You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ja...@apache.org on 2017/09/28 21:32:43 UTC
[geode] 01/01: GEODE-3247: MethodInvocationAuthorizer is created at
start up
This is an automated email from the ASF dual-hosted git repository.
jasonhuynh pushed a commit to branch feature/GEODE-3247
in repository https://gitbox.apache.org/repos/asf/geode.git
commit e6a5394d5c35d04d4f7a59d45ef162c20a91aac5
Author: Jason Huynh <hu...@gmail.com>
AuthorDate: Mon Sep 25 16:04:23 2017 -0700
GEODE-3247: MethodInvocationAuthorizer is created at start up
* MethodInvocationAuthorizer can now be passed down from InternalCache
* Broke apart new tests into smaller files and removed complex query maps from UserPerms
* Modified Customer Test Object for Rest Security tests
---
.../rest/internal/web/controllers/Customer.java | 2 +-
.../cache/query/internal/AttributeDescriptor.java | 17 +-
.../cache/query/internal/CompiledIteratorDef.java | 1 -
.../cache/query/internal/CompiledOperation.java | 5 +-
.../geode/cache/query/internal/CompiledSelect.java | 15 +-
.../geode/cache/query/internal/DefaultQuery.java | 2 -
.../cache/query/internal/DefaultQueryService.java | 21 +-
.../query/internal/InternalQueryService.java} | 18 +-
.../geode/cache/query/internal/MethodDispatch.java | 11 +-
.../query/internal/MethodInvocationAuthorizer.java | 138 +-
.../geode/cache/query/internal/PathUtils.java | 14 +-
.../RestrictedMethodInvocationAuthorizer.java | 135 ++
.../cache/query/internal/RuntimeIterator.java | 5 +-
.../geode/internal/cache/GemFireCacheImpl.java | 9 +-
.../apache/geode/internal/cache/InternalCache.java | 3 +
.../internal/cache/xmlcache/CacheCreation.java | 10 +-
.../RestrictedMethodInvocationAuthorizerTest.java} | 109 +-
...ServerBridgeClientMembershipRegressionTest.java | 3 +-
.../apache/geode/security/SecurityTestUtil.java | 5 -
.../security/query/IndexSecurityDUnitTest.java | 114 +-
...java => PartitionedIndexSecurityDUnitTest.java} | 5 +-
...ionedQuerySecurityAllowedQueriesDUnitTest.java} | 9 +-
...edQuerySecurityRestrictedQueriesDUnitTest.java} | 9 +-
...ionedQuerySecurityAllowedQueriesDUnitTest.java} | 7 +-
.../PdxQuerySecurityAllowedQueriesDUnitTest.java | 74 +
.../security/query/PdxQuerySecurityDUnitTest.java | 125 --
...PdxQuerySecurityRestrictedQueriesDUnitTest.java | 80 +
.../QuerySecurityAllowedQueriesDUnitTest.java | 255 ++++
...curityAuthorizedUserBindParameterDUnitTest.java | 53 +
.../geode/security/query/QuerySecurityBase.java | 161 ++-
.../security/query/QuerySecurityDUnitTest.java | 1525 --------------------
.../QuerySecurityRestrictedQueriesDUnitTest.java | 318 ++++
...rityUnauthorizedUserBindParameterDUnitTest.java | 76 +
.../geode/security/query/UserPermissions.java | 423 +-----
.../security/query/data/PdxQueryTestObject.java | 73 +
.../geode/security/query/data/QueryTestObject.java | 65 +
.../dunit/CqSecurityAuthorizedUserDUnitTest.java | 267 ++++
.../cache/query/cq/dunit/CqSecurityDUnitTest.java | 424 ------
...SecurityPartitionedAuthorizedUserDUnitTest.java | 65 +
.../cq/dunit/CqSecurityPartitionedDUnitTest.java | 98 --
...curityPartitionedUnauthorizedUserDUnitTest.java | 21 +-
.../dunit/CqSecurityUnauthorizedUserDUnitTest.java | 215 +++
.../geode/security/ClientQueryAuthDUnitTest.java | 151 +-
43 files changed, 1993 insertions(+), 3143 deletions(-)
diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java
index 9732aa0..c2dacbf 100644
--- a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java
+++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java
@@ -31,7 +31,7 @@ import java.io.Serializable;
public class Customer implements Serializable {
@JsonProperty("id")
- private Long customerId;
+ public Long customerId;
private String firstName;
private String lastName;
@JsonProperty("ssn")
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java
index cc54db8..8bef658 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java
@@ -35,7 +35,6 @@ import org.apache.geode.cache.query.QueryService;
import org.apache.geode.cache.query.types.ObjectType;
import org.apache.geode.internal.cache.Token;
import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.pdx.JSONFormatter;
import org.apache.geode.pdx.PdxInstance;
import org.apache.geode.pdx.PdxSerializationException;
@@ -51,16 +50,15 @@ import org.apache.geode.pdx.internal.PdxInstanceImpl;
public class AttributeDescriptor {
private final String _name;
- private final SecurityService _securityService;
+ private final MethodInvocationAuthorizer _methodInvocationAuthorizer;
/** cache for remembering the correct Member for a class and attribute */
- // DAVID/JASON should this be ConcurrentHashMap or ConcurrentMap? (is there a difference?)
private static final ConcurrentMap _local_field_cache = new ConcurrentHashMap();
private static final ConcurrentMap _local_method_cache = new ConcurrentHashMap();
- public AttributeDescriptor(SecurityService securityService, String name) {
- _securityService = securityService;
+ public AttributeDescriptor(MethodInvocationAuthorizer methodInvocationAuthorizer, String name) {
+ _methodInvocationAuthorizer = methodInvocationAuthorizer;
_name = name;
}
@@ -99,11 +97,10 @@ public class AttributeDescriptor {
Class resolutionClass = target.getClass();
Member m = getReadMember(resolutionClass);
- System.out.println("JASON found m:" + m.getName());
try {
if (m instanceof Method) {
try {
- MethodInvocationAuthorizer.authorizeFunctionInvocation(_securityService, m, target);
+ _methodInvocationAuthorizer.authorizeMethodInvocation((Method) m, target);
return ((Method) m).invoke(target, (Object[]) null);
} catch (EntryDestroyedException e) {
// eat the Exception
@@ -163,7 +160,6 @@ public class AttributeDescriptor {
m = (Member) _local_method_cache.get(key);
if (m != null) {
- MethodInvocationAuthorizer.authorizeFunctionInvocation(m);
return m;
}
}
@@ -188,7 +184,6 @@ public class AttributeDescriptor {
}
-
private Field getReadField(Class targetType) {
try {
return targetType.getField(_name);
@@ -215,9 +210,7 @@ public class AttributeDescriptor {
private Method getReadMethod(Class targetType, String methodName) {
try {
- Method m = targetType.getMethod(methodName, (Class[]) null);
- MethodInvocationAuthorizer.authorizeFunctionInvocation(m);
- return m;
+ return targetType.getMethod(methodName, (Class[]) null);
} catch (NoSuchMethodException e) {
updateClassToMethodsMap(targetType.getCanonicalName(), _name);
return null;
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java
index c1c9140..872614d 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java
@@ -119,7 +119,6 @@ public class CompiledIteratorDef extends AbstractCompiledValue {
} catch (RegionNotFoundException re) {
throw re;
} catch (Exception e) {
- logger.info("JASON:", e);
if (logger.isDebugEnabled()) {
logger.debug("Exception while getting runtime iterator.", e);
}
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java
index 3f0934d..0e5bd14 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java
@@ -258,8 +258,9 @@ public class CompiledOperation extends AbstractCompiledValue {
methodDispatch = (MethodDispatch) CompiledOperation.cache.get(key);
if (methodDispatch == null) {
try {
- methodDispatch = new MethodDispatch(context.getCache().getSecurityService(), resolutionType,
- this.methodName, argTypes);
+ methodDispatch =
+ new MethodDispatch(context.getCache().getQueryService().getMethodInvocationAuthorizer(),
+ resolutionType, this.methodName, argTypes);
} catch (NameResolutionException nre) {
if (!org.apache.geode.cache.query.Struct.class.isAssignableFrom(resolutionType)
&& (DefaultQueryService.QUERY_HETEROGENEOUS_OBJECTS
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java
index 30bda63..3ab90aa 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java
@@ -1116,19 +1116,8 @@ public class CompiledSelect extends AbstractCompiledValue {
List pathOnItr = cv.getPathOnIterator(rit, context);
if (pathOnItr != null) {
String path[] = (String[]) pathOnItr.toArray(new String[pathOnItr.size()]);
- try {
- ObjectType ot[] = PathUtils.calculateTypesAlongPath(context, rit.getElementType(), path);
- retType = ot[ot.length - 1];
- } catch (NotAuthorizedException e) {
- // When preparing result sets/ transform object types are unknown meaning all calls to
- // fields, getters, etc. fall through to method invocation. The query itself may not need
- // to do method invocation but because everything is falling through the user must be
- // authorized for method invocation (DATA:MANAGE and CLUSTER:MANAGE). To execute a query
- // without method invocation requires (DATA:READ). Because the code is unable to determine
- // if we truly need the higher authorizations, we should continue until a true method
- // invocation is required. This code does not actually invoke() the method and instead is
- // using the method object to check class types.
- }
+ ObjectType ot[] = PathUtils.calculateTypesAlongPath(context, rit.getElementType(), path);
+ retType = ot[ot.length - 1];
}
} catch (NameNotFoundException ignore) {
// Unable to determine the type Of attribute.It will default to
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java
index 39886bb..c242d89 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java
@@ -86,8 +86,6 @@ public class DefaultQuery implements Query {
public static boolean QUERY_VERBOSE =
Boolean.getBoolean(DistributionConfig.GEMFIRE_PREFIX + "Query.VERBOSE");
- public static boolean ALLOW_UNTRUSTED_METHOD_INVOCATION = Boolean.getBoolean(DistributionConfig.GEMFIRE_PREFIX + "Query.allowUntrustedMethodInvocation");
-
/**
* System property to cleanup the compiled query. The compiled query will be removed if it is not
* used for more than the set value. By default its set to 10 minutes, the time is set in
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java
index e3b2449..8fc1c9e 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java
@@ -39,13 +39,14 @@ import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.logging.log4j.Logger;
+import java.lang.reflect.Method;
import java.util.*;
import java.util.Map.Entry;
/**
* @version $Revision: 1.2 $
*/
-public class DefaultQueryService implements QueryService {
+public class DefaultQueryService implements InternalQueryService {
private static final Logger logger = LogService.getLogger();
/**
@@ -62,22 +63,37 @@ public class DefaultQueryService implements QueryService {
DistributionConfig.GEMFIRE_PREFIX + "QueryService.CopyOnReadAtEntryLevel", "false"))
.booleanValue();
+ public static boolean ALLOW_UNTRUSTED_METHOD_INVOCATION = Boolean.getBoolean(
+ DistributionConfig.GEMFIRE_PREFIX + "QueryService.allowUntrustedMethodInvocation");
+
/** Test purpose only */
public static boolean TEST_QUERY_HETEROGENEOUS_OBJECTS = false;
private final InternalCache cache;
+ private final MethodInvocationAuthorizer methodInvocationAuthorizer;
+
private InternalPool pool;
private Map<Region, HashSet<IndexCreationData>> indexDefinitions =
Collections.synchronizedMap(new HashMap<Region, HashSet<IndexCreationData>>());
+
public DefaultQueryService(InternalCache cache) {
if (cache == null)
throw new IllegalArgumentException(
LocalizedStrings.DefaultQueryService_CACHE_MUST_NOT_BE_NULL.toLocalizedString());
this.cache = cache;
+ if (!cache.getSecurityService().isIntegratedSecurity() || ALLOW_UNTRUSTED_METHOD_INVOCATION) {
+ // A no-op authorizer, allow method invocation
+ this.methodInvocationAuthorizer = ((Method m, Object t) -> {
+ });
+ } else {
+ this.methodInvocationAuthorizer =
+ new RestrictedMethodInvocationAuthorizer(cache.getSecurityService());
+
+ }
}
/**
@@ -950,4 +966,7 @@ public class DefaultQueryService implements QueryService {
return pool;
}
+ public MethodInvocationAuthorizer getMethodInvocationAuthorizer() {
+ return methodInvocationAuthorizer;
+ }
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/InternalQueryService.java
similarity index 57%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/main/java/org/apache/geode/cache/query/internal/InternalQueryService.java
index 4d81034..2fd462e 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/InternalQueryService.java
@@ -12,21 +12,11 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.security.query;
+package org.apache.geode.cache.query.internal;
-import junitparams.JUnitParamsRunner;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
+import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
- public RegionShortcut getRegionType() {
- return RegionShortcut.PARTITION;
- }
+public interface InternalQueryService extends QueryService {
+ MethodInvocationAuthorizer getMethodInvocationAuthorizer();
}
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java
index 61bae00..7b5e65c 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java
@@ -30,7 +30,6 @@ import org.apache.geode.cache.query.NameResolutionException;
import org.apache.geode.cache.query.QueryInvocationTargetException;
import org.apache.geode.cache.query.internal.types.TypeUtils;
import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.security.SecurityService;
/**
@@ -44,14 +43,14 @@ public class MethodDispatch {
private String _methodName;
private Class[] _argTypes;
private Method _method; // remember the right method
- private SecurityService _securityService;
+ private MethodInvocationAuthorizer _methodInvocationAuthorizer;
- public MethodDispatch(SecurityService securityService, Class targetClass, String methodName,
- List argTypes) throws NameResolutionException {
+ public MethodDispatch(MethodInvocationAuthorizer methodInvocationAuthorizer, Class targetClass,
+ String methodName, List argTypes) throws NameResolutionException {
_targetClass = targetClass;
_methodName = methodName;
_argTypes = (Class[]) argTypes.toArray(new Class[argTypes.size()]);
- _securityService = securityService;
+ _methodInvocationAuthorizer = methodInvocationAuthorizer;
resolve();
// override security in case this is a method on a nonpublic class
@@ -64,7 +63,7 @@ public class MethodDispatch {
Object[] argsArray = args.toArray();
try {
- MethodInvocationAuthorizer.authorizeFunctionInvocation(_securityService, _method, target);
+ _methodInvocationAuthorizer.authorizeMethodInvocation(_method, target);
return _method.invoke(target, argsArray);
} catch (IllegalAccessException e) {
throw new NameNotFoundException(
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java
index d5f8cbe..412c2d5 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java
@@ -14,140 +14,8 @@
*/
package org.apache.geode.cache.query.internal;
-import java.lang.reflect.Member;
-import java.math.BigDecimal;
-import java.math.BigInteger;
-import java.security.Security;
-import java.sql.Timestamp;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.atomic.AtomicInteger;
-import java.util.concurrent.atomic.AtomicLong;
+import java.lang.reflect.Method;
-import org.apache.geode.cache.Region;
-import org.apache.geode.cache.query.internal.index.DummyQRegion;
-import org.apache.geode.internal.cache.EntrySnapshot;
-import org.apache.geode.internal.cache.LocalRegion;
-import org.apache.geode.internal.cache.PartitionedRegion;
-import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.security.NotAuthorizedException;
-import org.apache.geode.security.ResourcePermission;
-
-public class MethodInvocationAuthorizer {
-
- public static final String UNAUTHORIZED_STRING = "Unauthorized access to method: ";
- // List of methods that can be invoked by
- public static final Set<String> whiteListedMethods = new HashSet<>();
- public static final HashMap<String, Set> whiteListedClassMethods = new HashMap<>();
- static {
- whiteListedMethods.add("toString");
- whiteListedMethods.add("equals");
- whiteListedMethods.add("compareTo");
-
- Set<String> booleanMethods = new HashSet<>();
- booleanMethods.add("booleanValue");
- whiteListedClassMethods.put(Boolean.class.getName(), booleanMethods);
-
- Set<String> numberMethods = new HashSet<>();
- numberMethods.add("byteValue");
- numberMethods.add("doubleValue");
- numberMethods.add("intValue");
- numberMethods.add("floatValue");
- numberMethods.add("longValue");
- numberMethods.add("shortValue");
- whiteListedClassMethods.put(Byte.class.getName(), numberMethods);
- whiteListedClassMethods.put(Double.class.getName(), numberMethods);
- whiteListedClassMethods.put(Float.class.getName(), numberMethods);
- whiteListedClassMethods.put(Integer.class.getName(), numberMethods);
- whiteListedClassMethods.put(Short.class.getName(), numberMethods);
- whiteListedClassMethods.put(Number.class.getName(), numberMethods);
