You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kl...@apache.org on 2016/03/12 02:20:52 UTC
[2/3] incubator-geode git commit: Reformat security test classes
Reformat security test classes
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/a6388000
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/a6388000
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/a6388000
Branch: refs/heads/feature/GEODE-949-2
Commit: a63880009bda01a247c0f0d1ead4dbfd7b73dd49
Parents: 37b978c
Author: Kirk Lund <kl...@apache.org>
Authored: Fri Mar 11 16:04:15 2016 -0800
Committer: Kirk Lund <kl...@apache.org>
Committed: Fri Mar 11 16:04:15 2016 -0800
----------------------------------------------------------------------
.../java/security/AuthzCredentialGenerator.java | 516 +++++++-------
.../test/java/security/CredentialGenerator.java | 354 +++++-----
.../security/DummyAuthzCredentialGenerator.java | 78 +--
.../java/security/DummyCredentialGenerator.java | 39 +-
.../security/LdapUserCredentialGenerator.java | 76 +-
.../java/security/PKCSCredentialGenerator.java | 54 +-
.../java/security/SSLCredentialGenerator.java | 101 +--
.../UserPasswordWithExtraPropsAuthInit.java | 28 +-
.../security/XmlAuthzCredentialGenerator.java | 208 +++---
.../templates/security/DummyAuthenticator.java | 57 +-
.../templates/security/DummyAuthorization.java | 111 +--
.../security/FunctionSecurityPrmsHolder.java | 28 +-
.../security/LdapUserAuthenticator.java | 99 ++-
.../java/templates/security/PKCSAuthInit.java | 106 ++-
.../templates/security/PKCSAuthenticator.java | 171 +++--
.../java/templates/security/PKCSPrincipal.java | 9 +-
.../templates/security/PKCSPrincipalTest.java | 8 +-
.../security/UserPasswordAuthInit.java | 58 +-
.../templates/security/UsernamePrincipal.java | 5 +-
.../security/UsernamePrincipalTest.java | 8 +-
.../templates/security/XmlAuthorization.java | 686 +++++++++----------
.../templates/security/XmlErrorHandler.java | 38 +-
22 files changed, 1340 insertions(+), 1498 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/AuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/AuthzCredentialGenerator.java b/geode-core/src/test/java/security/AuthzCredentialGenerator.java
index fdd10b0..e7644ee 100755
--- a/geode-core/src/test/java/security/AuthzCredentialGenerator.java
+++ b/geode-core/src/test/java/security/AuthzCredentialGenerator.java
@@ -36,186 +36,22 @@ import java.util.Properties;
* operation in a region. Implementations will be for different kinds of
* authorization scheme and authentication scheme combos.
*
- * @author sumedh
* @since 5.5
*/
public abstract class AuthzCredentialGenerator {
+
private static final Logger logger = LogService.getLogger();
/**
- * Enumeration for various {@link AuthzCredentialGenerator} implementations.
- *
- * The following schemes are supported as of now:
- * <ul>
- * <li><code>DummyAuthorization</code> with <code>DummyAuthenticator</code></li>
- * <li><code>XMLAuthorization</code> with <code>DummyAuthenticator</code></li>
- * <li><code>XMLAuthorization</code> with <code>LDAPAuthenticator</code></li>
- * <li><code>XMLAuthorization</code> with <code>PKCSAuthenticator</code></li>
- * <li><code>XMLAuthorization</code> when using SSL sockets</li>
- * </ul>
- *
- * To add a new authorization scheme the following needs to be done:
- * <ul>
- * <li>Add implementation for {@link AccessControl}.</li>
- * <li>Choose the authentication schemes that it shall work with from
- * {@link CredentialGenerator.ClassCode}</li>
- * <li>Add a new enumeration value for the scheme in this class. Notice the
- * size of <code>VALUES</code> array and increase that if it is getting
- * overflowed. Note the methods and fields for existing schemes and add for
- * the new one in a similar manner.</li>
- * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the
- * {@link AuthzCredentialGenerator#init} method where different authentication
- * schemes can be passed and initialize differently for the authentication
- * schemes that shall be handled.</li>
- * <li>Modify the {@link AuthzCredentialGenerator#create} method to add
- * creation of an instance of the new implementation for the
- * <code>ClassCode</code> enumeration value.</li>
- * </ul>
- * All dunit tests will automagically start testing the new implementation
- * after this.
- *
- * @author sumedh
- * @since 5.5
- */
- public static final class ClassCode {
-
- private static final byte ID_DUMMY = 1;
-
- private static final byte ID_XML = 2;
-
- private static byte nextOrdinal = 0;
-
- private static final ClassCode[] VALUES = new ClassCode[10];
-
- private static final Map CodeNameMap = new HashMap();
-
- public static final ClassCode DUMMY = new ClassCode(
- templates.security.DummyAuthorization.class.getName() + ".create", ID_DUMMY);
-
- public static final ClassCode XML = new ClassCode(
- templates.security.XmlAuthorization.class.getName() + ".create", ID_XML);
-
- /** The name of this class. */
- private final String name;
-
- /** byte used as ordinal to represent this class */
- private final byte ordinal;
-
- /**
- * One of the following: ID_DUMMY, ID_LDAP, ID_PKI
- */
- private final byte classType;
-
- /** Creates a new instance of class code. */
- private ClassCode(String name, byte classType) {
- this.name = name;
- this.classType = classType;
- this.ordinal = nextOrdinal++;
- VALUES[this.ordinal] = this;
- CodeNameMap.put(name, this);
- }
-
- public boolean isDummy() {
- return (this.classType == ID_DUMMY);
- }
-
- public boolean isXml() {
- return (this.classType == ID_XML);
- }
-
- /**
- * Returns the <code>ClassCode</code> represented by specified ordinal.
- */
- public static ClassCode fromOrdinal(byte ordinal) {
- return VALUES[ordinal];
- }
-
- /**
- * Returns the <code>ClassCode</code> represented by specified string.
- */
- public static ClassCode parse(String operationName) {
- return (ClassCode)CodeNameMap.get(operationName);
- }
-
- /**
- * Returns all the possible values.
- */
- public static List getAll() {
- List codes = new ArrayList();
- Iterator iter = CodeNameMap.values().iterator();
- while (iter.hasNext()) {
- codes.add(iter.next());
- }
- return codes;
- }
-
- /**
- * Returns the ordinal for this class code.
- *
- * @return the ordinal of this class code.
- */
- public byte toOrdinal() {
- return this.ordinal;
- }
-
- /**
- * Returns a string representation for this class code.
- *
- * @return the name of this class code.
- */
- final public String toString() {
- return this.name;
- }
-
- /**
- * Indicates whether other object is same as this one.
- *
- * @return true if other object is same as this one.
- */
- @Override
- final public boolean equals(final Object obj) {
- if (obj == this) {
- return true;
- }
- if (!(obj instanceof ClassCode)) {
- return false;
- }
- final ClassCode other = (ClassCode)obj;
- return (other.ordinal == this.ordinal);
- }
-
- /**
- * Indicates whether other <code>ClassCode</code> is same as this one.
- *
- * @return true if other <code>ClassCode</code> is same as this one.
- */
- final public boolean equals(final ClassCode opCode) {
- return (opCode != null && opCode.ordinal == this.ordinal);
- }
-
- /**
- * Returns a hash code value for this <code>ClassCode</code> which is the
- * same as its ordinal.
- *
- * @return the ordinal of this <code>ClassCode</code>.
- */
- @Override
- final public int hashCode() {
- return this.ordinal;
- }
-
- }
-
- /**
* The {@link CredentialGenerator} being used.
*/
- protected CredentialGenerator cGen;
+ protected CredentialGenerator generator;
/**
* A set of system properties that should be added to the gemfire system
* properties before using the authorization module.
*/
- private Properties sysProps;
+ private Properties systemProperties;
/**
* A factory method to create a new instance of an
@@ -223,14 +59,14 @@ public abstract class AuthzCredentialGenerator {
* is supposed to invoke {@link AuthzCredentialGenerator#init} immediately
* after obtaining the instance.
