules/ExpectedTimeoutRule.java | 42 +-
.../test/junit/rules/IgnoreUntilRule.java | 1 -
.../gemfire/test/junit/rules/RepeatRule.java | 3 +-
.../gemfire/test/junit/rules/RetryRule.java | 1 -
.../gemfire/test/junit/rules/RuleList.java | 95 +
.../rules/SerializableExternalResource.java | 107 -
.../test/junit/rules/SerializableRuleChain.java | 119 -
.../rules/SerializableTemporaryFolder.java | 70 -
.../test/junit/rules/SerializableTestName.java | 54 -
.../test/junit/rules/SerializableTestRule.java | 33 -
.../junit/rules/SerializableTestWatcher.java | 29 -
.../test/junit/rules/SerializableTimeout.java | 119 -
.../serializable/FieldSerializationUtils.java | 48 +
.../serializable/FieldsOfTemporaryFolder.java | 26 +
.../rules/serializable/FieldsOfTestName.java | 24 +
.../rules/serializable/FieldsOfTimeout.java | 26 +
.../SerializableExternalResource.java | 25 +
.../serializable/SerializableRuleList.java | 78 +
.../SerializableTemporaryFolder.java | 70 +
.../serializable/SerializableTestName.java | 65 +
.../serializable/SerializableTestRule.java | 28 +
.../serializable/SerializableTestWatcher.java | 26 +
.../rules/serializable/SerializableTimeout.java | 104 +
.../junit/support/DefaultIgnoreCondition.java | 3 +-
.../IgnoreConditionEvaluationException.java | 1 -
.../junit/rules/ExpectedTimeoutJUnitTest.java | 204 -
.../junit/rules/ExpectedTimeoutRuleTest.java | 246 +
.../test/junit/rules/IgnoreUntilRuleTest.java | 145 +
.../test/junit/rules/RepeatRuleTest.java | 411 ++
.../rules/RetryRuleGlobalWithErrorTest.java | 326 +
.../rules/RetryRuleGlobalWithExceptionTest.java | 332 +
.../rules/RetryRuleLocalWithErrorTest.java | 265 +
.../rules/RetryRuleLocalWithExceptionTest.java | 276 +
.../gemfire/test/junit/rules/RuleListTest.java | 209 +
.../gemfire/test/junit/rules/TestRunner.java | 35 +
.../examples/RepeatingTestCasesExampleTest.java | 15 +-
.../rules/examples/RetryRuleExampleTest.java | 20 +-
.../rules/examples/RuleAndClassRuleTest.java | 147 +
.../SerializableExternalResourceTest.java | 79 +
.../serializable/SerializableRuleListTest.java | 89 +
.../SerializableTemporaryFolderTest.java | 90 +
.../serializable/SerializableTestNameTest.java | 84 +
.../SerializableTestWatcherTest.java | 79 +
.../serializable/SerializableTimeoutTest.java | 106 +
.../rules/tests/ExpectedTimeoutRuleTest.java | 214 -
.../junit/rules/tests/IgnoreUntilRuleTest.java | 121 -
.../junit/rules/tests/JUnitRuleTestSuite.java | 33 -
.../test/junit/rules/tests/RepeatRuleTest.java | 304 -
.../tests/RetryRuleGlobalWithErrorTest.java | 250 -
.../tests/RetryRuleGlobalWithExceptionTest.java | 254 -
.../tests/RetryRuleLocalWithErrorTest.java | 207 -
.../tests/RetryRuleLocalWithExceptionTest.java | 213 -
.../junit/rules/tests/RuleAndClassRuleTest.java | 138 -
.../test/junit/rules/tests/TestRunner.java | 37 -
.../internal/distributed/LuceneFunction.java | 3 +-
geode-pulse/build.gradle | 12 +
.../pulse/internal/data/JMXDataUpdater.java | 85 +-
.../service/ClusterSelectedRegionService.java | 8 +-
.../ClusterSelectedRegionsMemberService.java | 8 +-
geode-rebalancer/build.gradle | 1 +
geode-site/website/README.md | 2 +-
geode-site/website/Rules | 3 -
geode-site/website/content/community/index.html | 2 +-
geode-site/website/content/docs/index.html | 48 +
geode-site/website/layouts/default.html | 32 -
geode-site/website/layouts/footer.html | 2 +-
geode-site/website/layouts/header.html | 2 +-
.../wan/GatewaySenderEventRemoteDispatcher.java | 44 +-
.../gemfire/internal/cache/wan/WANTestBase.java | 26 +-
.../cache/wan/misc/WANSSLDUnitTest.java | 2 +
...arallelGatewaySenderOperationsDUnitTest.java | 35 +