- whiteListedClassMethods.put(BigDecimal.class.getName(), numberMethods);
- whiteListedClassMethods.put(BigInteger.class.getName(), numberMethods);
- whiteListedClassMethods.put(AtomicInteger.class.getName(), numberMethods);
- whiteListedClassMethods.put(AtomicLong.class.getName(), numberMethods);
-
- Set<String> dateMethods = new HashSet<>();
- dateMethods.add("after");
- dateMethods.add("before");
- whiteListedClassMethods.put(Date.class.getName(), dateMethods);
-
- Set<String> timestampMethods = new HashSet<>();
- timestampMethods.add("after");
- timestampMethods.add("before");
- timestampMethods.add("getNanos");
- timestampMethods.add("getTime");
- whiteListedClassMethods.put(Timestamp.class.getName(), timestampMethods);
-
- Set<String> mapMethods = new HashSet<>();
- mapMethods.add("entrySet");
- mapMethods.add("keySet");
- mapMethods.add("values");
- mapMethods.add("getEntries");
- mapMethods.add("getValues");
- mapMethods.add("containsKey");
- whiteListedClassMethods.put(QRegion.class.getName(), mapMethods);
- whiteListedClassMethods.put(DummyQRegion.class.getName(), mapMethods);
- whiteListedClassMethods.put(PartitionedRegion.class.getName(), mapMethods);
-
- Set<String> mapEntryMethods = new HashSet<>();
- mapEntryMethods.add("getKey");
- mapEntryMethods.add("getValue");
- whiteListedClassMethods.put(Map.Entry.class.getName(), mapEntryMethods);
- whiteListedClassMethods.put(LocalRegion.NonTXEntry.class.getName(), mapEntryMethods);
- whiteListedClassMethods.put(EntrySnapshot.class.getName(), mapEntryMethods);
-
- Set<String> stringMethods = new HashSet<>();
- stringMethods.add("toString");
- stringMethods.add("toLowerCase");
- stringMethods.add("toUpperCase");
- whiteListedClassMethods.put(String.class.getName(), stringMethods);
-
- Set<String> localRegionMethods = new HashSet<>();
- localRegionMethods.add("values");
- whiteListedClassMethods.put(LocalRegion.class.getName(), localRegionMethods);
- }
-
- public MethodInvocationAuthorizer() {
-
- }
-
- public static boolean isWhitelisted(Member method) {
- return isWhitelisted(method.getDeclaringClass().getName(), method.getName());
- }
-
- public static void allowedRegionAccess(SecurityService securityService, Member method,
- Object target) {
- if (target instanceof Region) {
- String regionName = ((Region) target).getName();
- securityService.authorize(ResourcePermission.Resource.DATA, ResourcePermission.Operation.READ, regionName);
- }
- }
-
- public static boolean isWhitelisted(String className, String methodName) {
- if (DefaultQuery.ALLOW_UNTRUSTED_METHOD_INVOCATION || whiteListedMethods.contains((methodName))) {
- return true;
- }
-
- Set whiteListedMethods = whiteListedClassMethods.get(className);
- if (whiteListedMethods != null) {
- return whiteListedMethods.contains(methodName);
- }
- return false;
- }
- public static void authorizeFunctionInvocation(Member method) {
- if (!isWhitelisted(method) ) {
- throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName());
- }
- }
-
- public static void authorizeFunctionInvocation(SecurityService securityService, Member method, Object target) {
- if (!isWhitelisted(method)) {
- throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName());
- }
- allowedRegionAccess(securityService, method, target);
- }
+public interface MethodInvocationAuthorizer {
+ void authorizeMethodInvocation(Method method, Object target);
}
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java
index aecf5d2..4c7141f 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java
@@ -72,8 +72,9 @@ public class PathUtils {
}
}
try {
- return new AttributeDescriptor(context.getCache().getSecurityService(), attribute)
- .read(target);
+ return new AttributeDescriptor(
+ context.getCache().getQueryService().getMethodInvocationAuthorizer(), attribute)
+ .read(target);
} catch (NameNotFoundException nfe) {
if (DefaultQueryService.QUERY_HETEROGENEOUS_OBJECTS
|| DefaultQueryService.TEST_QUERY_HETEROGENEOUS_OBJECTS) {
@@ -111,8 +112,8 @@ public class PathUtils {
for (int i = 1; i < types.length; i++) {
ObjectType currentType = types[i - 1];
- Member member =
- new AttributeDescriptor(context.getCache().getSecurityService(), pathArray[i - 1])
+ Member member = new AttributeDescriptor(
+ context.getCache().getQueryService().getMethodInvocationAuthorizer(), pathArray[i - 1])
.getReadMember(currentType);
if (member instanceof Field)
@@ -169,8 +170,9 @@ public class PathUtils {
stepStr = stepStr.substring(0, stepStr.length() - 2);
member = clazz.getMethod(stepStr, (Class[]) null);
} else {
- member = new AttributeDescriptor(context.getCache().getSecurityService(), stepStr)
- .getReadMember(clazz);
+ member = new AttributeDescriptor(
+ context.getCache().getQueryService().getMethodInvocationAuthorizer(), stepStr)
+ .getReadMember(clazz);
}
if (member instanceof Field) {
clazz = ((Field) member).getType();
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
new file mode 100644
index 0000000..e97fe34
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.internal;
+
+import java.lang.reflect.Member;
+import java.lang.reflect.Method;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.sql.Timestamp;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicLong;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.query.internal.index.DummyQRegion;
+import org.apache.geode.internal.cache.EntrySnapshot;
+import org.apache.geode.internal.cache.LocalRegion;
+import org.apache.geode.internal.cache.PartitionedRegion;
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission;
+
+public class RestrictedMethodInvocationAuthorizer implements MethodInvocationAuthorizer {
+
+ public static final String UNAUTHORIZED_STRING = "Unauthorized access to method: ";
+
+ private SecurityService securityService;
+
+ // List of methods that can be invoked by
+ private final HashMap<String, Set> whiteListedMethodsToClass;
+
+
+ public RestrictedMethodInvocationAuthorizer(SecurityService securityService) {
+ this.securityService = securityService;
+ whiteListedMethodsToClass = createWhiteList();
+ }
+
+ private HashMap<String, Set> createWhiteList() {
+ HashMap<String, Set> whiteListMap = new HashMap();
+ Set<Class> objectCallers = new HashSet();
+ objectCallers.add(Object.class);
+ whiteListMap.put("toString", objectCallers);
+ whiteListMap.put("equals", objectCallers);
+ whiteListMap.put("compareTo", objectCallers);
+
+ Set<Class> booleanCallers = new HashSet();
+ booleanCallers.add(Boolean.class);
+ whiteListMap.put("booleanValue", booleanCallers);
+
+ Set<Class> numericCallers = new HashSet();
+ numericCallers.add(Number.class);
+ whiteListMap.put("byteValue", numericCallers);
+ whiteListMap.put("intValue", numericCallers);
+ whiteListMap.put("doubleValue", numericCallers);
+ whiteListMap.put("floatValue", numericCallers);
+ whiteListMap.put("longValue", numericCallers);
+ whiteListMap.put("shortValue", numericCallers);
+
+ Set<Class> mapCallers = new HashSet();
+ mapCallers.add(Collection.class);
+ mapCallers.add(Map.class);
+ whiteListMap.put("entrySet", mapCallers);
+ whiteListMap.put("keySet", mapCallers);
+ whiteListMap.put("values", mapCallers);
+ whiteListMap.put("getEntries", mapCallers);
+ whiteListMap.put("getValues", mapCallers);
+ whiteListMap.put("containsKey", mapCallers);
+
+ Set<Class> mapEntryCallers = new HashSet();
+ mapEntryCallers.add(Map.Entry.class);
+ whiteListMap.put("getKey", mapEntryCallers);
+ whiteListMap.put("getValue", mapEntryCallers);
+
+ Set<Class> dateCallers = new HashSet<>();
+ dateCallers.add(Date.class);
+ whiteListMap.put("after", dateCallers);
+ whiteListMap.put("before", dateCallers);
+ whiteListMap.put("getNanos", dateCallers);
+ whiteListMap.put("getTime", dateCallers);
+
+ Set<Class> stringCallers = new HashSet<>();
+ stringCallers.add(String.class);
+ whiteListMap.put("toLowerCase", stringCallers);
+ whiteListMap.put("toUpperCase", stringCallers);
+ return whiteListMap;
+ }
+
+ boolean isWhitelisted(Method method) {
+ String methodName = method.getName();
+
+ Set<Class> allowedClasses = whiteListedMethodsToClass.get(methodName);
+ if (allowedClasses == null) {
+ return false;
+ }
+ for (Class clazz : allowedClasses) {
+ if (clazz.isAssignableFrom(method.getDeclaringClass())) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public void authorizeMethodInvocation(Method method, Object target) {
+ if (!isWhitelisted(method)) {
+ throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName());
+ }
+ authorizeRegionAccess(securityService, target);
+ }
+
+ private void authorizeRegionAccess(SecurityService securityService, Object target) {
+ if (target instanceof Region) {
+ String regionName = ((Region) target).getName();
+ securityService.authorize(ResourcePermission.Resource.DATA, ResourcePermission.Operation.READ,
+ regionName);
+ }
+ }
+}
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java
index 23d470c..3373b96 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java
@@ -198,8 +198,9 @@ public class RuntimeIterator extends AbstractCompiledValue {
// if there are zero arguments and it's an attribute, then defer to
// AttributeDescriptor
// to see if there's a match
- return new AttributeDescriptor(context.getCache().getSecurityService(), name)
- .validateReadType(clazz);
+ return new AttributeDescriptor(
+ context.getCache().getQueryService().getMethodInvocationAuthorizer(), name)
+ .validateReadType(clazz);
}
// private SelectResults prepareIteratorDef(Object obj)
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
index c5b5d01..e2975ea 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
@@ -79,6 +79,9 @@ import com.sun.jna.Platform;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.Logger;
+import org.apache.geode.cache.query.internal.InternalQueryService;
+import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
+import org.apache.geode.cache.query.internal.RestrictedMethodInvocationAuthorizer;
import org.apache.geode.internal.cache.event.EventTrackerExpiryTask;
import org.apache.geode.internal.cache.wan.GatewaySenderQueueEntrySynchronizationListener;
import org.apache.geode.internal.security.SecurityServiceFactory;
@@ -177,7 +180,6 @@ import org.apache.geode.internal.SystemTimer;
import org.apache.geode.internal.cache.control.InternalResourceManager;
import org.apache.geode.internal.cache.control.InternalResourceManager.ResourceType;
import org.apache.geode.internal.cache.control.ResourceAdvisor;
-import org.apache.geode.internal.cache.event.EventTrackerExpiryTask;
import org.apache.geode.internal.cache.execute.util.FindRestEnabledServersFunction;
import org.apache.geode.internal.cache.extension.Extensible;
import org.apache.geode.internal.cache.extension.ExtensionPoint;
@@ -215,7 +217,6 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.offheap.MemoryAllocator;
import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.internal.security.SecurityServiceFactory;
import org.apache.geode.internal.sequencelog.SequenceLoggerImpl;
import org.apache.geode.internal.tcp.ConnectionTable;
import org.apache.geode.internal.util.concurrent.FutureResult;
@@ -4192,7 +4193,7 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
}
@Override
- public QueryService getQueryService() {
+ public InternalQueryService getQueryService() {
if (!isClient()) {
return new DefaultQueryService(this);
}
@@ -4201,7 +4202,7 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
throw new IllegalStateException(
"Client cache does not have a default pool. Use getQueryService(String poolName) instead.");
}
- return defaultPool.getQueryService();
+ return (InternalQueryService) defaultPool.getQueryService();
}
@Override
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java b/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
index 66bc44a..5ef8fcd 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
@@ -39,6 +39,7 @@ import org.apache.geode.cache.asyncqueue.AsyncEventQueue;
import org.apache.geode.cache.asyncqueue.internal.AsyncEventQueueImpl;
import org.apache.geode.cache.client.internal.ClientMetadataService;
import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.internal.InternalQueryService;
import org.apache.geode.cache.query.internal.QueryMonitor;
import org.apache.geode.cache.query.internal.cq.CqService;
import org.apache.geode.cache.server.CacheServer;
@@ -320,4 +321,6 @@ public interface InternalCache extends Cache, Extensible<Cache>, CacheTime {
void invokeRegionEntrySynchronizationListenersAfterSynchronization(
InternalDistributedMember sender, LocalRegion region,
List<InitialImageOperation.Entry> entriesToSynchronize);
+
+ InternalQueryService getQueryService();
}
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
index 9c80ce1..3cd1971 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
@@ -58,6 +58,8 @@ import org.apache.geode.cache.query.Query;
import org.apache.geode.cache.query.QueryInvalidException;
import org.apache.geode.cache.query.QueryService;
import org.apache.geode.cache.query.RegionNotFoundException;
+import org.apache.geode.cache.query.internal.InternalQueryService;
+import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
import org.apache.geode.cache.query.internal.QueryMonitor;
import org.apache.geode.cache.query.internal.cq.CqService;
import org.apache.geode.cache.server.CacheServer;
@@ -943,7 +945,7 @@ public class CacheCreation implements InternalCache {
}
@Override
- public QueryService getQueryService() {
+ public InternalQueryService getQueryService() {
return this.queryService;
}
@@ -1735,7 +1737,7 @@ public class CacheCreation implements InternalCache {
return null;
}
- private final QueryService queryService = new QueryService() {
+ private final InternalQueryService queryService = new InternalQueryService() {
private final Map<String, List<Index>> indexes = new HashMap<>();
@@ -1958,6 +1960,10 @@ public class CacheCreation implements InternalCache {
throw new UnsupportedOperationException(LocalizedStrings.SHOULDNT_INVOKE.toLocalizedString());
}
+ @Override
+ public MethodInvocationAuthorizer getMethodInvocationAuthorizer() {
+ throw new UnsupportedOperationException(LocalizedStrings.SHOULDNT_INVOKE.toLocalizedString());
+ }
};
@Override
diff --git a/geode-core/src/test/java/org/apache/geode/internal/MethodInvocationAuthorizerTest.java b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
similarity index 59%
rename from geode-core/src/test/java/org/apache/geode/internal/MethodInvocationAuthorizerTest.java
rename to geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
index 490cf2c..45ddf27 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/MethodInvocationAuthorizerTest.java
+++ b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
@@ -1,6 +1,21 @@
-package org.apache.geode.internal;
-
-
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.internal;
+
+
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.lang.reflect.Method;
@@ -13,129 +28,139 @@ import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import org.junit.Test;
+import org.junit.experimental.categories.Category;
-import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
-import org.apache.geode.cache.query.internal.QRegion;
import org.apache.geode.cache.query.internal.index.DummyQRegion;
import org.apache.geode.internal.cache.EntrySnapshot;
import org.apache.geode.internal.cache.LocalRegion;
import org.apache.geode.internal.cache.PartitionedRegion;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.categories.UnitTest;
+
+@Category({UnitTest.class, SecurityTest.class})
+public class RestrictedMethodInvocationAuthorizerTest {
+ RestrictedMethodInvocationAuthorizer methodInvocationAuthorizer =
+ new RestrictedMethodInvocationAuthorizer(null);
-public class MethodInvocationAuthorizerTest {
+ @Test
+ public void getClassShouldFail() throws Exception {
+ Method method = Integer.class.getMethod("getClass");
+ assertFalse(methodInvocationAuthorizer.isWhitelisted(method));
+ }
@Test
public void toStringOnAnyObject() throws Exception {
Method stringMethod = Integer.class.getMethod("toString");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(stringMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
}
@Test
public void equalsOnAnyObject() throws Exception {
Method equalsMethod = Integer.class.getMethod("equals", Object.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(equalsMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(equalsMethod));
}
@Test
public void booleanMethodsAreWhiteListed() throws Exception {
