You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/07/20 23:05:45 UTC
[1/2] incubator-geode git commit: GEODE-1647: add more unit test
Repository: incubator-geode
Updated Branches:
refs/heads/develop 7c2e21933 -> 50aedb1fc
GEODE-1647: add more unit test
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/50aedb1f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/50aedb1f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/50aedb1f
Branch: refs/heads/develop
Commit: 50aedb1fc025f10219f2067967eafddab32d02c5
Parents: 16b7356
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Wed Jul 20 09:42:24 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Wed Jul 20 16:04:31 2016 -0700
----------------------------------------------------------------------
.../security/GeodeSecurityUtilTest.java | 57 ++++++++++++++++++++
1 file changed, 57 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/50aedb1f/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
index a26f06a..272b04f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
@@ -17,9 +17,13 @@
package com.gemstone.gemfire.internal.security;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import static org.assertj.core.api.Java6Assertions.*;
import static org.junit.Assert.*;
+import java.util.Properties;
+
+import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
@@ -28,6 +32,12 @@ import com.gemstone.gemfire.test.junit.categories.UnitTest;
@Category(UnitTest.class)
public class GeodeSecurityUtilTest {
+ Properties properties;
+ @Before
+ public void before(){
+ properties = new Properties();
+ GeodeSecurityUtil.initSecurity(properties);
+ }
@Test
public void testGetObjectFromConstructor(){
@@ -61,6 +71,53 @@ public class GeodeSecurityUtilTest {
.isInstanceOf(GemFireSecurityException.class);
}
+ @Test
+ public void testInitialSecurityFlags() {
+ // initial state of GeodeSecurityUtil
+ assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
+ assertFalse(GeodeSecurityUtil.isIntegratedSecurity());
+ assertFalse(GeodeSecurityUtil.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void testInitWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ GeodeSecurityUtil.initSecurity(properties);
+ assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
+ assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
+ assertTrue(GeodeSecurityUtil.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void testInitWithClientAuthenticator()
+ {
+ properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test");
+ GeodeSecurityUtil.initSecurity(properties);
+ assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
+ assertFalse(GeodeSecurityUtil.isIntegratedSecurity());
+ assertFalse(GeodeSecurityUtil.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void testInitWithPeerAuthenticator()
+ {
+ properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test");
+ GeodeSecurityUtil.initSecurity(properties);
+ assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
+ assertFalse(GeodeSecurityUtil.isIntegratedSecurity());
+ assertTrue(GeodeSecurityUtil.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void testInitWithShiroAuthenticator()
+ {
+ properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
+ GeodeSecurityUtil.initSecurity(properties);
+ assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
+ assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
+ assertTrue(GeodeSecurityUtil.isPeerSecurityRequired());
+ }
+
private static class Factories{
public static String getString(){
return new String();
[2/2] incubator-geode git commit: GEODE-1647: Add Integrated Security
to Peer Authentication
Posted by ji...@apache.org.
