You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by je...@apache.org on 2016/03/01 23:24:32 UTC
[3/5] incubator-geode git commit: GEODE-17: WIP adding JMX security
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
index 8eae00b..3ec52e3 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
@@ -112,7 +112,9 @@ import com.gemstone.gemfire.management.internal.cli.util.VisualVmNotFoundExcepti
import com.gemstone.gemfire.management.internal.configuration.domain.SharedConfigurationStatus;
import com.gemstone.gemfire.management.internal.configuration.messages.SharedConfigurationStatusRequest;
import com.gemstone.gemfire.management.internal.configuration.messages.SharedConfigurationStatusResponse;
-
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
@@ -200,6 +202,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.START_LOCATOR, help = CliStrings.START_LOCATOR__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEMFIRE_LOCATOR, CliStrings.TOPIC_GEMFIRE_LIFECYCLE })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result startLocator(@CliOption(key = CliStrings.START_LOCATOR__MEMBER_NAME,
mandatory = true,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -605,7 +608,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
}
getGfsh().setOperationInvoker(new JmxOperationInvoker(memberEndpoint.getHost(), memberEndpoint.getPort(),
- null, null, configurationProperties));
+ null, null, configurationProperties, null));
String shellAndLogMessage = CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS, memberEndpoint.toString(false));
@@ -780,6 +783,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.STATUS_LOCATOR, help = CliStrings.STATUS_LOCATOR__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEMFIRE_LOCATOR, CliStrings.TOPIC_GEMFIRE_LIFECYCLE })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result statusLocator(@CliOption(key = CliStrings.STATUS_LOCATOR__MEMBER,
optionContext = ConverterHint.LOCATOR_MEMBER_IDNAME,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -856,6 +860,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.STOP_LOCATOR, help=CliStrings.STOP_LOCATOR__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_LOCATOR, CliStrings.TOPIC_GEMFIRE_LIFECYCLE})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result stopLocator(@CliOption(key = CliStrings.STOP_LOCATOR__MEMBER,
optionContext = ConverterHint.LOCATOR_MEMBER_IDNAME,
unspecifiedDefaultValue=CliMetaData.ANNOTATION_NULL_VALUE,
@@ -1371,6 +1376,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.START_SERVER, help = CliStrings.START_SERVER__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEMFIRE_SERVER, CliStrings.TOPIC_GEMFIRE_LIFECYCLE })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result startServer(@CliOption(key = CliStrings.START_SERVER__ASSIGN_BUCKETS,
unspecifiedDefaultValue = "false",
specifiedDefaultValue = "true",
@@ -1937,6 +1943,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.STATUS_SERVER, help = CliStrings.STATUS_SERVER__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEMFIRE_SERVER, CliStrings.TOPIC_GEMFIRE_LIFECYCLE })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result statusServer(@CliOption(key = CliStrings.STATUS_SERVER__MEMBER,
optionContext = ConverterHint.MEMBERIDNAME,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -2007,6 +2014,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.STOP_SERVER, help = CliStrings.STOP_SERVER__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEMFIRE_SERVER, CliStrings.TOPIC_GEMFIRE_LIFECYCLE })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result stopServer(@CliOption(key = CliStrings.STOP_SERVER__MEMBER,
optionContext = ConverterHint.MEMBERIDNAME,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -2103,6 +2111,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
//@CliCommand(value=CliStrings.START_MANAGER, help=CliStrings.START_MANAGER__HELP)
//@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_MANAGER, CliStrings.TOPIC_GEMFIRE_JMX, CliStrings.TOPIC_GEMFIRE_LIFECYCLE})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result startManager(@CliOption(key=CliStrings.START_MANAGER__MEMBERNAME,
unspecifiedDefaultValue=CliMetaData.ANNOTATION_NULL_VALUE,
help=CliStrings.START_MANAGER__MEMBERNAME__HELP)
@@ -2145,6 +2154,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.START_JCONSOLE, help = CliStrings.START_JCONSOLE__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEMFIRE_MANAGER, CliStrings.TOPIC_GEMFIRE_JMX, CliStrings.TOPIC_GEMFIRE_M_AND_M })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result startJConsole(@CliOption(key = CliStrings.START_JCONSOLE__INTERVAL,
unspecifiedDefaultValue = "4",
help = CliStrings.START_JCONSOLE__INTERVAL__HELP)
@@ -2338,6 +2348,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.START_JVISUALVM, help = CliStrings.START_JVISUALVM__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEMFIRE_MANAGER, CliStrings.TOPIC_GEMFIRE_JMX, CliStrings.TOPIC_GEMFIRE_M_AND_M })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result startJVisualVM(@CliOption(key = CliStrings.START_JCONSOLE__J,
optionContext = ConverterHint.STRING_LIST,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -2427,6 +2438,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.START_PULSE, help = CliStrings.START_PULSE__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEMFIRE_MANAGER, CliStrings.TOPIC_GEMFIRE_JMX, CliStrings.TOPIC_GEMFIRE_M_AND_M })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
// TODO change url parameter type to URL when I figure out the Converter logic in Gfsh
public Result startPulse(@CliOption(key = CliStrings.START_PULSE__URL,
unspecifiedDefaultValue = "http://localhost:7070/pulse",
@@ -2518,6 +2530,7 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.START_VSD, help=CliStrings.START_VSD__HELP)
@CliMetaData(shellOnly=true, relatedTopic = { CliStrings.TOPIC_GEMFIRE_M_AND_M, CliStrings.TOPIC_GEMFIRE_STATISTICS })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result startVsd(@CliOption(key=CliStrings.START_VSD__FILE, help=CliStrings.START_VSD__FILE__HELP)
final String[] statisticsArchiveFilePathnames)
{
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
index 78880e1..a2387e9 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
@@ -47,6 +47,9 @@ import com.gemstone.gemfire.management.internal.cli.result.CompositeResultData.S
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/***
*
@@ -62,6 +65,7 @@ public class MemberCommands implements CommandMarker {
@CliCommand(value = { CliStrings.LIST_MEMBER }, help = CliStrings.LIST_MEMBER__HELP)
@CliMetaData(shellOnly = false, relatedTopic = CliStrings.TOPIC_GEMFIRE_SERVER)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result listMember(
@CliOption(key = { CliStrings.LIST_MEMBER__GROUP },
unspecifiedDefaultValue = "",
@@ -106,6 +110,7 @@ public class MemberCommands implements CommandMarker {
@CliCommand(value = { CliStrings.DESCRIBE_MEMBER }, help = CliStrings.DESCRIBE_MEMBER__HELP)
@CliMetaData(shellOnly = false, relatedTopic = CliStrings.TOPIC_GEMFIRE_SERVER)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result describeMember(
@CliOption(key = CliStrings.DESCRIBE_MEMBER__IDENTIFIER,
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
index dc9f5de..30cc866 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
@@ -190,7 +190,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHUTDOWN, help = CliStrings.SHUTDOWN__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_LIFECYCLE },
interceptor = "com.gemstone.gemfire.management.internal.cli.commands.MiscellaneousCommands$Interceptor")
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.SHUTDOWN_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.SHUTDOWN)
public Result shutdown(
@CliOption(key = CliStrings.SHUTDOWN__TIMEOUT, unspecifiedDefaultValue = DEFAULT_TIME_OUT,
help = CliStrings.SHUTDOWN__TIMEOUT__HELP) int userSpecifiedTimeout,
@@ -331,6 +331,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.GC, help = CliStrings.GC__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.GC)
public Result gc(
@CliOption(key = CliStrings.GC__GROUP, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.GC__GROUP__HELP)
String[] groups,
@@ -421,6 +422,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.NETSTAT, help = CliStrings.NETSTAT__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.NETSTAT)
//TODO : Verify the auto-completion for multiple values.