geode-web-api/build.gradle | 7 +
.../controllers/FunctionAccessController.java | 195 +-
.../rest/internal/web/util/ArrayUtils.java | 12 +-
geode-web/build.gradle | 7 +
gradle/dependency-versions.properties | 4 +-
gradle/java.gradle | 9 -
gradle/rat.gradle | 1 +
gradle/test.gradle | 4 +
545 files changed, 30213 insertions(+), 25049 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java
----------------------------------------------------------------------
diff --cc geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java
index 0000000,b8f2e50..d9aa391
mode 000000,100755..100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java
@@@ -1,0 -1,614 +1,614 @@@
+ /*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ package com.gemstone.gemfire.security.templates;
+
+ import java.io.IOException;
+ import java.io.InputStream;
+ import java.security.Principal;
+ import java.util.ArrayList;
+ import java.util.HashMap;
+ import java.util.HashSet;
+ import java.util.Map;
+ import java.util.Set;
+ import java.util.regex.Matcher;
+ import java.util.regex.Pattern;
+ import javax.xml.parsers.DocumentBuilder;
+ import javax.xml.parsers.DocumentBuilderFactory;
+
+ import com.gemstone.gemfire.LogWriter;
+ import com.gemstone.gemfire.cache.Cache;
+ import com.gemstone.gemfire.cache.operations.ExecuteFunctionOperationContext;
+ import com.gemstone.gemfire.cache.operations.OperationContext;
+ import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+ import com.gemstone.gemfire.cache.operations.QueryOperationContext;
+ import com.gemstone.gemfire.distributed.DistributedMember;
+ import com.gemstone.gemfire.security.AccessControl;
+ import com.gemstone.gemfire.security.NotAuthorizedException;
+ import org.w3c.dom.Attr;
+ import org.w3c.dom.Document;
+ import org.w3c.dom.NamedNodeMap;
+ import org.w3c.dom.Node;
+ import org.w3c.dom.NodeList;
+ import org.xml.sax.EntityResolver;
+ import org.xml.sax.InputSource;
+ import org.xml.sax.SAXException;
+ import org.xml.sax.SAXParseException;
+
+ /**
+ * An implementation of the {@link AccessControl} interface that allows
+ * authorization using the permissions as specified in the given XML
+ * file.
+ *
+ * The format of the XML file is specified in <a href="authz5_5.dtd"/>. It
+ * implements a role-based authorization at the operation level for each region.
+ * Each principal name may be associated with a set of roles. The name of the
+ * principal is obtained using the {@link Principal#getName()} method and no other
+ * information of the principal is utilized. Each role can be provided
+ * permissions to execute operations for each region.
+ *
+ * The top-level element in the XML is "acl" tag that contains the "role" and
+ * "permission" tags. The "role" tag contains the list of users that have been
+ * given that role. The name of the role is specified in the "role" attribute
+ * and the users are contained in the "user" tags insided the "role" tag.
+ *
+ * The "permissions" tag contains the list of operations allowed for a
+ * particular region. The role name is specified as the "role" attribute, the
+ * list of comma separated region names as the optional "regions" attribute and
+ * the operation names are contained in the "operation" tags inside the
+ * "permissions" tag. The allowed operation names are: GET, PUT, PUTALL,
+ * DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST, CONTAINS_KEY, KEY_SET,
+ * QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR, REGION_CREATE,
+ * REGION_DESTROY. These correspond to the operations in the
+ * {@link OperationCode} enumeration with the same name.