GEODE-1647: Add Integrated Security to Peer Authentication
* This closes #210
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/16b73564
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/16b73564
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/16b73564
Branch: refs/heads/develop
Commit: 16b73564f638aea652842dd071d01e1e3d5ad204
Parents: 7c2e219
Author: gmeilen <gr...@gmail.com>
Authored: Mon Jul 18 13:13:11 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Wed Jul 20 16:04:31 2016 -0700
----------------------------------------------------------------------
.../membership/gms/auth/GMSAuthenticator.java | 79 +++++-----
.../gms/interfaces/Authenticator.java | 6 +-
.../membership/gms/membership/GMSJoinLeave.java | 2 +-
.../cache/tier/sockets/AcceptorImpl.java | 2 +-
.../internal/cache/tier/sockets/HandShake.java | 6 +-
.../gemfire/internal/i18n/LocalizedStrings.java | 4 +-
.../internal/security/GeodeSecurityUtil.java | 45 +++---
.../templates/SampleSecurityManager.java | 5 +
.../internal/DistributionConfigJUnitTest.java | 2 +-
.../gms/auth/GMSAuthenticatorJUnitTest.java | 37 +++--
.../gms/membership/GMSJoinLeaveJUnitTest.java | 2 +-
.../cli/commands/CliCommandTestBase.java | 2 +-
.../security/AccessControlMBeanJUnitTest.java | 3 +-
...CacheServerMBeanAuthenticationJUnitTest.java | 4 +-
.../CacheServerMBeanAuthorizationJUnitTest.java | 3 +-
.../security/CliCommandsSecurityTest.java | 6 +-
.../security/DataCommandsSecurityTest.java | 3 +-
.../DiskStoreMXBeanSecurityJUnitTest.java | 3 +-
.../GatewayReceiverMBeanSecurityTest.java | 3 +-
.../GatewaySenderMBeanSecurityTest.java | 3 +-
.../GeodeSecurityUtilCustomRealmJUnitTest.java | 4 +-
.../security/GfshCommandsPostProcessorTest.java | 3 +-
.../security/GfshCommandsSecurityTest.java | 3 +-
.../internal/security/JSONAuthorization.java | 48 ------
.../JsonAuthorizationCacheStartRule.java | 1 +
.../LockServiceMBeanAuthorizationJUnitTest.java | 3 +-
.../security/MBeanSecurityJUnitTest.java | 3 +-
.../ManagerMBeanAuthorizationJUnitTest.java | 3 +-
.../security/MemberMBeanSecurityJUnitTest.java | 3 +-
.../internal/security/MultiUserDUnitTest.java | 4 +-
...ractIntegratedClientAuthDistributedTest.java | 4 +-
...edSecurityCacheLifecycleDistributedTest.java | 19 +--
...edSecurityCacheLifecycleIntegrationTest.java | 27 +---
...tegratedSecurityPeerAuthDistributedTest.java | 146 +++++++++++++++++++
.../gemfire/security/JSONAuthorization.java | 54 +++++++
.../gemfire/security/SpySecurityManager.java | 43 ++++++
.../com/gemstone/gemfire/security/peerAuth.json | 36 +++++
.../gemfire/tools/pulse/tests/Server.java | 2 +-
38 files changed, 430 insertions(+), 196 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
index f16a722..cf99ea2 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
@@ -19,19 +19,15 @@ package com.gemstone.gemfire.distributed.internal.membership.gms.auth;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import static com.gemstone.gemfire.internal.i18n.LocalizedStrings.*;
-import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Properties;
-import java.util.Set;
import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
import com.gemstone.gemfire.distributed.internal.membership.NetView;
import com.gemstone.gemfire.distributed.internal.membership.gms.Services;
import com.gemstone.gemfire.distributed.internal.membership.gms.interfaces.Authenticator;
-import com.gemstone.gemfire.internal.ClassLoadUtil;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
@@ -44,15 +40,13 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
public class GMSAuthenticator implements Authenticator {
- private final static String secPrefix = DistributionConfig.GEMFIRE_PREFIX + "sys.security-";
- private final static int gemfireSysPrefixLen = (DistributionConfig.GEMFIRE_PREFIX + "sys.").length();
-
private Services services;
- private Properties securityProps = getSecurityProps();
+ private Properties securityProps;
@Override
public void init(Services s) {
this.services = s;
+ this.securityProps = this.services.getConfig().getDistributionConfig().getSecurityProps();
}
@Override
@@ -105,57 +99,59 @@ public class GMSAuthenticator implements Authenticator {
* this will be removed since return string is used for failure
*/
@Override
- public String authenticate(InternalDistributedMember member, Object credentials) throws AuthenticationFailedException {
+ public String authenticate(InternalDistributedMember member, Properties credentials) throws AuthenticationFailedException {
return authenticate(member, credentials, this.securityProps, this.services.getJoinLeave().getMemberID());
}
/**
* Method is package protected to be used in testing.