public Result netstat(
@CliOption(key = CliStrings.NETSTAT__MEMBER,
@@ -574,6 +576,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_DEADLOCK, help = CliStrings.SHOW_DEADLOCK__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.SHOW_DEADLOCKS)
public Result showDeadlock(
@CliOption(key = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE,
help = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE__HELP,
@@ -623,6 +626,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_LOG, help = CliStrings.SHOW_LOG_HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.SHOW_LOG)
public Result showLog(
@CliOption(key = CliStrings.SHOW_LOG_MEMBER, optionContext = ConverterHint.ALL_MEMBER_IDNAME, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.SHOW_LOG_MEMBER_HELP, mandatory = true) String memberNameOrId,
@CliOption(key = CliStrings.SHOW_LOG_LINE_NUM, unspecifiedDefaultValue = "0", help = CliStrings.SHOW_LOG_LINE_NUM_HELP, mandatory = false) int numberOfLines) {
@@ -770,6 +774,7 @@ public class MiscellaneousCommands implements CommandMarker {
}
@CliCommand(value = CliStrings.EXPORT_LOGS, help = CliStrings.EXPORT_LOGS__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_SERVER, CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.EXPORT_LOGS)
public Result exportLogs(
@CliOption(key = CliStrings.EXPORT_LOGS__DIR,
help = CliStrings.EXPORT_LOGS__DIR__HELP, mandatory=true) String dirName,
@@ -991,6 +996,7 @@ public class MiscellaneousCommands implements CommandMarker {
*/
@CliCommand(value = CliStrings.EXPORT_STACKTRACE, help = CliStrings.EXPORT_STACKTRACE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.EXPORT_STACKTRACE)
public Result exportStackTrace(
@CliOption(key = CliStrings.EXPORT_STACKTRACE__MEMBER,
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -1091,6 +1097,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_METRICS, help = CliStrings.SHOW_METRICS__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_STATISTICS })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.SHOW_METRICS)
public Result showMetrics(
@CliOption(key = { CliStrings.SHOW_METRICS__MEMBER }, optionContext = ConverterHint.ALL_MEMBER_IDNAME, help = CliStrings.SHOW_METRICS__MEMBER__HELP) String memberNameOrId,
@CliOption(key = { CliStrings.SHOW_METRICS__REGION }, optionContext = ConverterHint.REGIONPATH, help = CliStrings.SHOW_METRICS__REGION__HELP) String regionName,
@@ -1994,7 +2001,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.CHANGE_LOGLEVEL, help = CliStrings.CHANGE_LOGLEVEL__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_CHANGELOGLEVEL })
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.CHANGE_ALERT_LEVEL_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.CHANGE_ALERT_LEVEL)
public Result changeLogLevel(
@CliOption(key = CliStrings.CHANGE_LOGLEVEL__MEMBER, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__MEMBER__HELP) String[] memberIds,
@CliOption(key = CliStrings.CHANGE_LOGLEVEL__GROUPS, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__GROUPS__HELP) String[] grps,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
index 820518b..7404748 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
@@ -41,6 +41,9 @@ import com.gemstone.gemfire.management.internal.cli.result.InfoResultData;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import com.gemstone.gemfire.pdx.ReflectionBasedAutoSerializer;
import com.gemstone.gemfire.pdx.internal.EnumInfo;
import com.gemstone.gemfire.pdx.internal.PdxType;
@@ -50,7 +53,8 @@ public class PDXCommands extends AbstractCommandsSupport{
@CliCommand (value = CliStrings.CONFIGURE_PDX, help = CliStrings.CONFIGURE_PDX__HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION, writesToSharedConfiguration = true)
- public Result configurePDX(
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.CONFIGURE_PDX)
+ public Result configurePDX(
@CliOption (key = CliStrings.CONFIGURE_PDX__READ__SERIALIZED,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
help = CliStrings.CONFIGURE_PDX__READ__SERIALIZED__HELP)
@@ -171,7 +175,8 @@ public class PDXCommands extends AbstractCommandsSupport{
@CliCommand (value = CliStrings.PDX_RENAME, help = CliStrings.PDX_RENAME__HELP)
@CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
- public Result pdxRename(
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.RENAME_PDX)
+ public Result pdxRename(
@CliOption (key = CliStrings.PDX_RENAME_OLD,
mandatory=true,
help = CliStrings.PDX_RENAME_OLD__HELP)
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
index f594c39..52d230e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
@@ -45,6 +45,9 @@ import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* The QueueCommands class encapsulates all GemFire Queue commands in Gfsh.
@@ -60,6 +63,7 @@ public class QueueCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_ASYNC_EVENT_QUEUE, help = CliStrings.CREATE_ASYNC_EVENT_QUEUE__HELP)
@CliMetaData(writesToSharedConfiguration = true)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.CREATE_AEQ)
public Result createAsyncEventQueue(
@CliOption(key = CliStrings.CREATE_ASYNC_EVENT_QUEUE__ID,
mandatory = true,
@@ -199,6 +203,7 @@ public class QueueCommands implements CommandMarker {
}
@CliCommand(value = CliStrings.LIST_ASYNC_EVENT_QUEUES, help = CliStrings.LIST_ASYNC_EVENT_QUEUES__HELP)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result listAsyncEventQueues() {
try {
TabularResultData tabularData = ResultBuilder.createTabularResultData();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
index 1c972a5..aace536 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
@@ -54,6 +54,9 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.cli.util.RegionAttributesNames;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/***
* Class containing implementation of commands based on region:
@@ -75,6 +78,7 @@ public class RegionCommands implements CommandMarker {
@CliCommand(value = { CliStrings.LIST_REGION }, help = CliStrings.LIST_REGION__HELP)
@CliMetaData(shellOnly = false, relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result listRegion(
@CliOption(key = { CliStrings.LIST_REGION__GROUP },
optionContext = ConverterHint.MEMBERGROUP,
@@ -154,6 +158,7 @@ public class RegionCommands implements CommandMarker {
@CliCommand(value = { CliStrings.DESCRIBE_REGION }, help = CliStrings.DESCRIBE_REGION__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_CONFIG } )
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result describeRegion(
@CliOption(key = CliStrings.DESCRIBE_REGION__NAME,
optionContext = ConverterHint.REGIONPATH,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
index 1bd7692..46d4e4f 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
@@ -30,6 +30,7 @@ import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.util.Collections;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
@@ -82,6 +83,9 @@ import com.gemstone.gemfire.management.internal.cli.shell.OperationInvoker;
import com.gemstone.gemfire.management.internal.cli.shell.jline.GfshHistory;
import com.gemstone.gemfire.management.internal.cli.util.CauseFinder;
import com.gemstone.gemfire.management.internal.cli.util.ConnectionEndpoint;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import com.gemstone.gemfire.management.internal.web.domain.LinkIndex;
import com.gemstone.gemfire.management.internal.web.http.support.SimpleHttpRequester;
import com.gemstone.gemfire.management.internal.web.shell.HttpOperationInvoker;
@@ -100,6 +104,7 @@ public class ShellCommands implements CommandMarker {
@CliCommand(value = { CliStrings.EXIT, "quit" }, help = CliStrings.EXIT__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public ExitShellRequest exit() throws IOException {
Gfsh gfshInstance = getGfsh();
@@ -123,6 +128,7 @@ public class ShellCommands implements CommandMarker {
@CliCommand(value = { CliStrings.CONNECT }, help = CliStrings.CONNECT__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH, CliStrings.TOPIC_GEMFIRE_JMX, CliStrings.TOPIC_GEMFIRE_MANAGER})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result connect(
@CliOption(key = { CliStrings.CONNECT__LOCATOR },
unspecifiedDefaultValue = ConnectionEndpointConverter.DEFAULT_LOCATOR_ENDPOINTS,
@@ -195,9 +201,19 @@ public class ShellCommands implements CommandMarker {
ResultBuilder.ERRORCODE_DEFAULT).addLine(e.getMessage()));
}