+ *
+ * When no region name is specified then the operation is allowed for all
+ * regions in the cache. Any permissions specified for regions using the
+ * "regions" attribute override these permissions. This allows users to provide
+ * generic permissions without any region name, and override for specific
+ * regions specified using the "regions" attribute. A cache-level operation
+ * (e.g. {@link OperationCode#REGION_DESTROY}) specified for a particular region
+ * is ignored i.e. the cache-level operations are only applicable when no region
+ * name is specified. A {@link OperationCode#QUERY} operation is permitted when
+ * either the {@code QUERY} permission is provided at the cache-level for
+ * the user or when {@code QUERY} permission is provided for all the
+ * regions that are part of the query string.
+ *
+ * Any roles specified in the "user" tag that do not have a specified permission
+ * set using the "permission" tags are ignored. When no {@link Principal} is
+ * associated with the current connection, then empty user name is used to
+ * search for the roles so an empty user name can be used to specify roles of
+ * unauthenticated clients (i.e. {@code Everyone}).
+ *
+ * This sample implementation is useful only for pre-operation checks and should
+ * not be used for post-operation authorization since it does nothing useful for
+ * post-operation case.
+ *
+ * @since 5.5
+ */
+ public class XmlAuthorization implements AccessControl {
+
+ public static final String DOC_URI_PROP_NAME = "security-authz-xml-uri";
+
+ private static final Object sync = new Object();
+ private static final String EMPTY_VALUE = "";
+
+ private static final String TAG_ROLE = "role";
+ private static final String TAG_USER = "user";
+ private static final String TAG_PERMS = "permission";
+ private static final String TAG_OP = "operation";
+
+ private static final String ATTR_ROLENAME = "name";
+ private static final String ATTR_ROLE = "role";
+ private static final String ATTR_REGIONS = "regions";
+ private static final String ATTR_FUNCTION_IDS = "functionIds";
+ private static final String ATTR_FUNCTION_OPTIMIZE_FOR_WRITE = "optimizeForWrite";
+ private static final String ATTR_FUNCTION_KEY_SET = "keySet";
+
+ private static String currentDocUri = null;
+ private static Map<String, HashSet<String>> userRoles = null;
+ private static Map<String, Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>>> rolePermissions = null;
+ private static NotAuthorizedException xmlLoadFailure = null;
+
+ private final Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> allowedOps;
+
+ protected LogWriter systemLogWriter;
+ protected LogWriter securityLogWriter;
+
+ /**
+ * Public static factory method to create an instance of
+ * {@code XmlAuthorization}. The fully qualified name of the class
+ * ({@code com.gemstone.gemfire.security.templates.XmlAuthorization.create})
+ * should be mentioned as the {@code security-client-accessor} system
+ * property to enable pre-operation authorization checks as implemented in
+ * this class.
+ *
+ * @return an object of {@code XmlAuthorization} class
+ */
+ public static AccessControl create() {
+ return new XmlAuthorization();
+ }
+
+ /**
+ * Clear all the statically cached information.
+ */
+ public static void clear() {
+ XmlAuthorization.currentDocUri = null;
+ if (XmlAuthorization.userRoles != null) {
+ XmlAuthorization.userRoles.clear();
+ XmlAuthorization.userRoles = null;
+ }
+ if (XmlAuthorization.rolePermissions != null) {
+ XmlAuthorization.rolePermissions.clear();
+ XmlAuthorization.rolePermissions = null;
+ }
+ XmlAuthorization.xmlLoadFailure = null;
+ }
+
+ /**
+ * Change the region name to a standard format having single '/' as separator
+ * and starting with a '/' as in standard POSIX paths
+ */
+ public static String normalizeRegionName(final String regionName) {
+ if (regionName == null || regionName.length() == 0) {
+ return EMPTY_VALUE;
+ }
+
+ char[] resultName = new char[regionName.length() + 1];
+ boolean changed = false;
+ boolean isPrevCharSlash = false;
+ int startIndex;
+
+ if (regionName.charAt(0) != '/') {
+ changed = true;
+ startIndex = 0;
+ } else {
+ isPrevCharSlash = true;
+ startIndex = 1;
+ }
+
+ resultName[0] = '/';
+ int resultLength = 1;
+
+ // Replace all more than one '/'s with a single '/'
+ for (int index = startIndex; index < regionName.length(); ++index) {
+ char currChar = regionName.charAt(index);
+ if (currChar == '/') {
+ if (isPrevCharSlash) {
+ changed = true;
+ continue;
+ }
+ isPrevCharSlash = true;
+ } else {
+ isPrevCharSlash = false;
+ }
+ resultName[resultLength++] = currChar;
+ }
+
+ // Remove any trailing slash
+ if (resultName[resultLength - 1] == '/') {
+ --resultLength;
+ changed = true;
+ }
+
+ if (changed) {
+ return new String(resultName, 0, resultLength);
+ } else {
+ return regionName;
+ }
+ }
+
+ private XmlAuthorization() {
+ this.allowedOps = new HashMap<String, Map<OperationCode, FunctionSecurityPrmsHolder>>();
+ this.systemLogWriter = null;
+ this.securityLogWriter = null;
+ }
+
+ /**
+ * Initialize the {@code XmlAuthorization} callback for a client having
+ * the given principal.
