You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/09/13 20:17:30 UTC
[1/2] incubator-geode git commit: GEODE-17: consolidate
GeodeSecurityUtil and IntegratedSecurityService
Repository: incubator-geode
Updated Branches:
refs/heads/develop a325d074f -> ee27d73c4
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
deleted file mode 100644
index 625e48f..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
-import org.apache.geode.security.templates.SampleSecurityManager;
-import org.junit.BeforeClass;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-/**
- * Integration tests for {@link GeodeSecurityUtil} using shiro-ini.json.
- *
- * @see GeodeSecurityUtilWithIniFileJUnitTest
- */
-@Category({ IntegrationTest.class, SecurityTest.class })
-public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWithIniFileJUnitTest {
-
- @BeforeClass
- public static void beforeClass() throws Exception {
- props.put(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/shiro-ini.json");
- props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
- IntegratedSecurityService.getSecurityService().initSecurity(props);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
deleted file mode 100644
index 3a7b4de..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static org.assertj.core.api.Assertions.*;
-
-import java.util.Properties;
-
-import org.apache.geode.security.ResourcePermission;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
-import com.gemstone.gemfire.internal.security.SecurityService;
-import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-/**
- * Integration tests for {@link GeodeSecurityUtil} using shiro.ini
- */
-@Category({ IntegrationTest.class, SecurityTest.class })
-public class GeodeSecurityUtilWithIniFileJUnitTest {
-
- protected static Properties props = new Properties();
-
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
-
- @BeforeClass
- public static void beforeClass() throws Exception{
- props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
- GeodeSecurityUtil.initSecurity(props);
- }
-
- @Test
- public void testRoot(){
- this.securityService.login("root", "secret");
- this.securityService.authorize(TestCommand.none);
- this.securityService.authorize(TestCommand.everyOneAllowed);
- this.securityService.authorize(TestCommand.dataRead);
- this.securityService.authorize(TestCommand.dataWrite);
- this.securityService.authorize(TestCommand.regionARead);
- this.securityService.authorize(TestCommand.regionAWrite);
- this.securityService.authorize(TestCommand.clusterWrite);
- this.securityService.authorize(TestCommand.clusterRead);
- }
-
- @Test
- public void testGuest(){
- this.securityService.login("guest", "guest");
- this.securityService.authorize(TestCommand.none);
- this.securityService.authorize(TestCommand.everyOneAllowed);
-
- assertNotAuthorized(TestCommand.dataRead);
- assertNotAuthorized(TestCommand.dataWrite);
- assertNotAuthorized(TestCommand.regionARead);
- assertNotAuthorized(TestCommand.regionAWrite);
- assertNotAuthorized(TestCommand.clusterRead);
- assertNotAuthorized(TestCommand.clusterWrite);
- this.securityService.logout();
- }
-
- @Test
- public void testRegionAReader(){
- this.securityService.login("regionAReader", "password");
- this.securityService.authorize(TestCommand.none);
- this.securityService.authorize(TestCommand.everyOneAllowed);
- this.securityService.authorize(TestCommand.regionARead);
-
- assertNotAuthorized(TestCommand.regionAWrite);
- assertNotAuthorized(TestCommand.dataRead);
- assertNotAuthorized(TestCommand.dataWrite);
- assertNotAuthorized(TestCommand.clusterRead);
- assertNotAuthorized(TestCommand.clusterWrite);
- this.securityService.logout();
- }
-
- @Test
- public void testRegionAUser(){
- this.securityService.login("regionAUser", "password");
- this.securityService.authorize(TestCommand.none);
- this.securityService.authorize(TestCommand.everyOneAllowed);
- this.securityService.authorize(TestCommand.regionAWrite);
- this.securityService.authorize(TestCommand.regionARead);
-
- assertNotAuthorized(TestCommand.dataRead);
- assertNotAuthorized(TestCommand.dataWrite);
- assertNotAuthorized(TestCommand.clusterRead);
- assertNotAuthorized(TestCommand.clusterWrite);
- this.securityService.logout();
- }
-
- @Test
- public void testDataReader(){
- this.securityService.login("dataReader", "12345");
- this.securityService.authorize(TestCommand.none);
- this.securityService.authorize(TestCommand.everyOneAllowed);
- this.securityService.authorize(TestCommand.regionARead);
- this.securityService.authorize(TestCommand.dataRead);
-
- assertNotAuthorized(TestCommand.regionAWrite);
- assertNotAuthorized(TestCommand.dataWrite);
- assertNotAuthorized(TestCommand.clusterRead);
- assertNotAuthorized(TestCommand.clusterWrite);
- this.securityService.logout();
- }
-
- @Test
- public void testReader(){
- this.securityService.login("reader", "12345");
- this.securityService.authorize(TestCommand.none);
- this.securityService.authorize(TestCommand.everyOneAllowed);
- this.securityService.authorize(TestCommand.regionARead);
- this.securityService.authorize(TestCommand.dataRead);
- this.securityService.authorize(TestCommand.clusterRead);
-
- assertNotAuthorized(TestCommand.regionAWrite);
- assertNotAuthorized(TestCommand.dataWrite);
- assertNotAuthorized(TestCommand.clusterWrite);
- this.securityService.logout();
- }
-
- private void assertNotAuthorized(ResourcePermission context){
- assertThatThrownBy(()-> this.securityService.authorize(context)).isInstanceOf(GemFireSecurityException.class).hasMessageContaining(context.toString());
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/IntegratedSecurityServiceCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/IntegratedSecurityServiceCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/IntegratedSecurityServiceCustomRealmJUnitTest.java
new file mode 100644
index 0000000..d3fa0df
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/IntegratedSecurityServiceCustomRealmJUnitTest.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.junit.BeforeClass;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+/**
+ * Integration tests for {@link IntegratedSecurityService} using shiro-ini.json.
+ *
+ * @see IntegratedSecurityServiceWithIniFileJUnitTest
+ */
+@Category({ IntegrationTest.class, SecurityTest.class })
+public class IntegratedSecurityServiceCustomRealmJUnitTest extends IntegratedSecurityServiceWithIniFileJUnitTest {
+
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ props.put(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/shiro-ini.json");
+ props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ IntegratedSecurityService.getSecurityService().initSecurity(props);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/IntegratedSecurityServiceWithIniFileJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/IntegratedSecurityServiceWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/IntegratedSecurityServiceWithIniFileJUnitTest.java
new file mode 100644
index 0000000..60ec78e
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/IntegratedSecurityServiceWithIniFileJUnitTest.java
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.Properties;
+
+import org.apache.geode.security.ResourcePermission;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
+import com.gemstone.gemfire.internal.security.SecurityService;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+/**
+ * Integration tests for {@link IntegratedSecurityService} using shiro.ini
+ */
+@Category({ IntegrationTest.class, SecurityTest.class })
+public class IntegratedSecurityServiceWithIniFileJUnitTest {
+
+ protected static Properties props = new Properties();
+
+ private SecurityService securityService = SecurityService.getSecurityService();
+
+ @BeforeClass
+ public static void beforeClass() throws Exception{
+ props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
+ }
+
+ @Before
+ public void before(){
+ securityService.initSecurity(props);
+ }
+
+ @Test
+ public void testRoot(){
+ this.securityService.login("root", "secret");
+ this.securityService.authorize(TestCommand.none);
+ this.securityService.authorize(TestCommand.everyOneAllowed);
+ this.securityService.authorize(TestCommand.dataRead);
+ this.securityService.authorize(TestCommand.dataWrite);
+ this.securityService.authorize(TestCommand.regionARead);
+ this.securityService.authorize(TestCommand.regionAWrite);
+ this.securityService.authorize(TestCommand.clusterWrite);
+ this.securityService.authorize(TestCommand.clusterRead);
+ }
+
+ @Test
+ public void testGuest(){
+ this.securityService.login("guest", "guest");
+ this.securityService.authorize(TestCommand.none);
+ this.securityService.authorize(TestCommand.everyOneAllowed);
+
+ assertNotAuthorized(TestCommand.dataRead);
+ assertNotAuthorized(TestCommand.dataWrite);
+ assertNotAuthorized(TestCommand.regionARead);
+ assertNotAuthorized(TestCommand.regionAWrite);
+ assertNotAuthorized(TestCommand.clusterRead);
+ assertNotAuthorized(TestCommand.clusterWrite);
+ this.securityService.logout();
+ }
+
+ @Test
+ public void testRegionAReader(){
+ this.securityService.login("regionAReader", "password");
+ this.securityService.authorize(TestCommand.none);
+ this.securityService.authorize(TestCommand.everyOneAllowed);
+ this.securityService.authorize(TestCommand.regionARead);