*/
- String authenticate(DistributedMember member, Object credentials, Properties secProps, DistributedMember localMember) throws AuthenticationFailedException {
-
- String authMethod = secProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
- if (authMethod == null || authMethod.length() == 0) {
+ String authenticate(DistributedMember member, Properties credentials, Properties secProps, DistributedMember localMember) throws AuthenticationFailedException {
+ if(!GeodeSecurityUtil.isPeerSecurityRequired()){
return null;
}
InternalLogWriter securityLogWriter = this.services.getSecurityLogWriter();
- String failMsg = null;
- if (credentials != null) {
- try {
- invokeAuthenticator(authMethod, member, credentials);
-
- } catch (Exception ex) {
- securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION, new Object[] {member, authMethod, ex.getLocalizedMessage()}, ex);
- failMsg = AUTH_PEER_AUTHENTICATION_FAILED.toLocalizedString(localMember);
- }
- } else { // No credentials - need to send failure message
- securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS, new Object[] {member, authMethod});
- failMsg = AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS.toLocalizedString(member, authMethod);
+ if(credentials == null){
+ securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS, member);
+ return AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS.toLocalizedString(member);
}
+ String failMsg = null;
+ try {
+ if(GeodeSecurityUtil.isIntegratedSecurity()){
+ String username = credentials.getProperty("security-username");
+ String password = credentials.getProperty("security-password");
+ GeodeSecurityUtil.login(username, password);
+ }
+ else {
+ invokeAuthenticator(secProps, member, credentials);
+ }
+ } catch (Exception ex) {
+ securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION, new Object[] {
+ member, ex.getLocalizedMessage()
+ }, ex);
+ failMsg = AUTH_PEER_AUTHENTICATION_FAILED.toLocalizedString(localMember);
+ }
return failMsg;
}
+
/**
* Method is package protected to be used in testing.
*/
- Principal invokeAuthenticator(String authMethod, DistributedMember member, Object credentials) throws AuthenticationFailedException {
+ Principal invokeAuthenticator(Properties securityProps, DistributedMember member, Properties credentials) throws AuthenticationFailedException {
+ String authMethod = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
com.gemstone.gemfire.security.Authenticator auth = null;
-
try {
- Method getter = ClassLoadUtil.methodFromName(authMethod);
- auth = (com.gemstone.gemfire.security.Authenticator) getter.invoke(null, (Object[]) null);
- if (auth == null) {
- throw new AuthenticationFailedException(HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString());
- }
+ auth = GeodeSecurityUtil.getObjectOfTypeFromFactoryMethod(authMethod, com.gemstone.gemfire.security.Authenticator .class);
LogWriter logWriter = this.services.getLogWriter();
LogWriter securityLogWriter = this.services.getSecurityLogWriter();
auth.init(this.securityProps, logWriter, securityLogWriter); // this.securityProps contains security-ldap-basedn but security-ldap-baseDomainName is expected
- return auth.authenticate((Properties) credentials, member);
+ return auth.authenticate(credentials, member);
} catch (GemFireSecurityException gse) {
throw gse;
@@ -173,10 +169,10 @@ public class GMSAuthenticator implements Authenticator {
*
* @param member
* the target distributed member
- * @return the credential object
+ * @return the credentials
*/
@Override
- public Object getCredentials(InternalDistributedMember member) {
+ public Properties getCredentials(InternalDistributedMember member) {
try {
return getCredentials(member, securityProps);
@@ -217,16 +213,11 @@ public class GMSAuthenticator implements Authenticator {
return credentials;
}
+ /**
+ * For testing only.