*
- * @param classCode
- * the <code>ClassCode</code> of the
- * <code>AuthzCredentialGenerator</code> implementation
+ * @param classCode
+ * the {@code ClassCode} of the {@code AuthzCredentialGenerator}
+ * implementation
*
- * @return an instance of <code>AuthzCredentialGenerator</code> for the
- * given class code
+ * @return an instance of {@code AuthzCredentialGenerator} for the given
+ * class code
*/
- public static AuthzCredentialGenerator create(ClassCode classCode) {
+ public static AuthzCredentialGenerator create(final ClassCode classCode) {
switch (classCode.classType) {
case ClassCode.ID_DUMMY:
return new DummyAuthzCredentialGenerator();
@@ -244,20 +80,19 @@ public abstract class AuthzCredentialGenerator {
/**
* Initialize the authorized credential generator.
*
- * @param cGen
- * an instance of {@link CredentialGenerator} of the credential
- * implementation for which to obtain authorized/unauthorized
- * credentials.
+ * @param generator
+ * an instance of {@link CredentialGenerator} of the credential
+ * implementation for which to obtain authorized/unauthorized
+ * credentials.
*
* @return false when the given {@link CredentialGenerator} is incompatible
* with this authorization module.
*/
- public boolean init(CredentialGenerator cGen) {
- this.cGen = cGen;
+ public boolean init(final CredentialGenerator generator) {
+ this.generator = generator;
try {
- this.sysProps = init();
- }
- catch (IllegalArgumentException ex) {
+ this.systemProperties = init();
+ } catch (IllegalArgumentException ex) {
return false;
}
return true;
@@ -269,20 +104,34 @@ public abstract class AuthzCredentialGenerator {
* properties when not null.
*/
public Properties getSystemProperties() {
- return this.sysProps;
+ return this.systemProperties;
}
/**
* Get the {@link CredentialGenerator} being used by this instance.
*/
public CredentialGenerator getCredentialGenerator() {
- return this.cGen;
+ return this.generator;
}
/**
+ * Initialize the authorized credential generator.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ *
+ * @throws IllegalArgumentException when the {@link CredentialGenerator} is
+ * incompatible with this authorization module.
+ */
+ protected abstract Properties init() throws IllegalArgumentException;
+
+ /**
* The {@link ClassCode} of the particular implementation.
*
- * @return the <code>ClassCode</code>
+ * @return the {@code ClassCode}
*/
public abstract ClassCode classCode();
@@ -290,7 +139,7 @@ public abstract class AuthzCredentialGenerator {
* The name of the {@link AccessControl} factory function that should be used
* as the authorization module on the server side.
*
- * @return name of the <code>AccessControl</code> factory function
+ * @return name of the {@code AccessControl} factory function
*/
public abstract String getAuthorizationCallback();
@@ -298,33 +147,30 @@ public abstract class AuthzCredentialGenerator {
* Get a set of credentials generated using the given index allowed to perform
* the given {@link OperationCode}s for the given regions.
*
- * @param opCodes
- * the list of {@link OperationCode}s of the operations
- * requiring authorization; should not be null
- * @param regionNames
- * list of the region names requiring authorization; a value of
- * null indicates all regions
- * @param index
- * used to generate multiple such credentials by passing
- * different values for this
+ * @param opCodes
+ * the list of {@link OperationCode}s of the operations requiring
+ * authorization; should not be null
+ * @param regionNames
+ * list of the region names requiring authorization; a value of
+ * null indicates all regions
+ * @param index
+ * used to generate multiple such credentials by passing different
+ * values for this
*
* @return the set of credentials authorized to perform the given operation in
* the given regions
*/
- public Properties getAllowedCredentials(OperationCode[] opCodes,
- String[] regionNames, int index) {
-
+ public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
int numTries = getNumPrincipalTries(opCodes, regionNames);
if (numTries <= 0) {
numTries = 1;
}
+
for (int tries = 0; tries < numTries; tries++) {
- Principal principal = getAllowedPrincipal(opCodes, regionNames,
- (index + tries) % numTries);
+ final Principal principal = getAllowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
try {
- return this.cGen.getValidCredentials(principal);
- }
- catch (IllegalArgumentException ex) {
+ return this.generator.getValidCredentials(principal);
+ } catch (IllegalArgumentException ex) {
}
}
return null;
@@ -335,63 +181,46 @@ public abstract class AuthzCredentialGenerator {
* perform the given {@link OperationCode}s for the given regions. The
* credentials are required to be valid for authentication.
*
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization failure; should not be null
- * @param regionNames
- * list of the region names requiring authorization failure; a
- * value of null indicates all regions
- * @param index
- * used to generate multiple such credentials by passing
- * different values for this
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization failure; should not be null
+ * @param regionNames
+ * list of the region names requiring authorization failure; a value
+ * of null indicates all regions
+ * @param index
+ * used to generate multiple such credentials by passing different
+ * values for this
*
* @return the set of credentials that are not authorized to perform the given
* operation in the given region
*/
- public Properties getDisallowedCredentials(OperationCode[] opCodes,
- String[] regionNames, int index) {
-
+ public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
// This may not be very correct since we use the value of
// getNumPrincipalTries() but is used to avoid adding another method.
// Also something like getNumDisallowedPrincipals() will be normally always
// infinite, and the number here is just to perform some number of tries
// before giving up.
+
int numTries = getNumPrincipalTries(opCodes, regionNames);
if (numTries <= 0) {
numTries = 1;
}
+
for (int tries = 0; tries < numTries; tries++) {
- Principal principal = getDisallowedPrincipal(opCodes, regionNames,
- (index + tries) % numTries);
+ final Principal principal = getDisallowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
try {
- return this.cGen.getValidCredentials(principal);
- }
- catch (IllegalArgumentException ex) {
+ return this.generator.getValidCredentials(principal);
+ } catch (IllegalArgumentException ex) {
}
}
return null;
}
/**
- * Initialize the authorized credential generator.
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- *
- * @throws IllegalArgumentException
- * when the {@link CredentialGenerator} is incompatible with
- * this authorization module.
- */
- protected abstract Properties init() throws IllegalArgumentException;
-
- /**
* Get the number of tries to be done for obtaining valid credentials for the
* given operations in the given region. It is required that
* {@link #getAllowedPrincipal} method returns valid principals for values of
- * <code>index</code> from 0 through (n-1) where <code>n</code> is the
+ * {@code index} from 0 through (n-1) where {@code n} is the
* value returned by this method. It is recommended that the principals so
* returned be unique for efficiency.
*
@@ -401,18 +230,17 @@ public abstract class AuthzCredentialGenerator {
* Required to be implemented by concrete classes that implement this abstract
* class.
*
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization
- * @param regionNames
- * list of the region names requiring authorization; a value of
- * null indicates all regions
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization
+ * @param regionNames
+ * list of the region names requiring authorization; a value of null
+ * indicates all regions
*
* @return the number of principals allowed to perform the given operation in
* the given region
*/
- protected abstract int getNumPrincipalTries(OperationCode[] opCodes,
- String[] regionNames);
+ protected abstract int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames);
/**
* Get a {@link Principal} generated using the given index allowed to perform
@@ -421,21 +249,20 @@ public abstract class AuthzCredentialGenerator {
* Required to be implemented by concrete classes that implement this abstract
* class.
*
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization
- * @param regionNames
- * list of the region names requiring authorization; a value of
- * null indicates all regions
- * @param index
- * used to generate multiple such principals by passing
- * different values for this
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization
+ * @param regionNames
+ * list of the region names requiring authorization; a value of null
+ * indicates all regions
+ * @param index
+ * used to generate multiple such principals by passing different
+ * values for this
*
* @return the {@link Principal} authorized to perform the given operation in
* the given region
*/
- protected abstract Principal getAllowedPrincipal(OperationCode[] opCodes,
- String[] regionNames, int index);
+ protected abstract Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
/**
* Get a {@link Principal} generated using the given index not allowed to
@@ -444,19 +271,176 @@ public abstract class AuthzCredentialGenerator {
* Required to be implemented by concrete classes that implement this abstract
* class.