+
+ assertNotAuthorized(TestCommand.regionAWrite);
+ assertNotAuthorized(TestCommand.dataRead);
+ assertNotAuthorized(TestCommand.dataWrite);
+ assertNotAuthorized(TestCommand.clusterRead);
+ assertNotAuthorized(TestCommand.clusterWrite);
+ this.securityService.logout();
+ }
+
+ @Test
+ public void testRegionAUser(){
+ this.securityService.login("regionAUser", "password");
+ this.securityService.authorize(TestCommand.none);
+ this.securityService.authorize(TestCommand.everyOneAllowed);
+ this.securityService.authorize(TestCommand.regionAWrite);
+ this.securityService.authorize(TestCommand.regionARead);
+
+ assertNotAuthorized(TestCommand.dataRead);
+ assertNotAuthorized(TestCommand.dataWrite);
+ assertNotAuthorized(TestCommand.clusterRead);
+ assertNotAuthorized(TestCommand.clusterWrite);
+ this.securityService.logout();
+ }
+
+ @Test
+ public void testDataReader(){
+ this.securityService.login("dataReader", "12345");
+ this.securityService.authorize(TestCommand.none);
+ this.securityService.authorize(TestCommand.everyOneAllowed);
+ this.securityService.authorize(TestCommand.regionARead);
+ this.securityService.authorize(TestCommand.dataRead);
+
+ assertNotAuthorized(TestCommand.regionAWrite);
+ assertNotAuthorized(TestCommand.dataWrite);
+ assertNotAuthorized(TestCommand.clusterRead);
+ assertNotAuthorized(TestCommand.clusterWrite);
+ this.securityService.logout();
+ }
+
+ @Test
+ public void testReader(){
+ this.securityService.login("reader", "12345");
+ this.securityService.authorize(TestCommand.none);
+ this.securityService.authorize(TestCommand.everyOneAllowed);
+ this.securityService.authorize(TestCommand.regionARead);
+ this.securityService.authorize(TestCommand.dataRead);
+ this.securityService.authorize(TestCommand.clusterRead);
+
+ assertNotAuthorized(TestCommand.regionAWrite);
+ assertNotAuthorized(TestCommand.dataWrite);
+ assertNotAuthorized(TestCommand.clusterWrite);
+ this.securityService.logout();
+ }
+
+ private void assertNotAuthorized(ResourcePermission context){
+ assertThatThrownBy(()-> this.securityService.authorize(context)).isInstanceOf(GemFireSecurityException.class).hasMessageContaining(context.toString());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
index d456516..d2adffd 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
@@ -23,7 +23,7 @@ import org.apache.geode.security.PostProcessor;
public class NoShowValue1PostProcessor implements PostProcessor {
@Override
- public Object processRegionValue(final Serializable principal,
+ public Object processRegionValue(final Object principal,
final String regionName,
final Object key,
final Object value) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/security/PDXGfshPostProcessorOnRemoteServerTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXGfshPostProcessorOnRemoteServerTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/PDXGfshPostProcessorOnRemoteServerTest.java
index 498bd3a..81b3add 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXGfshPostProcessorOnRemoteServerTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/PDXGfshPostProcessorOnRemoteServerTest.java
@@ -38,7 +38,7 @@ import com.gemstone.gemfire.cache.server.CacheServer;
import com.gemstone.gemfire.distributed.Locator;
import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.SecurityService;
import com.gemstone.gemfire.management.ManagementService;
import com.gemstone.gemfire.management.cli.Result.Status;
import com.gemstone.gemfire.management.internal.cli.CliUtil;
@@ -150,7 +150,7 @@ public class PDXGfshPostProcessorOnRemoteServerTest extends JUnit4DistributedTes
CliUtil.isGfshVM = false;
server.invoke(()-> {
- PDXPostProcessor pp = (PDXPostProcessor) GeodeSecurityUtil.getPostProcessor();
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
// verify that the post processor is called 6 times. (5 for the query, 1 for the get)
assertEquals(pp.getCount(), 6);
});
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessor.java b/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessor.java
index c51c9d8..0b03b66 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessor.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessor.java
@@ -18,7 +18,6 @@ package com.gemstone.gemfire.security;
import static org.junit.Assert.*;
-import java.io.Serializable;
import java.util.Arrays;
import java.util.Properties;
@@ -38,7 +37,7 @@ public class PDXPostProcessor implements PostProcessor{
count = 0;
}
@Override
- public Object processRegionValue(final Serializable principal,
+ public Object processRegionValue(final Object principal,
final String regionName,
final Object key,
final Object value) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessorDUnitTest.java
index 2a5727c..1e87952 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessorDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessorDUnitTest.java
@@ -41,7 +41,7 @@ import com.gemstone.gemfire.cache.query.SelectResults;
import com.gemstone.gemfire.cache.util.CacheListenerAdapter;
import com.gemstone.gemfire.internal.AvailablePortHelper;
import com.gemstone.gemfire.internal.cache.EntryEventImpl;
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.SecurityService;
import com.gemstone.gemfire.management.cli.Result.Status;
import com.gemstone.gemfire.management.internal.cli.CliUtil;
import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
@@ -97,7 +97,7 @@ public class PDXPostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
});
// this makes sure PostProcessor is getting called
- PDXPostProcessor pp = (PDXPostProcessor) GeodeSecurityUtil.getPostProcessor();
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
assertEquals(pp.getCount(), 2);
}
@@ -132,7 +132,7 @@ public class PDXPostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
});
// this makes sure PostProcessor is getting called
- PDXPostProcessor pp = (PDXPostProcessor) GeodeSecurityUtil.getPostProcessor();
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
assertEquals(pp.getCount(), 2);
}
@@ -175,7 +175,7 @@ public class PDXPostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
// wait for events to fire
Awaitility.await().atMost(1, TimeUnit.SECONDS);
- PDXPostProcessor pp = (PDXPostProcessor) GeodeSecurityUtil.getPostProcessor();
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
assertEquals(pp.getCount(), 2);
}
@@ -226,7 +226,7 @@ public class PDXPostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
System.out.println("gfsh result: " + result);
});
- PDXPostProcessor pp = (PDXPostProcessor) GeodeSecurityUtil.getPostProcessor();
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
assertEquals(pp.getCount(), 4);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt b/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt
index 0c924e4..19002bc 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt
@@ -557,8 +557,8 @@ com/gemstone/gemfire/management/internal/cli/functions/CreateAsyncEventQueueFunc
com/gemstone/gemfire/management/internal/cli/functions/CreateDefinedIndexesFunction,true,1
com/gemstone/gemfire/management/internal/cli/functions/CreateDiskStoreFunction,true,1
com/gemstone/gemfire/management/internal/cli/functions/CreateIndexFunction,true,1
-com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction,true,1,optimizeForWrite:boolean,securityService:com/gemstone/gemfire/internal/security/SecurityService
-com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction$SelectExecStep,true,1,securityService:com/gemstone/gemfire/internal/security/SecurityService
+com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction,true,1,optimizeForWrite:boolean
+com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction$SelectExecStep,true,1
com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction$SelectMoveStep,true,1
com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction$SelectQuitStep,true,1
com/gemstone/gemfire/management/internal/cli/functions/DeployFunction,true,1
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-cq/src/test/java/com/gemstone/gemfire/security/CQPDXPostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/CQPDXPostProcessorDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/CQPDXPostProcessorDUnitTest.java
index b6d520f..6b66f01 100644
--- a/geode-cq/src/test/java/com/gemstone/gemfire/security/CQPDXPostProcessorDUnitTest.java
+++ b/geode-cq/src/test/java/com/gemstone/gemfire/security/CQPDXPostProcessorDUnitTest.java
@@ -42,7 +42,7 @@ import com.gemstone.gemfire.cache.query.CqResults;
import com.gemstone.gemfire.cache.query.QueryService;
import com.gemstone.gemfire.cache.query.internal.cq.CqListenerImpl;
import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.internal.security.SecurityService;
import com.gemstone.gemfire.pdx.SimpleClass;
import com.gemstone.gemfire.test.junit.categories.DistributedTest;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
@@ -109,7 +109,7 @@ public class CQPDXPostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
// wait for events to fire
Awaitility.await().atMost(1, TimeUnit.SECONDS);
- PDXPostProcessor pp = (PDXPostProcessor) GeodeSecurityUtil.getPostProcessor();
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
assertEquals(pp.getCount(), 2);
}
[2/2] incubator-geode git commit: GEODE-17: consolidate
GeodeSecurityUtil and IntegratedSecurityService
Posted by ji...@apache.org.