} else if (useHttp) {
+ Gfsh gemfireShell = getGfsh();
try{
- final Map<String, String> sslConfigProps = this.readSSLConfiguration(useSsl, keystoreToUse,keystorePasswordToUse,
+ if (userName != null && userName.length() > 0) {
+ if (passwordToUse == null || passwordToUse.length() == 0) {
+ passwordToUse = gemfireShell.readWithMask("http password: ", '*');
+ }
+ if (passwordToUse == null || passwordToUse.length() == 0) {
+ throw new IllegalArgumentException(CliStrings.CONNECT__MSG__JMX_PASSWORD_MUST_BE_SPECIFIED);
+ }
+ }
+
+ final Map<String, String> sslConfigProps = this.readSSLConfiguration(useSsl, keystoreToUse,keystorePasswordToUse,
truststoreToUse, truststorePasswordToUse, sslCiphersToUse, sslProtocolsToUse, gfSecurityPropertiesPath);
if (useSsl) {
@@ -207,18 +223,24 @@ public class ShellCommands implements CommandMarker {
}
}
+ Map<String,String> securityProperties = new HashMap<String, String>();
+
+ Iterator<String> it = sslConfigProps.keySet().iterator();
+ while(it.hasNext()){
+ String secKey = it.next();
+ securityProperties.put(secKey, sslConfigProps.get(secKey));
+ }
+
// This is so that SSL termination results in https URLs being returned
String query = (url.startsWith("https")) ? "?scheme=https" : "";
- LogWrapper.getInstance().warning(String.format("Sending HTTP request for Link Index at (%1$s)...", url.concat("/index")));
+ LogWrapper.getInstance().warning(String.format("Sending HTTP request for Link Index at (%1$s)...", url.concat("/index").concat(query)));
- LinkIndex linkIndex = new SimpleHttpRequester(CONNECT_LOCATOR_TIMEOUT_MS).get(url.concat("/index").concat(query), LinkIndex.class);
+ LinkIndex linkIndex = new SimpleHttpRequester(gemfireShell, CONNECT_LOCATOR_TIMEOUT_MS, securityProperties).exchange(url.concat("/index").concat(query), LinkIndex.class);
LogWrapper.getInstance().warning(String.format("Received Link Index (%1$s)", linkIndex.toString()));
- Gfsh gemfireShell = getGfsh();
-
- HttpOperationInvoker operationInvoker = new RestHttpOperationInvoker(linkIndex, gemfireShell, url);
+ HttpOperationInvoker operationInvoker = new RestHttpOperationInvoker(linkIndex, gemfireShell, url, securityProperties);
Initializer.init(operationInvoker);
gemfireShell.setOperationInvoker(operationInvoker);
@@ -231,11 +253,11 @@ public class ShellCommands implements CommandMarker {
} catch (IOException ioe) {
String errorMessage = ioe.getMessage();
result = ResultBuilder.createConnectionErrorResult(errorMessage);
- ioe.printStackTrace();
+ if (gemfireShell.getDebug()) {ioe.printStackTrace();}
} catch (Exception e) {
String errorMessage = e.getMessage();
result = ResultBuilder.createConnectionErrorResult(errorMessage);
- e.printStackTrace();
+ if (gemfireShell.getDebug()) {e.printStackTrace();}
}
} else {
@@ -300,7 +322,7 @@ public class ShellCommands implements CommandMarker {
gfshInstance.logToFile("Connecting to manager via SSL.", null);
}
- JmxOperationInvoker operationInvoker = new JmxOperationInvoker(memberRmiHostPort.getHost(), memberRmiHostPort.getPort(), userName, passwordToUse, sslConfigProps);
+ JmxOperationInvoker operationInvoker = new JmxOperationInvoker(memberRmiHostPort.getHost(), memberRmiHostPort.getPort(), userName, passwordToUse, sslConfigProps, gfSecurityPropertiesPath);
gfshInstance.setOperationInvoker(operationInvoker);
infoResultData.addLine(CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS, memberRmiHostPort.toString(false)));
LogWrapper.getInstance().info(CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS, memberRmiHostPort.toString(false)));
@@ -610,7 +632,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
}
// Copied from DistributedSystem.java
- private static URL getFileUrl(String fileName) {
+ public static URL getFileUrl(String fileName) {
File file = new File(fileName);
if (file.exists()) {
@@ -668,6 +690,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.DISCONNECT }, help = CliStrings.DISCONNECT__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH, CliStrings.TOPIC_GEMFIRE_JMX, CliStrings.TOPIC_GEMFIRE_MANAGER})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result disconnect() {
Result result = null;
@@ -700,6 +723,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = {CliStrings.DESCRIBE_CONNECTION}, help = CliStrings.DESCRIBE_CONNECTION__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH, CliStrings.TOPIC_GEMFIRE_JMX})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result describeConnection() {
Result result = null;
try {
@@ -727,6 +751,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.ECHO }, help = CliStrings.ECHO__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result echo(
@CliOption(key = {CliStrings.ECHO__STR, ""},
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -764,6 +789,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.SET_VARIABLE }, help = CliStrings.SET_VARIABLE__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result setVariable(
@CliOption(key = CliStrings.SET_VARIABLE__VAR,
mandatory=true,
@@ -803,6 +829,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.DEBUG }, help = CliStrings.DEBUG__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GFSH, CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result debug(
@CliOption(key = CliStrings.DEBUG__STATE,
unspecifiedDefaultValue = "OFF",
@@ -832,6 +859,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = CliStrings.HISTORY, help = CliStrings.HISTORY__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GFSH })
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result history(
@CliOption(key = { CliStrings.HISTORY__FILE }, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.HISTORY__FILE__HELP)
String saveHistoryTo,
@@ -943,6 +971,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.RUN }, help = CliStrings.RUN__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GFSH})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result executeScript(
@CliOption(key = CliStrings.RUN__FILE,
optionContext = ConverterHint.FILE,
@@ -974,6 +1003,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = CliStrings.ENCRYPT, help = CliStrings.ENCRYPT__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result encryptPassword(
@CliOption(key = CliStrings.ENCRYPT_STRING,
help = CliStrings.ENCRYPT_STRING__HELP,
@@ -984,6 +1014,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.VERSION }, help = CliStrings.VERSION__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GFSH})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result version(
@CliOption(key = { CliStrings.VERSION__FULL },
specifiedDefaultValue = "true",
@@ -997,6 +1028,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.SLEEP }, help = CliStrings.SLEEP__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GFSH})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result sleep(
@CliOption(key = { CliStrings.SLEEP__TIME },
unspecifiedDefaultValue = "3",
@@ -1011,6 +1043,7 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.SH }, help = CliStrings.SH__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GFSH})
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result sh(
@CliArgument(name = CliStrings.SH__COMMAND,
mandatory = true,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
index a6557b1..04f3206 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
@@ -37,6 +37,9 @@ import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.configuration.domain.SharedConfigurationStatus;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/********
*
@@ -50,6 +53,7 @@ public class StatusCommands extends AbstractCommandsSupport implements CommandMa
@SuppressWarnings("unchecked")
@CliCommand (value = CliStrings.STATUS_SHARED_CONFIG, help = CliStrings.STATUS_SHARED_CONFIG_HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_LOCATOR)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result statusSharedConfiguration() {
final GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
final Set<DistributedMember> locators = new HashSet<DistributedMember>(cache.getDistributionManager().getAllHostedLocatorsWithSharedConfiguration().keySet());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
index 5630885..2892c00 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
@@ -67,6 +67,9 @@ import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
public class WanCommands implements CommandMarker {