*
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization failure
- * @param regionNames
- * list of the region names requiring authorization failure; a
- * value of null indicates all regions
- * @param index
- * used to generate multiple such principals by passing
- * different values for this
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization failure
+ * @param regionNames
+ * list of the region names requiring authorization failure; a value
+ * of null indicates all regions
+ * @param index
+ * used to generate multiple such principals by passing different
+ * values for this
*
* @return a {@link Principal} not authorized to perform the given operation
* in the given region
*/
- protected abstract Principal getDisallowedPrincipal(OperationCode[] opCodes,
- String[] regionNames, int index);
+ protected abstract Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
+
+ /**
+ * Enumeration for various {@link AuthzCredentialGenerator} implementations.
+ *
+ * <p>The following schemes are supported as of now:
+ * <ul>
+ * <li>{@code DummyAuthorization} with {@code DummyAuthenticator}</li>
+ * <li>{@code XMLAuthorization} with {@code DummyAuthenticator}</li>
+ * <li>{@code XMLAuthorization} with {@code LDAPAuthenticator}</li>
+ * <li>{@code XMLAuthorization} with {@code PKCSAuthenticator}</li>
+ * <li>{@code XMLAuthorization} when using SSL sockets</li>
+ * </ul>
+ *
+ * <p>To add a new authorization scheme the following needs to be done:
+ * <ul>
+ * <li>Add implementation for {@link AccessControl}.</li>
+ * <li>Choose the authentication schemes that it shall work with from
+ * {@link CredentialGenerator.ClassCode}</li>
+ * <li>Add a new enumeration value for the scheme in this class. Notice the
+ * size of {@code VALUES} array and increase that if it is getting
+ * overflowed. Note the methods and fields for existing schemes and add for
+ * the new one in a similar manner.</li>
+ * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the
+ * {@link AuthzCredentialGenerator#init} method where different authentication
+ * schemes can be passed and initialize differently for the authentication
+ * schemes that shall be handled.</li>
+ * <li>Modify the {@link AuthzCredentialGenerator#create} method to add
+ * creation of an instance of the new implementation for the
+ * {@code ClassCode} enumeration value.</li>
+ * </ul>
+ *
+ * <p>All dunit tests will automagically start testing the new implementation
+ * after this.
+ *
+ * @since 5.5
+ */
+ public static final class ClassCode {
+
+ private static final byte ID_DUMMY = 1;
+ private static final byte ID_XML = 2;
+
+ public static final ClassCode DUMMY = new ClassCode(templates.security.DummyAuthorization.class.getName() + ".create", ID_DUMMY);
+ public static final ClassCode XML = new ClassCode(templates.security.XmlAuthorization.class.getName() + ".create", ID_XML);
+
+ private static final ClassCode[] VALUES = new ClassCode[10];
+ private static final Map CODE_NAME_MAP = new HashMap();
+
+ private static byte nextOrdinal = 0;
+
+ /** The name of this class. */
+ private final String name;
+
+ /** byte used as ordinal to represent this class */
+ private final byte ordinal;
+
+ /**
+ * One of the following: ID_DUMMY, ID_LDAP, ID_PKI
+ */
+ private final byte classType;
+
+ /** Creates a new instance of class code. */
+ private ClassCode(final String name, final byte classType) {
+ this.name = name;
+ this.classType = classType;
+ this.ordinal = nextOrdinal++;
+ VALUES[this.ordinal] = this;
+ CODE_NAME_MAP.put(name, this);
+ }
+
+ public boolean isDummy() {
+ return this.classType == ID_DUMMY;
+ }
+
+ public boolean isXml() {
+ return this.classType == ID_XML;
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified ordinal.
+ */
+ public static ClassCode fromOrdinal(final byte ordinal) {
+ return VALUES[ordinal];
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified string.
+ */
+ public static ClassCode parse(final String operationName) {
+ return (ClassCode) CODE_NAME_MAP.get(operationName);
+ }
+
+ /**
+ * Returns all the possible values.
+ */
+ public static List getAll() {
+ final List codes = new ArrayList();
+ for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
+ codes.add(iter.next());
+ }
+ return codes;
+ }
+
+ /**
+ * Returns the ordinal for this class code.
+ *
+ * @return the ordinal of this class code.
+ */
+ public byte toOrdinal() {
+ return this.ordinal;
+ }
+
+ /**
+ * Returns a string representation for this class code.
+ *
+ * @return the name of this class code.
+ */
+ @Override
+ public final String toString() {
+ return this.name;
+ }
+
+ /**
+ * Indicates whether other object is same as this one.
+ *
+ * @return true if other object is same as this one.
+ */
+ @Override
+ public final boolean equals(final Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof ClassCode)) {
+ return false;
+ }
+ final ClassCode other = (ClassCode)obj;
+ return other.ordinal == this.ordinal;
+ }
+
+ /**
+ * Indicates whether other {@code ClassCode} is same as this one.
+ *
+ * @return true if other {@code ClassCode} is same as this one.
+ */
+ public final boolean equals(final ClassCode opCode) {
+ return opCode != null && opCode.ordinal == this.ordinal;
+ }
+
+ /**
+ * Returns a hash code value for this {@code ClassCode} which is the
+ * same as its ordinal.
+ *
+ * @return the ordinal of this {@code ClassCode}.
+ */
+ @Override
+ public final int hashCode() {
+ return this.ordinal;
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/CredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/CredentialGenerator.java b/geode-core/src/test/java/security/CredentialGenerator.java
index 475cefa..704343c 100755
--- a/geode-core/src/test/java/security/CredentialGenerator.java
+++ b/geode-core/src/test/java/security/CredentialGenerator.java
@@ -33,64 +33,178 @@ import java.util.Properties;
* Encapsulates obtaining valid and invalid credentials. Implementations will be
* for different kinds of authentication schemes.
*
- * @author sumedh
* @since 5.5
*/
public abstract class CredentialGenerator {
/**
- * Enumeration for various {@link CredentialGenerator} implementations.
+ * A set of properties that should be added to the Gemfire system properties
+ * before using the authentication module.
+ */
+ private Properties systemProperties = null;
+
+ /**
+ * A set of properties that should be added to the java system properties
+ * before using the authentication module.
+ */
+ protected Properties javaProperties = null;
+
+ /**
+ * A factory method to create a new instance of an {@link CredentialGenerator}
+ * for the given {@link ClassCode}. Caller is supposed to invoke
+ * {@link CredentialGenerator#init} immediately after obtaining the instance.
*
- * The following schemes are supported as of now:
- * <code>DummyAuthenticator</code>, <code>LdapUserAuthenticator</code>,
- * <code>PKCSAuthenticator</code>. In addition SSL socket mode with mutual
- * authentication is also supported.
+ * @param classCode
+ * the {@code ClassCode} of the {@code CredentialGenerator}
+ * implementation
+ *
+ * @return an instance of {@code CredentialGenerator} for the given class
+ * code
+ */
+ public static CredentialGenerator create(final ClassCode classCode) {
+ switch (classCode.classType) {
+ // Removing dummy one to reduce test run times
+ // case ClassCode.ID_DUMMY:
+ // return new DummyCredentialGenerator();
+ case ClassCode.ID_LDAP:
+ return new LdapUserCredentialGenerator();
+ // case ClassCode.ID_SSL:ø
+ // return new SSLCredentialGenerator();
+ case ClassCode.ID_PKCS:
+ return new PKCSCredentialGenerator();
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Initialize the credential generator.
+ *
+ * @throws IllegalArgumentException when there is a problem during
+ * initialization
+ */
+ public void init() throws IllegalArgumentException {
+ this.systemProperties = initialize();
+ }
+
+ /**
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ */
+ public Properties getSystemProperties() {
+ return this.systemProperties;
+ }
+
+ /**
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ */
+ public Properties getJavaProperties() {
+ return this.javaProperties;
+ }
+
+ /**
+ * The {@link ClassCode} of this particular implementation.
+ *
+ * @return the {@code ClassCode}
+ */
+ public abstract ClassCode classCode();
+
+ /**
+ * The name of the {@link AuthInitialize} factory function that should be used
+ * in conjunction with the credentials generated by this generator.
*
- * To add a new authentication scheme the following needs to be done:
+ * @return name of the {@code AuthInitialize} factory function
+ */
+ public abstract String getAuthInit();
+
+ /**
+ * The name of the {@link Authenticator} factory function that should be used
+ * in conjunction with the credentials generated by this generator.