Method booleanValue = Boolean.class.getMethod("booleanValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(booleanValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(booleanValue));
}
@Test
public void toLowerCaseOnStringObject() throws Exception {
Method stringMethod = String.class.getMethod("toLowerCase");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(stringMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
}
@Test
public void toUpperCaseOnStringObject() throws Exception {
Method stringMethod = String.class.getMethod("toUpperCase");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(stringMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
}
@Test
public void utilDateAfterMethodIsWhiteListed() throws Exception {
Method method = Date.class.getMethod("after", Date.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlDateAfterMethodIsWhiteListed() throws Exception {
Method method = java.sql.Date.class.getMethod("after", Date.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void utilDateBeforeMethodIsWhiteListed() throws Exception {
Method method = Date.class.getMethod("before", Date.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlDateBeforeMethodIsWhiteListed() throws Exception {
Method method = java.sql.Date.class.getMethod("before", Date.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void timestampAfterMethodIsWhiteListed() throws Exception {
Method method = Timestamp.class.getMethod("after", Timestamp.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlTimestampBeforeMethodIsWhiteListed() throws Exception {
Method method = Timestamp.class.getMethod("before", Timestamp.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlTimestampGetNanosIsWhiteListed() throws Exception {
Method method = Timestamp.class.getMethod("getNanos");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlTimestampGetTimeIsWhiteListed() throws Exception {
Method method = Timestamp.class.getMethod("getTime");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void getKeyForMapEntryIsWhiteListed() throws Exception {
Method getKeyMethod = Map.Entry.class.getMethod("getKey");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getKeyMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getKeyMethod));
}
@Test
public void getValueForMapEntryIsWhiteListed() throws Exception {
Method getValueMethod = Map.Entry.class.getMethod("getValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValueMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getValueMethod));
}
@Test
public void getKeyForMapEntrySnapShotIsWhiteListed() throws Exception {
Method getKeyMethod = EntrySnapshot.class.getMethod("getKey");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getKeyMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getKeyMethod));
}
@Test
public void getValueForMapEntrySnapShotIsWhiteListed() throws Exception {
Method getValueMethod = EntrySnapshot.class.getMethod("getValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValueMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getValueMethod));
}
@Test
public void getKeyForNonTXEntryIsWhiteListed() throws Exception {
Method getKeyMethod = LocalRegion.NonTXEntry.class.getMethod("getKey");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getKeyMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getKeyMethod));
}
@Test
public void getValueForNonTXEntryIsWhiteListed() throws Exception {
Method getValueMethod = LocalRegion.NonTXEntry.class.getMethod("getValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValueMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getValueMethod));
}
@Test
@@ -150,7 +175,15 @@ public class MethodInvocationAuthorizerTest {
@Test
public void mapMethodsForPartitionedRegionAreWhiteListed() throws Exception {
- testMapMethods(PartitionedRegion.class);
+ Class clazz = PartitionedRegion.class;
+ Method entrySet = clazz.getMethod("entrySet");
+ Method keySet = clazz.getMethod("keySet");
+ Method values = clazz.getMethod("values");
+ Method containsKey = clazz.getMethod("containsKey", Object.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(entrySet));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(keySet));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(values));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(containsKey));
}
@Test
@@ -205,12 +238,12 @@ public class MethodInvocationAuthorizerTest {
Method floatValue = clazz.getMethod("longValue");
Method longValue = clazz.getMethod("floatValue");
Method shortValue = clazz.getMethod("shortValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(byteValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(doubleValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(intValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(floatValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(longValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(shortValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(byteValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(doubleValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(intValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(floatValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(longValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(shortValue));
}
private void testMapMethods(Class clazz) throws NoSuchMethodException {
@@ -220,12 +253,12 @@ public class MethodInvocationAuthorizerTest {
Method getEntries = clazz.getMethod("getEntries");
Method getValues = clazz.getMethod("getValues");
Method containsKey = clazz.getMethod("containsKey", Object.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(entrySet));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(keySet));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(values));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getEntries));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValues));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(containsKey));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(entrySet));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(keySet));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(values));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getEntries));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getValues));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(containsKey));
}
}
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java
index 232df0a..1cc73c3 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java
@@ -34,6 +34,7 @@ import org.junit.experimental.categories.Category;
import org.apache.geode.cache.CacheClosedException;
import org.apache.geode.cache.CacheFactory;
import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.internal.InternalQueryService;
import org.apache.geode.internal.cache.CacheServerImpl;
import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.internal.cache.tier.sockets.AcceptorImpl;
@@ -75,7 +76,7 @@ public class CacheServerBridgeClientMembershipRegressionTest {
this.acceptor = mock(AcceptorImpl.class);
this.monitor = mock(MBeanStatsMonitor.class);
- when(cache.getQueryService()).thenReturn(mock(QueryService.class));
+ when(cache.getQueryService()).thenReturn(mock(InternalQueryService.class));
when(acceptor.getStats()).thenReturn(mock(CacheServerStats.class));
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java
index 331acac..1a1e105 100644
--- a/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java
+++ b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java
@@ -48,11 +48,6 @@ public class SecurityTestUtil {
return cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(regionName);
}
- public static void assertNotAuthorizedMatching(
- ThrowableAssert.ThrowingCallable shouldRaiseThrowable, String permString) {
- assertThatThrownBy(shouldRaiseThrowable).hasMessageMatching(permString);
- }
-
public static void assertNotAuthorized(ThrowableAssert.ThrowingCallable shouldRaiseThrowable,
String permString) {
assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java
index b2ce211..ea0f920 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java
@@ -14,10 +14,9 @@
*/
package org.apache.geode.security.query;
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.apache.geode.security.SecurityTestUtil.createClientCache;
-import static org.apache.geode.security.SecurityTestUtil.createProxyRegion;
-import static org.junit.Assert.assertEquals;
+import static org.apache.geode.internal.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
import java.util.Arrays;
import java.util.List;
@@ -25,95 +24,82 @@ import java.util.List;
import junitparams.JUnitParamsRunner;
import junitparams.Parameters;
import org.junit.Before;
-import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
-import org.apache.geode.cache.Region;
import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.cache.client.ClientCache;
import org.apache.geode.cache.query.Index;
+import org.apache.geode.cache.query.IndexInvalidException;
import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.security.TestSecurityManager;
-import org.apache.geode.test.dunit.Host;
-import org.apache.geode.test.dunit.VM;
-import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.security.query.data.QueryTestObject;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
+@RunWith(Parameterized.class)
public class IndexSecurityDUnitTest extends QuerySecurityBase {
+ public RegionShortcut getRegionType() {
+ return RegionShortcut.REPLICATE;
+ }
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataWriter"};
+ }
- // Should be the same as the key specified for the region key specific users in the
- // clientServer.json
- public static final String REGION_PUT_KEY = "key";
+ @Parameterized.Parameter
+ public String user;
- public List<String> getAllUsersOnlyAllowedWrite() {
- return Arrays.asList(
- "dataWriter");
+ @Before
+ public void configureSpecificUserAndKeyAndValues() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1", "key-2"};
+ values = new Object[] {new QueryTestObject(1, "Mary"), new QueryTestObject(2, "Joe"),
+ new QueryTestObject(3, "Joe")};
}
@Test
- @Parameters(method = "getAllUsers")
- public void indexBehaviorTest(String user) throws Exception {
- String query = UserPermissions.SELECT_ALL_FROM_REGION;
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + 1, REGION_PUT_KEY + 2};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary"), new QuerySecurityDUnitTest.QueryTestObject(2, "Joe"),
- new QuerySecurityDUnitTest.QueryTestObject(3, "Joe")};
+ public void indexCreatedButPutWithNoReadCredentialsShouldNotThrowSecurityException()
+ throws Exception {
QueryService queryService = server.getCache().getQueryService();
- Index idIndex = queryService.createIndex("IdIndex", "id", "/" + UserPermissions.REGION_NAME);
- Index errorIndex = queryService.createIndex("TEST", "methodThrowsException",
- "/" + UserPermissions.REGION_NAME);
-
- try {
- putIntoRegion(superUserClient, keys, values, region);
- } catch (Exception e) {
- e.printStackTrace();
- }
-
+ Index idIndex = queryService.createIndex("IdIndex", "id", "/" + regionName);
+ putIntoRegion(specificUserClient, keys, values, regionName);
}
@Test
- @Parameters(method = "getAllUsersOnlyAllowedWrite")
- public void indexCreatedButPutWithNoReadCredentialsShouldNotThrowSecurityException(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + 1, REGION_PUT_KEY + 2};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary"), new QuerySecurityDUnitTest.QueryTestObject(2, "Joe"),
- new QuerySecurityDUnitTest.QueryTestObject(3, "Joe")};
+ public void indexCreatedWithRegionEntriesButPutWithNoReadCredentialsShouldNotThrowSecurityException()
+ throws Exception {
QueryService queryService = server.getCache().getQueryService();
- Index idIndex = queryService.createIndex("IdIndex", "id", "/" + UserPermissions.REGION_NAME);
-
- putIntoRegion(specificUserClient, keys, values, region);
-
+ Index idIndex = queryService.createIndex("IdIndex", "e.id", "/" + regionName + ".entries e");
+ putIntoRegion(specificUserClient, keys, values, regionName);
}
@Test
- @Parameters(method = "getAllUsersOnlyAllowedWrite")
- public void indexCreatedWithRegionEntriesButPutWithNoReadCredentialsShouldNotThrowSecurityException(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + 1, REGION_PUT_KEY + 2};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary"), new QuerySecurityDUnitTest.QueryTestObject(2, "Joe"),
- new QuerySecurityDUnitTest.QueryTestObject(3, "Joe")};
+ public void indexCreatedWithMethodInvocationOnPrepopulatedRegionShouldThrowSecurityException()
+ throws Exception {
QueryService queryService = server.getCache().getQueryService();
- Index idIndex = queryService.createIndex("IdIndex", "e.id", "/" + UserPermissions.REGION_NAME + ".entries e");
+ putIntoRegion(superUserClient, keys, values, regionName);
- putIntoRegion(specificUserClient, keys, values, region);
+ try {
+ queryService.createIndex("IdIndex", "e.getName()", "/" + regionName + " e");
+ fail("Index creation should have failed due to method invocation");
+ } catch (IndexInvalidException e) {
+ assertTrue(e.getMessage().contains("Unauthorized access to method: getName"));
+ }
}
-
+ @Test
+ public void indexCreatedWithMethodInvocationOnUnpopulatedRegionAndPutShouldMarkIndexInvalid()
+ throws Exception {
+ QueryService queryService = server.getCache().getQueryService();
+ Index index = queryService.createIndex("IdIndex", "e.getName()", "/" + regionName + " e");
+ putIntoRegion(superUserClient, keys, values, regionName);
+ assertFalse(index.isValid());
+ }
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedIndexSecurityDUnitTest.java
similarity index 90%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/test/java/org/apache/geode/security/query/PartitionedIndexSecurityDUnitTest.java
index 4d81034..593bd4e 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedIndexSecurityDUnitTest.java
@@ -17,14 +17,15 @@ package org.apache.geode.security.query;
import junitparams.JUnitParamsRunner;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+public class PartitionedIndexSecurityDUnitTest extends IndexSecurityDUnitTest {
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityAllowedQueriesDUnitTest.java
similarity index 78%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityAllowedQueriesDUnitTest.java
index 4d81034..2d5b057 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityAllowedQueriesDUnitTest.java
@@ -17,14 +17,19 @@ package org.apache.geode.security.query;
import junitparams.JUnitParamsRunner;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class PartitionedQuerySecurityAllowedQueriesDUnitTest
+ extends QuerySecurityAllowedQueriesDUnitTest {
+
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityRestrictedQueriesDUnitTest.java
similarity index 77%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityRestrictedQueriesDUnitTest.java
index 4d81034..28a01ff 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityRestrictedQueriesDUnitTest.java
@@ -17,14 +17,19 @@ package org.apache.geode.security.query;
import junitparams.JUnitParamsRunner;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class PartitionedQuerySecurityRestrictedQueriesDUnitTest
+ extends QuerySecurityRestrictedQueriesDUnitTest {
+
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityAllowedQueriesDUnitTest.java
similarity index 86%
rename from geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityDUnitTest.java
rename to geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityAllowedQueriesDUnitTest.java
index 856ff5a..b9d0fda 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityAllowedQueriesDUnitTest.java
@@ -14,17 +14,18 @@
*/
package org.apache.geode.security.query;
-import junitparams.JUnitParamsRunner;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PdxPartitionedQuerySecurityDUnitTest extends PdxQuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+public class PdxPartitionedQuerySecurityAllowedQueriesDUnitTest
+ extends PdxQuerySecurityAllowedQueriesDUnitTest {
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityAllowedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityAllowedQueriesDUnitTest.java
new file mode 100644
index 0000000..e25f6cf
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityAllowedQueriesDUnitTest.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.pdx.PdxReader;
+import org.apache.geode.pdx.PdxSerializable;
+import org.apache.geode.pdx.PdxWriter;
+import org.apache.geode.security.query.data.PdxQueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+public class PdxQuerySecurityAllowedQueriesDUnitTest extends QuerySecurityBase {