+ */
Properties getSecurityProps() {
- Properties props = new Properties();
- Set keys = System.getProperties().keySet();
- for (Object key: keys) {
- String propKey = (String) key;
- if (propKey.startsWith(secPrefix)) {
- props.setProperty(propKey.substring(gemfireSysPrefixLen), System.getProperty(propKey));
- }
- }
- return props;
+ return this.securityProps;
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java
index fe96127..9660267 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java
@@ -16,12 +16,14 @@
*/
package com.gemstone.gemfire.distributed.internal.membership.gms.interfaces;
+import java.util.Properties;
+
import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
import com.gemstone.gemfire.security.AuthenticationFailedException;
public interface Authenticator extends Service {
- String authenticate(InternalDistributedMember m, Object credentials) throws AuthenticationFailedException;
+ String authenticate(InternalDistributedMember m, Properties credentials) throws AuthenticationFailedException;
- Object getCredentials(InternalDistributedMember m);
+ Properties getCredentials(InternalDistributedMember m);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java
index e5cac2d..4b82fa0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java
@@ -476,7 +476,7 @@ public class GMSJoinLeave implements JoinLeave, MessageHandler {
Object creds = incomingRequest.getCredentials();
String rejection = null;
try {
- rejection = services.getAuthenticator().authenticate(incomingRequest.getMemberID(), creds);
+ rejection = services.getAuthenticator().authenticate(incomingRequest.getMemberID(), (Properties)creds);
} catch (Exception e) {
rejection = e.getMessage();
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
index 43f90d5..4f952a8 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
@@ -638,7 +638,7 @@ public class AcceptorImpl extends Acceptor implements Runnable
this.hsPool = tmp_hsPool;
}
- isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired();
+ isAuthenticationRequired = GeodeSecurityUtil.isClientSecurityRequired();
isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
index 2dcf8e7..e501531 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
@@ -899,7 +899,7 @@ public class HandShake implements ClientHandShake
throws GemFireSecurityException, IOException {
Properties credentials = null;
- boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired();
+ boolean requireAuthentication = GeodeSecurityUtil.isClientSecurityRequired();
try {
byte secureMode = dis.readByte();
if (secureMode == CREDENTIALS_NONE) {
@@ -1161,7 +1161,7 @@ public class HandShake implements ClientHandShake
// non-blank setting for DH symmetric algo, or this is a server
// that has authenticator defined.
if ((dhSKAlgo != null && dhSKAlgo.length() > 0)
- || GeodeSecurityUtil.isSecurityRequired()) {
+ || GeodeSecurityUtil.isClientSecurityRequired()) {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL);
keyGen.initialize(dhSpec);
@@ -1632,7 +1632,7 @@ public class HandShake implements ClientHandShake
DataOutputStream dos, DistributedSystem system)
throws GemFireSecurityException, IOException {
- boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired();
+ boolean requireAuthentication = GeodeSecurityUtil.isClientSecurityRequired();
Properties credentials = null;
try {
byte secureMode = dis.readByte();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
index be1ff17..2254a89 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
@@ -3731,9 +3731,9 @@ public class LocalizedStrings {
public static final StringId Network_partition_detected = new StringId(6607, "Exiting due to possible network partition event due to loss of {0} cache processes: {1}");
// GMSAuthenticator
- public static final StringId AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION = new StringId(6608, "Authentication failed for [{0}] using Authenticator [{1}]. {2}");
+ public static final StringId AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION = new StringId(6608, "Authentication failed for [{0}]. {1}");
public static final StringId AUTH_PEER_AUTHENTICATION_FAILED = new StringId(6609, "Authentication failed. See coordinator [{0}] logs for details.");
- public static final StringId AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS = new StringId(6610, "Failed to find credentials from [{0}] using Authenticator [{1}]");
+ public static final StringId AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS = new StringId(6610, "Failed to find credentials from [{0}]");
public static final StringId AUTH_FAILED_TO_ACQUIRE_AUTHINITIALIZE_INSTANCE = new StringId(6611, "AuthInitialize instance could not be obtained");
public static final StringId AUTH_FAILED_TO_OBTAIN_CREDENTIALS_IN_0_USING_AUTHINITIALIZE_1_2 = new StringId(6612, "Failed to obtain credentials using AuthInitialize [{1}]. {2}");
public static final StringId DistributedSystem_BACKUP_ALREADY_IN_PROGRESS = new StringId(6613, "A backup is already in progress.");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index d439b19..ead82e5 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -65,7 +65,7 @@ public class GeodeSecurityUtil {
* @return the shiro subject, null if security is not enabled