+ *
+ * @return name of the {@code Authenticator} factory function
+ */
+ public abstract String getAuthenticator();
+
+ /**
+ * Get a set of valid credentials generated using the given index.
+ */
+ public abstract Properties getValidCredentials(final int index);
+
+ /**
+ * Get a set of valid credentials for the given {@link Principal}.
+ *
+ * @return credentials for the given {@code Principal} or null if none
+ * possible.
+ */
+ public abstract Properties getValidCredentials(final Principal principal);
+
+ /**
+ * Get a set of invalid credentials generated using the given index.
+ */
+ public abstract Properties getInvalidCredentials(final int index);
+
+ /**
+ * Initialize the credential generator. This is provided separately from the
+ * {@link #init()} method for convenience of implementations so that they do not
+ * need to store in {@link #systemProperties}. The latter is convenient for the users
+ * who do not need to store these properties rather can obtain it later by
+ * invoking {@link #getSystemProperties()}
+ *
+ * <p>Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ *
+ * @throws IllegalArgumentException when there is a problem during
+ * initialization
+ */
+ protected abstract Properties initialize() throws IllegalArgumentException;
+
+ /**
+ * Enumeration for various {@link CredentialGenerator} implementations.
+ *
+ * <p>The following schemes are supported as of now:
+ * {@code DummyAuthenticator}, {@code LdapUserAuthenticator},
+ * {@code PKCSAuthenticator}. In addition SSL socket mode with mutual
+ * authentication is also supported.
+ *
+ * <p>To add a new authentication scheme the following needs to be done:
* <ul>
* <li>Add implementations for {@link AuthInitialize} and
* {@link Authenticator} classes for clients/peers.</li>
* <li>Add a new enumeration value for the scheme in this class. Notice the
- * size of <code>VALUES</code> array and increase that if it is getting
+ * size of {@code VALUES} array and increase that if it is getting
* overflowed. Note the methods and fields for existing schemes and add for
* the new one in a similar manner.</li>
* <li>Add an implementation for {@link CredentialGenerator}.</li>
* <li>Modify the CredentialGenerator.Factory#create [no such Factory exists] method to add
* creation of an instance of the new implementation for the
- * <code>ClassCode</code> enumeration value.</li>
+ * {@code ClassCode} enumeration value.</li>
* </ul>
- * All security dunit tests will automagically start testing the new
+ *
+ * <p>All security dunit tests will automagically start testing the new
* implementation after this.
- *
- * @author sumedh
+ *
* @since 5.5
*/
public static final class ClassCode {
private static final byte ID_DUMMY = 1;
-
private static final byte ID_LDAP = 2;
-
private static final byte ID_PKCS = 3;
-
private static final byte ID_SSL = 4;
- private static byte nextOrdinal = 0;
+ public static final ClassCode DUMMY = new ClassCode(templates.security.DummyAuthenticator.class.getName() + ".create", ID_DUMMY);
+ public static final ClassCode LDAP = new ClassCode(templates.security.LdapUserAuthenticator.class.getName() + ".create", ID_LDAP);
+ public static final ClassCode PKCS = new ClassCode(templates.security.PKCSAuthenticator.class.getName() + ".create", ID_PKCS);
+ public static final ClassCode SSL = new ClassCode("SSL", ID_SSL);
private static final ClassCode[] VALUES = new ClassCode[10];
+ private static final Map CODE_NAME_MAP = new HashMap();
- private static final Map CodeNameMap = new HashMap();
-
- public static final ClassCode DUMMY = new ClassCode(
- templates.security.DummyAuthenticator.class.getName() + ".create", ID_DUMMY);
-
- public static final ClassCode LDAP = new ClassCode(
- templates.security.LdapUserAuthenticator.class.getName() + ".create", ID_LDAP);
-
- public static final ClassCode PKCS = new ClassCode(
- templates.security.PKCSAuthenticator.class.getName() + ".create", ID_PKCS);
-
- public static final ClassCode SSL = new ClassCode("SSL", ID_SSL);
+ private static byte nextOrdinal = 0;
/** The name of this class. */
private final String name;
@@ -104,51 +218,50 @@ public abstract class CredentialGenerator {
private final byte classType;
/** Creates a new instance of class code. */
- private ClassCode(String name, byte classType) {
+ private ClassCode(final String name, final byte classType) {
this.name = name;
this.classType = classType;
this.ordinal = nextOrdinal++;
VALUES[this.ordinal] = this;
- CodeNameMap.put(name, this);
+ CODE_NAME_MAP.put(name, this);
}
public boolean isDummy() {
- return (this.classType == ID_DUMMY);
+ return this.classType == ID_DUMMY;
}
public boolean isLDAP() {
- return (this.classType == ID_LDAP);
+ return this.classType == ID_LDAP;
}
public boolean isPKCS() {
- return (this.classType == ID_PKCS);
+ return this.classType == ID_PKCS;
}
public boolean isSSL() {
- return (this.classType == ID_SSL);
+ return this.classType == ID_SSL;
}
/**
- * Returns the <code>ClassCode</code> represented by specified ordinal.
+ * Returns the {@code ClassCode} represented by specified ordinal.
*/
- public static ClassCode fromOrdinal(byte ordinal) {
+ public static ClassCode fromOrdinal(final byte ordinal) {
return VALUES[ordinal];
}
/**
- * Returns the <code>ClassCode</code> represented by specified string.
+ * Returns the {@code ClassCode} represented by specified string.
*/
- public static ClassCode parse(String operationName) {
- return (ClassCode)CodeNameMap.get(operationName);
+ public static ClassCode parse(final String operationName) {
+ return (ClassCode) CODE_NAME_MAP.get(operationName);
}
/**
* Returns all the possible values.
*/
public static List getAll() {
- List codes = new ArrayList();
- Iterator iter = CodeNameMap.values().iterator();
- while (iter.hasNext()) {
+ final List codes = new ArrayList();
+ for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
codes.add(iter.next());
}
return codes;
@@ -156,7 +269,7 @@ public abstract class CredentialGenerator {
/**
* Returns the ordinal for this operation code.
- *
+ *
* @return the ordinal of this operation.
*/
public byte toOrdinal() {
@@ -165,20 +278,21 @@ public abstract class CredentialGenerator {
/**
* Returns a string representation for this operation.
- *
+ *
* @return the name of this operation.
*/
- final public String toString() {
+ @Override
+ public final String toString() {
return this.name;
}
/**
* Indicates whether other object is same as this one.
- *
+ *
* @return true if other object is same as this one.
*/
@Override
- final public boolean equals(final Object obj) {
+ public final boolean equals(final Object obj) {
if (obj == this) {
return true;
}
@@ -186,155 +300,27 @@ public abstract class CredentialGenerator {
return false;
}
final ClassCode other = (ClassCode)obj;
- return (other.ordinal == this.ordinal);
+ return other.ordinal == this.ordinal;
}
/**
- * Indicates whether other <code>ClassCode</code> is same as this one.
- *
- * @return true if other <code>ClassCode</code> is same as this one.
+ * Indicates whether other {@code ClassCode} is same as this one.
+ *
+ * @return true if other {@code ClassCode} is same as this one.
*/
- final public boolean equals(final ClassCode opCode) {
- return (opCode != null && opCode.ordinal == this.ordinal);
+ public final boolean equals(final ClassCode opCode) {
+ return opCode != null && opCode.ordinal == this.ordinal;
}
/**
- * Returns a hash code value for this <code>ClassCode</code> which is the
+ * Returns a hash code value for this {@code ClassCode} which is the
* same as its ordinal.
- *
+ *
* @return the ordinal of this operation.
*/
@Override
- final public int hashCode() {
+ public final int hashCode() {
return this.ordinal;
}
-
- }
-
- /**
- * A set of properties that should be added to the Gemfire system properties
- * before using the authentication module.
- */
- private Properties sysProps = null;
-
- /**
- * A set of properties that should be added to the java system properties
- * before using the authentication module.