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureSpecificClientAndKeyAndValues() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectOnPublicFieldQuery() {
+ String query = "select * from /" + regionName + " r where r.id = 3";
+ List<Object> expectedResults = Arrays.asList(values[1]);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectWithPdxFieldNamedGetQuery() {
+ server.getCache().setReadSerialized(true);
+ String query = "select * from /" + regionName + " r where r.getName = 'Beth'";
+ List<Object> expectedResults = Arrays.asList(values[1]);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityDUnitTest.java
deleted file mode 100644
index 80a10ff..0000000
--- a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityDUnitTest.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.security.query;
-
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.List;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.pdx.PdxReader;
-import org.apache.geode.pdx.PdxSerializable;
-import org.apache.geode.pdx.PdxWriter;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PdxQuerySecurityDUnitTest extends QuerySecurityBase {
-
- // Should be the same as the key specified for the region key specific users in the
- // clientServer.json
- public static final String REGION_PUT_KEY = "key";
-
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectOnPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, region);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, region, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectWithPdxFieldNoExistingPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, region);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, region, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectWhenInvokingMethodOnPdxObjectQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_DEPLOYED_METHOD_FROM_REGION;
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, region);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, region, expectedResults);
- }
-
- public static class PdxQueryTestObject implements PdxSerializable , Serializable /*just to pass around in test code*/ {
- public int id = -1;
- private String name;
-
- private boolean shouldThrowException = true;
-
- public PdxQueryTestObject(int id, String name) {
- this.id = id;
- this.name = name;
- }
-
- public String getName() {
- return name;
- }
-
- @Override
- public String toString() {
- return "Test_Object";
- }
-
- @Override
- public void toData(PdxWriter writer) {
- writer.writeInt("id", id);
- writer.writeString("getName", name);
- }
-
- @Override
- public void fromData(PdxReader reader) {
- id = reader.readInt("id");
- name = reader.readString("getName");
- }
- }
-}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityRestrictedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityRestrictedQueriesDUnitTest.java
new file mode 100644
index 0000000..f7e0258
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityRestrictedQueriesDUnitTest.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.pdx.PdxReader;
+import org.apache.geode.pdx.PdxSerializable;
+import org.apache.geode.pdx.PdxWriter;
+import org.apache.geode.security.query.data.PdxQueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+public class PdxQuerySecurityRestrictedQueriesDUnitTest extends QuerySecurityBase {
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ private String regexForExpectedExceptions = ".*Unauthorized access.*";
+
+ @Before
+ public void configureCache() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ @Test
+ public void selectWhenInvokingMethodOnPdxObjectQueryShouldBeRestricted() {
+ String query = "select r.getClass from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void invokingMethodOnPdxObjectShouldBeRestricted() {
+ String query = "select r.getAge from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void selectWithPdxFieldNoExistingPublicFieldQueryShouldBeRestricted() {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAllowedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAllowedQueriesDUnitTest.java
new file mode 100644
index 0000000..318086e
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAllowedQueriesDUnitTest.java
@@ -0,0 +1,255 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class QuerySecurityAllowedQueriesDUnitTest extends QuerySecurityBase {
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureCache() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+
+ @Test
+ public void checkUserAuthorizationsForSelectAllQuery() {
+ String query = "select * from /" + regionName;
+ List<Object> expectedResults = Arrays.asList(values);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ /* ----- Public Field Tests ----- */
+ @Test
+ public void checkUserAuthorizationsForSelectByPublicFieldQuery() {
+ String query = "select * from /" + regionName + " r where r.id = 1";
+ List<Object> expectedResults = Arrays.asList(values[0]);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectPublicFieldQuery() {
+ String query = "select r.id from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1, 3);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectCountOfPublicFieldQuery() {
+ String query = "select count(r.id) from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(2);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMaxOfPublicFieldQuery() {
+ String query = "select max(r.id) from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(3);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMinOfPublicFieldQuery() {
+ String query = "select min(r.id) from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectPublicFieldFromRegionByPublicFieldFromRegionQuery() {
+ String query = "select * from /" + regionName + " r1 where r1.id in (select r2.id from /"
+ + regionName + " r2)";
+ List<Object> expectedResults = Arrays.asList(values);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionContainsKeyQuery() {
+ String query = "select * from /" + regionName + ".containsKey('" + keys[0] + "')";
+ List<Object> expectedResults = Arrays.asList(true);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectValuesQuery() {
+ String query = "select * from /" + regionName + ".values";
+ List<Object> expectedResults = Arrays.asList(values);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectKeySetQuery() {
+ String query = "select * from /" + regionName + ".keySet";
+ List<Object> expectedResults = Arrays.asList(keys);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectEntriesQuery() {
+ String query = "select e.getKey from /" + regionName + ".entries e";
+ List<Object> expectedResults = Arrays.asList(keys);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectKeyFromEntrySetQuery() {
+ String query = "select e.key from /" + regionName + ".entrySet e";
+ List<Object> expectedResults = Arrays.asList(keys);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetKeyFromEntrySetQuery() {
+ String query = "select e.getKey from /" + regionName + ".entrySet e";
+ List<Object> expectedResults = Arrays.asList(keys);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectValueFromEntrySetQuery() {
+ String query = "select e.value from /" + regionName + ".entrySet e";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetValueFromEntrySetQuery() {
+ String query = "select e.getValue from /" + regionName + ".entrySet e";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByToStringQuery() {
+ String query = "select * from /" + regionName + " r where r.toString = 'Test_Object'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectToStringQuery() {
+ String query = "select r.toString() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList("Test_Object", "Test_Object");
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByToStringToUpperCaseQuery() {
+ String query =
+ "select * from /" + regionName + " r where r.toString().toUpperCase = 'TEST_OBJECT'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByToStringToLowerCaseQuery() {
+ String query =
+ "select * from /" + regionName + " r where r.toString().toLowerCase = 'test_object'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectIntValueQuery() {
+ String query = "select r.id.intValue() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1, 3);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectLongValueQuery() {
+ String query = "select r.id.longValue() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1L, 3L);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectDoubleValueQuery() {
+ String query = "select r.id.doubleValue() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1d, 3d);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectShortValueQuery() {
+ String query = "select r.id.shortValue() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList((short) 1, (short) 3);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectToDateQuery() {
+ String query =
+ "SELECT * FROM /" + regionName + " where dateField = to_date('08/08/2018', 'MM/dd/yyyy')";
+
+ QueryTestObject obj1 = new QueryTestObject(0, "John");
+ obj1.setDateField("08/08/2018");
+ QueryTestObject obj2 = new QueryTestObject(3, "Beth");
+ obj2.setDateField("08/08/2018");
+ Object[] values = {obj1, obj2};
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAuthorizedUserBindParameterDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAuthorizedUserBindParameterDUnitTest.java
new file mode 100644
index 0000000..493fb73
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAuthorizedUserBindParameterDUnitTest.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.util.Arrays;
+import java.util.HashSet;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+public class QuerySecurityAuthorizedUserBindParameterDUnitTest extends QuerySecurityBase {
+
+ @Before
+ public void configureCache() {
+ String user = "dataReaderRegion";
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ @Test
+ public void userWithRegionAccessAndPassingInWrappedBindParameterShouldReturnCorrectResults() {
+ String query = "select v from $1 r, r.values() v";
+ specificUserClient.invoke(() -> {
+ Region region = getClientCache().getRegion(regionName);
+ HashSet hashset = new HashSet();
+ hashset.add(region);
+ assertQueryResults(getClientCache(), query, new Object[] {hashset}, Arrays.asList(values));
+ });
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java
index d412111..1e1815e 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java
@@ -1,3 +1,17 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.apache.geode.security.query;
import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
@@ -21,6 +35,7 @@ import org.apache.geode.cache.client.Pool;
import org.apache.geode.cache.client.PoolManager;
import org.apache.geode.cache.query.FunctionDomainException;
import org.apache.geode.cache.query.NameResolutionException;
+import org.apache.geode.cache.query.Query;
import org.apache.geode.cache.query.QueryInvocationTargetException;
import org.apache.geode.cache.query.QueryService;
import org.apache.geode.cache.query.TypeMismatchException;
@@ -29,56 +44,41 @@ import org.apache.geode.security.TestSecurityManager;
import org.apache.geode.test.dunit.Host;
import org.apache.geode.test.dunit.VM;
import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.rules.ServerStarterRule;
public class QuerySecurityBase extends JUnit4DistributedTestCase {
+ public RegionShortcut getRegionType() {
+ return RegionShortcut.REPLICATE;
+ }
+
+ protected String regionName = "region";
+ protected Object[] keys;
+ protected Object[] values;
+
@Rule
public ServerStarterRule server =
new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
.withProperty(TestSecurityManager.SECURITY_JSON,
"org/apache/geode/management/internal/security/clientServer.json")
- .withRegion(getRegionType(), UserPermissions.REGION_NAME);
+ .withRegion(getRegionType(), regionName);
- //Varibles used to store caches between invoke methods
+ // Varibles used to store caches between invoke methods
private static ClientCache clientCache;
- protected static transient UserPermissions userPerms;
+ protected transient UserPermissions userPerms = new UserPermissions();
- protected Host host;
+ protected Host host;
protected VM superUserClient;
- protected VM specificUserClient;
+ protected VM specificUserClient;
-
- protected UserPermissions configurePermissions() {
- return new UserPermissions("DATA:READ");
- }
-
- public RegionShortcut getRegionType() {
- return RegionShortcut.REPLICATE;
- }
-
- public List<String> getAllUsers() {
- return userPerms.getAllUsers();
- }
-
- public List<String> getAllUsersWhoCanExecuteQuery() {
- return Arrays.asList("dataReader", "dataReaderRegion", "clusterManagerDataReader",
- "clusterManagerDataReaderRegion", "super-user");
- }
-
- public List<String> getAllUsersWhoCannotExecuteQuery() {
- return Arrays.asList("stranger", "dataReaderRegionKey",
- "clusterManager", "clusterManagerQuery", "clusterManagerDataReaderRegionKey");
- }
@Before
- public void setup() {
+ public void configureTest() {
host = Host.getHost(0);
superUserClient = host.getVM(1);
specificUserClient = host.getVM(2);
- userPerms = configurePermissions();
createClientCache(superUserClient, "super-user", userPerms.getUserPassword("super-user"));
- createProxyRegion(superUserClient, UserPermissions.REGION_NAME);
+ createProxyRegion(superUserClient, regionName);
}
public void setClientCache(ClientCache cache) {
@@ -91,8 +91,7 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
public void createClientCache(VM vm, String userName, String password) {
vm.invoke(() -> {
- ClientCache cache = SecurityTestUtil.createClientCache(userName, password,
- server.getPort());
+ ClientCache cache = SecurityTestUtil.createClientCache(userName, password, server.getPort());
setClientCache(cache);
});
}
@@ -118,7 +117,6 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
}
protected void assertExceptionOccurred(QueryService qs, String query, String authErrorRegexp) {
- System.out.println("Execution exception should match:" + authErrorRegexp);
try {
qs.newQuery(query).execute();
} catch (Exception e) {
@@ -136,7 +134,8 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
}
}
- protected void assertExceptionOccurred(QueryService qs, String query, Object[] bindParams, String authErrorRegexp) {
+ protected void assertExceptionOccurred(QueryService qs, String query, Object[] bindParams,
+ String authErrorRegexp) {
System.out.println("Execution exception should match:" + authErrorRegexp);
try {
qs.newQuery(query).execute(bindParams);
@@ -156,66 +155,68 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
}
}
+ protected void assertQueryResults(ClientCache clientCache, String query,
+ List<Object> expectedResults) throws FunctionDomainException, TypeMismatchException,
+ NameResolutionException, QueryInvocationTargetException {
+ assertQueryResults(clientCache, query, null, expectedResults);
+ }
- public void executeAndConfirmQueryResults(VM vm, String query,
- List<Object> expectedResults) throws Exception {
- vm.invoke(()-> {
- assertQueryResults(getClientCache(), query, expectedResults);
+ protected void assertQueryResults(ClientCache clientCache, String queryString,
+ Object[] bindParameters, List<Object> expectedResults) throws FunctionDomainException,
+ TypeMismatchException, NameResolutionException, QueryInvocationTargetException {
+ Query query = clientCache.getQueryService().newQuery(queryString);
+ Collection results;
+ if (bindParameters == null) {
+ results = (Collection) query.execute();
+ } else {
+ results = (Collection) query.execute(bindParameters);
+ }
+ assertNotNull(results);
+ assertEquals("Query results size did not match expected for " + query, expectedResults.size(),
+ results.size());
+
+ results.forEach((i) -> {
+ assertTrue("Result:" + i + " was not found in the expectedResults",
+ expectedResults.contains(i));
});
}
- private void assertQueryResults(ClientCache clientCache, String query, List<Object> expectedResults)
- throws FunctionDomainException, TypeMismatchException, NameResolutionException,
- QueryInvocationTargetException {
- Collection
- results =
- (Collection) clientCache.getQueryService().newQuery(query).execute();
- assertNotNull("Query results were null when they should have been " + expectedResults + ".",
- results);
- assertEquals(
- "The number of expected results does not match the number of results obtained from the query."