+ *
+ * This method caches the full XML authorization file the first time it is
+ * invoked and caches all the permissions for the provided
+ * {@code principal} to speed up lookup the
+ * {@code authorizeOperation} calls. The permissions for the principal
+ * are maintained as a {@link Map} of region name to the {@link HashSet} of
+ * operations allowed for that region. A global entry with region name as
+ * empty string is also made for permissions provided for all the regions.
+ *
+ * @param principal
+ * the principal associated with the authenticated client
+ * @param cache
+ * reference to the cache object
+ * @param remoteMember
+ * the {@link DistributedMember} object for the remote authenticated
+ * client
+ *
+ * @throws NotAuthorizedException
+ * if some exception condition happens during the initialization
+ * while reading the XML; in such a case all subsequent client
+ * operations will throw {@code NotAuthorizedException}
+ */
+ @Override
+ public void init(final Principal principal, final DistributedMember remoteMember, final Cache cache) throws NotAuthorizedException {
+ synchronized (sync) {
+ XmlAuthorization.init(cache);
+ }
+
+ this.systemLogWriter = cache.getLogger();
+ this.securityLogWriter = cache.getSecurityLogger();
+
+ String name;
+ if (principal != null) {
+ name = principal.getName();
+ } else {
+ name = EMPTY_VALUE;
+ }
+
+ HashSet<String> roles = XmlAuthorization.userRoles.get(name);
+ if (roles != null) {
+ for (String roleName : roles) {
+ Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionOperationMap = XmlAuthorization.rolePermissions.get(roleName);
+ if (regionOperationMap != null) {
+ for (Map.Entry<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionEntry : regionOperationMap.entrySet()) {
+ String regionName = regionEntry.getKey();
+ Map<OperationCode, FunctionSecurityPrmsHolder> regionOperations = this.allowedOps.get(regionName);
+ if (regionOperations == null) {
+ regionOperations = new HashMap<OperationCode, FunctionSecurityPrmsHolder>();
+ this.allowedOps.put(regionName, regionOperations);
+ }
+ regionOperations.putAll(regionEntry.getValue());
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * Return true if the given operation is allowed for the cache/region.
+ *
+ * This looks up the cached permissions of the principal in the map for the
+ * provided region name. If none are found then the global permissions with
+ * empty region name are looked up. The operation is allowed if it is found
+ * this permission list.
+ *
+ * @param regionName
+ * When null then it indicates a cache-level operation, else the
+ * name of the region for the operation.