- */
- protected Properties javaProps = null;
-
- /**
- * A factory method to create a new instance of an {@link CredentialGenerator}
- * for the given {@link ClassCode}. Caller is supposed to invoke
- * {@link CredentialGenerator#init} immediately after obtaining the instance.
- *
- * @param classCode
- * the <code>ClassCode</code> of the
- * <code>CredentialGenerator</code> implementation
- *
- * @return an instance of <code>CredentialGenerator</code> for the given
- * class code
- */
- public static CredentialGenerator create(ClassCode classCode) {
- switch (classCode.classType) {
- // Removing dummy one to reduce test run times
- // case ClassCode.ID_DUMMY:
- // return new DummyCredentialGenerator();
- case ClassCode.ID_LDAP:
- return new LdapUserCredentialGenerator();
- // case ClassCode.ID_SSL:ø
- // return new SSLCredentialGenerator();
- case ClassCode.ID_PKCS:
- return new PKCSCredentialGenerator();
- default:
- return null;
- }
- }
-
- /**
- * Initialize the credential generator.
- *
- * @throws IllegalArgumentException
- * when there is a problem during initialization
- */
- public void init() throws IllegalArgumentException {
- this.sysProps = initialize();
- }
-
- /**
- * Initialize the credential generator. This is provided separately from the
- * {@link #init} method for convenience of implementations so that they do not
- * need to store in {@link #sysProps}. The latter is convenient for the users
- * who do not need to store these properties rather can obtain it later by
- * invoking {@link #getSystemProperties}
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- *
- * @throws IllegalArgumentException
- * when there is a problem during initialization
- */
- protected abstract Properties initialize() throws IllegalArgumentException;
-
- /**
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- */
- public Properties getSystemProperties() {
- return this.sysProps;
}
-
- /**
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- */
- public Properties getJavaProperties() {
- return this.javaProps;
- }
-
- /**
- * The {@link ClassCode} of this particular implementation.
- *
- * @return the <code>ClassCode</code>
- */
- public abstract ClassCode classCode();
-
- /**
- * The name of the {@link AuthInitialize} factory function that should be used
- * in conjunction with the credentials generated by this generator.
- *
- * @return name of the <code>AuthInitialize</code> factory function
- */
- public abstract String getAuthInit();
-
- /**
- * The name of the {@link Authenticator} factory function that should be used
- * in conjunction with the credentials generated by this generator.
- *
- * @return name of the <code>Authenticator</code> factory function
- */
- public abstract String getAuthenticator();
-
- /**
- * Get a set of valid credentials generated using the given index.
- */
- public abstract Properties getValidCredentials(int index);
-
- /**
- * Get a set of valid credentials for the given {@link Principal}.
- *
- * @return credentials for the given <code>Principal</code> or null if none
- * possible.
- */
- public abstract Properties getValidCredentials(Principal principal);
-
- /**
- * Get a set of invalid credentials generated using the given index.
- */
- public abstract Properties getInvalidCredentials(int index);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java b/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java
index 8496be3..5e30a89 100755
--- a/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java
+++ b/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java
@@ -30,49 +30,25 @@ import templates.security.UsernamePrincipal;
public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator {
public static final byte READER_ROLE = 1;
-
public static final byte WRITER_ROLE = 2;
-
public static final byte ADMIN_ROLE = 3;
private static Set readerOpsSet;
-
private static Set writerOpsSet;
static {
-
readerOpsSet = new HashSet();
for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) {
readerOpsSet.add(DummyAuthorization.READER_OPS[index]);
}
+
writerOpsSet = new HashSet();
for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) {
writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]);
}
}
- public DummyAuthzCredentialGenerator() {
- }
-
- protected Properties init() throws IllegalArgumentException {
-
- if (!this.cGen.classCode().isDummy()) {
- throw new IllegalArgumentException(
- "DummyAuthorization module only works with DummyAuthenticator");
- }
- return null;
- }
-
- public ClassCode classCode() {
- return ClassCode.DUMMY;
- }
-
- public String getAuthorizationCallback() {
- return templates.security.DummyAuthorization.class.getName() + ".create";
- }
-
- public static byte getRequiredRole(OperationCode[] opCodes) {
-
+ public static byte getRequiredRole(final OperationCode[] opCodes) {
byte roleType = ADMIN_ROLE;
boolean requiresReader = true;
boolean requiresWriter = true;
@@ -94,29 +70,32 @@ public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator {
return roleType;
}
- private Principal getPrincipal(byte roleType, int index) {
-
- String[] admins = new String[] { "root", "admin", "administrator" };
- switch (roleType) {
- case READER_ROLE:
- return new UsernamePrincipal("reader" + index);
- case WRITER_ROLE:
- return new UsernamePrincipal("writer" + index);
- default:
- return new UsernamePrincipal(admins[index % admins.length]);
+ @Override
+ protected Properties init() throws IllegalArgumentException {
+ if (!this.generator.classCode().isDummy()) {
+ throw new IllegalArgumentException("DummyAuthorization module only works with DummyAuthenticator");
}
+ return null;
}
- protected Principal getAllowedPrincipal(OperationCode[] opCodes,
- String[] regionNames, int index) {
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.DUMMY;
+ }
- byte roleType = getRequiredRole(opCodes);
- return getPrincipal(roleType, index);
+ @Override
+ public String getAuthorizationCallback() {
+ return templates.security.DummyAuthorization.class.getName() + ".create";
}
- protected Principal getDisallowedPrincipal(OperationCode[] opCodes,
- String[] regionNames, int index) {
+ @Override
+ protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ final byte roleType = getRequiredRole(opCodes);
+ return getPrincipal(roleType, index);
+ }
+ @Override
+ protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
byte roleType = getRequiredRole(opCodes);
byte disallowedRoleType;
switch (roleType) {
@@ -133,9 +112,20 @@ public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator {
return getPrincipal(disallowedRoleType, index);
}
- protected int getNumPrincipalTries(OperationCode[] opCodes,
- String[] regionNames) {
+ @Override
+ protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
return 5;
}
+ private Principal getPrincipal(final byte roleType, final int index) {
+ String[] admins = new String[] { "root", "admin", "administrator" };
+ switch (roleType) {
+ case READER_ROLE:
+ return new UsernamePrincipal("reader" + index);
+ case WRITER_ROLE:
+ return new UsernamePrincipal("writer" + index);
+ default:
+ return new UsernamePrincipal(admins[index % admins.length]);
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/DummyCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/DummyCredentialGenerator.java b/geode-core/src/test/java/security/DummyCredentialGenerator.java
index 5419587..9f15f88 100755
--- a/geode-core/src/test/java/security/DummyCredentialGenerator.java
+++ b/geode-core/src/test/java/security/DummyCredentialGenerator.java
@@ -26,65 +26,66 @@ import java.util.Properties;
public class DummyCredentialGenerator extends CredentialGenerator {
- public DummyCredentialGenerator() {
- }
-
+ @Override
protected Properties initialize() throws IllegalArgumentException {
return null;
}
+ @Override
public ClassCode classCode() {
return ClassCode.DUMMY;
}
+ @Override
public String getAuthInit() {
return templates.security.UserPasswordAuthInit.class.getName() + ".create";
}
+ @Override
public String getAuthenticator() {
return templates.security.DummyAuthenticator.class.getName() + ".create";
}
- public Properties getValidCredentials(int index) {
+ @Override
+ public Properties getValidCredentials(final int index) {
+ final String[] validGroups = new String[] { "admin", "user", "reader", "writer" };
+ final String[] admins = new String[] { "root", "admin", "administrator" };
- String[] validGroups = new String[] { "admin", "user", "reader", "writer" };
- String[] admins = new String[] { "root", "admin", "administrator" };
+ final Properties props = new Properties();
+ final int groupNum = index % validGroups.length;
- Properties props = new Properties();
- int groupNum = (index % validGroups.length);
String userName;
if (groupNum == 0) {
userName = admins[index % admins.length];
- }
- else {
+ } else {
userName = validGroups[groupNum] + (index / validGroups.length);
}
+
props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
return props;
}
- public Properties getValidCredentials(Principal principal) {
+ @Override
+ public Properties getValidCredentials(final Principal principal) {
+ final String userName = principal.getName();
- String userName = principal.getName();
- if (DummyAuthenticator.testValidName(userName)) {
+ if (DummyAuthenticator.checkValidName(userName)) {
Properties props = new Properties();
props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
return props;
- }
- else {
- throw new IllegalArgumentException("Dummy: [" + userName
- + "] is not a valid user");
+
+ } else {
+ throw new IllegalArgumentException("Dummy: [" + userName + "] is not a valid user");
}
}
+ @Override
public Properties getInvalidCredentials(int index) {
-
Properties props = new Properties();
props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
return props;
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/LdapUserCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/LdapUserCredentialGenerator.java b/geode-core/src/test/java/security/LdapUserCredentialGenerator.java
index 2b95616..bed169e 100755
--- a/geode-core/src/test/java/security/LdapUserCredentialGenerator.java
+++ b/geode-core/src/test/java/security/LdapUserCredentialGenerator.java
@@ -31,42 +31,42 @@ import java.util.Random;
public class LdapUserCredentialGenerator extends CredentialGenerator {
private static final String USER_PREFIX = "gemfire";
+ private static final Random RANDOM = new Random();
+ private static final String[] CIPHERS = new String[] { "", "DESede", "AES:128", "Blowfish:128" };
private static boolean enableServerAuthentication = false;
private boolean serverAuthEnabled = false;
- private static final Random prng = new Random();
-
- private static final String[] algos = new String[] { "", "DESede", "AES:128",
- "Blowfish:128" };
-
public LdapUserCredentialGenerator() {
// Toggle server authentication enabled for each test
// This is done instead of running all the tests with both
// server auth enabled/disabled to reduce test run time.