@@ -76,6 +79,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_GATEWAYSENDER, help = CliStrings.CREATE_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN, writesToSharedConfiguration=true)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.CREATE_GW_SENDER)
public Result createGatewaySender(
@CliOption(key = CliStrings.CREATE_GATEWAYSENDER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
@@ -192,6 +196,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.START_GATEWAYSENDER, help = CliStrings.START_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.GATEWAY_SENDER, operation=ResourceConstants.START_GW_SENDER)
public Result startGatewaySender(
@CliOption(key = CliStrings.START_GATEWAYSENDER__ID,
mandatory = true,
@@ -334,6 +339,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.PAUSE_GATEWAYSENDER, help = CliStrings.PAUSE_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.GATEWAY_SENDER, operation=ResourceConstants.PAUSE_GW_SENDER)
public Result pauseGatewaySender(
@CliOption(key = CliStrings.PAUSE_GATEWAYSENDER__ID,
mandatory = true,
@@ -426,6 +432,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.RESUME_GATEWAYSENDER, help = CliStrings.RESUME_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.GATEWAY_SENDER, operation=ResourceConstants.RESUME_GW_SENDER)
public Result resumeGatewaySender(
@CliOption(key = CliStrings.RESUME_GATEWAYSENDER__ID,
mandatory = true,
@@ -565,6 +572,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STOP_GATEWAYSENDER, help = CliStrings.STOP_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.GATEWAY_SENDER, operation=ResourceConstants.STOP_GW_SENDER)
public Result stopGatewaySender(
@CliOption(key = CliStrings.STOP_GATEWAYSENDER__ID,
mandatory = true,
@@ -640,6 +648,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_GATEWAYRECEIVER, help = CliStrings.CREATE_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.CREATE_GW_RECEIVER)
public Result createGatewayReceiver(
@CliOption(key = CliStrings.CREATE_GATEWAYRECEIVER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
@@ -719,6 +728,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.LOAD_BALANCE_GATEWAYSENDER, help = CliStrings.LOAD_BALANCE_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LOAD_BALANCE_GW_SENDER)
public Result loadBalanceGatewaySender(
@CliOption(key = CliStrings.LOAD_BALANCE_GATEWAYSENDER__ID,
mandatory = true,
@@ -784,6 +794,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.START_GATEWAYRECEIVER, help = CliStrings.START_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.GATEWAY_RECEIVER, operation=ResourceConstants.START_GW_RECEIVER)
public Result startGatewayReceiver(
@CliOption(key = CliStrings.START_GATEWAYRECEIVER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
@@ -845,6 +856,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STOP_GATEWAYRECEIVER, help = CliStrings.STOP_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.GATEWAY_RECEIVER, operation=ResourceConstants.STOP_GW_RECEIVER)
public Result stopGatewayReceiver(
@CliOption(key = CliStrings.STOP_GATEWAYRECEIVER__GROUP,
@@ -918,6 +930,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.LIST_GATEWAY, help = CliStrings.LIST_GATEWAY__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result listGateway(
@CliOption(key = CliStrings.LIST_GATEWAY__MEMBER,
optionContext = ConverterHint.MEMBERIDNAME,
@@ -1008,6 +1021,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STATUS_GATEWAYSENDER, help = CliStrings.STATUS_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result statusGatewaySender(
@CliOption(key = CliStrings.STATUS_GATEWAYSENDER__ID,
mandatory = true,
@@ -1074,6 +1088,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STATUS_GATEWAYRECEIVER, help = CliStrings.STATUS_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public Result statusGatewayReceiver(
@CliOption(key = CliStrings.STATUS_GATEWAYRECEIVER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java
index c2a1b2f..bbb1fef 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java
@@ -16,14 +16,18 @@
*/
package com.gemstone.gemfire.management.internal.cli.shell;
+import java.io.File;
import java.io.IOException;
+import java.io.InputStream;
import java.net.MalformedURLException;
+import java.net.URL;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
+import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicBoolean;
@@ -44,13 +48,18 @@ import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;
import javax.rmi.ssl.SslRMIClientSocketFactory;
+import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.internal.util.ArrayUtils;
+import com.gemstone.gemfire.internal.util.IOUtils;
import com.gemstone.gemfire.management.DistributedSystemMXBean;
import com.gemstone.gemfire.management.MemberMXBean;
import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
import com.gemstone.gemfire.management.internal.ManagementConstants;
+import com.gemstone.gemfire.management.internal.cli.CliUtil;
import com.gemstone.gemfire.management.internal.cli.CommandRequest;
import com.gemstone.gemfire.management.internal.cli.LogWrapper;
+import com.gemstone.gemfire.management.internal.cli.commands.ShellCommands;
+import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
/**
* OperationInvoker JMX Implementation
@@ -94,7 +103,7 @@ public class JmxOperationInvoker implements OperationInvoker {
final int port,
final String userName,
final String password,
- final Map<String, String> sslConfigProps)
+ final Map<String, String> sslConfigProps, String gfSecurityPropertiesPath)
throws Exception
{
final Set<String> propsToClear = new TreeSet<String>();
@@ -133,6 +142,11 @@ public class JmxOperationInvoker implements OperationInvoker {
}
}
+ //Check for JMX Credentials if empty put properties instance directly so that
+ //jmx management interceptor can read it for custom security properties
+ if(!env.containsKey(JMXConnector.CREDENTIALS)) {
+ env.put(JMXConnector.CREDENTIALS, readProperties(gfSecurityPropertiesPath));
+ }
this.url = new JMXServiceURL(MessageFormat.format(JMX_URL_FORMAT, checkAndConvertToCompatibleIPv6Syntax(host), String.valueOf(port)));
this.connector = JMXConnectorFactory.connect(url, env);
@@ -177,7 +191,54 @@ public class JmxOperationInvoker implements OperationInvoker {
}
}
-
+ //Copied from ShellCommands.java
+ private Properties readProperties(String gfSecurityPropertiesPath) throws MalformedURLException {
+ Gfsh gfshInstance = Gfsh.getCurrentInstance();
+ // reference to hold resolved gfSecurityPropertiesPath
+ String gfSecurityPropertiesPathToUse = CliUtil.resolvePathname(gfSecurityPropertiesPath);
+ URL gfSecurityPropertiesUrl = null;
+
+ // Case 1: User has specified gfSecurity properties file
+ if (!StringUtils.isBlank(gfSecurityPropertiesPathToUse)) {
+ // User specified gfSecurity properties doesn't exist
+ if (!IOUtils.isExistingPathname(gfSecurityPropertiesPathToUse)) {
+ gfshInstance.printAsSevere(CliStrings.format(CliStrings.GEMFIRE_0_PROPERTIES_1_NOT_FOUND_MESSAGE, "Security ", gfSecurityPropertiesPathToUse));
+ } else {
+ gfSecurityPropertiesUrl = new File(gfSecurityPropertiesPathToUse).toURI().toURL();
+ }
+ } else if (gfSecurityPropertiesPath == null) {
+ // Use default "gfsecurity.properties"
+ // in current dir, user's home or classpath
+ gfSecurityPropertiesUrl = ShellCommands.getFileUrl("gfsecurity.properties");
+ }
+ // if 'gfSecurityPropertiesPath' OR gfsecurity.properties has resolvable path
+ if (gfSecurityPropertiesUrl != null) {
+ gfshInstance.logToFile("Using security properties file : "
+ + CliUtil.decodeWithDefaultCharSet(gfSecurityPropertiesUrl.getPath()), null);
+ return loadPropertiesFromURL(gfSecurityPropertiesUrl);
+ }
+ return null;
+ }
+
+ static Properties loadPropertiesFromURL(URL gfSecurityPropertiesUrl) {
+ Properties props = new Properties();
+ if (gfSecurityPropertiesUrl != null) {
+ InputStream inputStream = null;
+ try {
+
+ inputStream = gfSecurityPropertiesUrl.openStream();
+ props.load(inputStream);
+ } catch (IOException io) {
+ throw new RuntimeException(CliStrings.format(
+ CliStrings.CONNECT__MSG__COULD_NOT_READ_CONFIG_FROM_0,
+ CliUtil.decodeWithDefaultCharSet(gfSecurityPropertiesUrl.getPath())), io);
+ } finally {
+ IOUtils.close(inputStream);
+ }
+ }
+ return props;
+ }
+
private String checkforSystemPropertyPrefix(String key) {
String returnKey = key;
if (key.startsWith("javax."))