GEODE-17: consolidate GeodeSecurityUtil and IntegratedSecurityService
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/ee27d73c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/ee27d73c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/ee27d73c
Branch: refs/heads/develop
Commit: ee27d73c4e87824a5dc914c83bfc913947ad989e
Parents: a325d07
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Sun Sep 11 20:49:48 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Tue Sep 13 13:14:00 2016 -0700
----------------------------------------------------------------------
.../cache/tier/sockets/CacheClientProxy.java | 4 +-
.../internal/security/GeodeSecurityUtil.java | 549 -------------------
.../security/IntegratedSecurityService.java | 546 ++++++++++++++----
.../internal/security/SecurityService.java | 15 +-
.../security/shiro/CustomAuthRealm.java | 1 +
.../management/internal/ManagementAgent.java | 4 +-
.../internal/cli/domain/DataCommandRequest.java | 6 +-
.../cli/functions/DataCommandFunction.java | 10 +-
.../apache/geode/security/PostProcessor.java | 3 +-
.../security/templates/SamplePostProcessor.java | 3 +-
.../security/GeodeSecurityUtilTest.java | 288 ----------
.../security/IntegratedSecurityServiceTest.java | 290 ++++++++++
.../security/SecurityConfigIntegrationTest.java | 13 +-
.../GeodeSecurityUtilCustomRealmJUnitTest.java | 45 --
.../GeodeSecurityUtilWithIniFileJUnitTest.java | 143 -----
...atedSecurityServiceCustomRealmJUnitTest.java | 44 ++
...atedSecurityServiceWithIniFileJUnitTest.java | 147 +++++
.../security/NoShowValue1PostProcessor.java | 2 +-
.../PDXGfshPostProcessorOnRemoteServerTest.java | 4 +-
.../gemfire/security/PDXPostProcessor.java | 3 +-
.../security/PDXPostProcessorDUnitTest.java | 10 +-
.../codeAnalysis/sanctionedSerializables.txt | 4 +-
.../security/CQPDXPostProcessorDUnitTest.java | 4 +-
23 files changed, 958 insertions(+), 1180 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientProxy.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientProxy.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientProxy.java
index e94ef35..bc7a34a 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientProxy.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientProxy.java
@@ -106,10 +106,8 @@ import com.gemstone.gemfire.internal.logging.LoggingThreadGroup;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.logging.log4j.LogMarker;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
import com.gemstone.gemfire.internal.security.SecurityService;
-import com.gemstone.gemfire.internal.util.BlobHelper;
import com.gemstone.gemfire.security.AccessControl;
/**
@@ -1680,7 +1678,7 @@ public class CacheClientProxy implements ClientSession {
// post process
if(this.securityService.needPostProcess()) {
Object oldValue = clientMessage.getValue();
- Object newValue = GeodeSecurityUtil.postProcess(clientMessage.getRegionName(), clientMessage.getKeyOfInterest(), oldValue, clientMessage.valueIsObject());
+ Object newValue = IntegratedSecurityService.getSecurityService().postProcess(clientMessage.getRegionName(), clientMessage.getKeyOfInterest(), oldValue, clientMessage.valueIsObject());
clientMessage.setLatestValue(newValue);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
deleted file mode 100644
index 260121d..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ /dev/null
@@ -1,549 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.internal.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.util.Properties;
-import java.util.Set;
-import java.util.concurrent.Callable;
-
-import org.apache.commons.lang.SerializationException;
-import org.apache.commons.lang.StringUtils;
-import org.apache.geode.security.PostProcessor;
-import org.apache.geode.security.ResourcePermission;
-import org.apache.geode.security.ResourcePermission.Operation;
-import org.apache.geode.security.ResourcePermission.Resource;
-import org.apache.geode.security.SecurableComponents;
-import org.apache.geode.security.SecurityManager;
-import org.apache.logging.log4j.Logger;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.ShiroException;
-import org.apache.shiro.config.Ini.Section;
-import org.apache.shiro.config.IniSecurityManagerFactory;
-import org.apache.shiro.mgt.DefaultSecurityManager;
-import org.apache.shiro.realm.Realm;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.subject.support.SubjectThreadState;
-import org.apache.shiro.util.ThreadContext;
-import org.apache.shiro.util.ThreadState;
-
-import com.gemstone.gemfire.GemFireIOException;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.internal.ClassLoadUtil;
-import com.gemstone.gemfire.internal.cache.EntryEventImpl;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
-import com.gemstone.gemfire.internal.security.shiro.GeodeAuthenticationToken;
-import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal;
-import com.gemstone.gemfire.internal.util.BlobHelper;
-import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.security.NotAuthorizedException;
-
-public class GeodeSecurityUtil {
-
- private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
-
- private static PostProcessor postProcessor;
- private static SecurityManager securityManager;
-
- private static boolean isIntegratedSecurity;
-
- private static boolean isClientAuthenticator; // is there a SECURITY_CLIENT_AUTHENTICATOR
- private static boolean isPeerAuthenticator; // is there a SECURITY_PEER_AUTHENTICATOR
-
- private static boolean isJmxSecurityRequired;
- private static boolean isHttpSecurityRequired;
- private static boolean isGatewaySecurityRequired;
- private static boolean isClusterSecurityRequired;
- private static boolean isServerSecurityRequired;
-
- /**
- * It first looks the shiro subject in AccessControlContext since JMX will
- * use multiple threads to process operations from the same client, then it
- * looks into Shiro's thead context.
- *
- * @return the shiro subject, null if security is not enabled
- */
- public static Subject getSubject() {
- if (!isIntegratedSecurity) {
- return null;
- }
-
- Subject currentUser = null;
-
- // First try get the principal out of AccessControlContext instead of Shiro's Thread context
- // since threads can be shared between JMX clients.
- javax.security.auth.Subject jmxSubject =
- javax.security.auth.Subject.getSubject(AccessController.getContext());
-
- if (jmxSubject != null) {
- Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class);
- if (principals.size() > 0) {
- ShiroPrincipal principal = principals.iterator().next();
- currentUser = principal.getSubject();
- ThreadContext.bind(currentUser);
- return currentUser;
- }
- }
-
- // in other cases like admin rest call or pulse authorization
- currentUser = SecurityUtils.getSubject();
-
- if (currentUser == null || currentUser.getPrincipal() == null) {
- throw new GemFireSecurityException("Error: Anonymous User");
- }
-
- return currentUser;
- }
-
- /**
- * convenient method for testing
- * @param username
- * @param password
- * @return
- */
- public static Subject login(String username, String password){
- if(StringUtils.isBlank(username) || StringUtils.isBlank(password))
- return null;
-
- Properties credentials = new Properties();
- credentials.setProperty(ResourceConstants.USER_NAME, username);
- credentials.setProperty(ResourceConstants.PASSWORD, password);
- return login(credentials);
- }
-
- /**
- * @return null if security is not enabled, otherwise return a shiro subject
- */
- public static Subject login(Properties credentials) {
- if (!isIntegratedSecurity) {
- return null;
- }
-
- if(credentials == null)
- return null;
-
- // this makes sure it starts with a clean user object
- ThreadContext.remove();
-
- Subject currentUser = SecurityUtils.getSubject();
- GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials);
- try {
- logger.info("Logging in " + token.getPrincipal());
- currentUser.login(token);
- }
- catch (ShiroException e) {
- logger.info(e.getMessage(), e);
- throw new AuthenticationFailedException("Authentication error. Please check your credentials.", e);
- }
-
- return currentUser;
- }
-
- public static void logout() {
- Subject currentUser = getSubject();
- if (currentUser == null) {
- return;
- }
-
- try {
- logger.info("Logging out " + currentUser.getPrincipal());
- currentUser.logout();
- }
- catch (ShiroException e) {
- logger.info(e.getMessage(), e);
- throw new GemFireSecurityException(e.getMessage(), e);
- }
- // clean out Shiro's thread local content
- ThreadContext.remove();
- }
-
- public static Callable associateWith(Callable callable) {
- Subject currentUser = getSubject();
- if (currentUser == null) {
- return callable;
- }
-
- return currentUser.associateWith(callable);
- }
-
- /**
- * this binds the passed-in subject to the executing thread, normally, you
- * would do this:
- *
- * ThreadState state = null;
- * try{
- * state = GeodeSecurityUtil.bindSubject(subject);
- * //do the rest of the work as this subject
- * }
- * finally{
- * if(state!=null)
- * state.clear();
- * }
- */
- public static ThreadState bindSubject(Subject subject){
- if (subject == null) {
- return null;
- }
-
- ThreadState threadState = new SubjectThreadState(subject);
- threadState.bind();
- return threadState;
- }
-
- public static void authorize(ResourceOperation resourceOperation) {
- if (resourceOperation == null) {
- return;
- }
-
- authorize(resourceOperation.resource().name(),
- resourceOperation.operation().name(),
- null);
- }
-
- public static void authorizeClusterManage() {
- authorize("CLUSTER", "MANAGE");
- }
-
- public static void authorizeClusterWrite() {
- authorize("CLUSTER", "WRITE");
- }
-
- public static void authorizeClusterRead() {
- authorize("CLUSTER", "READ");
- }
-
- public static void authorizeDataManage() {
- authorize("DATA", "MANAGE");
- }
-
- public static void authorizeDataWrite() {
- authorize("DATA", "WRITE");
- }
-
- public static void authorizeDataRead() {
- authorize("DATA", "READ");
- }
-
- public static void authorizeRegionManage(String regionName) {
- authorize("DATA", "MANAGE", regionName);
- }
-
- public static void authorizeRegionManage(String regionName, String key) {
- authorize("DATA", "MANAGE", regionName, key);
- }
-
- public static void authorizeRegionWrite(String regionName) {
- authorize("DATA", "WRITE", regionName);
- }
-
- public static void authorizeRegionWrite(String regionName, String key) {
- authorize("DATA", "WRITE", regionName, key);
- }
-
- public static void authorizeRegionRead(String regionName) {
- authorize("DATA", "READ", regionName);
- }
-
- public static void authorizeRegionRead(String regionName, String key) {
- authorize("DATA", "READ", regionName, key);
- }
-
- public static void authorize(String resource, String operation) {
- authorize(resource, operation, null);