*/
public static Subject getSubject() {
- if (!isIntegratedSecure) {
+ if (!isIntegratedSecurity) {
return null;
}
@@ -102,7 +102,7 @@ public class GeodeSecurityUtil {
* @return null if security is not enabled, otherwise return a shiro subject
*/
public static Subject login(String username, String password) {
- if (!isIntegratedSecure) {
+ if (!isIntegratedSecurity) {
return null;
}
@@ -271,8 +271,9 @@ public class GeodeSecurityUtil {
private static PostProcessor postProcessor;
private static SecurityManager securityManager;
- private static boolean isSecure;
- private static boolean isIntegratedSecure;
+ private static boolean isIntegratedSecurity;
+ private static boolean isClientAuthenticator;
+ private static boolean isPeerAuthenticator;
/**
* initialize Shiro's Security Manager and Security Utilities
@@ -286,6 +287,7 @@ public class GeodeSecurityUtil {
String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
String securityConfig = securityProps.getProperty(SECURITY_MANAGER);
String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
+ String peerAuthenticatorConfig = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
if (!StringUtils.isBlank(shiroConfig)) {
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
@@ -299,8 +301,7 @@ public class GeodeSecurityUtil {
org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
- isSecure = true;
- isIntegratedSecure = true;
+ isIntegratedSecurity = true;
}
// only set up shiro realm if user has implemented SecurityManager
else if (!StringUtils.isBlank(securityConfig)) {
@@ -309,17 +310,18 @@ public class GeodeSecurityUtil {
Realm realm = new CustomAuthRealm(securityManager);
org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(shiroManager);
- isSecure = true;
- isIntegratedSecure = true;
+ isIntegratedSecurity = true;
}
else if( !StringUtils.isBlank(clientAuthenticatorConfig)) {
- isSecure = true;
- isIntegratedSecure = false;
+ isClientAuthenticator = true;
+ }
+ else if (!StringUtils.isBlank(peerAuthenticatorConfig)) {
+ isPeerAuthenticator = true;
}
else {
- SecurityUtils.setSecurityManager(null);
- isSecure = false;
- isIntegratedSecure = false;
+ isIntegratedSecurity = false;
+ isClientAuthenticator = false;
+ isPeerAuthenticator = false;
}
// this initializes the post processor
@@ -344,8 +346,9 @@ public class GeodeSecurityUtil {
postProcessor = null;
}
ThreadContext.remove();
- isSecure = false;
- isIntegratedSecure = false;
+ isIntegratedSecurity = false;
+ isClientAuthenticator = false;
+ isPeerAuthenticator = false;
}
/**
@@ -353,7 +356,7 @@ public class GeodeSecurityUtil {
* But if your postProcess is pretty involved with preparations and you need to bypass it entirely, call this first.
*/
public static boolean needPostProcess(){
- return (isIntegratedSecure && postProcessor != null);
+ return (isIntegratedSecurity && postProcessor != null);
}
public static Object postProcess(String regionPath, Object key, Object result){
@@ -446,12 +449,16 @@ public class GeodeSecurityUtil {
}
- public static boolean isSecurityRequired(){
- return isSecure;
+ public static boolean isClientSecurityRequired() {
+ return isClientAuthenticator || isIntegratedSecurity;
+ }
+
+ public static boolean isPeerSecurityRequired() {
+ return isPeerAuthenticator || isIntegratedSecurity;
}
public static boolean isIntegratedSecurity(){
- return isIntegratedSecure;
+ return isIntegratedSecurity;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
index f0275e4..dd49f11 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
@@ -21,6 +21,7 @@ import java.io.InputStream;
import java.io.StringWriter;
import java.security.Principal;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -154,6 +155,10 @@ public class SampleSecurityManager implements SecurityManager {
}
private static Map<String, Role> readRoles(JsonNode jsonNode) {
+ if (jsonNode.get("roles") == null) {
+ return Collections.EMPTY_MAP;
+ }
+
Map<String, Role> roleMap = new HashMap<>();
for (JsonNode r : jsonNode.get("roles")) {
Role role = new Role();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
index d2b0d51..c4b3a4d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
@@ -38,7 +38,7 @@ import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.InternalGemFireException;
import com.gemstone.gemfire.UnmodifiableException;
import com.gemstone.gemfire.internal.ConfigSource;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.security.JSONAuthorization;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
@Category(UnitTest.class)
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
index d52b261..18152b0 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
@@ -32,8 +32,10 @@ import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.membership.gms.ServiceConfig;
import com.gemstone.gemfire.distributed.internal.membership.gms.Services;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.AuthInitialize;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.Authenticator;
@@ -46,6 +48,7 @@ public class GMSAuthenticatorJUnitTest {
private String prefix;
private Properties props;
+ protected Properties securityProps;
private Services services;
private GMSAuthenticator authenticator;