enableServerAuthentication = !enableServerAuthentication;
- serverAuthEnabled = enableServerAuthentication;
+ this.serverAuthEnabled = enableServerAuthentication;
}
@Override
protected Properties initialize() throws IllegalArgumentException {
+ final String ldapServer = System.getProperty("gf.ldap.server", "ldap");
+ final String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com");
+ final String ldapUseSSL = System.getProperty("gf.ldap.usessl");
- Properties extraProps = new Properties();
- String ldapServer = System.getProperty("gf.ldap.server", "ldap");
- String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com");
- String ldapUseSSL = System.getProperty("gf.ldap.usessl");
+ final Properties extraProps = new Properties();
extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer);
extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN);
+
if (ldapUseSSL != null && ldapUseSSL.length() > 0) {
extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL);
}
+
if (serverAuthEnabled) {
String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore");
extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile);
extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, "gemfire1");
extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire");
}
+
return extraProps;
}
@@ -86,71 +86,71 @@ public class LdapUserCredentialGenerator extends CredentialGenerator {
}
@Override
- public Properties getValidCredentials(int index) {
-
- Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX
- + ((index % 10) + 1));
- props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX
- + ((index % 10) + 1));
- props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME,
- algos[prng.nextInt(algos.length)]);
+ public Properties getValidCredentials(final int index) {
+ final Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX + ((index % 10) + 1));
+ props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX + ((index % 10) + 1));
+ props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
+
if (serverAuthEnabled) {
- String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
}
+
return props;
}
@Override
- public Properties getValidCredentials(Principal principal) {
-
+ public Properties getValidCredentials(final Principal principal) {
Properties props = null;
- String userName = principal.getName();
+ final String userName = principal.getName();
+
if (userName != null && userName.startsWith(USER_PREFIX)) {
boolean isValid;
+
try {
- int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length()));
+ final int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length()));
isValid = (suffix >= 1 && suffix <= 10);
- }
- catch (Exception ex) {
+ } catch (Exception ex) {
isValid = false;
}
+
if (isValid) {
props = new Properties();
props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
}
}
+
if (props == null) {
- throw new IllegalArgumentException("LDAP: [" + userName
- + "] not a valid user");
+ throw new IllegalArgumentException("LDAP: [" + userName + "] not a valid user");
}
- props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME,
- algos[prng.nextInt(algos.length)]);
+
+ props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
+
if (serverAuthEnabled) {
- String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
}
+
return props;
}
@Override
- public Properties getInvalidCredentials(int index) {
-
- Properties props = new Properties();
+ public Properties getInvalidCredentials(final int index) {
+ final Properties props = new Properties();
props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
- props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME,
- algos[prng.nextInt(algos.length)]);
+ props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
+
if (serverAuthEnabled) {
- String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
}
+
return props;
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/PKCSCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/PKCSCredentialGenerator.java b/geode-core/src/test/java/security/PKCSCredentialGenerator.java
index 5b6d5fa..8239697 100755
--- a/geode-core/src/test/java/security/PKCSCredentialGenerator.java
+++ b/geode-core/src/test/java/security/PKCSCredentialGenerator.java
@@ -27,19 +27,14 @@ import java.security.Provider;
import java.security.Security;
import java.util.Properties;
-/**
- * @author kneeraj
- *
- */
public class PKCSCredentialGenerator extends CredentialGenerator {
public static String keyStoreDir = getKeyStoreDir();
-
public static boolean usesIBMJSSE;
// Checks if the current JVM uses only IBM JSSE providers.
private static boolean usesIBMProviders() {
- Provider[] providers = Security.getProviders();
+ final Provider[] providers = Security.getProviders();
for (int index = 0; index < providers.length; ++index) {
if (!providers[index].getName().toLowerCase().startsWith("ibm")) {
return false;
@@ -52,58 +47,71 @@ public class PKCSCredentialGenerator extends CredentialGenerator {
usesIBMJSSE = usesIBMProviders();
if (usesIBMJSSE) {
return "/lib/keys/ibm";
- }
- else {
+ } else {
return "/lib/keys";
}
}
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile");
+
+ final Properties props = new Properties();
+ props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile);
+ props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire");
+
+ return props;
+ }
+
+ @Override
public ClassCode classCode() {
return ClassCode.PKCS;
}
+ @Override
public String getAuthInit() {
return templates.security.PKCSAuthInit.class.getName() + ".create";
}
+ @Override
public String getAuthenticator() {
return templates.security.PKCSAuthenticator.class.getName() + ".create";
}
+ @Override
public Properties getInvalidCredentials(int index) {
- Properties props = new Properties();
- String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore");
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore");
+
+ final Properties props = new Properties();
props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11");
props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
+
return props;
}
+ @Override
public Properties getValidCredentials(int index) {
- Properties props = new Properties();
- int aliasnum = (index % 10) + 1;
- String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore");
+ final int aliasnum = (index % 10) + 1;
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore");
+
+ final Properties props = new Properties();
props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum);
props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
+
return props;
}
+ @Override
public Properties getValidCredentials(Principal principal) {
- Properties props = new Properties();
- String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore");
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore");
+
+ final Properties props = new Properties();
props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName());
props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
- return props;
- }
- protected Properties initialize() throws IllegalArgumentException {
- Properties props = new Properties();
- String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile");
- props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile);
- props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire");
return props;
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/SSLCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/SSLCredentialGenerator.java b/geode-core/src/test/java/security/SSLCredentialGenerator.java
index e547630..fb4dfc8 100755
--- a/geode-core/src/test/java/security/SSLCredentialGenerator.java
+++ b/geode-core/src/test/java/security/SSLCredentialGenerator.java
@@ -28,47 +28,87 @@ import java.security.Principal;
import java.util.Properties;
public class SSLCredentialGenerator extends CredentialGenerator {
+
private static final Logger logger = LogService.getLogger();
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ this.javaProperties = getValidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.SSL;
+ }
+
+ @Override
+ public String getAuthInit() {
+ return null;
+ }
+
+ @Override
+ public String getAuthenticator() {
+ return null;
+ }
+
+ @Override
+ public Properties getValidCredentials(int index) {
+ this.javaProperties = getValidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ @Override
+ public Properties getValidCredentials(final Principal principal) {
+ this.javaProperties = getValidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ @Override
+ public Properties getInvalidCredentials(final int index) {
+ this.javaProperties = getInvalidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
private File findTrustedJKS() {
- File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
+ final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
return new File(ssldir, "trusted.keystore");
}
private File findUntrustedJKS() {
- File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
+ final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
return new File(ssldir, "untrusted.keystore");
}
private Properties getValidJavaSSLProperties() {
- File jks = findTrustedJKS();
+ final File jks = findTrustedJKS();
+
try {
- Properties props = new Properties();
+ final Properties props = new Properties();
props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
props.setProperty("javax.net.ssl.trustStorePassword", "password");
props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
props.setProperty("javax.net.ssl.keyStorePassword", "password");
return props;
- }
- catch (IOException ex) {
- throw new AuthenticationFailedException(
- "SSL: Exception while opening the key store: " + ex.getMessage(), ex);
+
+ } catch (IOException ex) {
+ throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
}
}
private Properties getInvalidJavaSSLProperties() {
- File jks = findUntrustedJKS();
+ final File jks = findUntrustedJKS();
+
try {
- Properties props = new Properties();
+ final Properties props = new Properties();
props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
props.setProperty("javax.net.ssl.trustStorePassword", "password");
props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
props.setProperty("javax.net.ssl.keyStorePassword", "password");
return props;
- }
- catch (IOException ex) {
- throw new AuthenticationFailedException(
- "SSL: Exception while opening the key store: " + ex.getMessage(), ex);
+
+ } catch (IOException ex) {
+ throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
}
}
@@ -80,37 +120,4 @@ public class SSLCredentialGenerator extends CredentialGenerator {
props.setProperty("ssl-protocols", "TLSv1");
return props;
}
-
- protected Properties initialize() throws IllegalArgumentException {
- this.javaProps = getValidJavaSSLProperties();
- return getSSLProperties();
- }
-
- public ClassCode classCode() {
- return ClassCode.SSL;
- }
-
- public String getAuthInit() {
- return null;
- }
-
- public String getAuthenticator() {
- return null;
- }
-
- public Properties getValidCredentials(int index) {
- this.javaProps = getValidJavaSSLProperties();
- return getSSLProperties();
- }
-
- public Properties getValidCredentials(Principal principal) {
- this.javaProps = getValidJavaSSLProperties();
- return getSSLProperties();
- }
-
- public Properties getInvalidCredentials(int index) {
- this.javaProps = getInvalidJavaSSLProperties();
- return getSSLProperties();
- }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java b/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java
index cc585cd..5965e5c 100755
--- a/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java
+++ b/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java
@@ -33,15 +33,13 @@ import java.util.Properties;
* properties provided in getCredential props argument will also be
* copied as new credentials.