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java
index 0331767..f20ea22 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java
@@ -24,6 +24,13 @@ import java.util.Set;
import javax.management.remote.JMXPrincipal;
import javax.security.auth.Subject;
+/**
+ * AccessControlMBean Implementation. This retrieves JMXPrincipal from AccessController
+ * and performs authorization for given role using gemfire AccessControl Plugin
+ *
+ * @author tushark
+ * @since 9.0
+ */
public class AccessControl implements AccessControlMXBean {
private ManagementInterceptor interceptor;
@@ -37,12 +44,11 @@ public class AccessControl implements AccessControlMXBean {
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
Set<JMXPrincipal> principals = subject.getPrincipals(JMXPrincipal.class);
- Set<Object> pubCredentials = subject.getPublicCredentials();
if (principals == null || principals.isEmpty()) {
throw new SecurityException("Access denied");
}
Principal principal = principals.iterator().next();
- com.gemstone.gemfire.security.AccessControl gemAccControl = interceptor.getAccessControl(principal);
+ com.gemstone.gemfire.security.AccessControl gemAccControl = interceptor.getAccessControl(principal, false);
boolean authorized = gemAccControl.authorizeOperation(null,
new com.gemstone.gemfire.management.internal.security.AccessControlContext(role));
return authorized;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java
index 225d766..b8ad6e5 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java
@@ -16,6 +16,15 @@
*/
package com.gemstone.gemfire.management.internal.security;
+/**
+ *
+ * ResourceOperationContext passed to AccessControlMBean for Authorization calls made
+ * from AccessControlMBean
+ *
+ * @author tushark
+ * @since 9.0
+ *
+ */
public class AccessControlContext extends ResourceOperationContext {
private ResourceOperationCode code;
@@ -34,4 +43,6 @@ public class AccessControlContext extends ResourceOperationContext {
return OperationCode.RESOURCE;
}
+ public static AccessControlContext ACCESS_GRANTED_CONTEXT = new AccessControlContext(ResourceConstants.LIST_DS);
+
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java
index 68c3d64..144b90a 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java
@@ -16,8 +16,14 @@
*/
package com.gemstone.gemfire.management.internal.security;
+/**
+ * Interface for AccessControlMBean
+ * @author tushark
+ * @since 9.0
+ */
public interface AccessControlMXBean {
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.LIST_DS)
public boolean authorize(String role);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
index 4007d09..4c83fa9 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
@@ -23,14 +23,23 @@ import java.util.Map;
import org.springframework.shell.event.ParseResult;
-import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.GemFireConfigException;
import com.gemstone.gemfire.management.cli.CommandProcessingException;
import com.gemstone.gemfire.management.internal.cli.CommandManager;
import com.gemstone.gemfire.management.internal.cli.GfshParseResult;
import com.gemstone.gemfire.management.internal.cli.GfshParser;
+import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
import com.gemstone.gemfire.management.internal.cli.parser.CommandTarget;
+import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*;
-
+/**
+ * It represents command being executed and all passed options and option-values.
+ * ResourceOpCode returned by CLIOperationContext is retrieved from ResourceOperation
+ * annotation on the target command
+ *
+ * @author tushark
+ * @since 9.0
+ */
public class CLIOperationContext extends ResourceOperationContext {
private OperationCode code = OperationCode.RESOURCE;
@@ -42,10 +51,59 @@ public class CLIOperationContext extends ResourceOperationContext {
private static GfshParser parser = null;
public CLIOperationContext(String commandString) throws CommandProcessingException, IllegalStateException{
- code = OperationCode.RESOURCE;
GfshParseResult parseResult = (GfshParseResult) parseCommand(commandString);
this.commandOptions = parseResult.getParamValueStrings();
- this.resourceCode = findResourceCode(parseResult.getCommandName()); //need to add this to ParseResult
+ this.resourceCode = findResourceCode(parseResult.getCommandName());
+ this.code = findOperationCode(parseResult.getCommandName());
+ }
+
+ /**
+ * This method returns OperationCode for command. Some commands perform data
+ * operations, for such commands OperationCode returned is not RESOURCE but
+ * corresponding data operation as defined in OperationCode
+ *
+ * @param commandName
+ * @return OperationCode
+ */
+ private OperationCode findOperationCode(String commandName) {
+
+ if(CliStrings.GET.equals(commandName) || CliStrings.LOCATE_ENTRY.equals(commandName))
+ return OperationCode.GET;
+
+ if(CliStrings.PUT.equals(commandName))
+ return OperationCode.PUT;
+
+ if(CliStrings.QUERY.equals(commandName))
+ return OperationCode.QUERY;
+
+ if (CliStrings.REMOVE.equals(commandName)) {
+ if (commandOptions.containsKey(CliStrings.REMOVE__ALL)
+ && "true".equals(commandOptions.get(CliStrings.REMOVE__ALL))) {
+ return OperationCode.REMOVEALL;
+ } else
+ return OperationCode.DESTROY;
+ }
+
+ if(CliStrings.CLOSE_DURABLE_CQS.equals(commandName)) {
+ return OperationCode.CLOSE_CQ;
+ }
+
+ if(CliStrings.CREATE_REGION.equals(commandName)) {
+ return OperationCode.REGION_CREATE;
+ }
+
+ if(CliStrings.DESTROY_REGION.equals(commandName)) {
+ return OperationCode.REGION_DESTROY;
+ }
+
+ if(CliStrings.EXECUTE_FUNCTION.equals(commandName)) {
+ return OperationCode.EXECUTE_FUNCTION;
+ }
+
+ //"stop cq"
+ //"removeall",
+ //"get durable cqs",
+ return OperationCode.RESOURCE;
}
private static ParseResult parseCommand(String commentLessLine) throws CommandProcessingException, IllegalStateException {
@@ -55,8 +113,7 @@ public class CLIOperationContext extends ResourceOperationContext {
throw new IllegalStateException("Command String should not be null.");
}
- public static void registerCommand(CommandManager cmdManager, Method method, CommandTarget commandTarget){
- //Save command manager instance and create a local parser for parsing the commands
+ public static void registerCommand(CommandManager cmdManager, Method method, CommandTarget commandTarget){
if(commandManager==null){
commandManager = cmdManager;
parser = new GfshParser(cmdManager);
@@ -75,37 +132,28 @@ public class CLIOperationContext extends ResourceOperationContext {
}
private static void cache(String commandName, ResourceOperation op) {
- ResourceOperationCode code = null;
+ ResourceOperationCode resourceOpCode = null;
if (op != null) {
String opString = op.operation();
if (opString != null)
- code = ResourceOperationCode.parse(opString);
+ resourceOpCode = ResourceOperationCode.parse(opString);
}
- if(code==null){
- if(commandName.startsWith("describe") || commandName.startsWith("list") || commandName.startsWith("status")
- || commandName.startsWith("show")){
- code = ResourceOperationCode.LIST_DS;
+ if(resourceOpCode==null){
+ if (commandName.startsWith(GETTER_DESCRIBE) || commandName.startsWith(GETTER_LIST)
+ || commandName.startsWith(GETTER_STATUS)) {
+ resourceOpCode = ResourceOperationCode.LIST_DS;
}
}
+
- //TODO : Have map according to each resources
- //TODO : How to save information for retrieving command Option map or region and serverGroup
-
- Resource targetedResource = null;
- if(op!=null){
- targetedResource = op.resource();
+ if(resourceOpCode!=null) {
+ commandToCodeMapping.put(commandName, resourceOpCode);
} else {
- targetedResource = Resource.DISTRIBUTED_SYSTEM;
- //TODO : Add other resource and mbeans
- }
-
-
- LogService.getLogger().trace("#RegisterCommandSecurity : " + commandName + " code " + code + " op="+op);
-
- if(code!=null) {
- commandToCodeMapping.put(commandName, code);
+ throw new GemFireConfigException(
+ "Error while configuring authorization for gfsh commands. No opCode defined for command " + commandName);
+
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java
index 225555f..85dca8c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java
@@ -25,36 +25,86 @@ import java.util.Map;
import javax.management.ObjectName;
import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.management.AsyncEventQueueMXBean;
+import com.gemstone.gemfire.management.CacheServerMXBean;
+import com.gemstone.gemfire.management.DiskStoreMXBean;
+import com.gemstone.gemfire.management.DistributedLockServiceMXBean;
+import com.gemstone.gemfire.management.DistributedRegionMXBean;
import com.gemstone.gemfire.management.DistributedSystemMXBean;
+import com.gemstone.gemfire.management.GatewayReceiverMXBean;
+import com.gemstone.gemfire.management.GatewaySenderMXBean;
+import com.gemstone.gemfire.management.LocatorMXBean;
+import com.gemstone.gemfire.management.LockServiceMXBean;
+import com.gemstone.gemfire.management.ManagerMXBean;
+import com.gemstone.gemfire.management.MemberMXBean;
+import com.gemstone.gemfire.management.RegionMXBean;
import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
import com.gemstone.gemfire.management.internal.cli.util.ClasspathScanLoadHelper;
+import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*;
-
+/**
+ * It describes current JMX MBean Method call and its parameters.