- + query, expectedResults.size(), results.size());
- assertTrue("The query returned results that were not in the expected result list.",
- expectedResults.containsAll(results));
+ public void executeAndConfirmRegionMatches(VM vm, String regionName,
+ List<Object> expectedRegionResults) throws Exception {
+ vm.invoke(() -> {
+ assertQueryResults(getClientCache(), "select * from /" + regionName, expectedRegionResults);
+ });
}
- public void assertRegionMatches(VM vm, String regionName, List<Object> expectedRegionResults) throws Exception {
- executeAndConfirmQueryResults(vm,"select * from /" + regionName, expectedRegionResults);
+ protected void putIntoRegion(VM vm, Object[] keys, Object[] values, String regionName) {
+ vm.invoke(() -> {
+ Region region = getClientCache().getRegion(regionName);
+ assertEquals(
+ "Bad region put. The list of keys does not have the same length as the list of values.",
+ keys.length, values.length);
+ for (int i = 0; i < keys.length; i++) {
+ region.put(keys[i], values[i]);
+ }
+ });
}
- public void executeQueryWithCheckForAccessPermissions(VM vm, String query, String user, String regionName, List<Object> expectedSuccessfulQueryResults) {
- List<String> possibleAuthorizationErrors = userPerms.getMissingUserAuthorizationsForQuery(user, query);
- String regexForExpectedExceptions = userPerms.regexForExpectedException(possibleAuthorizationErrors);
- executeQueryWithCheckForAccessPermissions(vm, query, user, possibleAuthorizationErrors, regexForExpectedExceptions, regionName, expectedSuccessfulQueryResults);
-}
-
-
- private void executeQueryWithCheckForAccessPermissions(VM vm, String query, String user, List<String> possibleAuthorizationErrors, String regexForExpectedExceptions,
- String regionName, List<Object> expectedSuccessfulQueryResults) {
-
+ protected void executeQueryWithCheckForAccessPermissions(VM vm, String query, String regionName,
+ List<Object> expectedSuccessfulQueryResults) {
vm.invoke(() -> {
Region region = getClientCache().getRegion(regionName);
- if (possibleAuthorizationErrors.isEmpty()) {
- assertQueryResults(getClientCache(), query, expectedSuccessfulQueryResults);
- } else {
- String authErrorRegexp = regexForExpectedExceptions;
- assertExceptionOccurred(getClientCache().getQueryService(), query, authErrorRegexp);
- Pool pool = PoolManager.find(region);
- assertExceptionOccurred(pool.getQueryService(), query, authErrorRegexp);
- }
+ assertQueryResults(getClientCache(), query, expectedSuccessfulQueryResults);
});
}
- protected void putIntoRegion(VM vm, Object[] keys, Object[] values,
- String regionName) {
+
+ protected void executeQueryWithCheckForAccessPermissions(VM vm, String query, String regionName,
+ String regexForExpectedExceptions) {
vm.invoke(() -> {
Region region = getClientCache().getRegion(regionName);
- assertEquals(
- "Bad region put. The list of keys does not have the same length as the list of values.",
- keys.length, values.length);
- for (int i = 0; i < keys.length; i++) {
- region.put(keys[i], values[i]);
- }
+ assertExceptionOccurred(getClientCache().getQueryService(), query,
+ regexForExpectedExceptions);
+ Pool pool = PoolManager.find(region);
+ assertExceptionOccurred(pool.getQueryService(), query, regexForExpectedExceptions);
});
}
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityDUnitTest.java
deleted file mode 100644
index 366571b..0000000
--- a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityDUnitTest.java
+++ /dev/null
@@ -1,1525 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.security.query;
-
-import static org.junit.Assert.fail;
-
-import java.io.Serializable;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.Region;
-import org.apache.geode.cache.RegionDestroyedException;
-import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.cache.query.internal.index.DummyQRegion;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class QuerySecurityDUnitTest extends QuerySecurityBase {
-
-
- public static final String REGION_PUT_KEY = "key";
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectAllQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_ALL_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- /* ----- Public Field Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[0]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_PUBLIC_FIELD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(1, 2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCountOfPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_COUNT_OF_PUBLIC_FIELD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMaxOfPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MAX_OF_PUBLIC_FIELD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(3);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMinOfPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MIN_OF_PUBLIC_FIELD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(0);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectPublicFieldFromRegionByPublicFieldFromRegionQuery(
- String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_WHERE_PUBLIC_FIELD_IN_REGION_PUBLIC_FIELDS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Public Field Tests ----- */
-
- /* ----- Implicit Getter Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_IMPLICIT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John", "Beth");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCountOfImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_COUNT_OF_IMPLICIT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMaxOfImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MAX_OF_IMPLICIT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMinOfImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MIN_OF_IMPLICIT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("Beth");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectImplicitGetterFromRegionByImplicitGetterFromRegionQuery(
- String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query =
- UserPermissions.SELECT_FROM_REGION1_WHERE_IMPLICIT_GETTER_IN_REGION2_IMPLICIT_GETTERS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Implicit Getter Tests ----- */
-
- /* ----- Direct Getter Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_DIRECT_GETTER;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_DIRECT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John", "Beth");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCountOfDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_COUNT_OF_DIRECT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMaxOfDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MAX_OF_DIRECT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMinOfDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MIN_OF_DIRECT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("Beth");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDirectGetterFromRegionByDirectGetterFromRegionQuery(
- String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_WHERE_DIRECT_GETTER_IN_REGION_DIRECT_GETTERS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Direct Getter Tests ----- */
-
- /* ----- Deployed Method Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_DEPLOYED_METHOD;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[0]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_DEPLOYED_METHOD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John:1", "Beth:2");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCountOfDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_COUNT_OF_DEPLOYED_METHOD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMaxOfDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MAX_OF_DEPLOYED_METHOD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John:1");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMinOfDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MIN_OF_DEPLOYED_METHOD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("Beth:3");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDeployedMethodFromRegionByDeployedMethodFromRegionQuery(
- String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query =
- UserPermissions.SELECT_FROM_REGION_WHERE_DEPLOYED_METHOD_IN_REGION_DEPLOYED_METHODS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Deployed Method Tests ----- */
-
- /* ----- Geode Method Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionContainsKeyQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CONTAINS_KEY;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(true);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionContainsValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CONTAINS_VALUE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(false);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCannotExecuteQueryShouldGetExceptionForSelectRegionCreateQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CREATE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokeRegionCreateForSelectRegionCreateQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CREATE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCanExecuteQueryShouldGetExceptionForSelectCreateFromRegionQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_CREATE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldGetResultsForSelectCreateFromRegionQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_CREATE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCannotExecuteQueryShouldGetExceptionForSelectRegionDestroyQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokeDestroyForSelectRegionDestroyQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCanExecuteQueryShouldGetExceptionForSelectRegionDestroyRegionQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- try {
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- } catch (Throwable throwable) {
- if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
- throw throwable;
- }
- }
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotMethodInvokeADestroyForSelectRegionDestroyRegionQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- try {
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- } catch (Throwable throwable) {
- if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
- throw throwable;
- }
- }
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionDestroyRegionParenQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY_REGION_PAREN;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- try {
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- } catch (Throwable throwable) {
- if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
- throw throwable;
- }
- }
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionGetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_GET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[0]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCannotExecuteQueryShouldGetExceptionForSelectRegionPutQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_PUT;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokeRegionPutForSelectRegionPutQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_PUT;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCanExecuteQueryShouldReceiveExceptionForSelectRegionPutIfAbsentQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_PUT_IF_ABSENT;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokePutIfAbsentForSelectRegionPutIfAbsentQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_PUT_IF_ABSENT;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void checkUserAuthorizationsForSelectRegionRemoveQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_REMOVE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokedRegionRemoveForSelectRegionRemoveQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_REMOVE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCannExecuteQueryShouldReceiveExpectedResultsForSelectRegionReplaceQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_REPLACE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCannotExecuteQueryShouldReceiveExceptionForSelectRegionReplaceQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_REPLACE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetInterestListRegexRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_INTEREST_LIST_REGEX_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetInterestListRegexParenRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_INTEREST_LIST_REGEX_PAREN_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Geode Method Tests ----- */
-
-
- /* ----- Whitelisted Methods Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectValuesQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_VALUES;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectKeySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_KEYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(keys);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectEntriesQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_ENTRIES;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(keys);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_ENTRY_SET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(REGION_PUT_KEY, REGION_PUT_KEY + "1");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectKeyFromEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_KEY_FROM_REGION_ENTRYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(keys);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetKeyFromEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_KEY_FROM_REGION_ENTRYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(keys);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectValueFromEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_VALUE_FROM_REGION_ENTRYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetValueFromEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_VALUE_FROM_REGION_ENTRYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByToStringQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_TO_STRING;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectToStringQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_TO_STRING_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("Test_Object", "Test_Object");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByToStringToUpperCaseQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_TO_STRING_TO_UPPER_CASE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByToStringToLowerCaseQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_TO_STRING_TO_LOWER_CASE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectIntValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_INT_VALUE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(0, 3);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectLongValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_LONG_VALUE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(0L, 3L);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDoubleValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_DOUBLE_VALUE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(0d, 3d);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectShortValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_SHORT_VALUE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList((short) 0, (short) 3);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Whitelisted Methods Tests ----- */
-
- /* ----- Blacklisted Methods Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByGetClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_GET_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByGetClassParenQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_GET_CLASS_PAREN;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetClassRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_CLASS_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetClassParenRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_CLASS_PAREN_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectClassRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_CLASS_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByCapitalClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_CAPITAL_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCapitalClassRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_CAPITAL_CLASS_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionGetClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_GET_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionGetClassParenQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_GET_CLASS_PAREN;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionCapitalClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CAPITAL_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionCloneQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CLONE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectToDateQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_TO_DATE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- QueryTestObject obj1 = new QueryTestObject(0, "John");
- obj1.setDateField("08/08/2018");
- QueryTestObject obj2 = new QueryTestObject(3, "Beth");
- obj2.setDateField("08/08/2018");
- Object[] values = {obj1, obj2};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- public void userWithRegionAccessAndPassingInWrappedbindParameterShouldExecute() {
- String user = "dataReaderRegion";
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- String query = "select v from $1 r, r.values() v";
- String regexForExpectedException = ".*DATA:READ.*";
- specificUserClient.invoke(()-> {
- Region region = getClientCache().getRegion(regionName);
- HashSet hashset = new HashSet();
- hashset.add(region);
- getClientCache().getQueryService().newQuery(query).execute(new Object[]{hashset});
- });
- }
-
- @Test
- public void userWithoutRegionAccessAndPassingInWrappedBindParameterShouldThrowException() {
- String user = "dataReaderRegionKey";
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- String query = "select v from $1 r, r.values() v";
- String regexForExpectedException = ".*DATA:READ.*";
- specificUserClient.invoke(()-> {
- Region region = getClientCache().getRegion(regionName);
- HashSet hashset = new HashSet();
- hashset.add(region);
- assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[]{hashset}, regexForExpectedException);
- });
- }
-
- //If DummyQRegion is every serializable, then this test will fail and a security hole with query will have been opened
- //That means a user could wrap a region in a dummy region and bypass the MethodInvocationAuthorizer
- @Test
- public void userWithoutRegionAccessAndPassingInWrappedInDummyQRegionBindParameterShouldThrowSerializationException() {
- String user = "dataReaderRegionKey";
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- String query = "select v from $1 r, r.values() v";
- String regexForExpectedException = ".*failed serializing object.*";
- specificUserClient.invoke(()-> {
- Region region = getClientCache().getRegion(regionName);
- HashSet hashset = new HashSet();
- hashset.add(new DummyQRegion(region));
- assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[]{hashset}, regexForExpectedException);
- });
- }
-
- public static class QueryTestObject implements Serializable {
- public int id = -1;
-
- private String name;
- private String Class;
-
- public Date dateField;
-
- public QueryTestObject(int id, String name) {
- this.id = id;
- this.name = name;
- }
-
- public String getName() {
- return name;
- }
-
- public String someMethod() {
- return name + ":" + id;
- }
-
- public void setDateField(String dateString) {
- try {
- SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
- dateField = sdf.parse(dateString);
- } catch (ParseException e) {
-
- }
- }
-
- @Override
- public String toString() {
- return "Test_Object";
- }
-
- @Override