*
- * @author Soubhik
* @since 5.5
*/
public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit {
+ public static final String SECURITY_PREFIX = "security-";
public static final String EXTRA_PROPS = "security-keep-extra-props";
- public static final String SECURITY_PREFIX = "security-";
-
public static AuthInitialize create() {
return new UserPasswordWithExtraPropsAuthInit();
}
@@ -50,25 +48,23 @@ public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit {
super();
}
- public Properties getCredentials(Properties props, DistributedMember server,
- boolean isPeer) throws AuthenticationFailedException {
+ public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
+ final Properties securityPropertiesCopy = super.getCredentials(securityProperties, server, isPeer);
+ final String extraProps = securityProperties.getProperty(EXTRA_PROPS);
- Properties newProps = super.getCredentials(props, server, isPeer);
- String extraProps = props.getProperty(EXTRA_PROPS);
- if(extraProps != null) {
- for(Iterator it = props.keySet().iterator(); it.hasNext();) {
- String key = (String)it.next();
- if( key.startsWith(SECURITY_PREFIX) &&
+ if (extraProps != null) {
+ for (Iterator it = securityProperties.keySet().iterator(); it.hasNext();) {
+ final String key = (String) it.next();
+ if (key.startsWith(SECURITY_PREFIX) &&
key.equalsIgnoreCase(USER_NAME) == false &&
key.equalsIgnoreCase(PASSWORD) == false &&
key.equalsIgnoreCase(EXTRA_PROPS) == false) {
- newProps.setProperty(key, props.getProperty(key));
+ securityPropertiesCopy.setProperty(key, securityProperties.getProperty(key));
}
}
- this.securitylog.fine("got everything and now have: "
- + newProps.keySet().toString());
+ this.securityLogWriter.fine("got everything and now have: " + securityPropertiesCopy.keySet().toString());
}
- return newProps;
- }
+ return securityPropertiesCopy;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java b/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java
index 118e86f..4eaf01a 100755
--- a/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java
+++ b/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java
@@ -31,106 +31,104 @@ import java.util.Set;
public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
private static final String dummyXml = "authz-dummy.xml";
-
private static final String ldapXml = "authz-ldap.xml";
-
private static final String pkcsXml = "authz-pkcs.xml";
-
private static final String sslXml = "authz-ssl.xml";
- private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions",
- "/AuthRegion" };
+ private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", "/AuthRegion" };
- public static OperationCode[] READER_OPS = { OperationCode.GET,
- OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST,
- OperationCode.KEY_SET, OperationCode.CONTAINS_KEY, OperationCode.EXECUTE_FUNCTION };
+ public static OperationCode[] READER_OPS = {
+ OperationCode.GET,
+ OperationCode.REGISTER_INTEREST,
+ OperationCode.UNREGISTER_INTEREST,
+ OperationCode.KEY_SET,
+ OperationCode.CONTAINS_KEY,
+ OperationCode.EXECUTE_FUNCTION };
- public static OperationCode[] WRITER_OPS = { OperationCode.PUT,
- OperationCode.DESTROY, OperationCode.INVALIDATE, OperationCode.REGION_CLEAR };
+ public static OperationCode[] WRITER_OPS = {
+ OperationCode.PUT,
+ OperationCode.DESTROY,
+ OperationCode.INVALIDATE,
+ OperationCode.REGION_CLEAR };
- public static OperationCode[] QUERY_OPS = { OperationCode.QUERY,
- OperationCode.EXECUTE_CQ, OperationCode.STOP_CQ, OperationCode.CLOSE_CQ };
+ public static OperationCode[] QUERY_OPS = {
+ OperationCode.QUERY,
+ OperationCode.EXECUTE_CQ,
+ OperationCode.STOP_CQ,
+ OperationCode.CLOSE_CQ };
private static final byte READER_ROLE = 1;
-
private static final byte WRITER_ROLE = 2;
-
private static final byte QUERY_ROLE = 3;
-
private static final byte ADMIN_ROLE = 4;
private static Set readerOpsSet;
-
private static Set writerOpsSet;
-
private static Set queryOpsSet;
-
private static Set queryRegionSet;
static {
-
readerOpsSet = new HashSet();
for (int index = 0; index < READER_OPS.length; index++) {
readerOpsSet.add(READER_OPS[index]);
}
+
writerOpsSet = new HashSet();
for (int index = 0; index < WRITER_OPS.length; index++) {
writerOpsSet.add(WRITER_OPS[index]);
}
+
queryOpsSet = new HashSet();
for (int index = 0; index < QUERY_OPS.length; index++) {
queryOpsSet.add(QUERY_OPS[index]);
}
+
queryRegionSet = new HashSet();
for (int index = 0; index < QUERY_REGIONS.length; index++) {
queryRegionSet.add(QUERY_REGIONS[index]);
}
}
- public XmlAuthzCredentialGenerator() {
- }
-
+ @Override
protected Properties init() throws IllegalArgumentException {
+ final Properties sysProps = new Properties();
+ final String dirName = "/lib/";
- Properties sysProps = new Properties();
- String dirName = "/lib/";
- if (this.cGen.classCode().isDummy()) {
- String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml);
+ if (this.generator.classCode().isDummy()) {
+ final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml);
sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
- }
- else if (this.cGen.classCode().isLDAP()) {
- String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml);
+
+ } else if (this.generator.classCode().isLDAP()) {
+ final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml);
sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
- }
- // else if (this.cGen.classCode().isPKCS()) {
- // sysProps
- // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml);
- // }
- // else if (this.cGen.classCode().isSSL()) {
- // sysProps
- // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml);
- // }
- else {
- throw new IllegalArgumentException(
- "No XML defined for XmlAuthorization module to work with "
- + this.cGen.getAuthenticator());
+
+ // } else if (this.generator.classCode().isPKCS()) {
+ // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml);
+ // }
+ // } else if (this.generator.classCode().isSSL()) {
+ // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml);
+ // }
+
+ } else {
+ throw new IllegalArgumentException("No XML defined for XmlAuthorization module to work with " + this.generator.getAuthenticator());
}
return sysProps;
}
+ @Override
public ClassCode classCode() {
return ClassCode.XML;
}
+ @Override
public String getAuthorizationCallback() {
return templates.security.XmlAuthorization.class.getName() + ".create";
}
- private Principal getDummyPrincipal(byte roleType, int index) {
-
- String[] admins = new String[] { "root", "admin", "administrator" };
- int numReaders = 3;
- int numWriters = 3;
+ private Principal getDummyPrincipal(final byte roleType, final int index) {
+ final String[] admins = new String[] { "root", "admin", "administrator" };
+ final int numReaders = 3;
+ final int numWriters = 3;
switch (roleType) {
case READER_ROLE:
@@ -144,8 +142,56 @@ public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
}
}
- private Principal getLdapPrincipal(byte roleType, int index) {
+ @Override
+ protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ if (this.generator.classCode().isDummy()) {
+ final byte roleType = getRequiredRole(opCodes, regionNames);
+ return getDummyPrincipal(roleType, index);
+
+ } else if (this.generator.classCode().isLDAP()) {