+ * OpCode returned by JMXOperationContext is retrieved from ResourceOperation annotation
+ * on the target methodName
+ *
+ * @author tushark
+ * @since 9.0
+ *
+ */
public class JMXOperationContext extends ResourceOperationContext {
private OperationCode code = OperationCode.RESOURCE;
private ResourceOperationCode resourceCode = null;
-
- private static Map<String,ResourceOperationCode> cacheDSResourceOps = null;
- private static Map<String,ResourceOperationCode> cacheMemberResourceOps = null;
- private static Map<String,ResourceOperationCode> cacheRegionResourceOps = null;
- private static Map<String,ResourceOperationCode> cacheDiskStoreResourceOps = null;
+ private ObjectName name;
+ private String methodName;
+
+ private static Map<Class<?>,Map<String,ResourceOperationCode>> cachedResourceOpsMapping = new HashMap<Class<?>,Map<String,ResourceOperationCode>>();
+ private static Map<String,ResourceOperationCode> distributedSystemMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> diskStoreMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> cacheServerMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> gatewayReceiverMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> gatewaySenderMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> lockServiceMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> managerMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> memberMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> regionMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> locatorMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> distributedLockServiceMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> distributedRegionMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> asyncEventQueueMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+ private static Map<String,ResourceOperationCode> accessControlMXBeanResourceOps = new HashMap<String,ResourceOperationCode>();
+
static {
- //cache all resource annotations
readJMXAnnotations();
}
private static void readJMXAnnotations() {
+
+ cachedResourceOpsMapping.put(DistributedSystemMXBean.class, distributedSystemMXBeanResourceOps);
+ cachedResourceOpsMapping.put(DiskStoreMXBean.class, diskStoreMXBeanResourceOps);
+ cachedResourceOpsMapping.put(CacheServerMXBean.class, cacheServerMXBeanResourceOps);
+ cachedResourceOpsMapping.put(GatewayReceiverMXBean.class, gatewayReceiverMXBeanResourceOps);
+ cachedResourceOpsMapping.put(GatewaySenderMXBean.class, gatewaySenderMXBeanResourceOps);
+ cachedResourceOpsMapping.put(LockServiceMXBean.class, lockServiceMXBeanResourceOps);
+ cachedResourceOpsMapping.put(ManagerMXBean.class, managerMXBeanResourceOps);
+ cachedResourceOpsMapping.put(MemberMXBean.class, memberMXBeanResourceOps);
+ cachedResourceOpsMapping.put(RegionMXBean.class, regionMXBeanResourceOps);
+ cachedResourceOpsMapping.put(LocatorMXBean.class, locatorMXBeanResourceOps);
+ cachedResourceOpsMapping.put(DistributedLockServiceMXBean.class, distributedLockServiceMXBeanResourceOps);
+ cachedResourceOpsMapping.put(DistributedRegionMXBean.class, distributedRegionMXBeanResourceOps);
+ cachedResourceOpsMapping.put(AsyncEventQueueMXBean.class, asyncEventQueueMXBeanResourceOps);
+ cachedResourceOpsMapping.put(AccessControlMXBean.class, accessControlMXBeanResourceOps);
+
try {
- Class[] klassList = ClasspathScanLoadHelper.getClasses("com.gemstone.gemfire.management");
- for(Class klass : klassList) {
+ Class<?>[] klassList = ClasspathScanLoadHelper.getClasses(MANAGEMENT_PACKAGE);
+ for(Class<?> klass : klassList) {
if(klass.getName().endsWith("MXBean")) {
Method[] methods = klass.getMethods();
for(Method method : methods) {
String name = method.getName();
- //ResourceOperation op = method.getDeclaredAnnotations();(ResourceOperation.class);
boolean found=false;
Annotation ans[] = method.getDeclaredAnnotations();
for(Annotation an : ans){
@@ -66,7 +116,6 @@ public class JMXOperationContext extends ResourceOperationContext {
if(!found)
cache(klass,name,null);
}
- //TODO : Log all cached operations
}
}
} catch (ClassNotFoundException e) {
@@ -79,7 +128,7 @@ public class JMXOperationContext extends ResourceOperationContext {
}
- private static void cache(Class klass, String name, ResourceOperation op) {
+ private static void cache(Class<?> klass, String name, ResourceOperation op) {
ResourceOperationCode code = null;
if (op != null) {
@@ -88,70 +137,112 @@ public class JMXOperationContext extends ResourceOperationContext {
code = ResourceOperationCode.parse(opString);
}
- if(code==null){
- if(name.startsWith("list") || name.startsWith("fetch") || name.startsWith("view")
- || name.startsWith("show")){
+ if(code==null && isGetterSetter(name)){
code = ResourceOperationCode.LIST_DS;
- } else if (name.startsWith("get")){
- code = ResourceOperationCode.READ_DS;
- } else if (name.startsWith("is")){
- code = ResourceOperationCode.READ_DS;
- } else if (name.startsWith("set")){
- code = ResourceOperationCode.SET_DS;
- }
- }
-
- /*
- System.out.println("Klass " + klass + " mname : " + name);
- if (code != null)
- System.out.println("ResourceOperation code=" + code);
- else
- System.out.println("ResourceOperation is null");*/
-
- Resource targetedResource = null;
-
- if(op!=null){
- targetedResource = op.resource();
- } else {
- if(klass.equals(DistributedSystemMXBean.class)) {
- targetedResource = Resource.DISTRIBUTED_SYSTEM;
- }
- //TODO : Add other resource and mbeans
}
+
- /* Comment for timebeing to avoid falling for other methods
- if(!isGetterSetter(name) && code==null){
- throw new GemFireConfigException(
- "Error while configuring authorization for jmx. No authorization defined for "
+ if (code == null && cachedResourceOpsMapping.keySet().contains(klass) && !isGetterSetter(name)) {
+ throw new GemFireConfigException("Error while configuring authorization for jmx. No opCode defined for "
+ klass.getCanonicalName() + " method " + name);
- }*/
- if(targetedResource!=null) {
- switch (targetedResource) {
- case DISTRIBUTED_SYSTEM:
- if (code != null){
- if(cacheDSResourceOps==null)
- cacheDSResourceOps = new HashMap<String,ResourceOperationCode>();
- cacheDSResourceOps.put(name, code);
}
- break;
+
+ final Map<String,ResourceOperationCode> resourceOpsMap = cachedResourceOpsMapping.get(klass);
+ if(resourceOpsMap==null) {
+ if (cachedResourceOpsMapping.keySet().contains(klass))
+ throw new GemFireConfigException("Unknown MBean " + klass.getCanonicalName());
+ else {
+ LogService.getLogger().warn("Unsecured mbean " + klass);
}
}
+ else {
+ resourceOpsMap.put(name, code);
+ }
}
- private static boolean isGetterSetter(String name) {