+ * @param context
+ * the data required by the operation
+ *
+ * @return true if the operation is authorized and false otherwise
+ */
+ @Override
+ public boolean authorizeOperation(String regionName, final OperationContext context) {
+ Map<OperationCode, FunctionSecurityPrmsHolder> operationMap;
+
+ // Check GET permissions for updates from server to client
+ if (context.isClientUpdate()) {
+ operationMap = this.allowedOps.get(regionName);
+ if (operationMap == null && regionName.length() > 0) {
+ operationMap = this.allowedOps.get(EMPTY_VALUE);
+ }
+ if (operationMap != null) {
+ return operationMap.containsKey(OperationCode.GET);
+ }
+ return false;
+ }
+
+ OperationCode opCode = context.getOperationCode();
+ if (opCode.isQuery() || opCode.isExecuteCQ() || opCode.isCloseCQ() || opCode.isStopCQ()) {
+ // First check if cache-level permission has been provided
+ operationMap = this.allowedOps.get(EMPTY_VALUE);
+ boolean globalPermission = (operationMap != null && operationMap .containsKey(opCode));
+ Set<String> regionNames = ((QueryOperationContext)context) .getRegionNames();
+ if (regionNames == null || regionNames.size() == 0) {
+ return globalPermission;
+ }
+
+ for (String r : regionNames) {
+ regionName = normalizeRegionName(r);
+ operationMap = this.allowedOps.get(regionName);
+ if (operationMap == null) {
+ if (!globalPermission) {
+ return false;
+ }
+ } else if (!operationMap.containsKey(opCode)) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ final String normalizedRegionName = normalizeRegionName(regionName);
+ operationMap = this.allowedOps.get(normalizedRegionName);
+ if (operationMap == null && normalizedRegionName.length() > 0) {
+ operationMap = this.allowedOps.get(EMPTY_VALUE);
+ }
+ if (operationMap != null) {
+ if (context.getOperationCode() != OperationCode.EXECUTE_FUNCTION) {
+ return operationMap.containsKey(context.getOperationCode());
+
+ } else {
+ if (!operationMap.containsKey(context.getOperationCode())) {
+ return false;
+
+ } else {
+ if (!context.isPostOperation()) {
+ FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode());
+ ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext) context;
+ // OnRegion execution
+ if (functionContext.getRegionName() != null) {
+ if (functionParameter.isOptimizeForWrite() != null && functionParameter.isOptimizeForWrite().booleanValue() != functionContext.isOptimizeForWrite()) {
+ return false;
+ }
+ if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains( functionContext.getFunctionId())) {
+ return false;
+ }
+ if (functionParameter.getKeySet() != null && functionContext.getKeySet() != null) {
+ if (functionContext.getKeySet().containsAll( functionParameter.getKeySet())) {
+ return false;
+ }
+ }
+ return true;
+
+ } else {// On Server execution
+ if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains(functionContext.getFunctionId())) {
+ return false;
+ }
+ return true;
+ }
+
+ } else {
+ ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext)context;
+ FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode());
+ if (functionContext.getRegionName() != null) {
+ if (functionContext.getResult() instanceof ArrayList && functionParameter.getKeySet() != null) {
+ ArrayList<String> resultList = (ArrayList)functionContext.getResult();
+ Set<String> nonAllowedKeys = functionParameter.getKeySet();
+ if (resultList.containsAll(nonAllowedKeys)) {
+ return false;
+ }
+ }
+ return true;
+
+ } else {
+ ArrayList<String> resultList = (ArrayList)functionContext.getResult();
+ final String inSecureItem = "Insecure item";
+ if (resultList.contains(inSecureItem)) {
+ return false;
+ }
+ return true;
+ }
+ }
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Clears the cached information for this principal.
+ */
+ @Override
+ public void close() {
+ this.allowedOps.clear();
+ }
+
+ /** Get the attribute value for a given attribute name of a node. */
+ private static String getAttributeValue(final Node node, final String attrName) {
+ NamedNodeMap attrMap = node.getAttributes();
+ Node attrNode;
+ if (attrMap != null && (attrNode = attrMap.getNamedItem(attrName)) != null) {
+ return ((Attr)attrNode).getValue();
+ }
+ return EMPTY_VALUE;
+ }
+
+ /** Get the string contained in the first text child of the node. */
+ private static String getNodeValue(final Node node) {
+ NodeList childNodes = node.getChildNodes();
+ for (int index = 0; index < childNodes.getLength(); index++) {
+ Node childNode = childNodes.item(index);
+ if (childNode.getNodeType() == Node.TEXT_NODE) {
+ return childNode.getNodeValue();
+ }
+ }
+ return EMPTY_VALUE;
+ }
+
+ /**
+ * Cache authorization information for all users statically. This method is
+ * not thread-safe and is should either be invoked only once, or the caller
+ * should take the appropriate locks.
