You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@geode.apache.org by GitBox <gi...@apache.org> on 2021/09/27 23:20:59 UTC
[GitHub] [geode] jchen21 commented on a change in pull request #6885: GEODE-9570: make sure re-authentication works with registered interests
jchen21 commented on a change in pull request #6885:
URL: https://github.com/apache/geode/pull/6885#discussion_r717046763
##########
File path: geode-junit/src/main/java/org/apache/geode/security/ExpirableSecurityManager.java
##########
@@ -90,4 +90,11 @@ private void addToMap(Map<String, List<String>> maps, Object user,
}
maps.put(user.toString(), list);
}
+
+ public void close() {
Review comment:
Better add annotation `@Override`
##########
File path: geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationMultiServerDUnitTest.java
##########
@@ -174,10 +184,75 @@ public void clientConnectToLocatorShouldNotAllowOperationIfUserIsNotRefreshed()
AuthenticationRequiredException.class, AuthenticationExpiredException.class);
}
}
- ExpirableSecurityManager consolidated = combineSecurityManagerResults(server1, server2);
+ ExpirableSecurityManager consolidated = collectSecurityManagers(server1, server2);
assertThat(consolidated.getAuthorizedOps().keySet()).isEmpty();
}
+ @Test
+ public void cqWithMultiServer() throws Exception {
+ int locatorPort = locator.getPort();
+ UpdatableUserAuthInitialize.setUser("user1");
+ clientCacheRule
+ .withProperty(SECURITY_CLIENT_AUTH_INIT, UpdatableUserAuthInitialize.class.getName())
+ .withPoolSubscription(true)
+ .withLocatorConnection(locatorPort);
+ ClientCache cache = clientCacheRule.createCache();
+ EventsCqListner listener =
+ createAndExecuteCQ(cache.getQueryService(), "cq1", "select * from /" + PARTITION_REGION);
+
+ UpdatableUserAuthInitialize.setUser("user2");
Review comment:
Is `user2` required here?
`UpdatableUserAuthInitialize` is used here on the controller VM, while in `doPutsUsingAnotherClient`, `UpdatableUserAuthInitialize` is used in a client VM. Is it expected?
##########
File path: geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationMultiServerDUnitTest.java
##########
@@ -174,10 +184,75 @@ public void clientConnectToLocatorShouldNotAllowOperationIfUserIsNotRefreshed()
AuthenticationRequiredException.class, AuthenticationExpiredException.class);
}
}
- ExpirableSecurityManager consolidated = combineSecurityManagerResults(server1, server2);
+ ExpirableSecurityManager consolidated = collectSecurityManagers(server1, server2);
assertThat(consolidated.getAuthorizedOps().keySet()).isEmpty();
}
+ @Test
+ public void cqWithMultiServer() throws Exception {
+ int locatorPort = locator.getPort();
+ UpdatableUserAuthInitialize.setUser("user1");
+ clientCacheRule
+ .withProperty(SECURITY_CLIENT_AUTH_INIT, UpdatableUserAuthInitialize.class.getName())
+ .withPoolSubscription(true)
+ .withLocatorConnection(locatorPort);
+ ClientCache cache = clientCacheRule.createCache();
+ EventsCqListner listener =
+ createAndExecuteCQ(cache.getQueryService(), "cq1", "select * from /" + PARTITION_REGION);
+
+ UpdatableUserAuthInitialize.setUser("user2");
+ expireUserOnAllVms("user1");
+ doPutsUsingAnotherClient(locatorPort, "user3", 100);
+
+ // make sure listener still gets all the events
+ await().untilAsserted(() -> assertThat(listener.getKeys()).hasSize(100));
+ ExpirableSecurityManager securityManager = collectSecurityManagers(server1, server2);
+ assertThat(securityManager.getAuthorizedOps().get("user1"))
+ .containsExactly("DATA:READ:partitionRegion");
+ assertThat(securityManager.getUnAuthorizedOps().get("user1"))
+ .containsExactly("DATA:READ:partitionRegion:key0");
Review comment:
Why this does not include `key1` through `key99`, since user1's authentication is expired?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org