- if(name.startsWith("is") || name.startsWith("get") || name.startsWith("set") || name.startsWith("fetch")
- || name.startsWith("list") || name.startsWith("view") || name.startsWith("show") )
+ public static boolean isGetterSetter(String name) {
+ if(name.startsWith(GETTER_IS) || name.startsWith(GETTER_GET) || name.startsWith(GETTER_FETCH)
+ || name.startsWith(GETTER_LIST) || name.startsWith(GETTER_VIEW) || name.startsWith(GETTER_SHOW) || name.startsWith(GETTER_HAS))
return true;
else return false;
}
public JMXOperationContext(ObjectName name , String methodName){
code = OperationCode.RESOURCE;
- if(name.equals(MBeanJMXAdapter.getDistributedSystemName())){
- resourceCode = cacheDSResourceOps.get(methodName);
+ Class<?> klass = getMbeanClass(name);
+ Map<String,ResourceOperationCode> resourceOpsMap = cachedResourceOpsMapping.get(klass);
+ resourceCode = resourceOpsMap.get(methodName);
+ this.methodName = methodName;
+ this.name = name;
+
+ //If getAttr is not found try for isAttr ie. boolean getter
+ if(resourceCode==null) {
+ if(this.methodName.startsWith(GET_PREFIX)) {
+ String methodNameBooleanGetter = GET_IS_PREFIX + this.methodName.substring(GET_PREFIX.length());
+ if(resourceOpsMap.containsKey(methodNameBooleanGetter)){
+ resourceCode = resourceOpsMap.get(methodNameBooleanGetter);
+ this.methodName = methodNameBooleanGetter;
+ }
}
}
+ //If resourceCode is still null most likely its wrong method name so just allow it pass
+ if(resourceCode==null) {
+ resourceCode = ResourceOperationCode.LIST_DS;
+ }
+ }
+
+
+
+
+ private Class<?> getMbeanClass(ObjectName name) {
+ if (name.equals(MBeanJMXAdapter.getDistributedSystemName()))
+ return DistributedSystemMXBean.class;
+ else {
+ String service = name.getKeyProperty(MBEAN_KEY_SERVICE);
+ String mbeanType = name.getKeyProperty(MBEAN_KEY_TYPE);
+
+ if (MBEAN_TYPE_DISTRIBUTED.equals(mbeanType)) {
+ if (MBEAN_SERVICE_SYSTEM.equals(service)) {
+ return DistributedSystemMXBean.class;
+ } else if (MBEAN_SERVICE_REGION.equals(service)) {
+ return DistributedRegionMXBean.class;
+ } else if (MBEAN_SERVICE_LOCKSERVICE.equals(service)) {
+ return DistributedLockServiceMXBean.class;
+ } else {
+ throw new RuntimeException("Unknown mbean type " + name);
+ }
+ } else if (MBEAN_TYPE_MEMBER.equals(mbeanType)) {
+ if (service == null) {
+ return MemberMXBean.class;
+ } else {
+ if (MBEAN_SERVICE_MANAGER.equals(service)) {
+ return ManagerMXBean.class;
+ } else if (MBEAN_SERVICE_CACHESERVER.equals(service)) {
+ return CacheServerMXBean.class;
+ } else if (MBEAN_SERVICE_REGION.equals(service)) {
+ return RegionMXBean.class;
+ } else if (MBEAN_SERVICE_LOCKSERVICE.equals(service)) {
+ return LockServiceMXBean.class;
+ } else if (MBEAN_SERVICE_DISKSTORE.equals(service)) {
+ return DiskStoreMXBean.class;
+ } else if (MBEAN_SERVICE_GATEWAY_RECEIVER.equals(service)) {
+ return GatewayReceiverMXBean.class;
+ } else if (MBEAN_SERVICE_GATEWAY_SENDER.equals(service)) {
+ return GatewaySenderMXBean.class;
+ } else if (MBEAN_SERVICE_ASYNCEVENTQUEUE.equals(service)) {
+ return AsyncEventQueueMXBean.class;
+ } else if (MBEAN_SERVICE_LOCATOR.equals(service)) {
+ return LocatorMXBean.class;
+ } else {
+ throw new RuntimeException("Unknown mbean type " + name);
+ }
+ }
+ } else {
+ throw new RuntimeException("Unknown mbean type " + name);
+ }
+ }
+ }
@Override
public OperationCode getOperationCode() {
@@ -163,15 +254,9 @@ public class JMXOperationContext extends ResourceOperationContext {
return resourceCode;
}
- public static Map<String, ResourceOperationCode> getCacheDSResourceOps() {
- return cacheDSResourceOps;
+ public String toString(){
+ return "JMXOpCtx(on="+name+",method="+methodName+")";
}
- public static void setCacheDSResourceOps(
- Map<String, ResourceOperationCode> cacheDSResourceOps) {
- JMXOperationContext.cacheDSResourceOps = cacheDSResourceOps;
}
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
index ef98575..004117f 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
@@ -288,8 +288,8 @@ public class JSONAuthorization implements AccessControl, Authenticator {
@Override
public Principal authenticate(Properties props, DistributedMember arg1) throws AuthenticationFailedException {
- String user = props.getProperty(ManagementInterceptor.USER_NAME);
- String pwd = props.getProperty(ManagementInterceptor.PASSWORD);
+ String user = props.getProperty(ResourceConstants.USER_NAME);
+ String pwd = props.getProperty(ResourceConstants.PASSWORD);
User userObj = acl.get(user);
if(userObj==null)
throw new AuthenticationFailedException("Wrong username/password");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
index d85920c..0c545bf 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
@@ -17,6 +17,7 @@
package com.gemstone.gemfire.management.internal.security;
import java.io.ObjectInputStream;
+import java.util.HashSet;
import java.util.Set;
import javax.management.Attribute;
@@ -41,7 +42,17 @@ import javax.management.QueryExp;
import javax.management.ReflectionException;
import javax.management.loading.ClassLoaderRepository;
import javax.management.remote.MBeanServerForwarder;
+import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*;
+/**
+ * This class intercepts all MBean requests for GemFire MBeans and passed it to
+ * ManagementInterceptor for authorization
+ *
+ *
+ * @author tushark
+ * @since 9.0
+ *
+ */
public class MBeanServerWrapper implements MBeanServerForwarder {
private MBeanServer mbs;
@@ -51,52 +62,67 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
this.interceptor = interceptor;
}
- private void doAuthorization(ObjectName name, String methodName, Object[] methodParams){
- interceptor.authorize(name,methodName, methodParams);
+ private ResourceOperationContext doAuthorization(ObjectName name, String methodName, Object[] methodParams){
+ return interceptor.authorize(name,methodName, methodParams);
+ }
+
+ private void doAuthorizationPost(ObjectName name, String methodName, ResourceOperationContext context, Object result){
+ interceptor.postAuthorize(name,methodName,context,result);
}
@Override
public ObjectInstance createMBean(String className, ObjectName name) throws ReflectionException,
InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException {
- doAuthorization(name, "createMBean", new Object[]{name});
- return mbs.createMBean(className, name);
+ ResourceOperationContext ctx = doAuthorization(name, CREATE_MBEAN, new Object[]{name});
+ ObjectInstance result = mbs.createMBean(className, name);
+ doAuthorizationPost(name, CREATE_MBEAN, ctx, result);
+ return result;
}
@Override