- }
-
- private static void authorize(String resource, String operation, String regionName){
- authorize(resource, operation, regionName, null);
- }
-
- private static void authorize(String resource, String operation, String regionName, String key) {
- regionName = StringUtils.stripStart(regionName, "/");
- authorize(new ResourcePermission(resource, operation, regionName, key));
- }
-
- public static void authorize(ResourcePermission context) {
- Subject currentUser = getSubject();
- if (currentUser == null) {
- return;
- }
-
- if (context == null) {
- return;
- }
-
- if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) {
- return;
- }
-
- try {
- currentUser.checkPermission(context);
- }
- catch (ShiroException e) {
- String msg = currentUser.getPrincipal() + " not authorized for " + context;
- logger.info(msg);
- throw new NotAuthorizedException(msg, e);
- }
- }
-
- /**
- * initialize Shiro's Security Manager and Security Utilities
- */
- public static void initSecurity(Properties securityProps) {
- if (securityProps == null) {
- return;
- }
-
- String enabledComponentsString = securityProps.getProperty(SECURITY_ENABLED_COMPONENTS);
- if (enabledComponentsString == null) {
- enabledComponentsString = DistributionConfig.DEFAULT_SECURITY_ENABLED_COMPONENTS;
- }
-
- boolean isClusterSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.CLUSTER);
- boolean isGatewaySecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.GATEWAY);
- boolean isHttpSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.HTTP_SERVICE);
- boolean isJmxSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.JMX);
- boolean isServerSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.SERVER);
-
- String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
- String securityConfig = securityProps.getProperty(SECURITY_MANAGER);
- String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
- String peerAuthenticatorConfig = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
-
- if (!StringUtils.isBlank(shiroConfig)) {
- IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
-
- // we will need to make sure that shiro uses a case sensitive permission resolver
- Section main = factory.getIni().addSection("main");
- main.put("geodePermissionResolver", "com.gemstone.gemfire.internal.security.shiro.GeodePermissionResolver");
- if (!main.containsKey("iniRealm.permissionResolver")) {
- main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
- }
-
- org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
- SecurityUtils.setSecurityManager(securityManager);
- isIntegratedSecurity = true;
- }
- // only set up shiro realm if user has implemented SecurityManager
- else if (!StringUtils.isBlank(securityConfig)) {
- securityManager = getObjectOfTypeFromClassName(securityConfig, SecurityManager.class);
- securityManager.init(securityProps);
- Realm realm = new CustomAuthRealm(securityManager);
- org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm);
- SecurityUtils.setSecurityManager(shiroManager);
- isIntegratedSecurity = true;
- }
- else if( !StringUtils.isBlank(clientAuthenticatorConfig)) {
- isClientAuthenticator = true;
- }
- else if (!StringUtils.isBlank(peerAuthenticatorConfig)) {
- isPeerAuthenticator = true;
- }
- else {
- isIntegratedSecurity = false;
- isClientAuthenticator = false;
- isPeerAuthenticator = false;
- }
-
- isServerSecurityRequired = isClientAuthenticator || (isIntegratedSecurity && isServerSecured);
- isClusterSecurityRequired = isPeerAuthenticator || (isIntegratedSecurity && isClusterSecured);
-
- isGatewaySecurityRequired = isClientAuthenticator || (isIntegratedSecurity && isGatewaySecured);
- isHttpSecurityRequired = isIntegratedSecurity && isHttpSecured;
- isJmxSecurityRequired = isIntegratedSecurity && isJmxSecured;
-
- // this initializes the post processor
- String customPostProcessor = securityProps.getProperty(SECURITY_POST_PROCESSOR);
- if( !StringUtils.isBlank(customPostProcessor)) {
- postProcessor = getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class);
- postProcessor.init(securityProps);
- }
- else{
- postProcessor = null;
- }
- }
-
- public static void close() {
- if (securityManager != null) {
- securityManager.close();
- securityManager = null;
- }
-
- if (postProcessor != null) {
- postProcessor.close();
- postProcessor = null;
- }
- ThreadContext.remove();
- isIntegratedSecurity = false;
- isClientAuthenticator = false;
- isPeerAuthenticator = false;
- }
-
- /**
- * postProcess call already has this logic built in, you don't need to call
- * this everytime you call postProcess. But if your postProcess is pretty
- * involved with preparations and you need to bypass it entirely, call this
- * first.
- */
- public static boolean needPostProcess(){
- return (isIntegratedSecurity && postProcessor != null);
- }
-
- public static Object postProcess(String regionPath, Object key, Object value, boolean valueIsSerialized){
- return postProcess(null, regionPath, key, value, valueIsSerialized);
- }
-
- public static Object postProcess(Serializable principal, String regionPath, Object key, Object value, boolean valueIsSerialized) {
- if (!needPostProcess())
- return value;
-
- if (principal == null) {
- Subject subject = getSubject();
- if (subject == null)
- return value;
- principal = (Serializable) subject.getPrincipal();
- }
-
- String regionName = StringUtils.stripStart(regionPath, "/");
- Object newValue = null;
-
- // if the data is a byte array, but the data itself is supposed to be an object, we need to desearized it before we pass
- // it to the callback.
- if (valueIsSerialized && value instanceof byte[]) {
- try {
- Object oldObj = EntryEventImpl.deserialize((byte[]) value);
- Object newObj = postProcessor.processRegionValue(principal, regionName, key, oldObj);
- newValue = BlobHelper.serializeToBlob(newObj);
- } catch (IOException|SerializationException e) {
- throw new GemFireIOException("Exception de/serializing entry value", e);
- }
- }
- else {
- newValue = postProcessor.processRegionValue(principal, regionName, key, value);
- }
-
- return newValue;
- }
-
- private static void checkSameClass(Object obj1, Object obj2){
-
- }
-
- /**
- * this method would never return null, it either throws an exception or
- * returns an object
- */
- public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
- Class actualClass = null;
- try {
- actualClass = ClassLoadUtil.classFromName(className);
- }
- catch (Exception ex) {
- throw new GemFireSecurityException("Instance could not be obtained, "+ex.toString(), ex);
- }
-
- if(!expectedClazz.isAssignableFrom(actualClass)){
- throw new GemFireSecurityException("Instance could not be obtained. Expecting a "+expectedClazz.getName()+" class.");
- }
-
- T actualObject = null;
- try {
- actualObject = (T)actualClass.newInstance();
- } catch (Exception e) {
- throw new GemFireSecurityException("Instance could not be obtained. Error instantiating "+actualClass.getName(), e);
- }
- return actualObject;
- }
-
- /**
- * this method would never return null, it either throws an exception or
- * returns an object
- */
- public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz){
- T actualObject = null;
- try {
- Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
- actualObject = (T)factoryMethod.invoke(null, (Object[])null);
- } catch (Exception e) {
- throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName, e);
- }
-
- if(actualObject == null){
- throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName);
- }
-
- return actualObject;
- }
-
- /**
- * this method would never return null, it either throws an exception or
- * returns an object
- *
- * @return an object of type expectedClazz. This method would never return
- * null. It either returns an non-null object or throws exception.
- */
- public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
- T object = null;
- try{
- object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
- }
- catch (Exception e){
- object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
- }
- return object;
- }
-
- public static SecurityManager getSecurityManager(){
- return securityManager;
- }
-
- public static PostProcessor getPostProcessor() {
- return postProcessor;
- }
-
- public static boolean isIntegratedSecurity(){
- return isIntegratedSecurity;
- }
-
- public static boolean isClientSecurityRequired() { // TODO: rename as isServerSecurityRequired
- return isServerSecurityRequired;
- }
-
- public static boolean isPeerSecurityRequired() { // TODO: rename as isClusterSecurityRequired
- return isClusterSecurityRequired;
- }
-
- public static boolean isJmxSecurityRequired() {
- return isJmxSecurityRequired;
- }
-
- public static boolean isGatewaySecurityRequired() {
- return isGatewaySecurityRequired;
- }
-
- public static boolean isHttpServiceSecurityRequired() {
- return isHttpSecurityRequired;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/com/gemstone/gemfire/internal/security/IntegratedSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/IntegratedSecurityService.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/IntegratedSecurityService.java
index d294859..0ab9d68 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/IntegratedSecurityService.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/IntegratedSecurityService.java
@@ -16,27 +16,52 @@
*/
package com.gemstone.gemfire.internal.security;
-import java.io.InvalidObjectException;
-import java.io.ObjectInputStream;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.IOException;
import java.io.Serializable;
+import java.lang.reflect.Method;
+import java.security.AccessController;
import java.util.Properties;
+import java.util.Set;
import java.util.concurrent.Callable;
+import org.apache.commons.lang.SerializationException;
+import org.apache.commons.lang.StringUtils;
+import org.apache.geode.security.PostProcessor;
import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.SecurableComponents;
import org.apache.geode.security.SecurityManager;
import org.apache.logging.log4j.Logger;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
+import org.apache.shiro.config.Ini.Section;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.util.ThreadState;
+import com.gemstone.gemfire.GemFireIOException;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.cache.EntryEventImpl;
import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
+import com.gemstone.gemfire.internal.security.shiro.GeodeAuthenticationToken;
+import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal;
+import com.gemstone.gemfire.internal.util.BlobHelper;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.security.NotAuthorizedException;
-/**
- * Default implementation of {@code SecurityService} for Integrated Security.