private DistributedMember member;
@@ -57,27 +60,26 @@ public class GMSAuthenticatorJUnitTest {
public void setUp() throws Exception {
prefix = getClass().getName() + "$";
props = new Properties();
+ securityProps = new Properties();
authenticator = new GMSAuthenticator();
services = mock(Services.class);
InternalLogWriter securityLog = mock(InternalLogWriter.class);
when(services.getSecurityLogWriter()).thenReturn(mock(InternalLogWriter.class));
- authenticator.init(services);
+ DistributionConfig distributionConfig = mock(DistributionConfig.class);
+ when(distributionConfig.getSecurityProps()).thenReturn(securityProps);
- member = mock(DistributedMember.class);
- }
+ ServiceConfig serviceConfig = mock(ServiceConfig.class);
+ when(serviceConfig.getDistributionConfig()).thenReturn(distributionConfig);
- @Test
- public void testGetSecurityProps() throws Exception {
- props.setProperty(DistributionConfig.GEMFIRE_PREFIX + "sys."+SECURITY_PEER_AUTH_INIT, "dummy1");
- props.setProperty(DistributionConfig.GEMFIRE_PREFIX + "sys."+SECURITY_PEER_AUTHENTICATOR, "dummy2");
- props.setProperty("security-auth-init", "dummy3");
- System.setProperties(props);
- Properties secProps = authenticator.getSecurityProps();
- assertEquals("wrong size", 2, secProps.size());
- assertEquals("wrong value", "dummy1", secProps.getProperty(SECURITY_PEER_AUTH_INIT));
- assertEquals("wrong value", "dummy2", secProps.getProperty(SECURITY_PEER_AUTHENTICATOR));
+ services = mock(Services.class);
+ when(services.getSecurityLogWriter()).thenReturn(securityLog);
+ when(services.getConfig()).thenReturn(serviceConfig);
+
+ authenticator.init(services);
+ GeodeSecurityUtil.initSecurity(securityProps);
+ member = mock(DistributedMember.class);
}
@Test
@@ -141,6 +143,7 @@ public class GMSAuthenticatorJUnitTest {
@Test
public void testAuthenticatorNormal() throws Exception {
props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator4.create");
+ GeodeSecurityUtil.initSecurity(props);
TestAuthenticator4 auth = new TestAuthenticator4();
assertFalse(auth.isClosed());
TestAuthenticator4.setAuthenticator(auth);
@@ -159,6 +162,7 @@ public class GMSAuthenticatorJUnitTest {
@Test
public void testAuthenticatorWithEmptyAuth() throws Exception {
props.setProperty(SECURITY_PEER_AUTHENTICATOR, "");
+ GeodeSecurityUtil.initSecurity(props);
String result = authenticator.authenticate(member, props, props, member);
assertNull(result);
}
@@ -166,34 +170,39 @@ public class GMSAuthenticatorJUnitTest {
@Test
public void testAuthenticatorWithNotExistAuth() throws Exception {
props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "NotExistAuth.create");
+ GeodeSecurityUtil.initSecurity(props);
verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator");
}
@Test
public void testAuthenticatorWithNullAuth() throws Exception {
props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator1.create");
+ GeodeSecurityUtil.initSecurity(props);
verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator");
}
@Test
public void testAuthenticatorWithNullCredential() throws Exception {
props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator1.create");
+ GeodeSecurityUtil.initSecurity(props);
verifyNegativeAuthenticate(null, props, "Failed to find credentials from");
}
@Test
public void testAuthenticatorWithAuthInitFailure() throws Exception {
props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator2.create");
+ GeodeSecurityUtil.initSecurity(props);
verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator");
}
@Test
public void testAuthenticatorWithAuthFailure() throws Exception {
props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator3.create");
+ GeodeSecurityUtil.initSecurity(props);
verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator");
}
- void verifyNegativeAuthenticate(Object credential, Properties props, String expectedError) throws Exception {
+ void verifyNegativeAuthenticate(Properties credential, Properties props, String expectedError) throws Exception {
String result = authenticator.authenticate(member, credential, props, member);
assertTrue(result, result.startsWith(expectedError));
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
index 732d7a1..35298ac 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java
@@ -67,7 +67,7 @@ public class GMSJoinLeaveJUnitTest {
private InternalDistributedMember gmsJoinLeaveMemberId;
private InternalDistributedMember[] mockMembers;
private InternalDistributedMember mockOldMember;
- private Object credentials = new Object();
+ private Properties credentials = new Properties();
private Messenger messenger;
private GMSJoinLeave gmsJoinLeave;
private Manager manager;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
index 75d88aa..163f9b5 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
@@ -42,7 +42,7 @@ import com.gemstone.gemfire.management.internal.cli.parser.CommandTarget;
import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.security.JSONAuthorization;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.IgnoredException;
import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
index ac5c65a..6c626fc 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
@@ -16,6 +16,7 @@
*/