public ObjectInstance createMBean(String className, ObjectName name, ObjectName loaderName)
throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException,
NotCompliantMBeanException, InstanceNotFoundException {
- doAuthorization(name, "createMBean", new Object[]{name});
- return mbs.createMBean(className, name, loaderName);
+ ResourceOperationContext ctx = doAuthorization(name, CREATE_MBEAN, new Object[]{name});
+ ObjectInstance result = mbs.createMBean(className, name, loaderName);
+ doAuthorizationPost(name, CREATE_MBEAN, ctx, result);
+ return result;
}
@Override
public ObjectInstance createMBean(String className, ObjectName name, Object[] params, String[] signature)
throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException,
NotCompliantMBeanException {
- doAuthorization(name, "createMBean", new Object[]{name, params});
- return mbs.createMBean(className,name,params,signature);
+ ResourceOperationContext ctx = doAuthorization(name, CREATE_MBEAN, new Object[]{name, params});
+ ObjectInstance result = mbs.createMBean(className,name,params,signature);
+ doAuthorizationPost(name, CREATE_MBEAN, ctx, result);
+ return result;
}
@Override
public ObjectInstance createMBean(String className, ObjectName name, ObjectName loaderName, Object[] params,
String[] signature) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException,
MBeanException, NotCompliantMBeanException, InstanceNotFoundException {
- doAuthorization(name, "createMBean", new Object[]{name});
- return mbs.createMBean(className, name, loaderName, params, signature);
+ ResourceOperationContext ctx = doAuthorization(name, CREATE_MBEAN, new Object[]{name});
+ ObjectInstance result = mbs.createMBean(className, name, loaderName, params, signature);
+ doAuthorizationPost(name, CREATE_MBEAN, ctx, result);
+ return result;
}
@Override
public ObjectInstance registerMBean(Object object, ObjectName name) throws InstanceAlreadyExistsException,
MBeanRegistrationException, NotCompliantMBeanException {
- doAuthorization(name, "registerMBean", new Object[]{name});
- return mbs.registerMBean(object, name);
+ ResourceOperationContext ctx = doAuthorization(name, REGISTER_MBEAN, new Object[]{name});
+ ObjectInstance result = mbs.registerMBean(object, name);
+ doAuthorizationPost(name, REGISTER_MBEAN, ctx, result);
+ return result;
}
@Override
public void unregisterMBean(ObjectName name) throws InstanceNotFoundException, MBeanRegistrationException {
- doAuthorization(name, "registerMBean", new Object[]{});
+ ResourceOperationContext ctx = doAuthorization(name, UNREGISTER_MBEAN, new Object[]{});
mbs.unregisterMBean(name);
+ doAuthorizationPost(name, UNREGISTER_MBEAN, ctx, null);
}
@Override
@@ -106,12 +132,32 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
@Override
public Set<ObjectInstance> queryMBeans(ObjectName name, QueryExp query) {
- return mbs.queryMBeans(name, query);
+ return filterAccessControlMBeanInstance(mbs.queryMBeans(name, query));
+ }
+
+ private Set<ObjectInstance> filterAccessControlMBeanInstance(Set<ObjectInstance> queryMBeans) {
+ Set<ObjectInstance> set = new HashSet<ObjectInstance>();
+ for(ObjectInstance oi : queryMBeans) {
+ if(!oi.getObjectName().equals(interceptor.getAccessControlMBeanON())){
+ set.add(oi);
+ }
+ }
+ return set;
}
@Override
public Set<ObjectName> queryNames(ObjectName name, QueryExp query) {
- return mbs.queryNames(name, query);
+ return filterAccessControlMBean(mbs.queryNames(name, query));
+ }
+
+ private Set<ObjectName> filterAccessControlMBean(Set<ObjectName> queryNames) {
+ Set<ObjectName> set = new HashSet<ObjectName>();
+ for(ObjectName oi : queryNames) {
+ if(!oi.equals(interceptor.getAccessControlMBeanON())){
+ set.add(oi);
+ }
+ }
+ return set;
}
@Override
@@ -127,36 +173,45 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
@Override
public Object getAttribute(ObjectName name, String attribute) throws MBeanException, AttributeNotFoundException,
InstanceNotFoundException, ReflectionException {
- doAuthorization(name, "getAttribute", new Object[]{attribute});
- return mbs.getAttribute(name, attribute);
+ ResourceOperationContext ctx = doAuthorization(name, GET_ATTRIBUTE, new Object[]{attribute});
+ Object result = mbs.getAttribute(name, attribute);
+ doAuthorizationPost(name, GET_ATTRIBUTE, ctx, result);
+ return result;
}
@Override
public AttributeList getAttributes(ObjectName name, String[] attributes) throws InstanceNotFoundException,
ReflectionException {
- doAuthorization(name, "getAttributes", new Object[]{attributes});
- return mbs.getAttributes(name, attributes);
+ ResourceOperationContext ctx = doAuthorization(name, GET_ATTRIBUTES, new Object[]{attributes});
+ AttributeList result = mbs.getAttributes(name, attributes);
+ doAuthorizationPost(name,GET_ATTRIBUTES, ctx, result);
+ return result;
}
@Override
public void setAttribute(ObjectName name, Attribute attribute) throws InstanceNotFoundException,
AttributeNotFoundException, InvalidAttributeValueException, MBeanException, ReflectionException {
- doAuthorization(name, "setAttribute", new Object[]{attribute});
+ ResourceOperationContext ctx = doAuthorization(name, SET_ATTRIBUTE, new Object[]{attribute});
mbs.setAttribute(name, attribute);
+ doAuthorizationPost(name, SET_ATTRIBUTE, ctx, null);
}
@Override
public AttributeList setAttributes(ObjectName name, AttributeList attributes) throws InstanceNotFoundException,
ReflectionException {
- doAuthorization(name, "setAttributes", new Object[]{attributes});
- return mbs.setAttributes(name, attributes);
+ ResourceOperationContext ctx = doAuthorization(name, SET_ATTRIBUTES, new Object[]{attributes});
+ AttributeList result = mbs.setAttributes(name, attributes);
+ doAuthorizationPost(name, SET_ATTRIBUTES, ctx, result);
+ return result;
}
@Override
public Object invoke(ObjectName name, String operationName, Object[] params, String[] signature)
throws InstanceNotFoundException, MBeanException, ReflectionException {
- doAuthorization(name, operationName, new Object[]{params, signature});
- return mbs.invoke(name, operationName, params, signature);
+ ResourceOperationContext ctx = doAuthorization(name, operationName, new Object[]{params, signature});
+ Object result = mbs.invoke(name, operationName, params, signature);
+ doAuthorizationPost(name, operationName, ctx, result);
+ return result;
}
@Override
@@ -240,6 +295,7 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
return mbs.instantiate(className, params, signature);
}
+ @SuppressWarnings("deprecation")
@Override
public ObjectInputStream deserialize(ObjectName name, byte[] data) throws InstanceNotFoundException,
OperationsException {