You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@geode.apache.org by GitBox <gi...@apache.org> on 2021/10/04 15:15:07 UTC

[GitHub] [geode] jmelchio commented on a change in pull request #6927: GEODE-9663: throw and handle AuthenticationExpiredException at login time

jmelchio commented on a change in pull request #6927:
URL: https://github.com/apache/geode/pull/6927#discussion_r721460302



##########
File path: geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationMultiServerDUnitTest.java
##########
@@ -253,6 +254,53 @@ public void registerInterestsWithMultiServers() throws Exception {
         .containsExactly("DATA:READ:partitionRegion:key0");
   }
 
+  @Test
+  public void consecutivePut() throws Exception {
+    int locatorPort = locator.getPort();
+    // do consecutive puts using a client
+    ClientVM client = cluster.startClientVM(3,
+        c -> c.withProperty(SECURITY_CLIENT_AUTH_INIT, UpdatableUserAuthInitialize.class.getName())
+            .withCacheSetup(ccf -> ccf.setPoolMaxConnections(2))
+            .withLocatorConnection(locatorPort));
+    AsyncInvocation invokePut = client.invokeAsync(() -> {
+      UpdatableUserAuthInitialize.setUser("user1");
+      Region<Object, Object> proxyRegion =
+          ClusterStartupRule.getClientCache()

Review comment:
       `Objects.requireNonNull(ClusterStartupRule.getClientCache())` reduces warnings

##########
File path: geode-core/src/distributedTest/java/org/apache/geode/security/IntegratedSecurityPeerAuthDUnitTest.java
##########
@@ -88,7 +88,7 @@ public void startServer3_not_authenticated() {
       ServerStarterRule server = new ServerStarterRule();
       server.withProperties(props).withConnectionToLocator(locatorPort).withAutoStart();
       assertThatThrownBy(() -> server.before()).isInstanceOf(GemFireSecurityException.class)
-          .hasMessageContaining("Authentication error");
+          .hasMessageContaining("server-3 is not authenticated");

Review comment:
       literal `server-3` can also be pulled from `props` to avoid repeating literals

##########
File path: geode-core/src/distributedTest/java/org/apache/geode/security/IntegratedSecurityPeerAuthDUnitTest.java
##########
@@ -88,7 +88,7 @@ public void startServer3_not_authenticated() {
       ServerStarterRule server = new ServerStarterRule();
       server.withProperties(props).withConnectionToLocator(locatorPort).withAutoStart();
       assertThatThrownBy(() -> server.before()).isInstanceOf(GemFireSecurityException.class)

Review comment:
       `server.before()` can also be written as `server::before` to reduce warnings

##########
File path: geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationMultiServerDUnitTest.java
##########
@@ -253,6 +254,53 @@ public void registerInterestsWithMultiServers() throws Exception {
         .containsExactly("DATA:READ:partitionRegion:key0");
   }
 
+  @Test
+  public void consecutivePut() throws Exception {
+    int locatorPort = locator.getPort();
+    // do consecutive puts using a client
+    ClientVM client = cluster.startClientVM(3,
+        c -> c.withProperty(SECURITY_CLIENT_AUTH_INIT, UpdatableUserAuthInitialize.class.getName())
+            .withCacheSetup(ccf -> ccf.setPoolMaxConnections(2))
+            .withLocatorConnection(locatorPort));
+    AsyncInvocation invokePut = client.invokeAsync(() -> {
+      UpdatableUserAuthInitialize.setUser("user1");
+      Region<Object, Object> proxyRegion =
+          ClusterStartupRule.getClientCache()
+              .createClientRegionFactory(ClientRegionShortcut.CACHING_PROXY)
+              .create(PARTITION_REGION);
+      IntStream.range(0, 1000).forEach(i -> proxyRegion.put("key" + i, "value" + i));
+    });
+
+    client.invoke(() -> {
+      // wait till at least 1/3 of the data is in the region to expire the user
+      await().until(() -> getProxyRegion() != null);
+      await().until(() -> getProxyRegion().size() > 10);
+      UpdatableUserAuthInitialize.setUser("user2");
+    });
+
+    expireUserOnAllVms("user1");
+    invokePut.await();
+
+    ExpirableSecurityManager securityManager = collectSecurityManagers(server1, server2);
+    Map<String, List<String>> authorizedOps = securityManager.getAuthorizedOps();
+    if (authorizedOps.size() == 1) {
+      // in case user1 has finished putting all 1000 values in the region before we can expire it.
+      return;
+    }
+    assertThat(authorizedOps).hasSize(2);
+    assertThat(authorizedOps.get("user1").size() + authorizedOps.get("user2").size())
+        .isEqualTo(1000);
+    Map<String, List<String>> unAuthorizedOps = securityManager.getUnAuthorizedOps();
+    assertThat(unAuthorizedOps).hasSize(1);
+    // user1 may not be unauthorized for just 1 operations, puts maybe done by different
+    // connections
+    assertThat(unAuthorizedOps.get("user1")).isNotEmpty();
+  }
+
+  private static Region<Object, Object> getProxyRegion() {
+    return ClusterStartupRule.getClientCache().getRegion(PARTITION_REGION);

Review comment:
       `return Objects.requireNonNull(ClusterStartupRule.getClientCache()).getRegion(PARTITION_REGION);` reduces warnings




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org