+ *
+ * @param cache reference to the cache object for the distributed system
+ */
+ private static void init(final Cache cache) throws NotAuthorizedException {
+ final LogWriter systemLogWriter = cache.getLogger();
+ final String xmlDocumentUri = (String)cache.getDistributedSystem().getSecurityProperties().get(DOC_URI_PROP_NAME);
+
+ try {
+ if (xmlDocumentUri == null) {
+ throw new NotAuthorizedException("No ACL file defined using tag [" + DOC_URI_PROP_NAME + "] in system properties");
+ }
+ if (xmlDocumentUri.equals(XmlAuthorization.currentDocUri)) {
+ if (XmlAuthorization.xmlLoadFailure != null) {
+ throw XmlAuthorization.xmlLoadFailure;
+ }
+ return;
+ }
+
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setIgnoringComments(true);
+ factory.setIgnoringElementContentWhitespace(true);
+ factory.setValidating(true);
+
+ final DocumentBuilder builder = factory.newDocumentBuilder();
+ final XmlErrorHandler errorHandler = new XmlErrorHandler(systemLogWriter, xmlDocumentUri);
+ builder.setErrorHandler(errorHandler);
+ builder.setEntityResolver(new AuthzDtdResolver());
+
+ final Document xmlDocument = builder.parse(xmlDocumentUri);
+
+ XmlAuthorization.userRoles = new HashMap<String, HashSet<String>>();
+ XmlAuthorization.rolePermissions = new HashMap<String, Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>>>();
+
+ final NodeList roleUserNodes = xmlDocument.getElementsByTagName(TAG_ROLE);
+
+ for (int roleIndex = 0; roleIndex < roleUserNodes.getLength(); roleIndex++) {
+ final Node roleUserNode = roleUserNodes.item(roleIndex);
+ final String roleName = getAttributeValue(roleUserNode, ATTR_ROLENAME);
+ final NodeList userNodes = roleUserNode.getChildNodes();
+
+ for (int userIndex = 0; userIndex < userNodes.getLength(); userIndex++) {
+ final Node userNode = userNodes.item(userIndex);
+
+ if (userNode.getNodeName() == TAG_USER) {
+ final String userName = getNodeValue(userNode);
+ HashSet<String> userRoleSet = XmlAuthorization.userRoles.get(userName);
+ if (userRoleSet == null) {
+ userRoleSet = new HashSet<String>();
+ XmlAuthorization.userRoles.put(userName, userRoleSet);
+ }
+ userRoleSet.add(roleName);
+
+ } else {
+ throw new SAXParseException("Unknown tag [" + userNode.getNodeName() + "] as child of tag [" + TAG_ROLE + ']', null);
+ }
+ }
+ }
+
+ final NodeList rolePermissionNodes = xmlDocument.getElementsByTagName(TAG_PERMS);
+
+ for (int permIndex = 0; permIndex < rolePermissionNodes.getLength(); permIndex++) {
+ final Node rolePermissionNode = rolePermissionNodes.item(permIndex);
+ final String roleName = getAttributeValue(rolePermissionNode, ATTR_ROLE);
+ Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionOperationMap = XmlAuthorization.rolePermissions.get(roleName);
+
+ if (regionOperationMap == null) {
+ regionOperationMap = new HashMap<String, Map<OperationCode, FunctionSecurityPrmsHolder>>();
+ XmlAuthorization.rolePermissions.put(roleName, regionOperationMap);
+ }
+
+ final NodeList operationNodes = rolePermissionNode.getChildNodes();
+ final HashMap<OperationCode, FunctionSecurityPrmsHolder> operationMap = new HashMap<OperationCode, FunctionSecurityPrmsHolder>();
+
+ for (int opIndex = 0; opIndex < operationNodes.getLength(); opIndex++) {
+ final Node operationNode = operationNodes.item(opIndex);
+
+ if (operationNode.getNodeName() == TAG_OP) {
+ final String operationName = getNodeValue(operationNode);