- *
- * <p>This class is serializable but always deserializes the singleton {@code defaultInstance}.
- */
-public class IntegratedSecurityService implements SecurityService, Serializable {
+public class IntegratedSecurityService implements SecurityService{
private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
@@ -49,190 +74,485 @@ public class IntegratedSecurityService implements SecurityService, Serializable
private IntegratedSecurityService() {
}
- @Override
- public ThreadState bindSubject(final Subject subject) {
- return GeodeSecurityUtil.bindSubject(subject);
- }
+ private PostProcessor postProcessor;
+ private SecurityManager securityManager;
- @Override
+ private boolean isIntegratedSecurity;
+
+ private boolean isClientAuthenticator; // is there a SECURITY_CLIENT_AUTHENTICATOR
+ private boolean isPeerAuthenticator; // is there a SECURITY_PEER_AUTHENTICATOR
+
+ private boolean isJmxSecurityRequired;
+ private boolean isHttpSecurityRequired;
+ private boolean isGatewaySecurityRequired;
+ private boolean isClusterSecurityRequired;
+ private boolean isServerSecurityRequired;
+
+ /**
+ * It first looks the shiro subject in AccessControlContext since JMX will
+ * use multiple threads to process operations from the same client, then it
+ * looks into Shiro's thead context.
+ *
+ * @return the shiro subject, null if security is not enabled
+ */
public Subject getSubject() {
- return GeodeSecurityUtil.getSubject();
+ if (!isIntegratedSecurity) {
+ return null;
+ }
+
+ Subject currentUser = null;
+
+ // First try get the principal out of AccessControlContext instead of Shiro's Thread context
+ // since threads can be shared between JMX clients.
+ javax.security.auth.Subject jmxSubject =
+ javax.security.auth.Subject.getSubject(AccessController.getContext());
+
+ if (jmxSubject != null) {
+ Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class);
+ if (principals.size() > 0) {
+ ShiroPrincipal principal = principals.iterator().next();
+ currentUser = principal.getSubject();
+ ThreadContext.bind(currentUser);
+ return currentUser;
+ }
+ }
+
+ // in other cases like admin rest call or pulse authorization
+ currentUser = SecurityUtils.getSubject();
+
+ if (currentUser == null || currentUser.getPrincipal() == null) {
+ throw new GemFireSecurityException("Error: Anonymous User");
+ }
+
+ return currentUser;
}
- @Override
- public Subject login(final Properties credentials) {
- return GeodeSecurityUtil.login(credentials);
+ /**
+ * convenient method for testing
+ * @param username
+ * @param password
+ * @return
+ */
+ public Subject login(String username, String password){
+ if(StringUtils.isBlank(username) || StringUtils.isBlank(password))
+ return null;
+
+ Properties credentials = new Properties();
+ credentials.setProperty(ResourceConstants.USER_NAME, username);
+ credentials.setProperty(ResourceConstants.PASSWORD, password);
+ return login(credentials);
}
- @Override
- public Subject login(final String username, final String password) {
- return GeodeSecurityUtil.login(username, password);
+ /**
+ * @return null if security is not enabled, otherwise return a shiro subject
+ */
+ public Subject login(Properties credentials) {
+ if (!isIntegratedSecurity) {
+ return null;
+ }
+
+ if(credentials == null)
+ return null;
+
+ // this makes sure it starts with a clean user object
+ ThreadContext.remove();
+
+ Subject currentUser = SecurityUtils.getSubject();
+ GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials);
+ try {
+ logger.info("Logging in " + token.getPrincipal());
+ currentUser.login(token);
+ }
+ catch (ShiroException e) {
+ logger.info(e.getMessage(), e);
+ throw new AuthenticationFailedException("Authentication error. Please check your credentials.", e);
+ }
+
+ return currentUser;
}
- @Override
public void logout() {
- GeodeSecurityUtil.logout();
+ Subject currentUser = getSubject();
+ if (currentUser == null) {
+ return;
+ }
+
+ try {
+ logger.info("Logging out " + currentUser.getPrincipal());
+ currentUser.logout();
+ }
+ catch (ShiroException e) {
+ logger.info(e.getMessage(), e);
+ throw new GemFireSecurityException(e.getMessage(), e);
+ }
+ // clean out Shiro's thread local content
+ ThreadContext.remove();
+ }
+
+ public Callable associateWith(Callable callable) {
+ Subject currentUser = getSubject();
+ if (currentUser == null) {
+ return callable;
+ }
+
+ return currentUser.associateWith(callable);
}
- @Override
- public Callable associateWith(final Callable callable) {
- return GeodeSecurityUtil.associateWith(callable);
+ /**
+ * this binds the passed-in subject to the executing thread, normally, you
+ * would do this:
+ *
+ * ThreadState state = null;
+ * try{
+ * state = IntegratedSecurityService.bindSubject(subject);
+ * //do the rest of the work as this subject
+ * }
+ * finally{
+ * if(state!=null)
+ * state.clear();
+ * }
+ */
+ public ThreadState bindSubject(Subject subject){
+ if (subject == null) {
+ return null;
+ }
+
+ ThreadState threadState = new SubjectThreadState(subject);
+ threadState.bind();
+ return threadState;
}
- @Override
- public void authorize(final ResourceOperation resourceOperation) {
- GeodeSecurityUtil.authorize(resourceOperation);
+ public void authorize(ResourceOperation resourceOperation) {
+ if (resourceOperation == null) {
+ return;
+ }
+
+ authorize(resourceOperation.resource().name(),
+ resourceOperation.operation().name(),
+ null);
}
- @Override
public void authorizeClusterManage() {
- GeodeSecurityUtil.authorizeClusterManage();
+ authorize("CLUSTER", "MANAGE");
}
- @Override
public void authorizeClusterWrite() {
- GeodeSecurityUtil.authorizeClusterWrite();
+ authorize("CLUSTER", "WRITE");
}
- @Override
public void authorizeClusterRead() {
- GeodeSecurityUtil.authorizeClusterRead();
+ authorize("CLUSTER", "READ");
}
- @Override
public void authorizeDataManage() {
- GeodeSecurityUtil.authorizeDataManage();
+ authorize("DATA", "MANAGE");
}
- @Override
public void authorizeDataWrite() {
- GeodeSecurityUtil.authorizeDataWrite();
+ authorize("DATA", "WRITE");
}
- @Override
public void authorizeDataRead() {
- GeodeSecurityUtil.authorizeDataRead();
+ authorize("DATA", "READ");
}
- @Override
- public void authorizeRegionManage(final String regionName) {
- GeodeSecurityUtil.authorizeRegionManage(regionName);
+ public void authorizeRegionManage(String regionName) {
+ authorize("DATA", "MANAGE", regionName);
}
- @Override
- public void authorizeRegionManage(final String regionName, final String key) {
- GeodeSecurityUtil.authorizeRegionManage(regionName, key);
+ public void authorizeRegionManage(String regionName, String key) {
+ authorize("DATA", "MANAGE", regionName, key);
}
- @Override
- public void authorizeRegionWrite(final String regionName) {
- GeodeSecurityUtil.authorizeRegionWrite(regionName);
+ public void authorizeRegionWrite(String regionName) {
+ authorize("DATA", "WRITE", regionName);
}
- @Override
- public void authorizeRegionWrite(final String regionName, final String key) {
- GeodeSecurityUtil.authorizeRegionWrite(regionName, key);
+ public void authorizeRegionWrite(String regionName, String key) {
+ authorize("DATA", "WRITE", regionName, key);
}
- @Override
- public void authorizeRegionRead(final String regionName) {
- GeodeSecurityUtil.authorizeRegionRead(regionName);
+ public void authorizeRegionRead(String regionName) {
+ authorize("DATA", "READ", regionName);
}
- @Override
- public void authorizeRegionRead(final String regionName, final String key) {
- GeodeSecurityUtil.authorizeRegionRead(regionName, key);
+ public void authorizeRegionRead(String regionName, String key) {
+ authorize("DATA", "READ", regionName, key);
}
- @Override
- public void authorize(final String resource, final String operation) {
- GeodeSecurityUtil.authorize(resource, operation);
+ public void authorize(String resource, String operation) {
+ authorize(resource, operation, null);
}
- @Override
- public void authorize(final ResourcePermission context) {
- GeodeSecurityUtil.authorize(context);
+ private void authorize(String resource, String operation, String regionName){
+ authorize(resource, operation, regionName, null);
}
- @Override
- public void initSecurity(final Properties securityProps) {
- GeodeSecurityUtil.initSecurity(securityProps);
+ private void authorize(String resource, String operation, String regionName, String key) {
+ regionName = StringUtils.stripStart(regionName, "/");
+ authorize(new ResourcePermission(resource, operation, regionName, key));
}
- @Override
- public void close() {
- GeodeSecurityUtil.close();
+ public void authorize(ResourcePermission context) {
+ Subject currentUser = getSubject();
+ if (currentUser == null) {
+ return;
+ }
+
+ if (context == null) {
+ return;
+ }
+
+ if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) {
+ return;
+ }
+
+ try {
+ currentUser.checkPermission(context);
+ }
+ catch (ShiroException e) {
+ String msg = currentUser.getPrincipal() + " not authorized for " + context;
+ logger.info(msg);
+ throw new NotAuthorizedException(msg, e);
+ }
}
- @Override
- public boolean needPostProcess() {
