You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/06/21 03:14:30 UTC
[9/9] incubator-geode git commit: GEODE-1571: adding integrated
security to client-server and fix the tests
GEODE-1571: adding integrated security to client-server and fix the tests
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/6cd2ff95
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/6cd2ff95
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/6cd2ff95
Branch: refs/heads/feature/GEODE-1571
Commit: 6cd2ff956bb7b2fb71a3f6e00cd333b08628c2b4
Parents: ea9a585
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Mon Jun 20 19:59:54 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Mon Jun 20 20:08:58 2016 -0700
----------------------------------------------------------------------
.../internal/cache/tier/sockets/ClientUserAuths.java | 7 +++++--
.../cache/tier/sockets/ServerConnection.java | 4 ----
.../cache/tier/sockets/ServerHandShakeProcessor.java | 3 +--
.../gemfire/internal/security/GeodeSecurityUtil.java | 3 +++
.../internal/security/CliCommandsSecurityTest.java | 2 +-
.../GeodeSecurityUtilWithIniFileJUnitTest.java | 14 +++++++-------
.../internal/security/GfshCommandsSecurityTest.java | 2 +-
.../security/IntegratedClientAuthDUnitTest.java | 15 +++++++--------
8 files changed, 25 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
index 840bbfc..27f7fa8 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
@@ -21,14 +21,17 @@ import java.util.Map;
import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
+
+import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import org.apache.shiro.subject.Subject;
-
public class ClientUserAuths
{
+ private static Logger logger = LogService.getLogger();
// private AtomicLong counter = new AtomicLong(1);
private Random uniqueIdGenerator = null;
private int m_seed;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
index 39c4cc7..27cb62a 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
@@ -413,10 +413,6 @@ public class ServerConnection implements Runnable {
public Version getClientVersion() {
return this.handshake.getVersion();
}
-
- public ClientUserAuths getClientUserAuths(){
- return this.clientUserAuths;
- }
protected void setProxyId(ClientProxyMembershipID proxyId) {
this.proxyId = proxyId;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
index eef147a..d697338 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
@@ -313,8 +313,7 @@ public class ServerHandShakeProcessor {
long uniqueId;
if(principal instanceof Subject){
- uniqueId = connection.getClientUserAuths().putSubject((Subject)principal);
- logger.info("Put subject in Map: "+uniqueId+" for "+ ((Subject)principal).getPrincipal());
+ uniqueId = connection.getClientUserAuths(connection.getProxyID()).putSubject((Subject)principal);
}
else {
//this sets principal in map as well....
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 17bfec0..e1b29bc 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -108,6 +108,9 @@ public class GeodeSecurityUtil {
return null;
}
+ // this makes sure it starts with a clean user object
+ ThreadContext.remove();
+
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token =
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
index 55284b4..abcafaf 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
@@ -73,7 +73,7 @@ public class CliCommandsSecurityTest {
}
catch(NotAuthorizedException e){
assertTrue(e.getMessage()+" should contain "+command.getPermission(),
- e.getMessage().contains("["+command.getPermission().toString()+"]"));
+ e.getMessage().contains(command.getPermission().toString()));
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
index c44e364..f71b0f8 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
@@ -22,18 +22,18 @@ import static org.assertj.core.api.Assertions.*;
import java.util.Properties;
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.security.GeodePermission;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
import org.apache.shiro.util.ThreadContext;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.security.GeodePermission;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
/**
* this test and ShiroUtilCustomRealmJUunitTest uses the same test body, but initialize the SecurityUtils differently.
* If you change shiro.ini, remmber to change the shiro-ini.json to match the changes as well.
@@ -141,7 +141,7 @@ public class GeodeSecurityUtilWithIniFileJUnitTest {
}
private void assertNotAuthorized(GeodePermission context){
- assertThatThrownBy(()-> GeodeSecurityUtil.authorize(context)).isInstanceOf(GemFireSecurityException.class).hasMessageContaining("["+context.toString()+"]");
+ assertThatThrownBy(()-> GeodeSecurityUtil.authorize(context)).isInstanceOf(GemFireSecurityException.class).hasMessageContaining(context.toString());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
index dda844e..6d42aa8 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
@@ -168,7 +168,7 @@ public class GfshCommandsSecurityTest {
assertEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED, ((ErrorResultData) result.getResultData()).getErrorCode());
String resultMessage = result.getContent().toString();
String permString = other.getPermission().toString();
- assertTrue(resultMessage+" does not contain "+permString,resultMessage.contains("["+permString+"]"));
+ assertTrue(resultMessage+" does not contain "+permString,resultMessage.contains(permString));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
index dbd88a9..6aef2a1 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
@@ -85,13 +85,13 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
keys.add("key1");
keys.add("key2");
-// // have one client log in as authorized user to put some data in the regions first.
-// client2.invoke(()->{
-// Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
-// final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-// region.putAll(allValues);
-// cache.close();
-// });
+ // have one client log in as authorized user to put some data in the regions first.
+ client2.invoke(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ region.putAll(allValues);
+ cache.close();
+ });
// client1 connects to server as a user not authorized to do any operations
AsyncInvocation ai1 = client1.invokeAsync(()->{
@@ -162,7 +162,6 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
});
ai1.join();
-
ai2.join();
ai3.join();