package com.gemstone.gemfire.management.internal.security;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import static org.assertj.core.api.Assertions.*;
import com.gemstone.gemfire.internal.AvailablePort;
@@ -35,7 +36,7 @@ public class AccessControlMBeanJUnitTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
index f38f2fc..6857e18 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
@@ -16,6 +16,8 @@
*/
package com.gemstone.gemfire.management.internal.security;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
+
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
@@ -34,7 +36,7 @@ public class CacheServerMBeanAuthenticationJUnitTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
index 3ded1dc..39094fb 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
@@ -16,6 +16,7 @@
*/
package com.gemstone.gemfire.management.internal.security;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import static org.assertj.core.api.Assertions.*;
import com.gemstone.gemfire.internal.AvailablePort;
@@ -35,7 +36,7 @@ public class CacheServerMBeanAuthorizationJUnitTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
index abcafaf..af26147 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
@@ -16,6 +16,7 @@
*/
package com.gemstone.gemfire.management.internal.security;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import static org.assertj.core.api.AssertionsForClassTypes.fail;
import static org.junit.Assert.*;
@@ -34,9 +35,6 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-/**
- */
-
@Category({IntegrationTest.class, SecurityTest.class})
public class CliCommandsSecurityTest {
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
@@ -47,7 +45,7 @@ public class CliCommandsSecurityTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
index 01575b1..73da024 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
@@ -17,6 +17,7 @@
package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.management.MemberMXBean;
@@ -37,7 +38,7 @@ public class DataCommandsSecurityTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
index 05d3e3d..2d8099d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
@@ -17,6 +17,7 @@
package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.management.DiskStoreMXBean;
@@ -36,7 +37,7 @@ public class DiskStoreMXBeanSecurityJUnitTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
index 6c97694..8bc55f0 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
@@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import javax.management.ObjectName;
@@ -45,7 +46,7 @@ public class GatewayReceiverMBeanSecurityTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
index 4806464..fe4f624 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import javax.management.ObjectName;
@@ -45,7 +46,7 @@ public class GatewaySenderMBeanSecurityTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
index 5627c9e..dd9961d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
@@ -18,11 +18,13 @@
package com.gemstone.gemfire.management.internal.security;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import org.junit.BeforeClass;
import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.security.JSONAuthorization;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
/**
@@ -35,7 +37,7 @@ public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWith
@BeforeClass
public static void beforeClass() throws Exception{
props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
- JSONAuthorization.setUpWithJsonFile("shiro-ini.json");
+ JSONAuthorization.setUpWithJsonFile(SHIRO_INI_JSON);
GeodeSecurityUtil.initSecurity(props);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
index 07bd1c1..8b96e8b 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
@@ -18,6 +18,7 @@
package com.gemstone.gemfire.management.internal.security;
import static com.gemstone.gemfire.internal.Assert.assertTrue;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import org.junit.Before;
import org.junit.ClassRule;
@@ -38,7 +39,7 @@ public class GfshCommandsPostProcessorTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxPort, "cacheServer.json", SamplePostProcessor.class);
+ jmxPort, CACHE_SERVER_JSON, SamplePostProcessor.class);
@Rule
public GfshShellConnectionRule gfshConnection;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
index 6d42aa8..603088e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
@@ -18,6 +18,7 @@
package com.gemstone.gemfire.management.internal.security;
import static org.junit.Assert.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import java.util.List;
@@ -47,7 +48,7 @@ public class GfshCommandsSecurityTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxPort, httpPort, "cacheServer.json");
+ jmxPort, httpPort, CACHE_SERVER_JSON);
@Rule
public GfshShellConnectionRule gfshConnection;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
deleted file mode 100644
index b97cf85..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
-
-import org.apache.geode.security.templates.SampleSecurityManager;
-import com.gemstone.gemfire.util.test.TestUtil;
-
-/**
- * Used by test code. when using this class for security-manager, you will need explicitly call setUpWithJsonFile
- * to initialize the acl (access control list).