- return GeodeSecurityUtil.needPostProcess();
+ /**
+ * initialize Shiro's Security Manager and Security Utilities
+ */
+ public void initSecurity(Properties securityProps) {
+ if (securityProps == null) {
+ return;
+ }
+
+ String enabledComponentsString = securityProps.getProperty(SECURITY_ENABLED_COMPONENTS);
+ if (enabledComponentsString == null) {
+ enabledComponentsString = DistributionConfig.DEFAULT_SECURITY_ENABLED_COMPONENTS;
+ }
+
+ boolean isClusterSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.CLUSTER);
+ boolean isGatewaySecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.GATEWAY);
+ boolean isHttpSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.HTTP_SERVICE);
+ boolean isJmxSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.JMX);
+ boolean isServerSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.SERVER);
+
+ String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
+ String securityConfig = securityProps.getProperty(SECURITY_MANAGER);
+ String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
+ String peerAuthenticatorConfig = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
+
+ if (!StringUtils.isBlank(shiroConfig)) {
+ IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
+
+ // we will need to make sure that shiro uses a case sensitive permission resolver
+ Section main = factory.getIni().addSection("main");
+ main.put("geodePermissionResolver", "com.gemstone.gemfire.internal.security.shiro.GeodePermissionResolver");
+ if (!main.containsKey("iniRealm.permissionResolver")) {
+ main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
+ }
+
+ org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
+ SecurityUtils.setSecurityManager(securityManager);
+ isIntegratedSecurity = true;
+ }
+ // only set up shiro realm if user has implemented SecurityManager
+ else if (!StringUtils.isBlank(securityConfig)) {
+ securityManager = getObjectOfTypeFromClassName(securityConfig, SecurityManager.class);
+ securityManager.init(securityProps);
+ Realm realm = new CustomAuthRealm(securityManager);
+ org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm);
+ SecurityUtils.setSecurityManager(shiroManager);
+ isIntegratedSecurity = true;
+ }
+ else if( !StringUtils.isBlank(clientAuthenticatorConfig)) {
+ isClientAuthenticator = true;
+ }
+ else if (!StringUtils.isBlank(peerAuthenticatorConfig)) {
+ isPeerAuthenticator = true;
+ }
+ else {
+ isIntegratedSecurity = false;
+ isClientAuthenticator = false;
+ isPeerAuthenticator = false;
+ }
+
+ isServerSecurityRequired = isClientAuthenticator || (isIntegratedSecurity && isServerSecured);
+ isClusterSecurityRequired = isPeerAuthenticator || (isIntegratedSecurity && isClusterSecured);
+
+ isGatewaySecurityRequired = isClientAuthenticator || (isIntegratedSecurity && isGatewaySecured);
+ isHttpSecurityRequired = isIntegratedSecurity && isHttpSecured;
+ isJmxSecurityRequired = isIntegratedSecurity && isJmxSecured;
+
+ // this initializes the post processor
+ String customPostProcessor = securityProps.getProperty(SECURITY_POST_PROCESSOR);
+ if( !StringUtils.isBlank(customPostProcessor)) {
+ postProcessor = getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class);
+ postProcessor.init(securityProps);
+ }
+ else{
+ postProcessor = null;
+ }
}
- @Override
- public Object postProcess(final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) {
- return GeodeSecurityUtil.postProcess(regionPath, key, value, valueIsSerialized);
+ public void close() {
+ if (securityManager != null) {
+ securityManager.close();
+ securityManager = null;
+ }
+
+ if (postProcessor != null) {
+ postProcessor.close();
+ postProcessor = null;
+ }
+ ThreadContext.remove();
+ isIntegratedSecurity = false;
+ isClientAuthenticator = false;
+ isPeerAuthenticator = false;
}
- @Override
- public Object postProcess(final Serializable principal, final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) {
- return GeodeSecurityUtil.postProcess(principal, regionPath, key, value, valueIsSerialized);
+ /**
+ * postProcess call already has this logic built in, you don't need to call
+ * this everytime you call postProcess. But if your postProcess is pretty
+ * involved with preparations and you need to bypass it entirely, call this
+ * first.
+ */
+ public boolean needPostProcess(){
+ return (isIntegratedSecurity && postProcessor != null);
}
- @Override
- public boolean isClientSecurityRequired() {
- return GeodeSecurityUtil.isClientSecurityRequired();
+ public Object postProcess(String regionPath, Object key, Object value, boolean valueIsSerialized){
+ return postProcess(null, regionPath, key, value, valueIsSerialized);
}
- @Override
- public boolean isJmxSecurityRequired() {
- return GeodeSecurityUtil.isJmxSecurityRequired();
+ public Object postProcess(Object principal, String regionPath, Object key, Object value, boolean valueIsSerialized) {
+ if (!needPostProcess())
+ return value;
+
+ if (principal == null) {
+ Subject subject = getSubject();
+ if (subject == null)
+ return value;
+ principal = (Serializable) subject.getPrincipal();
+ }
+
+ String regionName = StringUtils.stripStart(regionPath, "/");
+ Object newValue = null;
+
+ // if the data is a byte array, but the data itself is supposed to be an object, we need to desearized it before we pass
+ // it to the callback.
+ if (valueIsSerialized && value instanceof byte[]) {
+ try {
+ Object oldObj = EntryEventImpl.deserialize((byte[]) value);
+ Object newObj = postProcessor.processRegionValue(principal, regionName, key, oldObj);
+ newValue = BlobHelper.serializeToBlob(newObj);
+ } catch (IOException|SerializationException e) {
+ throw new GemFireIOException("Exception de/serializing entry value", e);
+ }
+ }
+ else {
+ newValue = postProcessor.processRegionValue(principal, regionName, key, value);
+ }
+
+ return newValue;
}
- @Override
- public boolean isGatewaySecurityRequired() {
- return GeodeSecurityUtil.isGatewaySecurityRequired();
+ private static void checkSameClass(Object obj1, Object obj2){
+
}
- @Override
- public boolean isHttpSecurityRequired() {
- return GeodeSecurityUtil.isHttpServiceSecurityRequired();
+ /**
+ * this method would never return null, it either throws an exception or
+ * returns an object
+ */
+ public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
+ Class actualClass = null;
+ try {
+ actualClass = ClassLoadUtil.classFromName(className);
+ }
+ catch (Exception ex) {
+ throw new GemFireSecurityException("Instance could not be obtained, "+ex.toString(), ex);
+ }
+
+ if(!expectedClazz.isAssignableFrom(actualClass)){
+ throw new GemFireSecurityException("Instance could not be obtained. Expecting a "+expectedClazz.getName()+" class.");
+ }
+
+ T actualObject = null;
+ try {
+ actualObject = (T)actualClass.newInstance();
+ } catch (Exception e) {
+ throw new GemFireSecurityException("Instance could not be obtained. Error instantiating "+actualClass.getName(), e);
+ }
+ return actualObject;
+ }
+
+ /**
+ * this method would never return null, it either throws an exception or
+ * returns an object
+ */
+ public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz){
+ T actualObject = null;
+ try {
+ Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
+ actualObject = (T)factoryMethod.invoke(null, (Object[])null);
+ } catch (Exception e) {
+ throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName, e);
+ }
+
+ if(actualObject == null){
+ throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName);
+ }
+
+ return actualObject;
}
- @Override
- public boolean isPeerSecurityRequired() {
- return GeodeSecurityUtil.isPeerSecurityRequired();
+ /**
+ * this method would never return null, it either throws an exception or
+ * returns an object
+ *
+ * @return an object of type expectedClazz. This method would never return
+ * null. It either returns an non-null object or throws exception.
+ */
+ public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
+ T object = null;
+ try{
+ object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
+ }
+ catch (Exception e){
+ object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
+ }
+ return object;
}
- @Override
- public boolean isIntegratedSecurity() {
- return GeodeSecurityUtil.isIntegratedSecurity();
+ public SecurityManager getSecurityManager(){
+ return securityManager;
}
- @Override
- public SecurityManager getSecurityManager() {
- return GeodeSecurityUtil.getSecurityManager();
+ public PostProcessor getPostProcessor() {
+ return postProcessor;
}
+ public boolean isIntegratedSecurity(){
+ return isIntegratedSecurity;
+ }
- private void readObject(final ObjectInputStream stream) throws InvalidObjectException {
- throw new InvalidObjectException("SerializationProxy required");
+ public boolean isClientSecurityRequired() { // TODO: rename as isServerSecurityRequired
+ return isServerSecurityRequired;
}
- private Object writeReplace() {
- return new SerializationProxy();
+ public boolean isPeerSecurityRequired() { // TODO: rename as isClusterSecurityRequired
+ return isClusterSecurityRequired;
}
- /**
- * Serialization proxy for {@code IntegratedSecurityService}.