+ final byte roleType = getRequiredRole(opCodes, regionNames);
+ return getLdapPrincipal(roleType, index);
+ }
+
+ return null;
+ }
+
+ @Override
+ protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ final byte roleType = getRequiredRole(opCodes, regionNames);
+
+ byte disallowedRoleType = READER_ROLE;
+ switch (roleType) {
+ case READER_ROLE:
+ disallowedRoleType = WRITER_ROLE;
+ break;
+ case WRITER_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ case QUERY_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ case ADMIN_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ }
+
+ if (this.generator.classCode().isDummy()) {
+ return getDummyPrincipal(disallowedRoleType, index);
+
+ } else if (this.generator.classCode().isLDAP()) {
+ return getLdapPrincipal(disallowedRoleType, index);
+ }
+
+ return null;
+ }
+
+ @Override
+ protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
+ return 5;
+ }
+ private Principal getLdapPrincipal(final byte roleType, final int index) {
final String userPrefix = "gemfire";
final int[] readerIndices = { 3, 4, 5 };
final int[] writerIndices = { 6, 7, 8 };
@@ -168,15 +214,14 @@ public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
}
}
- private byte getRequiredRole(OperationCode[] opCodes, String[] regionNames) {
-
+ private byte getRequiredRole(final OperationCode[] opCodes, final String[] regionNames) {
byte roleType = ADMIN_ROLE;
boolean requiresReader = true;
boolean requiresWriter = true;
boolean requiresQuery = true;
for (int opNum = 0; opNum < opCodes.length; opNum++) {
- OperationCode opCode = opCodes[opNum];
+ final OperationCode opCode = opCodes[opNum];
if (requiresReader && !readerOpsSet.contains(opCode)) {
requiresReader = false;
}
@@ -187,17 +232,17 @@ public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
requiresQuery = false;
}
}
+
if (requiresReader) {
roleType = READER_ROLE;
- }
- else if (requiresWriter) {
+
+ } else if (requiresWriter) {
roleType = WRITER_ROLE;
- }
- else if (requiresQuery) {
+
+ } else if (requiresQuery) {
if (regionNames != null && regionNames.length > 0) {
for (int index = 0; index < regionNames.length; index++) {
- String regionName = XmlAuthorization
- .normalizeRegionName(regionNames[index]);
+ final String regionName = XmlAuthorization.normalizeRegionName(regionNames[index]);
if (requiresQuery && !queryRegionSet.contains(regionName)) {
requiresQuery = false;
break;
@@ -208,54 +253,7 @@ public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
}
}
}
- return roleType;
- }
-
- protected Principal getAllowedPrincipal(OperationCode[] opCodes,
- String[] regionNames, int index) {
-
- if (this.cGen.classCode().isDummy()) {
- byte roleType = getRequiredRole(opCodes, regionNames);
- return getDummyPrincipal(roleType, index);
- }
- else if (this.cGen.classCode().isLDAP()) {
- byte roleType = getRequiredRole(opCodes, regionNames);
- return getLdapPrincipal(roleType, index);
- }
- return null;
- }
-
- protected Principal getDisallowedPrincipal(OperationCode[] opCodes,
- String[] regionNames, int index) {
- byte roleType = getRequiredRole(opCodes, regionNames);
- byte disallowedRoleType = READER_ROLE;
- switch (roleType) {
- case READER_ROLE:
- disallowedRoleType = WRITER_ROLE;
- break;
- case WRITER_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- case QUERY_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- case ADMIN_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- }
- if (this.cGen.classCode().isDummy()) {
- return getDummyPrincipal(disallowedRoleType, index);
- }
- else if (this.cGen.classCode().isLDAP()) {
- return getLdapPrincipal(disallowedRoleType, index);
- }
- return null;
- }
-
- protected int getNumPrincipalTries(OperationCode[] opCodes,
- String[] regionNames) {
- return 5;
+ return roleType;
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/templates/security/DummyAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/templates/security/DummyAuthenticator.java b/geode-core/src/test/java/templates/security/DummyAuthenticator.java
index 5070836..c7fd39e 100755
--- a/geode-core/src/test/java/templates/security/DummyAuthenticator.java
+++ b/geode-core/src/test/java/templates/security/DummyAuthenticator.java
@@ -16,20 +16,19 @@
*/
package templates.security;
+import java.security.Principal;
+import java.util.Properties;
+
import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.Authenticator;
-import java.security.Principal;
-import java.util.Properties;
-
/**
* A dummy implementation of the {@link Authenticator} interface that expects a
* user name and password allowing authentication depending on the format of the
* user name.
- *
- * @author Sumedh Wale
+ *
* @since 5.5
*/
public class DummyAuthenticator implements Authenticator {
@@ -38,47 +37,39 @@ public class DummyAuthenticator implements Authenticator {
return new DummyAuthenticator();
}
- public DummyAuthenticator() {
+ public static boolean checkValidName(final String userName) {
+ return userName.startsWith("user") ||
+ userName.startsWith("reader") ||
+ userName.startsWith("writer") ||
+ userName.equals("admin") ||
+ userName.equals("root") ||
+ userName.equals("administrator");
}
- public void init(Properties systemProps, LogWriter systemLogger,
- LogWriter securityLogger) throws AuthenticationFailedException {
+ @Override
+ public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
}
- public static boolean testValidName(String userName) {
-
- return (userName.startsWith("user") || userName.startsWith("reader")
- || userName.startsWith("writer") || userName.equals("admin")
- || userName.equals("root") || userName.equals("administrator"));
- }
-
- public Principal authenticate(Properties props, DistributedMember member)
- throws AuthenticationFailedException {
-
- String userName = props.getProperty(UserPasswordAuthInit.USER_NAME);
+ @Override
+ public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException {
+ final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME);
if (userName == null) {
- throw new AuthenticationFailedException(
- "DummyAuthenticator: user name property ["
- + UserPasswordAuthInit.USER_NAME + "] not provided");
+ throw new AuthenticationFailedException("DummyAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided");
}
- String password = props.getProperty(UserPasswordAuthInit.PASSWORD);
+
+ final String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD);
if (password == null) {
- throw new AuthenticationFailedException(
- "DummyAuthenticator: password property ["
- + UserPasswordAuthInit.PASSWORD + "] not provided");
+ throw new AuthenticationFailedException( "DummyAuthenticator: password property [" + UserPasswordAuthInit.PASSWORD + "] not provided");
}
- if (userName.equals(password) && testValidName(userName)) {
+ if (userName.equals(password) && checkValidName(userName)) {
return new UsernamePrincipal(userName);
- }
- else {
- throw new AuthenticationFailedException(
- "DummyAuthenticator: Invalid user name [" + userName
- + "], password supplied.");
+ } else {
+ throw new AuthenticationFailedException("DummyAuthenticator: Invalid user name [" + userName + "], password supplied.");
}
}
+ @Override
public void close() {
}
-
}