- final OperationCode code = OperationCode.parse(operationName);
++ final OperationCode code = OperationCode.valueOf(operationName);
+
+ if (code == null) {
+ throw new SAXParseException("Unknown operation [" + operationName + ']', null);
+ }
+
+ if (code != OperationCode.EXECUTE_FUNCTION) {
+ operationMap.put(code, null);
+
+ } else {
+ final String optimizeForWrite = getAttributeValue(operationNode, ATTR_FUNCTION_OPTIMIZE_FOR_WRITE);
+ final String functionAttr = getAttributeValue(operationNode, ATTR_FUNCTION_IDS);
+ final String keysAttr = getAttributeValue(operationNode, ATTR_FUNCTION_KEY_SET);
+
+ Boolean isOptimizeForWrite;
+ HashSet<String> functionIds;
+ HashSet<String> keySet;
+
+ if (optimizeForWrite == null || optimizeForWrite.length() == 0) {
+ isOptimizeForWrite = null;
+ } else {
+ isOptimizeForWrite = Boolean.parseBoolean(optimizeForWrite);
+ }
+
+ if (functionAttr == null || functionAttr.length() == 0) {
+ functionIds = null;
+ } else {
+ final String[] functionArray = functionAttr.split(",");
+ functionIds = new HashSet<String>();
+ for (int strIndex = 0; strIndex < functionArray.length; ++strIndex) {
+ functionIds.add((functionArray[strIndex]));
+ }
+ }
+
+ if (keysAttr == null || keysAttr.length() == 0) {
+ keySet = null;
+ } else {
+ final String[] keySetArray = keysAttr.split(",");
+ keySet = new HashSet<String>();
+ for (int strIndex = 0; strIndex < keySetArray.length; ++strIndex) {
+ keySet.add((keySetArray[strIndex]));
+ }
+ }
+
+ final FunctionSecurityPrmsHolder functionContext = new FunctionSecurityPrmsHolder(isOptimizeForWrite, functionIds, keySet);
+ operationMap.put(code, functionContext);
+ }
+
+ } else {
+ throw new SAXParseException("Unknown tag [" + operationNode.getNodeName() + "] as child of tag [" + TAG_PERMS + ']', null);
+ }
+ }
+
+ final String regionNames = getAttributeValue(rolePermissionNode, ATTR_REGIONS);
+ if (regionNames == null || regionNames.length() == 0) {
+ regionOperationMap.put(EMPTY_VALUE, operationMap);
+ } else {
+ final String[] regionNamesSplit = regionNames.split(",");
+ for (int strIndex = 0; strIndex < regionNamesSplit.length; ++strIndex) {
+ regionOperationMap.put(normalizeRegionName(regionNamesSplit[strIndex]), operationMap);
+ }
+ }
+ }
+ XmlAuthorization.currentDocUri = xmlDocumentUri;
+
+ } catch (Exception ex) {
+ String message;
+ if (ex instanceof NotAuthorizedException) {
+ message = ex.getMessage();
+ }
+ else {
+ message = ex.getClass().getName() + ": " + ex.getMessage();
+ }
+ systemLogWriter.warning("XmlAuthorization.init: " + message);
+ XmlAuthorization.xmlLoadFailure = new NotAuthorizedException(message, ex);
+ throw XmlAuthorization.xmlLoadFailure;
+ }
+ }
+
+ private static class AuthzDtdResolver implements EntityResolver {
+ final Pattern authzPattern = Pattern.compile("authz.*\\.dtd");
+
+ @Override
+ public InputSource resolveEntity(final String publicId, final String systemId) throws SAXException, IOException {
+ try {
+ final Matcher matcher = authzPattern.matcher(systemId);
+ if (matcher.find()) {
+ final String dtdName = matcher.group(0);
+ final InputStream stream = XmlAuthorization.class.getResourceAsStream(dtdName);
+ return new InputSource(stream);
+ }
+
+ } catch(Exception e) {
+ //do nothing, use the default resolver
+ }
+
+ return null;
+ }
+ }
+ }
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java
----------------------------------------------------------------------