- */
- private static class SerializationProxy implements Serializable {
+ public boolean isJmxSecurityRequired() {
+ return isJmxSecurityRequired;
+ }
- SerializationProxy() {
- }
+ public boolean isGatewaySecurityRequired() {
+ return isGatewaySecurityRequired;
+ }
- private Object readResolve() {
- return getSecurityService();
- }
+ public boolean isHttpSecurityRequired() {
+ return isHttpSecurityRequired;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/com/gemstone/gemfire/internal/security/SecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/SecurityService.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/SecurityService.java
index c975751..89e7d1f 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/SecurityService.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/SecurityService.java
@@ -16,10 +16,10 @@
*/
package com.gemstone.gemfire.internal.security;
-import java.io.Serializable;
import java.util.Properties;
import java.util.concurrent.Callable;
+import org.apache.geode.security.PostProcessor;
import org.apache.geode.security.ResourcePermission;
import org.apache.geode.security.SecurityManager;
import org.apache.shiro.subject.Subject;
@@ -54,7 +54,7 @@ public interface SecurityService {
void close();
boolean needPostProcess();
Object postProcess(String regionPath, Object key, Object value, boolean valueIsSerialized);
- Object postProcess(Serializable principal, String regionPath, Object key, Object value, boolean valueIsSerialized);
+ Object postProcess(Object principal, String regionPath, Object key, Object value, boolean valueIsSerialized);
boolean isClientSecurityRequired();
boolean isJmxSecurityRequired();
boolean isGatewaySecurityRequired();
@@ -62,16 +62,21 @@ public interface SecurityService {
boolean isPeerSecurityRequired();
boolean isIntegratedSecurity();
SecurityManager getSecurityManager();
+ PostProcessor getPostProcessor();
static <T> T getObjectOfType(String factoryName, Class<T> clazz) {
- return GeodeSecurityUtil.getObjectOfType(factoryName, clazz);
+ return IntegratedSecurityService.getObjectOfType(factoryName, clazz);
}
static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz) {
- return GeodeSecurityUtil.getObjectOfTypeFromFactoryMethod(factoryMethodName, expectedClazz);
+ return IntegratedSecurityService.getObjectOfTypeFromFactoryMethod(factoryMethodName, expectedClazz);
}
static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
- return GeodeSecurityUtil.getObjectOfTypeFromClassName(className, expectedClazz);
+ return IntegratedSecurityService.getObjectOfTypeFromClassName(className, expectedClazz);
+ }
+
+ static SecurityService getSecurityService(){
+ return IntegratedSecurityService.getSecurityService();
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
index ad27ec3..f2cd030 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
@@ -46,6 +46,7 @@ public class CustomAuthRealm extends AuthorizingRealm {
*/
public CustomAuthRealm(SecurityManager securityManager) {
this.securityManager = securityManager;
+ setAuthenticationTokenClass(GeodeAuthenticationToken.class);
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
index a9cc0ed..bb697ab 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
@@ -56,10 +56,10 @@ import com.gemstone.gemfire.internal.GemFireVersion;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
import com.gemstone.gemfire.internal.net.SocketCreator;
import com.gemstone.gemfire.internal.net.SocketCreatorFactory;
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.internal.security.SecurableCommunicationChannel;
import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator;
import com.gemstone.gemfire.internal.tcp.TCPConduit;
@@ -496,7 +496,7 @@ public class ManagementAgent {
private boolean isIntegratedSecurity() {
- return GeodeSecurityUtil.isJmxSecurityRequired();
+ return IntegratedSecurityService.getSecurityService().isJmxSecurityRequired();
}
private static class GemFireRMIClientSocketFactory implements RMIClientSocketFactory, Serializable {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/domain/DataCommandRequest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/domain/DataCommandRequest.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/domain/DataCommandRequest.java
index 76582c3..e9d667b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/domain/DataCommandRequest.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/domain/DataCommandRequest.java
@@ -46,7 +46,7 @@ public class DataCommandRequest implements /*Data*/ Serializable{
private String removeAllKeys;
private String value;
private String valueClass;
- private Serializable principal;
+ private Object principal;
public static final String NEW_LINE = System.getProperty("line.separator");
@@ -136,7 +136,7 @@ public class DataCommandRequest implements /*Data*/ Serializable{
public boolean isLoadOnCacheMiss() {
return loadOnCacheMiss;
}
- public Serializable getPrincipal() {
+ public Object getPrincipal() {
return principal;
}
@@ -184,7 +184,7 @@ public class DataCommandRequest implements /*Data*/ Serializable{
this.loadOnCacheMiss = loadOnCacheMiss;
}
- public void setPrincipal(Serializable principal){
+ public void setPrincipal(Object principal){
this.principal = principal;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
index 2708242..77591d0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
@@ -63,7 +63,6 @@ import com.gemstone.gemfire.internal.InternalEntity;
import com.gemstone.gemfire.internal.NanoTimer;
import com.gemstone.gemfire.internal.cache.PartitionedRegion;
import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
import com.gemstone.gemfire.internal.security.SecurityService;
import com.gemstone.gemfire.management.cli.Result;
import com.gemstone.gemfire.management.internal.cli.CliUtil;
@@ -99,7 +98,8 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnt
protected static final String SELECT_STEP_EXEC = "SELECT_EXEC";
private static final int NESTED_JSON_LENGTH = 20;
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+ // this needs to be static so that it won't get serialized
+ private static SecurityService securityService = SecurityService.getSecurityService();
@Override
public String getId() {
@@ -223,7 +223,7 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnt
}
@SuppressWarnings("rawtypes")
- private DataCommandResult select(Serializable principal, String queryString) {
+ private DataCommandResult select(Object principal, String queryString) {
Cache cache = CacheFactory.getAnyInstance();
AtomicInteger nestedObjectCount = new AtomicInteger(0);
@@ -423,7 +423,7 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnt
}
@SuppressWarnings({ "rawtypes" })
- public DataCommandResult get(Serializable principal, String key, String keyClass, String valueClass, String regionName, Boolean loadOnCacheMiss) {
+ public DataCommandResult get(Object principal, String key, String keyClass, String valueClass, String regionName, Boolean loadOnCacheMiss) {
Cache cache = CacheFactory.getAnyInstance();
@@ -879,7 +879,7 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnt
private static final long serialVersionUID = 1L;
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+ private static SecurityService securityService = SecurityService.getSecurityService();
public SelectExecStep(Object[] arguments) {
super(SELECT_STEP_EXEC, arguments);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
index 3c50ecc..8b259d6 100644
--- a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
@@ -17,7 +17,6 @@
package org.apache.geode.security;
-import java.io.Serializable;
import java.util.Properties;
/**
@@ -49,7 +48,7 @@ public interface PostProcessor {
* @return
* the value that will be returned to the requester
*/
- Object processRegionValue(Serializable principal, String regionName, Object key, Object value);
+ Object processRegionValue(Object principal, String regionName, Object key, Object value);
/**
* Give the implementation a chance to close the resources used.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
index bcf40cf..5f47d7c 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
@@ -16,7 +16,6 @@
*/
package org.apache.geode.security.templates;
-import java.io.Serializable;
import java.security.Principal;
import java.util.Properties;
@@ -45,7 +44,7 @@ public class SamplePostProcessor implements PostProcessor{
* @return the processed value
*/
@Override
- public Object processRegionValue(Serializable principal,
+ public Object processRegionValue(Object principal,
String regionName,
Object key,
Object value) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
deleted file mode 100644
index 6ab1d4b..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.internal.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static org.assertj.core.api.Java6Assertions.*;
-import static org.junit.Assert.*;
-
-import java.util.Properties;
-
-import org.apache.geode.security.templates.SampleSecurityManager;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import org.apache.geode.security.SecurableComponents;
-import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
-@Category(UnitTest.class)
-public class GeodeSecurityUtilTest {
-
- private Properties properties;
-
- @Before
- public void before() {
- properties = new Properties();
- GeodeSecurityUtil.initSecurity(properties);
- }
-
- @Test
- public void testGetObjectFromConstructor() {
- String string = GeodeSecurityUtil.getObjectOfType(String.class.getName(), String.class);
- assertNotNull(string);
-
- CharSequence charSequence = GeodeSecurityUtil.getObjectOfType(String.class.getName(), CharSequence.class);
- assertNotNull(charSequence);
-
- assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType("com.abc.testString", String.class)).isInstanceOf(GemFireSecurityException.class);
-
- assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType(String.class.getName(), Boolean.class)).isInstanceOf(GemFireSecurityException.class);
-
- assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType("", String.class)).isInstanceOf(GemFireSecurityException.class);
-
- assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType(null, String.class)).isInstanceOf(GemFireSecurityException.class);
-
- assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType(" ", String.class)).isInstanceOf(GemFireSecurityException.class);
- }
-
- @Test
- public void testGetObjectFromFactoryMethod() {
- String string = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class);
- assertNotNull(string);
-
- CharSequence charSequence = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class);
- assertNotNull(charSequence);
-
- assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getStringNonStatic", String.class))
- .isInstanceOf(GemFireSecurityException.class);
-
- assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getNullString", String.class))
- .isInstanceOf(GemFireSecurityException.class);
- }
-
- @Test
- public void testInitialSecurityFlags() {
- // initial state of GeodeSecurityUtil
- assertFalse(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
- assertFalse(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertFalse(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertFalse(GeodeSecurityUtil.isJmxSecurityRequired());
- assertFalse(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void testInitWithSecurityManager() {
- properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
- assertTrue(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertTrue(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertTrue(GeodeSecurityUtil.isJmxSecurityRequired());
- assertTrue(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void testInitWithClientAuthenticator() {
- properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test");
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertFalse(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
- assertTrue(GeodeSecurityUtil.isGatewaySecurityRequired());
-
- assertFalse(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertFalse(GeodeSecurityUtil.isJmxSecurityRequired());
- assertFalse(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void testInitWithPeerAuthenticator() {
- properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test");