- public boolean equals(Object obj) {
- QueryTestObject qto = (QueryTestObject) obj;
- return (this.id == qto.id && this.name.equals(qto.getName()));
- }
- }
-}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityRestrictedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityRestrictedQueriesDUnitTest.java
new file mode 100644
index 0000000..bf39447
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityRestrictedQueriesDUnitTest.java
@@ -0,0 +1,318 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.io.Serializable;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.RegionDestroyedException;
+import org.apache.geode.cache.client.Pool;
+import org.apache.geode.cache.client.PoolManager;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.dunit.VM;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class QuerySecurityRestrictedQueriesDUnitTest extends QuerySecurityBase {
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureCache() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ protected String regexForExpectedExceptions = ".*Unauthorized access.*";
+
+
+ /* ----- Implicit Getter Tests ----- */
+ @Test
+ public void checkUserAuthorizationsForSelectByImplicitGetterQuery() {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectImplicitGetterQuery() {
+ String query = "select r.name from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectCountOfImplicitGetterQuery() {
+ String query = "select count(r.name) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMaxOfImplicitGetterQuery() {
+ String query = "select max(r.name) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMinOfImplicitGetterQuery() {
+ String query = "select min(r.name) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectImplicitGetterFromRegionByImplicitGetterFromRegionQuery() {
+ String query = "select * from /" + regionName + " r1 where r1.name in (select r2.name from /"
+ + regionName + " r2)";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+ /* ----- Implicit Getter Tests ----- */
+
+ /* ----- Direct Getter Tests ----- */
+ @Test
+ public void checkUserAuthorizationsForSelectByDirectGetterQuery() {
+ String query = "select * from /" + regionName + " r where r.getName = 'Beth'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectDirectGetterQuery() {
+ String query = "select r.getName() from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectCountOfDirectGetterQuery() {
+ String query = "select count(r.getId) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMaxOfDirectGetterQuery() {
+ String query = "select max(r.getId()) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMinOfDirectGetterQuery() {
+ String query = "select min(getId()) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectDirectGetterFromRegionByDirectGetterFromRegionQuery() {
+ String query = "select * from /" + regionName
+ + " r1 where r1.getName in (select r2.getName from /" + regionName + " r2)";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionContainsValueQuery() {
+ String query = "select * from /" + regionName + ".containsValue('value')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void usersWhoCanExecuteQueryShouldNotInvokeRegionCreateForSelectRegionCreateQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".create('key2', 15)";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+
+ @Test
+ // @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+ public void usersWhoCanExecuteQueryShouldGetResultsForSelectCreateFromRegionQuery()
+ throws Exception {
+ String query = "select r.create('key2', 15) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+ @Test
+ // @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+ public void usersWhoCanExecuteQueryShouldNotInvokeDestroyForSelectRegionDestroyQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".destroyKey('" + keys[0] + "')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionDestroyRegionQuery() {
+ String query = "select * from /" + regionName + ".destroyRegion()";
+ try {
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ } catch (Throwable throwable) {
+ if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
+ throw throwable;
+ }
+ }
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionGetQuery() {
+ String query = "select * from /" + regionName + ".getKey('" + keys[0] + "')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void usersWhoCanExecuteQueryShouldNotInvokeRegionPutForSelectRegionPutQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".put('key-2', 'something')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+
+
+ @Test
+ public void usersWhoCanExecuteQueryShouldNotInvokePutIfAbsentForSelectRegionPutIfAbsentQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".putIfAbsent('key-2', 'something')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+
+ @Test
+ @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+ public void usersWhoCanExecuteQueryShouldNotInvokedRegionRemoveForSelectRegionRemoveQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".remove('key-0')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+ @Test
+ @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+ public void usersWhoCannExecuteQueryShouldReceiveExpectedResultsForSelectRegionReplaceQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".replace('key-0', 'something')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetInterestListRegexRegionQuery() {
+ String query = "select r.getInterestListRegex from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetInterestListRegexParenRegionQuery() {
+ String query = "select r.getInterestListRegex() from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByGetClassQuery() {
+ String query = "select * from /" + regionName + " r where r.getClass != '1'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetClassRegionQuery() {
+ String query = "select r.getClass from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetClassWithParenthesisRegionQuery() {
+ String query = "select r.getClass() from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByClassQuery() {
+ String query = "select * from /" + regionName + " r where r.getClass != 'blah'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByGetClassWithParenthesisQuery() {
+ String query = "select * from /" + regionName + " r where r.getClass() != '1'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+
+ @Test
+ public void checkUserAuthorizationsForSelectByCapitalClassQuery() {
+ String query = "select * from /" + regionName + " r where r.Class != '1'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionCloneQuery() {
+ String query = "select * from /" + regionName + ".clone";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityUnauthorizedUserBindParameterDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityUnauthorizedUserBindParameterDUnitTest.java
new file mode 100644
index 0000000..47647be
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityUnauthorizedUserBindParameterDUnitTest.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.util.HashSet;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.query.internal.index.DummyQRegion;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+public class QuerySecurityUnauthorizedUserBindParameterDUnitTest extends QuerySecurityBase {
+
+ @Before
+ public void configureCache() {
+ String user = "dataReaderRegionKey";
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ @Test
+ public void userWithoutRegionAccessAndPassingInWrappedBindParameterShouldThrowException() {
+ String query = "select v from $1 r, r.values() v";
+ String regexForExpectedException = ".*DATA:READ.*";
+ specificUserClient.invoke(() -> {
+ Region region = getClientCache().getRegion(regionName);
+ HashSet hashset = new HashSet();
+ hashset.add(region);
+ assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[] {hashset},
+ regexForExpectedException);
+ });
+ }
+
+
+ // If DummyQRegion is ever serializable, then this test will fail and a security hole with query
+ // will have been opened
+ // That means a user could wrap a region in a dummy region and bypass the
+ // RestrictedMethodInvocationAuthorizer
+ @Test
+ public void userWithoutRegionAccessAndPassingInWrappedInDummyQRegionBindParameterShouldThrowSerializationException() {
+ String query = "select v from $1 r, r.values() v";
+ String regexForExpectedException = ".*failed serializing object.*";
+ specificUserClient.invoke(() -> {
+ Region region = getClientCache().getRegion(regionName);
+ HashSet hashset = new HashSet();
+ hashset.add(new DummyQRegion(region));
+ assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[] {hashset},
+ regexForExpectedException);
+ });
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java b/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java
index 4c44f33..bd87ae9 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java
@@ -21,445 +21,26 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
-import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
+import org.apache.geode.cache.query.internal.RestrictedMethodInvocationAuthorizer;
import org.apache.geode.security.ResourcePermission;
import org.apache.geode.security.ResourcePermission.Operation;
import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.security.TestSecurityManager;
public class UserPermissions {
-
- // Must be the same as the region specified for the region specific users in the clientServer.json
- public static final String REGION_NAME = "region";
-
- public static List<String> RESTRICTED_METHOD_ACCESS_PERMISSIONS;
-
- public static final String SELECT_FROM_REGION_BY_FORMAT =
- "select * from /" + REGION_NAME + " r where r.%s = %s";
- public static final String SELECT_FORMAT_FROM_REGION = "select r.%s from /" + REGION_NAME + " r";
- public static final String SELECT_COUNT_OF_FORMAT_FROM_REGION =
- "select count(r.%s) from /" + REGION_NAME + " r";
- public static final String SELECT_MAX_OF_FORMAT_FROM_REGION =
- "select max(r.%s) from /" + REGION_NAME + " r";
- public static final String SELECT_MIN_OF_FORMAT_FROM_REGION =
- "select min(r.%s) from /" + REGION_NAME + " r";
- public static final String SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT = "select * from /"
- + REGION_NAME + " r1 where r1.%1$s in (select r2.%1$s from /" + REGION_NAME + " r2)";
- public static final String SELECT_FROM_REGION_FORMAT = "select * from /" + REGION_NAME + ".%s";
- public static final String SELECT_FORMAT_FROM_REGION_ENTRYSET =
- "select e.%s from /" + REGION_NAME + ".entrySet e";
-
- public static final String SELECT_FROM_REGION_WITH_NUMERIC_METHOD =
- "select * from /" + REGION_NAME + " r where r.%s > 0";
- public static final String SELECT_NUMERIC_FROM_REGION_RESULTS =
- "select r.%s from /" + REGION_NAME + " r";
-
- // Regular ad hoc query
- public static final String SELECT_ALL_FROM_REGION = "select * from /" + REGION_NAME;
- // Testing public field getting
- public static final String SELECT_FROM_REGION_BY_PUBLIC_FIELD =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "id", 1);
- public static final String SELECT_PUBLIC_FIELD_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "id");
- public static final String SELECT_COUNT_OF_PUBLIC_FIELD_FROM_REGION =
- String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "id");
- public static final String SELECT_MAX_OF_PUBLIC_FIELD_FROM_REGION =
- String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "id");
- public static final String SELECT_MIN_OF_PUBLIC_FIELD_FROM_REGION =
- String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "id");
- public static final String SELECT_FROM_REGION_WHERE_PUBLIC_FIELD_IN_REGION_PUBLIC_FIELDS =
- String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "id");
-
- // Testing getter invocation
- public static final String SELECT_FROM_REGION_BY_IMPLICIT_GETTER =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "name", "'Beth'");
- public static final String SELECT_IMPLICIT_GETTER_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "name");
- public static final String SELECT_COUNT_OF_IMPLICIT_GETTER_FROM_REGION =
- String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "name");
- public static final String SELECT_MAX_OF_IMPLICIT_GETTER_FROM_REGION =
- String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "name");
- public static final String SELECT_MIN_OF_IMPLICIT_GETTER_FROM_REGION =
- String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "name");
- public static final String SELECT_FROM_REGION1_WHERE_IMPLICIT_GETTER_IN_REGION2_IMPLICIT_GETTERS =
- String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "name");
- public static final String SELECT_FROM_REGION_BY_DIRECT_GETTER =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "getName", "'Beth'");
- public static final String SELECT_DIRECT_GETTER_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getName");
- public static final String SELECT_COUNT_OF_DIRECT_GETTER_FROM_REGION =
- String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "getName");
- public static final String SELECT_MAX_OF_DIRECT_GETTER_FROM_REGION =
- String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "getName");
- public static final String SELECT_MIN_OF_DIRECT_GETTER_FROM_REGION =
- String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "getName");
- public static final String SELECT_FROM_REGION_WHERE_DIRECT_GETTER_IN_REGION_DIRECT_GETTERS =
- String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "getName");
-
- // Testing custom method invocation
- public static final String SELECT_FROM_REGION_BY_DEPLOYED_METHOD =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "someMethod", "'John:1'");
- public static final String SELECT_DEPLOYED_METHOD_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "someMethod");
- public static final String SELECT_COUNT_OF_DEPLOYED_METHOD_FROM_REGION =
- String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "someMethod");
- public static final String SELECT_MAX_OF_DEPLOYED_METHOD_FROM_REGION =
- String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "someMethod");
- public static final String SELECT_MIN_OF_DEPLOYED_METHOD_FROM_REGION =
- String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "someMethod");;
- public static final String SELECT_FROM_REGION_WHERE_DEPLOYED_METHOD_IN_REGION_DEPLOYED_METHODS =
- String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "someMethod");
-
- // Geode method invocation
- public static final String SELECT_FROM_REGION_CONTAINS_KEY =
- String.format(SELECT_FROM_REGION_FORMAT, "containsKey('key')");
- public static final String SELECT_FROM_REGION_CONTAINS_VALUE =
- String.format(SELECT_FROM_REGION_FORMAT, "containsValue(15)");
- public static final String SELECT_FROM_REGION_CREATE =
- String.format(SELECT_FROM_REGION_FORMAT, "create('key2', 15)");
- public static final String SELECT_CREATE_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "create('key2', 15)");
- public static final String SELECT_FROM_REGION_DESTROY =
- String.format(SELECT_FROM_REGION_FORMAT, "destroy('key')");
- public static final String SELECT_FROM_REGION_DESTROY_REGION =
- String.format(SELECT_FROM_REGION_FORMAT, "destroyRegion");
- public static final String SELECT_DESTROY_REGION_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "destroyRegion");
- public static final String SELECT_FROM_REGION_DESTROY_REGION_PAREN =
- String.format(SELECT_FROM_REGION_FORMAT, "destroyRegion()");
- public static final String SELECT_DESTROY_REGION_PAREN_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "destroyRegion()");
- public static final String SELECT_FROM_REGION_GET =
- String.format(SELECT_FROM_REGION_FORMAT, "get('key')");
- public static final String SELECT_FROM_REGION_PUT =
- String.format(SELECT_FROM_REGION_FORMAT, "put('key2', 20)");
- public static final String SELECT_FROM_REGION_PUT_IF_ABSENT =
- String.format(SELECT_FROM_REGION_FORMAT, "putIfAbsent('key2', 20)");
- public static final String SELECT_FROM_REGION_REMOVE =
- String.format(SELECT_FROM_REGION_FORMAT, "remove('key')");
- public static final String SELECT_FROM_REGION_REPLACE =
- String.format(SELECT_FROM_REGION_FORMAT, "replace('key', 25)");
- public static final String SELECT_GET_INTEREST_LIST_REGEX_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getInterestListRegex");
- public static final String SELECT_GET_INTEREST_LIST_REGEX_PAREN_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getInterestListRegex()");
-
- // JDK method invocation
- public static final String SELECT_ADD_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "add('test')");
- public static final String SELECT_REMOVE_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "remove('key')");
- public static final String SELECT_FROM_REGION_TO_DATE =
- "SELECT * FROM /" + REGION_NAME + " where dateField = to_date('08/08/2018', 'MM/dd/yyyy')";
-
- // JDK numeric methods
- public static final String SELECT_INT_VALUE_FROM_REGION =
- String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.intValue");
- public static final String SELECT_LONG_VALUE_FROM_REGION =
- String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.longValue");
- public static final String SELECT_DOUBLE_VALUE_FROM_REGION =
- String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.doubleValue");
- public static final String SELECT_SHORT_VALUE_FROM_REGION =
- String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.shortValue");
-
- // Testing whitelisted methods
- public static final String SELECT_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getKey, e.getValue");
- public static final String SELECT_FROM_REGION_VALUES =
- String.format(SELECT_FROM_REGION_FORMAT, "values");
- public static final String SELECT_FROM_REGION_KEYSET =
- String.format(SELECT_FROM_REGION_FORMAT, "keySet");
- public static final String SELECT_FROM_REGION_ENTRIES =
- "select e.getKey from /" + REGION_NAME + ".entries e";
- public static final String SELECT_FROM_REGION_ENTRY_SET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getKey");
- public static final String SELECT_KEY_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "key");
- public static final String SELECT_GET_KEY_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getKey");
- public static final String SELECT_VALUE_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "value");
- public static final String SELECT_GET_VALUE_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getValue");
- public static final String SELECT_FROM_REGION_BY_TO_STRING =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "toString", "'Test_Object'");
- public static final String SELECT_TO_STRING_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "toString");
- public static final String SELECT_FROM_REGION_BY_TO_STRING_TO_UPPER_CASE =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "toString.toUpperCase", "'TEST_OBJECT'");
- public static final String SELECT_FROM_REGION_BY_TO_STRING_TO_LOWER_CASE =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "toString.toLowerCase", "'test_object'");
-
- // Testing blocked methods
- public static final String SELECT_FROM_REGION_BY_GET_CLASS =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "getClass", "'org.apache'");
- public static final String SELECT_FROM_REGION_BY_GET_CLASS_PAREN =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "getClass()", "'org.apache'");
- public static final String SELECT_GET_CLASS_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getClass");
- public static final String SELECT_GET_CLASS_PAREN_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getClass()");
- public static final String SELECT_FROM_REGION_BY_CLASS =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "class", "'org.apache'");
