You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/03/16 16:23:57 UTC
incubator-geode git commit: GEODE-17: added
GatewaySenderMBeanSecurityTest
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-17-2 91378b543 -> ce4dd4ef7
GEODE-17: added GatewaySenderMBeanSecurityTest
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/ce4dd4ef
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/ce4dd4ef
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/ce4dd4ef
Branch: refs/heads/feature/GEODE-17-2
Commit: ce4dd4ef78f52e4e6be41b24f7ccfc7d4eb98fe4
Parents: 91378b5
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Wed Mar 16 08:20:16 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Wed Mar 16 08:23:18 2016 -0700
----------------------------------------------------------------------
.../gemfire/management/GatewaySenderMXBean.java | 3 +-
.../internal/beans/GatewaySenderMBean.java | 9 +-
.../GatewaySenderMBeanSecurityTest.java | 105 +++++++++++++++++++
.../internal/security/cacheServer.json | 8 +-
4 files changed, 115 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ce4dd4ef/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
index 7b25a8f..88f9fac 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
@@ -25,11 +25,10 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
/**
* MBean that provides access to information and management functionality for a
* {@link GatewaySender}.
- *
- * @author rishim
* @since 7.0
*
*/
+@ResourceOperation(resource = Resource.GATEWAY_SENDER, operation = OperationCode.GET)
public interface GatewaySenderMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ce4dd4ef/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/GatewaySenderMBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/GatewaySenderMBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/GatewaySenderMBean.java
index 4497f68..536f9a2 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/GatewaySenderMBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/GatewaySenderMBean.java
@@ -17,15 +17,10 @@
package com.gemstone.gemfire.management.internal.beans;
-import javax.management.NotificationBroadcasterSupport;
-
import com.gemstone.gemfire.management.GatewaySenderMXBean;
-/**
- *
- * @author rishim
- *
- */
+import javax.management.NotificationBroadcasterSupport;
+
public class GatewaySenderMBean extends NotificationBroadcasterSupport
implements GatewaySenderMXBean {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ce4dd4ef/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
new file mode 100644
index 0000000..b553898
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.GatewaySenderMXBean;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.management.internal.beans.GatewaySenderMBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import javax.management.ObjectName;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.*;
+
+@Category(IntegrationTest.class)
+public class GatewaySenderMBeanSecurityTest {
+ private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+
+ private GatewaySenderMXBean bean;
+ private static GatewaySenderMBean mock = mock(GatewaySenderMBean.class);
+ private static ObjectName mockBeanName = null;
+ private static ManagementService service = null;
+
+ @ClassRule
+ public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
+ jmxManagerPort, "cacheServer.json");
+
+ @Rule
+ public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
+
+ @BeforeClass
+ public static void beforeClass() throws Exception{
+ // the server does not have a GAtewaySenderMXBean registered initially, has to register a mock one.
+ service = ManagementService.getManagementService(serverRule.getCache());
+ mockBeanName = ObjectName.getInstance("GemFire", "key", "value");
+ service.registerMBean(mock, mockBeanName);
+ }
+
+ @AfterClass
+ public static void afterClass(){
+ service.unregisterMBean(mockBeanName);
+ }
+
+ @Before
+ public void before() throws Exception {
+ bean = connectionRule.getProxyMBean(GatewaySenderMXBean.class);
+ }
+
+ @Test
+ @JMXConnectionConfiguration(user = "superuser", password = "1234567")
+ public void testAllAccess() throws Exception {
+ bean.getAlertThreshold();
+ bean.getAverageDistributionTimePerBatch();
+ bean.getBatchSize();
+ bean.getMaximumQueueMemory();
+ bean.getOrderPolicy();
+ bean.isBatchConflationEnabled();
+ bean.isManualStart();
+ bean.pause();
+ bean.rebalance();
+ bean.resume();
+ bean.start();
+ bean.stop();
+ }
+
+ @Test
+ @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+ public void testNoAccess() throws Exception {
+ assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
+ assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
+ assertThatThrownBy(() -> bean.getBatchSize()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
+ assertThatThrownBy(() -> bean.getMaximumQueueMemory()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
+ assertThatThrownBy(() -> bean.getOrderPolicy()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
+ assertThatThrownBy(() -> bean.isBatchConflationEnabled()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
+ assertThatThrownBy(() -> bean.isManualStart()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
+ assertThatThrownBy(() -> bean.pause()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:PAUSE");
+ assertThatThrownBy(() -> bean.rebalance()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:REBALANCE");
+ assertThatThrownBy(() -> bean.resume()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:RESUME");
+ assertThatThrownBy(() -> bean.start()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:START");
+ assertThatThrownBy(() -> bean.stop()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:STOP");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ce4dd4ef/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
index be2d8f5..c1e552d 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
@@ -19,7 +19,13 @@
"REGION:PUT",
"REGION:GET",
"REGION:DELETE",
- "LOCK_SERVICE:BECOME_LOCK_GRANTOR"
+ "LOCK_SERVICE:BECOME_LOCK_GRANTOR",
+ "GATEWAY_SENDER:GET",
+ "GATEWAY_SENDER:PAUSE",
+ "GATEWAY_SENDER:REBALANCE",
+ "GATEWAY_SENDER:RESUME",
+ "GATEWAY_SENDER:START",
+ "GATEWAY_SENDER:STOP"
]
},
{