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertFalse(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
- assertFalse(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertFalse(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertFalse(GeodeSecurityUtil.isJmxSecurityRequired());
- assertTrue(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void testInitWithShiroAuthenticator() {
- properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
- assertTrue(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertTrue(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertTrue(GeodeSecurityUtil.isJmxSecurityRequired());
- assertTrue(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void allEnabledWithSecurityManager() {
- properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
- properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL);
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
- assertTrue(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertTrue(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertTrue(GeodeSecurityUtil.isJmxSecurityRequired());
- assertTrue(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void emptyEnabledWithSecurityManager() {
- properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
- properties.setProperty(SECURITY_ENABLED_COMPONENTS,"");
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
- assertFalse(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertFalse(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertFalse(GeodeSecurityUtil.isJmxSecurityRequired());
- assertFalse(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void noneEnabledWithSecurityManager() {
- properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
- properties.setProperty(SECURITY_ENABLED_COMPONENTS,"none");
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
- assertFalse(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertFalse(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertFalse(GeodeSecurityUtil.isJmxSecurityRequired());
- assertFalse(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void allSecurableComponentsWithoutAnySecurity() {
- properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL);
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertFalse(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
- assertFalse(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertFalse(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertFalse(GeodeSecurityUtil.isJmxSecurityRequired());
- assertFalse(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void oneSecurableComponentEnabledWithSecurityManager() {
- properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
- properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX);
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
- assertFalse(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertFalse(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertTrue(GeodeSecurityUtil.isJmxSecurityRequired());
- assertFalse(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void twoSecurableComponentEnabledWithSecurityManager() {
- properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
- properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.SERVER);
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
- assertFalse(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertFalse(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertTrue(GeodeSecurityUtil.isJmxSecurityRequired());
- assertFalse(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- @Test
- public void manySecurableComponentEnabledWithSecurityManager() {
- properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
- properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.SERVER + "," + SecurableComponents.CLUSTER);
-
- GeodeSecurityUtil.initSecurity(properties);
-
- assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
-
- assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
- assertFalse(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertFalse(GeodeSecurityUtil.isHttpServiceSecurityRequired());
- assertTrue(GeodeSecurityUtil.isJmxSecurityRequired());
- assertTrue(GeodeSecurityUtil.isPeerSecurityRequired());
- }
-
- private static class Factories{
-
- public static String getString(){
- return new String();
- }
-
- public static String getNullString(){
- return null;
- }
-
- public String getStringNonStatic(){
- return new String();
- }
-
- public static Boolean getBoolean(){
- return Boolean.TRUE;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/internal/security/IntegratedSecurityServiceTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/IntegratedSecurityServiceTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/IntegratedSecurityServiceTest.java
new file mode 100644
index 0000000..8acff9f
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/IntegratedSecurityServiceTest.java
@@ -0,0 +1,290 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.internal.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Java6Assertions.*;
+import static org.junit.Assert.*;
+
+import java.util.Properties;
+
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.security.SecurableComponents;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+@Category(UnitTest.class)
+public class IntegratedSecurityServiceTest {
+
+ private Properties properties;
+ private SecurityService securityService;
+
+ @Before
+ public void before() {
+ properties = new Properties();
+ securityService = SecurityService.getSecurityService();
+ securityService.initSecurity(properties);
+ }
+
+ @Test
+ public void testGetObjectFromConstructor() {
+ String string = IntegratedSecurityService.getObjectOfType(String.class.getName(), String.class);
+ assertNotNull(string);
+
+ CharSequence charSequence = IntegratedSecurityService.getObjectOfType(String.class.getName(), CharSequence.class);
+ assertNotNull(charSequence);
+
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType("com.abc.testString", String.class)).isInstanceOf(GemFireSecurityException.class);
+
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(String.class.getName(), Boolean.class)).isInstanceOf(GemFireSecurityException.class);
+
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType("", String.class)).isInstanceOf(GemFireSecurityException.class);
+
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(null, String.class)).isInstanceOf(GemFireSecurityException.class);
+
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(" ", String.class)).isInstanceOf(GemFireSecurityException.class);
+ }
+
+ @Test
+ public void testGetObjectFromFactoryMethod() {
+ String string = IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class);
+ assertNotNull(string);
+
+ CharSequence charSequence = IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class);
+ assertNotNull(charSequence);
+
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getStringNonStatic", String.class))
+ .isInstanceOf(GemFireSecurityException.class);
+
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getNullString", String.class))
+ .isInstanceOf(GemFireSecurityException.class);
+ }
+
+ @Test
+ public void testInitialSecurityFlags() {
+ // initial state of IntegratedSecurityService
+ assertFalse(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void testInitWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertTrue(securityService.isClientSecurityRequired());
+ assertTrue(securityService.isGatewaySecurityRequired());
+ assertTrue(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertTrue(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void testInitWithClientAuthenticator() {
+ properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test");
+
+ securityService.initSecurity(properties);
+
+ assertFalse(securityService.isIntegratedSecurity());
+
+ assertTrue(securityService.isClientSecurityRequired());
+ assertTrue(securityService.isGatewaySecurityRequired());
+
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void testInitWithPeerAuthenticator() {
+ properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test");
+
+ securityService.initSecurity(properties);
+
+ assertFalse(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
+ assertTrue(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void testInitWithShiroAuthenticator() {
+ properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertTrue(securityService.isClientSecurityRequired());
+ assertTrue(securityService.isGatewaySecurityRequired());
+ assertTrue(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertTrue(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void allEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL);
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertTrue(securityService.isClientSecurityRequired());
+ assertTrue(securityService.isGatewaySecurityRequired());
+ assertTrue(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertTrue(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void emptyEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS,"");
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void noneEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS,"none");
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void allSecurableComponentsWithoutAnySecurity() {
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL);
+
+ securityService.initSecurity(properties);
+
+ assertFalse(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void oneSecurableComponentEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX);
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void twoSecurableComponentEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.SERVER);
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertTrue(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void manySecurableComponentEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.SERVER + "," + SecurableComponents.CLUSTER);
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertTrue(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertTrue(securityService.isPeerSecurityRequired());
+ }
+
+ private static class Factories{
+
+ public static String getString(){
+ return new String();
+ }
+
+ public static String getNullString(){
+ return null;
+ }
+
+ public String getStringNonStatic(){
+ return new String();
+ }
+
+ public static Boolean getBoolean(){
+ return Boolean.TRUE;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ee27d73c/geode-core/src/test/java/com/gemstone/gemfire/internal/security/SecurityConfigIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/SecurityConfigIntegrationTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/SecurityConfigIntegrationTest.java
index d0a2130..68aaa3c 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/SecurityConfigIntegrationTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/SecurityConfigIntegrationTest.java
@@ -35,6 +35,7 @@ public class SecurityConfigIntegrationTest {
@Test
public void securityEnabledComponentsDefaultShouldBeAll() throws Exception {
+ SecurityService securityService = SecurityService.getSecurityService();
Properties props = new Properties();
props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
props.put(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
@@ -45,12 +46,12 @@ public class SecurityConfigIntegrationTest {
assertThat(securityProps).containsKeys(SECURITY_MANAGER, SECURITY_ENABLED_COMPONENTS);
assertThat(securityProps.getProperty(SECURITY_ENABLED_COMPONENTS)).isEqualTo(SecurableComponents.ALL);
- GeodeSecurityUtil.initSecurity(securityProps);
+ securityService.initSecurity(securityProps);
- assertThat(GeodeSecurityUtil.isClientSecurityRequired());
- assertThat(GeodeSecurityUtil.isGatewaySecurityRequired());
- assertThat(GeodeSecurityUtil.isPeerSecurityRequired());
- assertThat(GeodeSecurityUtil.isJmxSecurityRequired());
- assertThat(GeodeSecurityUtil.isHttpServiceSecurityRequired());
+ assertThat(securityService.isClientSecurityRequired());
+ assertThat(securityService.isGatewaySecurityRequired());
+ assertThat(securityService.isPeerSecurityRequired());
+ assertThat(securityService.isJmxSecurityRequired());
+ assertThat(securityService.isHttpSecurityRequired());
}
}