- public static final String SELECT_CLASS_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "class");
- public static final String SELECT_FROM_REGION_BY_CAPITAL_CLASS =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "Class", "'org.apache'");
- public static final String SELECT_CAPITAL_CLASS_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "Class");
- public static final String SELECT_FROM_REGION_GET_CLASS =
- String.format(SELECT_FROM_REGION_FORMAT, "getClass");
- public static final String SELECT_FROM_REGION_GET_CLASS_PAREN =
- String.format(SELECT_FROM_REGION_FORMAT, "getClass()");
- public static final String SELECT_FROM_REGION_CLASS =
- String.format(SELECT_FROM_REGION_FORMAT, "class");
- public static final String SELECT_FROM_REGION_CAPITAL_CLASS =
- String.format(SELECT_FROM_REGION_FORMAT, "Class");
- public static final String SELECT_FROM_REGION_CLONE =
- String.format(SELECT_FROM_REGION_FORMAT, "clone");
- public static final String SELECT_FROM_REGION_WAIT =
- String.format(SELECT_FROM_REGION_FORMAT, "wait");
- public static final String SELECT_CLONE_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "clone");
- public static final String SELECT_WAIT_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "wait");
-
-
private TestSecurityManager manager = new TestSecurityManager();
public HashMap<String, List<String>> queryPermissions;
- public UserPermissions(String requiredSecurityTag) {
- this(Arrays.asList(requiredSecurityTag));
- }
-
- public UserPermissions(List<String> requiredSecurityTags) {
+ public UserPermissions() {
if (!manager.initializeFromJsonResource(
"org/apache/geode/management/internal/security/clientServer.json"))
throw new RuntimeException(
"Something bad happened while trying to load the TestSecurityManager with the org/apache/geode/management/internal/security/clientServer.json");
- queryPermissions = initQueryPermissions(requiredSecurityTags);
- }
-
- public ResourcePermission createResourcePermissionFromString(String perm) {
- String[] permParts = perm.split(":");
-
- Resource res = Resource.valueOf(permParts[0]);
- Operation op = Operation.valueOf(permParts[1]);
- if (permParts.length == 2)
- return new ResourcePermission(res, op);
- else {
- String target = permParts[3];
- if (permParts.length == 3)
- return new ResourcePermission(res, op, target);
- else {
- String targetKey = permParts[4];
- return new ResourcePermission(res, op, target, targetKey);
- }
- }
}
- public List<ResourcePermission> createResourcePermissionListFromStrings(String... perms) {
- List<ResourcePermission> resPerms = new ArrayList<>();
- for (String perm : perms) {
- resPerms.add(createResourcePermissionFromString(perm));
- }
- return resPerms;
- }
-
- public HashMap<String, List<String>> initQueryPermissions(List<String> requiredSecurityTags) {
- HashMap<String, List<String>> perms = new HashMap<>();
-
- String securityString = "";
- Iterator<String> iterator = requiredSecurityTags.iterator();
- while (iterator.hasNext()) {
- securityString += "(.*" + iterator.next();
- if (iterator.hasNext()) {
- securityString += ".*)|";
- }
- }
-
- RESTRICTED_METHOD_ACCESS_PERMISSIONS = Arrays.asList(
- MethodInvocationAuthorizer.UNAUTHORIZED_STRING + ".*)|" + securityString);
- perms.put(SELECT_ALL_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Public field access
- perms.put(SELECT_FROM_REGION_BY_PUBLIC_FIELD, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_COUNT_OF_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MAX_OF_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MIN_OF_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_WHERE_PUBLIC_FIELD_IN_REGION_PUBLIC_FIELDS,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Getter access
- perms.put(SELECT_FROM_REGION_BY_IMPLICIT_GETTER, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_COUNT_OF_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MAX_OF_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MIN_OF_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION1_WHERE_IMPLICIT_GETTER_IN_REGION2_IMPLICIT_GETTERS,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_DIRECT_GETTER, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_COUNT_OF_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MAX_OF_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MIN_OF_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_WHERE_DIRECT_GETTER_IN_REGION_DIRECT_GETTERS,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Deployed Methods
- perms.put(SELECT_FROM_REGION_BY_DEPLOYED_METHOD, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_COUNT_OF_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MAX_OF_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MIN_OF_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_WHERE_DEPLOYED_METHOD_IN_REGION_DEPLOYED_METHODS,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Gemfire Methods
- perms.put(SELECT_FROM_REGION_CONTAINS_KEY, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CONTAINS_VALUE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CREATE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_CREATE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_DESTROY, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_DESTROY_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DESTROY_REGION_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_DESTROY_REGION_PAREN, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DESTROY_REGION_PAREN_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_GET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_PUT, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_PUT_IF_ABSENT, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_REMOVE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_REPLACE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_INTEREST_LIST_REGEX_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_INTEREST_LIST_REGEX_PAREN_FROM_REGION,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // JDK Methods
- perms.put(SELECT_ADD_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_REMOVE_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_TO_DATE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Numeric Methods
- perms.put(SELECT_INT_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_LONG_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DOUBLE_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_SHORT_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Whitelisted Methods
- perms.put(SELECT_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_VALUES, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_KEYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_ENTRIES, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_ENTRY_SET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_KEY_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_KEY_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_VALUE_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_VALUE_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_TO_STRING, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_TO_STRING_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_TO_STRING_TO_UPPER_CASE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_TO_STRING_TO_LOWER_CASE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Blacklisted Methods
- perms.put(SELECT_FROM_REGION_BY_GET_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_GET_CLASS_PAREN, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_CLASS_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_CLASS_PAREN_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_CLASS_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_CAPITAL_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_CAPITAL_CLASS_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_GET_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_GET_CLASS_PAREN, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CAPITAL_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CLONE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_WAIT, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_CLONE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_WAIT_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- return perms;
- }
-
- public static List<String> getAllUsers() {
- return Arrays.asList("stranger", "dataReader", "dataReaderRegion", "dataReaderRegionKey",
- "clusterManager", "clusterManagerQuery", "clusterManagerDataReader",
- "clusterManagerDataReaderRegion", "clusterManagerDataReaderRegionKey", "super-user"); // Includes
- // all
- // cluster
- // permissions
- // (READ,
- // WRITE,
- // MANAGE)
- // as
- // well
- // as
- // all
- // data
- // privileges
- // (READ,
- // WRITE,
- // MANAGE)
- }
-
- private List<String> getUserResourcePermissions(String user) {
- List<String> userPerms = new ArrayList<>();
- Set<TestSecurityManager.Role> userRoles = manager.getUser(user).getRoles();
-
- for (TestSecurityManager.Role role : userRoles) {
- for (ResourcePermission perm : role.getPermissions()) {
- userPerms.add(perm.toString());
- }
- }
- return userPerms;
- }
-
- public List<String> getMissingUserAuthorizationsForQuery(String user, String query) {
- List<String> foundPerms = new ArrayList<>();
- List<String> userPerms = getUserResourcePermissions(user);
- List<String> reqPerms = queryPermissions.get(query);
-
- System.out.println("userPerms: " + userPerms);
- System.out.println("reqPerms: " + reqPerms);
-
- for (String reqPerm : reqPerms) {
- for (String userPerm : userPerms) {
- if (userPerm.equals(reqPerm)) {
- foundPerms.add(reqPerm);
- } else {
- String[] reqPermParts = reqPerm.split(":");
- String[] userPermParts = userPerm.split(":");
- if (reqPermParts.length > userPermParts.length) {
- boolean hasGenericPerm = true;
- for (int i = 0; i < userPermParts.length; i++) {
- if (!reqPermParts[i].equals(userPermParts[i])) {
- hasGenericPerm = false;
- break;
- }
- }
-
- if (hasGenericPerm) {
- foundPerms.add(reqPerm);
- }
- }
- }
- }
- }
-
- List<String> missingPerms = new ArrayList<>(reqPerms);
- missingPerms.removeAll(foundPerms);
- System.out.println("Missing perms: " + missingPerms);
- return missingPerms;
- }
public String getUserPassword(String user) {
return manager.getUser(user).getPassword();
}
- public String regexForExpectedException(List<String> expectedExceptionMessages) {
- String authErrorRegexp = "(.*" + String.join(".*)|(.*", expectedExceptionMessages) + ".*)";
- return authErrorRegexp;
- }
-
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/data/PdxQueryTestObject.java b/geode-core/src/test/java/org/apache/geode/security/query/data/PdxQueryTestObject.java
new file mode 100644
index 0000000..e2c2ff4
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/data/PdxQueryTestObject.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query.data;
+
+import java.io.Serializable;
+
+import org.apache.geode.pdx.PdxReader;
+import org.apache.geode.pdx.PdxSerializable;
+import org.apache.geode.pdx.PdxWriter;
+
+public class PdxQueryTestObject
+ implements PdxSerializable, Serializable /* just to pass around in test code */ {
+ public int id = -1;
+ private String name;
+ private int age = 1;
+
+ private boolean shouldThrowException = true;
+
+
+ public PdxQueryTestObject() {
+
+ }
+
+ public PdxQueryTestObject(int id, String name) {
+ this.id = id;
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public String toString() {
+ return "Test_Object";
+ }
+
+ public int getAge() {
+ return age;
+ }
+
+ @Override
+ public void toData(PdxWriter writer) {
+ writer.writeInt("id", id);
+ writer.writeString("getName", name);
+ }
+
+ @Override
+ public void fromData(PdxReader reader) {
+ id = reader.readInt("id");
+ name = reader.readString("getName");
+ }
+
+ public boolean equals(Object o) {
+ if (o instanceof PdxQueryTestObject) {
+ PdxQueryTestObject other = (PdxQueryTestObject) o;
+ return other.id == this.id && other.name.equals(this.name);
+ }
+ return false;
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/data/QueryTestObject.java b/geode-core/src/test/java/org/apache/geode/security/query/data/QueryTestObject.java
new file mode 100644
index 0000000..70b535d
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/data/QueryTestObject.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query.data;
+
+import java.io.Serializable;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+public class QueryTestObject implements Serializable {
+ public int id = -1;
+
+ private String name;
+
+ public Date dateField;
+
+ public QueryTestObject(int id, String name) {
+ this.id = id;
+ this.name = name;
+ }
+
+ public int getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String someMethod() {
+ return name + ":" + id;
+ }
+
+ public void setDateField(String dateString) {
+ try {
+ SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
+ dateField = sdf.parse(dateString);
+ } catch (ParseException e) {
+
+ }
+ }
+
+ @Override
+ public String toString() {
+ return "Test_Object";
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ QueryTestObject qto = (QueryTestObject) obj;
+ return (this.id == qto.id && this.name.equals(qto.getName()));
+ }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityAuthorizedUserDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityAuthorizedUserDUnitTest.java
new file mode 100644
index 0000000..298a273
--- /dev/null
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityAuthorizedUserDUnitTest.java
@@ -0,0 +1,267 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.cq.dunit;
+
+import static org.apache.geode.internal.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+import junitparams.Parameters;
+import org.awaitility.Awaitility;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.query.CqAttributesFactory;
+import org.apache.geode.cache.query.CqEvent;
+import org.apache.geode.cache.query.CqException;
+import org.apache.geode.cache.query.CqListener;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.RegionNotFoundException;
+import org.apache.geode.security.query.QuerySecurityBase;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityAuthorizedUserDUnitTest extends QuerySecurityBase {
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureSpecificClientAndKeyAndValues() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0"};
+ values = new Object[] {new QueryTestObject(0, "John")};
+ }
+
+ // Variables that need to be shared across invoke calls.
+ protected static CqSecurityTestCqListener cqListener = null;
+
+ private String regexForExpectedExceptions = ".*Unauthorized access.*";
+
+ @Test
+ public void cqExecuteNoMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeAllowed()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+ String query = "select * from /" + regionName + " r where r.id = 0";
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ });
+
+ putIntoRegion(superUserClient, keys, new Object[] {new QueryTestObject(0, "Bethany")},
+ regionName);
+
+ specificUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumEvent()));
+ });
+ }
+
+ @Test
+ public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+ @Test
+ public void cqExecuteWithInitialResultsWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeDeniedBecauseOfInvocation()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqWithInitialResultsButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+
+ @Test
+ public void cqExecuteWithInitialResultsWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError()
+ throws Exception {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.executeWithInitialResults();
+ });
+
+ Object[] keys = {"key-0"};
+ Object[] values = {new QueryTestObject(1, "Mary")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ specificUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumErrors()));
+ });
+ }
+
+ @Test
+ public void cqExecuteWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError()
+ throws Exception {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";;
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ });
+
+ Object[] keys = {"key-0"};
+ Object[] values = {new QueryTestObject(1, "Mary")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ specificUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumErrors()));
+ });
+ }
+
+ @Test
+ public void cqCanBeClosedByTheCreator() throws Exception {
+ String query = "select * from /" + regionName + " r where r.id = 0";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ cq.close();
+ assertTrue(cq.isClosed());
+ });
+ assertEquals(0, server.getCache().getCqService().getAllCqs().size());
+ }
+
+
+ protected CqQuery createCq(QueryService queryService, String query, CqListener cqListener)
+ throws CqException {
+ CqAttributesFactory cqaf = new CqAttributesFactory();
+ cqaf.addCqListener(cqListener);
+ CqQuery cq = queryService.newCq(query, cqaf.create());
+ return cq;
+ }
+
+ protected void executeCqButExpectException(CqQuery cq, String user,
+ String regexForExpectedException) {
+ try {
+ cq.execute();
+ fail("Expected an exception when executing cq:" + cq.getQueryString() + " with user:" + user);
+ } catch (RegionNotFoundException | CqException e) {
+ if (!e.getMessage().matches(regexForExpectedException)) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause.getMessage().matches(regexForExpectedException)) {
+ return;
+ }
+ cause = cause.getCause();
+ }
+ e.printStackTrace();
+ fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
+ }
+ }
+ }
+
+ private void executeCqWithInitialResultsButExpectException(CqQuery cq, String user,
+ String regexForExpectedException) {
+ try {
+ cq.executeWithInitialResults();
+ fail("Expected an exception when executing cq:" + cq + " with user:" + user);
+ } catch (RegionNotFoundException | CqException e) {
+ e.printStackTrace();
+ if (!e.getMessage().matches(regexForExpectedException)) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause.getMessage() != null && cause.getMessage().matches(regexForExpectedException)) {
+ return;
+ }
+ cause = cause.getCause();
+ }
+ e.printStackTrace();
+ fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
+ }
+ }
+
+ }
+
+ public class CqSecurityTestCqListener implements CqListener {
+
+ private int numEvents = 0;
+ private int numErrors = 0;
+
+ @Override
+ public void onEvent(CqEvent aCqEvent) {
+ numEvents++;
+ }
+
+ @Override
+ public void onError(CqEvent aCqEvent) {
+ numErrors++;
+ }
+
+ public int getNumEvent() {
+ return numEvents;
+ }
+
+ public int getNumErrors() {
+ return numErrors;
+ }
+
+ @Override
+ public void close() {
+
+ }
+ }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityDUnitTest.java
deleted file mode 100644
index d2bc8ec..0000000
--- a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityDUnitTest.java
+++ /dev/null
@@ -1,424 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.cache.query.cq.dunit;
-
-import static org.apache.geode.internal.Assert.assertTrue;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.awaitility.Awaitility;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.query.CqAttributesFactory;
-import org.apache.geode.cache.query.CqEvent;
-import org.apache.geode.cache.query.CqException;
-import org.apache.geode.cache.query.CqListener;
-import org.apache.geode.cache.query.CqQuery;
-import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.cache.query.RegionNotFoundException;
-import org.apache.geode.security.query.QuerySecurityBase;
-import org.apache.geode.security.query.QuerySecurityDUnitTest;
-import org.apache.geode.security.query.UserPermissions;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class CqSecurityDUnitTest extends QuerySecurityBase {
-
- protected UserPermissions configurePermissions() {
- return new UserPermissions(Arrays.asList("DATA:READ"));
- }
-
- // Variables that need to be shared across invoke calls.
