You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@geode.apache.org by GitBox <gi...@apache.org> on 2021/07/27 17:06:01 UTC
[GitHub] [geode] kirklund commented on a change in pull request #6721: GEODE-9456, GEODE-9452: Authentication Expiration

kirklund commented on a change in pull request #6721:
URL: https://github.com/apache/geode/pull/6721#discussion_r677633879



##########
File path: geode-core/src/main/java/org/apache/geode/security/AuthenticationExpiredException.java
##########
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.security;
+
+public class AuthenticationExpiredException extends AuthenticationRequiredException {

Review comment:
       Since this is a new User API class, we need javadocs on it. Also, please add a serialVersionUID.

##########
File path: geode-junit/src/main/java/org/apache/geode/security/NewCredentialAuthInitialize.java
##########
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.security;
+
+import java.util.Properties;
+
+import org.apache.geode.distributed.DistributedMember;
+
+/**
+ * this is used in conjunction with ExpirableSecurityManager. It will create a new set of
+ * credentials every time getCredentials are called, and they will always be authenticated
+ * and authorized by the ExpirableSecurityManager.
+ *
+ * make sure reset is called after each test to clean things up.
+ */
+
+
+public class NewCredentialAuthInitialize implements AuthInitialize {
+  private static int count;
+
+  @Override
+  public Properties getCredentials(Properties securityProps, DistributedMember server,
+      boolean isPeer) throws AuthenticationFailedException {
+    count++;

Review comment:
       This isn't thread-safe. Unless you're sure that only one thread will ever touch this method, you should change `count` to be an `AtomicInteger`. The count also belongs to the instance rather than the class, so just make it an instance field:
   ```
   private final AtomicInteger count = new AtomicInteger();
   ```
   Then change the two static methods to instance methods.

##########
File path: geode-core/src/integrationTest/java/org/apache/geode/management/internal/security/SecurityWithExpirationIniIntegrationTest.java
##########
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.management.internal.security;
+
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+import java.util.Properties;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.security.SecurityServiceFactory;
+import org.apache.geode.security.AuthenticationExpiredException;
+import org.apache.geode.security.ExpirableSecurityManager;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({SecurityTest.class})
+public class SecurityWithExpirationIniIntegrationTest {
+
+  protected Properties props = new Properties();
+
+  protected SecurityService securityService;
+
+  @Before
+  public void before() throws Exception {
+    this.props.setProperty(SECURITY_MANAGER, ExpirableSecurityManager.class.getName());

Review comment:
       note: don't need `this.`

##########
File path: geode-junit/src/main/java/org/apache/geode/security/ExpirableSecurityManager.java
##########
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.security;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.geode.examples.SimpleSecurityManager;
+
+/**
+ * this is a test security manager that will authenticate credentials when username matches the
+ * password. It will authorize all operations. It keeps a list of expired users, and will throw
+ * AuthenticationExpiredException if the user is in that list. This security manager is usually used
+ * with NewCredentialAuthInitialize.
+ *
+ * make sure to call reset after each test to clean things up.
+ */
+
+public class ExpirableSecurityManager extends SimpleSecurityManager {
+  private static List<String> EXPIRED_USERS = new ArrayList<>();

Review comment:
       Statics should be reserved for constants or concepts that pertain to the class itself. Expired users as a concept belongs to the instance. This static variable would be better off as an instance field:
   ```
   private final List<String> expiredUsers = new ArrayList<>();
   ```
   The static methods would become instance methods.
   
   




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org