- protected static CqSecurityTestCqListener cqListener = null;
-
- // Should be the same as the key specified for the region key specific users in the
- // clientServer.json
- public static final String REGION_PUT_KEY = "key";
-
- public List<String> getAllUsersThatCannotInvokeCq() {
- return Arrays.asList("stranger", "dataReaderRegionKey", "clusterManagerQuery", "clusterManagerDataReaderRegionKey");
- }
-
- public List<String> getAllUsersThatCanInvokeCq() {
- return Arrays.asList(
- "dataReader", "dataReaderRegion", "clusterManagerDataReader", "clusterManagerDataReaderRegion", "super-user");
- }
-
-
- public List<String> getAllUsersOnlyAllowedWrite() {
- return Arrays.asList(
- "dataWriter");
- }
-
-
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqExecuteNoMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeAllowed(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- });
-
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- specificUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumEvent()));
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCannotInvokeCq")
- public void cqExecuteNoMethodInvocationWithUsersWithoutCqPermissionsWithPrepopulatedRegionShouldThrowSecurityException(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqButExpectException(cq, user, regexForExpectedExceptions);
- });
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqButExpectException(cq, user, regexForExpectedExceptions);
- });
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void cqExecuteWithInitialResultsWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeDeniedBecauseOfInvocation(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqWithInitialResultsButExpectException(cq, user,regexForExpectedExceptions);
- });
- }
-
-
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqExecuteWithInitialResultsWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- // execute cq
- // put into region
- // security should trigger listener with error
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- specificUserClient.invoke(() -> {
- String regionName = UserPermissions.REGION_NAME;
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.executeWithInitialResults();
- });
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- specificUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumErrors()));
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCannotInvokeCq")
- public void cqExecuteWithInitialResultsWithMethodInvocationWithoutPermissionWithUnpopulatedRegionThrowSecurityException(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- // execute cq
- // put into region
- // security should trigger listener with error
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqWithInitialResultsButExpectException(cq, user,regexForExpectedExceptions);
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqExecuteWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- // execute cq
- // put into region
- // security should trigger listener wit gh error
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- });
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- specificUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumErrors()));
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCannotInvokeCq")
- public void cqExecuteWithOutPermissionsWithUnpopulatedRegionShouldNotAllowCq(String user)
- throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- // execute cq
- // put into region
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqButExpectException(cq, user, regexForExpectedExceptions);
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersOnlyAllowedWrite")
- public void cqCreatedByAllowedUserButPutDoneByUnallowedReaderShouldStillExecuteWithCqEvent(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-
- superUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- });
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(specificUserClient, keys, values, UserPermissions.REGION_NAME);
-
- superUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumEvent()));
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqCanBeClosedByTheCreator(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- cq.close();
- assertTrue(cq.isClosed());
- });
- assertEquals(0, server.getCache().getCqService().getAllCqs().size());
- }
-
-
- protected CqQuery createCq(QueryService queryService, String query, CqListener cqListener)
- throws CqException {
- CqAttributesFactory cqaf = new CqAttributesFactory();
- cqaf.addCqListener(cqListener);
- CqQuery cq = queryService.newCq(query, cqaf.create());
- return cq;
- }
-
- protected void executeCqButExpectException(CqQuery cq, String user,
- String regexForExpectedException) {
- try {
- cq.execute();
- fail("Expected an exception when executing cq:" + cq.getQueryString() + " with user:" + user);
- } catch (RegionNotFoundException | CqException e) {
- if (!e.getMessage().matches(regexForExpectedException)) {
- Throwable cause = e.getCause();
- while (cause != null) {
- if (cause.getMessage().matches(regexForExpectedException)) {
- return;
- }
- cause = cause.getCause();
- }
- e.printStackTrace();
- fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
- }
- }
- }
-
- private void executeCqWithInitialResultsButExpectException(CqQuery cq, String user,
- String regexForExpectedException) {
- try {
- cq.executeWithInitialResults();
- fail("Expected an exception when executing cq:" + cq + " with user:" + user);
- } catch (RegionNotFoundException | CqException e) {
- e.printStackTrace();
- if (!e.getMessage().matches(regexForExpectedException)) {
- Throwable cause = e.getCause();
- while (cause != null) {
- if (cause.getMessage() != null && cause.getMessage().matches(regexForExpectedException)) {
- return;
- }
- cause = cause.getCause();
- }
- e.printStackTrace();
- fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
- }
- }
-
- }
-
- public class CqSecurityTestCqListener implements CqListener {
-
- private int numEvents = 0;
- private int numErrors = 0;
-
- @Override
- public void onEvent(CqEvent aCqEvent) {
- numEvents++;
- }
-
- @Override
- public void onError(CqEvent aCqEvent) {
- numErrors++;
- }
-
- public int getNumEvent() {
- return numEvents;
- }
-
- public int getNumErrors() {
- return numErrors;
- }
-
- @Override
- public void close() {
-
- }
- }
-}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedAuthorizedUserDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedAuthorizedUserDUnitTest.java
new file mode 100644
index 0000000..6fe9f87
--- /dev/null
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedAuthorizedUserDUnitTest.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.cq.dunit;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityPartitionedAuthorizedUserDUnitTest
+ extends CqSecurityAuthorizedUserDUnitTest {
+ public RegionShortcut getRegionType() {
+ return RegionShortcut.PARTITION;
+ }
+
+ @Test
+ public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ });
+
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ specificUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumErrors()));
+ });
+ }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedDUnitTest.java
deleted file mode 100644
index e542e0e..0000000
--- a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedDUnitTest.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.cache.query.cq.dunit;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.awaitility.Awaitility;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.cache.query.CqQuery;
-import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.security.query.QuerySecurityDUnitTest;
-import org.apache.geode.security.query.UserPermissions;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class CqSecurityPartitionedDUnitTest extends CqSecurityDUnitTest {
- public RegionShortcut getRegionType() {
- return RegionShortcut.PARTITION;
- }
-
-
-// @Test
-// @Parameters(method = "getAllUsersThatCannotInvokeCq")
-// public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion(
-// String user) throws Exception {
-// createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-// createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-//
-// Object[] keys = {REGION_PUT_KEY};
-// Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-// putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-//
-// String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-// List<String> expectedExceptionMessages =
-// userPerms.getMissingUserAuthorizationsForQuery(user, query);
-// String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-//
-// specificUserClient.invoke(() -> {
-// QueryService queryService = getClientCache().getQueryService();
-// CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-// CqSecurityDUnitTest.cqListener = cqListener;
-// CqQuery cq = createCq(queryService, query, cqListener);
-// executeCqButExpectException(cq, user, regexForExpectedExceptions);
-// });
-// }
-//
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- });
-
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- specificUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumErrors()));
- });
- }
-}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedUnauthorizedUserDUnitTest.java
similarity index 61%
rename from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
rename to geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedUnauthorizedUserDUnitTest.java
index 4d81034..d3e3adb 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedUnauthorizedUserDUnitTest.java
@@ -12,19 +12,32 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.security.query;
+package org.apache.geode.cache.query.cq.dunit;
-import junitparams.JUnitParamsRunner;
+import static org.junit.Assert.assertEquals;
+
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.security.query.UserPermissions;
+import org.apache.geode.security.query.data.QueryTestObject;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityPartitionedUnauthorizedUserDUnitTest
+ extends CqSecurityUnauthorizedUserDUnitTest {
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityUnauthorizedUserDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityUnauthorizedUserDUnitTest.java
new file mode 100644
index 0000000..2e9fc8a
--- /dev/null
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityUnauthorizedUserDUnitTest.java
@@ -0,0 +1,215 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.cq.dunit;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.query.CqAttributesFactory;
+import org.apache.geode.cache.query.CqEvent;
+import org.apache.geode.cache.query.CqException;
+import org.apache.geode.cache.query.CqListener;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.RegionNotFoundException;
+import org.apache.geode.security.query.QuerySecurityBase;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityUnauthorizedUserDUnitTest extends QuerySecurityBase {
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"stranger", "dataReaderRegionKey", "clusterManagerQuery",
+ "clusterManagerDataReaderRegionKey", "dataWriter"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureSpecificClientAndKeyAndValues() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0"};
+ values = new Object[] {new QueryTestObject(0, "John")};
+ }
+
+ // Variables that need to be shared across invoke calls.
+ protected static CqSecurityTestCqListener cqListener = null;
+
+ public List<String> getAllUsersOnlyAllowedWrite() {
+ return Arrays.asList("dataWriter");
+ }
+
+
+ private String regexForExpectedExceptions = ".*DATA:READ:.*";
+
+ @Test
+ public void cqExecuteNoMethodInvocationWithUsersWithoutCqPermissionsWithPrepopulatedRegionShouldThrowSecurityException()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+ String query = "select * from /" + regionName + " r where r.id = 0";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+ @Test
+ public void cqExecuteWithInitialResultsWithMethodInvocationWithoutPermissionWithUnpopulatedRegionThrowSecurityException()
+ throws Exception {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqWithInitialResultsButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+ @Test
+ public void cqExecuteWithOutPermissionsWithUnpopulatedRegionShouldNotAllowCq() throws Exception {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+ @Test
+ public void cqCreatedByAllowedUserButPutDoneByUnallowedReaderShouldStillExecuteWithCqEvent()
+ throws Exception {
+ assumeTrue(user.equals("dataWriter"));
+ String query = "select * from /" + regionName + " r where r.id = 1";
+ superUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ });
+
+ Object[] keys = {"key-0"};
+ Object[] values = {new QueryTestObject(1, "Mary")};
+ putIntoRegion(specificUserClient, keys, values, regionName);
+
+ superUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumEvent()));
+ });
+ }
+
+
+ protected CqQuery createCq(QueryService queryService, String query, CqListener cqListener)
+ throws CqException {
+ CqAttributesFactory cqaf = new CqAttributesFactory();
+ cqaf.addCqListener(cqListener);
+ CqQuery cq = queryService.newCq(query, cqaf.create());
+ return cq;
+ }
+
+ protected void executeCqButExpectException(CqQuery cq, String user,
+ String regexForExpectedException) {
+ try {
+ cq.execute();
+ fail("Expected an exception when executing cq:" + cq.getQueryString() + " with user:" + user);
+ } catch (RegionNotFoundException | CqException e) {
+ if (!e.getMessage().matches(regexForExpectedException)) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause.getMessage().matches(regexForExpectedException)) {
+ return;
+ }
+ cause = cause.getCause();
+ }
+ e.printStackTrace();
+ fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
+ }
+ }
+ }
+
+ private void executeCqWithInitialResultsButExpectException(CqQuery cq, String user,
+ String regexForExpectedException) {
+ try {
+ cq.executeWithInitialResults();
+ fail("Expected an exception when executing cq:" + cq + " with user:" + user);
+ } catch (RegionNotFoundException | CqException e) {
+ e.printStackTrace();
+ if (!e.getMessage().matches(regexForExpectedException)) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause.getMessage() != null && cause.getMessage().matches(regexForExpectedException)) {
+ return;
+ }
+ cause = cause.getCause();
+ }
+ e.printStackTrace();
+ fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
+ }
+ }
+ }
+
+ public class CqSecurityTestCqListener implements CqListener {
+
+ private int numEvents = 0;
+
+ @Override
+ public void onEvent(CqEvent aCqEvent) {
+ numEvents++;
+ }
+
+ @Override
+ public void onError(CqEvent aCqEvent) {
+
+ }
+
+ public int getNumEvent() {
+ return numEvents;
+ }
+
+
+ @Override
+ public void close() {
+
+ }
+ }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java
index 9d66290..a18a4c6 100644
--- a/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java
+++ b/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java
@@ -18,27 +18,16 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANA
import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized;
import static org.apache.geode.security.SecurityTestUtil.createClientCache;
import static org.apache.geode.security.SecurityTestUtil.createProxyRegion;
-import static org.junit.Assert.assertEquals;
-import java.util.Collection;
-
-import junitparams.JUnitParamsRunner;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
import org.apache.geode.cache.Region;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.cache.client.ClientCache;
import org.apache.geode.cache.client.Pool;
import org.apache.geode.cache.client.PoolManager;
-import org.apache.geode.cache.query.CqAttributes;
-import org.apache.geode.cache.query.CqAttributesFactory;
-import org.apache.geode.cache.query.CqEvent;
-import org.apache.geode.cache.query.CqListener;
-import org.apache.geode.cache.query.CqQuery;
-import org.apache.geode.cache.query.QueryService;
import org.apache.geode.test.dunit.Host;
import org.apache.geode.test.dunit.VM;
import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
@@ -46,45 +35,27 @@ import org.apache.geode.test.junit.rules.ServerStarterRule;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
-// TODO pdx field look up
-// DataManage with region read key
-
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
public class ClientQueryAuthDUnitTest extends JUnit4DistributedTestCase {
- private static final String AUTH_REGION_NAME = "AuthRegion";
- private static final String NO_AUTH_REGION_NAME = "NoAuthRegion";
- private static final String REP_REGION_NAME = "Rep" + AUTH_REGION_NAME;
- private static final String PART_REGION_NAME = "Part" + AUTH_REGION_NAME;
-
- private static final String USER_PASSWORD = "1234567";
-
- private static final String PUT_KEY = "key1";
- private static final String PUT_VALUE = "value1";
-
+ private static String REGION_NAME = "AuthRegion";
final Host host = Host.getHost(0);
final VM client1 = host.getVM(1);
final VM client2 = host.getVM(2);
final VM client3 = host.getVM(3);
- static TestSecurityManager scManager = new TestSecurityManager();
-
@Rule
public ServerStarterRule server =
new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
.withProperty(TestSecurityManager.SECURITY_JSON,
"org/apache/geode/management/internal/security/clientServer.json")
- .withRegion(RegionShortcut.REPLICATE, REP_REGION_NAME)
- .withRegion(RegionShortcut.PARTITION, PART_REGION_NAME)
- .withRegion(RegionShortcut.PARTITION, AUTH_REGION_NAME)
- .withRegion(RegionShortcut.PARTITION, NO_AUTH_REGION_NAME);
+ .withRegion(RegionShortcut.REPLICATE, REGION_NAME);
@Test
public void testQuery() {
client1.invoke(() -> {
ClientCache cache = createClientCache("stranger", "1234567", server.getPort());
- final Region region = createProxyRegion(cache, AUTH_REGION_NAME);
+ final Region region = createProxyRegion(cache, REGION_NAME);
String query = "select * from /AuthRegion";
assertNotAuthorized(() -> region.query(query), "DATA:READ:AuthRegion");
@@ -94,120 +65,4 @@ public class ClientQueryAuthDUnitTest extends JUnit4DistributedTestCase {
"DATA:READ:AuthRegion");
});
}
-
- private void createRegionIndex(String indexName, String regionName) {
- ClientCache cache = createClientCache("super-user", USER_PASSWORD, server.getPort());
- final Region region = createProxyRegion(cache, regionName);
- // cache.getQueryService().createIndex(indexName, "id", "/" + regionName);
-
- cache.close();
- }
-
- protected void putIntoRegion(Object value, String regionName) {
- ClientCache cache = createClientCache("super-user", USER_PASSWORD, server.getPort());
- final Region region = createProxyRegion(cache, regionName);
- region.put(PUT_KEY, value);
- cache.close();
- }
-
- // @Test
- // public void testQueryWithRegionsAsBindParameters() {
- // client1.invoke(() -> {
- // putIntoRegion(PUT_VALUE, NO_AUTH_REGION_NAME);
- // ClientCache cache = createClientCache("authRegionUser", "1234567", server.getPort());
- // final Region authRegion = createProxyRegion(cache, AUTH_REGION_NAME);
- // final Region noAuthRegion = createProxyRegion(cache, NO_AUTH_REGION_NAME);
- //
- // String query = "select * from /AuthRegion";
- // authRegion.put("A", "B");
- // Pool pool = PoolManager.find(authRegion);
- // assertEquals(1, ((Collection) cache.getQueryService().newQuery(query).execute()).size());
- // HashSet regions = new HashSet();
- // regions.add(noAuthRegion);
- //
- // assertNotAuthorized(() -> pool.getQueryService().newQuery("select v from $1 r, r.values()
- // v").execute(new Object[] {regions}),
- // "DATA:READ:NoAuthRegion");
- // });
- // }
-
- @Test
- public void testCQ() {
- String query = "select * from /AuthRegion";
- client1.invoke(() -> {
- ClientCache cache = createClientCache("dataWriter", "1234567", server.getPort());
- Region region = createProxyRegion(cache, AUTH_REGION_NAME);
- Pool pool = PoolManager.find(region);
- QueryService qs = pool.getQueryService();
-
- CqAttributes cqa = new CqAttributesFactory().create();
-
- // Create the CqQuery
- CqQuery cq = qs.newCq("CQ1", query, cqa);
-
- // try {
- // cq.executeWithInitialResults();
- // }
- // catch (Exception e) {
- // System.out.println("JASON:" + e.getCause().getCause());
- //
- // }
-
- // assertNotAuthorized(() -> cq.executeWithInitialResults(), "DATA:READ:AuthRegion");
- // assertNotAuthorized(() -> cq.execute(), "DATA:READ:AuthRegion");
- cq.execute();
- region.put(PUT_KEY + "xxx", PUT_VALUE + "xxx");
- cq.close();
- // assertNotAuthorized(() -> cq.close(), "DATA:MANAGE");
- });
-
- client2.invoke(() -> {
- ClientCache cache = createClientCache("authRegionReader", "1234567", server.getPort());
- Region region = createProxyRegion(cache, AUTH_REGION_NAME);
- Pool pool = PoolManager.find(region);
- QueryService qs = pool.getQueryService();
-
- CqAttributes cqa = new CqAttributesFactory().create();
- // Create the CqQuery
- CqQuery cq = qs.newCq("CQ1", query, cqa);
- cq.execute();
-
- assertNotAuthorized(() -> cq.stop(), "DATA:MANAGE");
- assertNotAuthorized(() -> qs.getAllDurableCqsFromServer(), "CLUSTER:READ");
- });
-
- client3.invoke(() -> {
- ClientCache cache = createClientCache("super-user", "1234567", server.getPort());
- Region region = createProxyRegion(cache, AUTH_REGION_NAME);
- Pool pool = PoolManager.find(region);
- QueryService qs = pool.getQueryService();
-
- CqAttributesFactory factory = new CqAttributesFactory();
- factory.addCqListener(new CqListener() {
- @Override
- public void onEvent(final CqEvent aCqEvent) {
- System.out.println(aCqEvent);
- }
-
- @Override
- public void onError(final CqEvent aCqEvent) {
-
- }
-
- @Override
- public void close() {
-
- }
- });
-
-
- CqAttributes cqa = factory.create();
-
- // Create the CqQuery
- CqQuery cq = qs.newCq("CQ1", query, cqa);
- System.out.println("query result: " + cq.executeWithInitialResults());
-
- cq.stop();
- });
- }
}
--
To stop receiving notification emails like this one, please contact
"commits@geode.apache.org" <co...@geode.apache.org>.