- */
-public class JSONAuthorization extends SampleSecurityManager {
-
- /**
- * Override the child class's implemention to look for jsonFile in the same package as this class instead of
- * in the classpath
- * @param jsonFileName
- * @throws IOException
- */
- public static void setUpWithJsonFile(String jsonFileName) throws IOException {
- String filePath = TestUtil.getResourcePath(JSONAuthorization.class, jsonFileName);
- File file = new File(filePath);
- FileReader reader = new FileReader(file);
- char[] buffer = new char[(int) file.length()];
- reader.read(buffer);
- String json = new String(buffer);
- reader.close();
- readSecurityDescriptor(json);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
index d64e2ee..1d4fb40 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
@@ -24,6 +24,7 @@ import org.junit.rules.ExternalResource;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.security.JSONAuthorization;
public class JsonAuthorizationCacheStartRule extends ExternalResource {
private Cache cache;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
index f07358b..44e414c 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
@@ -17,6 +17,7 @@
package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
@@ -40,7 +41,7 @@ public class LockServiceMBeanAuthorizationJUnitTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
index 6f8ee34..1d6c95d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
@@ -26,6 +26,7 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import javax.management.DynamicMBean;
import javax.management.MBeanServer;
@@ -47,7 +48,7 @@ public class MBeanSecurityJUnitTest {
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, "cacheServer.json");
+ public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
index 425c467..635daa6 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
@@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import java.lang.management.ManagementFactory;
import javax.management.ObjectName;
@@ -41,7 +42,7 @@ public class ManagerMBeanAuthorizationJUnitTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
index e32b6ca..4ee5b13 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
@@ -16,6 +16,7 @@
*/
package com.gemstone.gemfire.management.internal.security;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import static org.assertj.core.api.Assertions.*;
import com.gemstone.gemfire.internal.AvailablePort;
@@ -35,7 +36,7 @@ public class MemberMBeanSecurityJUnitTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
+ jmxManagerPort, CACHE_SERVER_JSON);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
index 1c55a3c..e86cf61 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
@@ -19,12 +19,14 @@ package com.gemstone.gemfire.management.internal.security;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import static org.junit.Assert.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import java.io.IOException;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
+import com.gemstone.gemfire.security.JSONAuthorization;
import com.jayway.awaitility.Awaitility;
import org.json.JSONException;
import org.junit.Test;
@@ -54,7 +56,7 @@ public class MultiUserDUnitTest extends CliCommandTestBase {
properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
// set up vm_0 the secure jmx manager
- Object[] results = setUpJMXManagerOnVM(0, properties, "cacheServer.json");
+ Object[] results = setUpJMXManagerOnVM(0, properties, CACHE_SERVER_JSON);
String gfshDir = this.gfshDir;
// set up vm_1 as a gfsh vm, data-reader will login and log out constantly in this vm until the test is done.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
index 10c316a..feee478 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
@@ -17,6 +17,7 @@
package com.gemstone.gemfire.security;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import static org.assertj.core.api.Assertions.*;
import static org.junit.Assert.*;
@@ -32,7 +33,6 @@ import com.gemstone.gemfire.cache.client.ClientCache;
import com.gemstone.gemfire.cache.client.ClientCacheFactory;
import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
import com.gemstone.gemfire.cache.server.CacheServer;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.Invoke;
@@ -56,7 +56,7 @@ public class AbstractIntegratedClientAuthDistributedTest extends JUnit4CacheTest
this.client2 = host.getVM(2);
this.client3 = host.getVM(3);
- JSONAuthorization.setUpWithJsonFile("clientServer.json");
+ JSONAuthorization.setUpWithJsonFile(CLIENT_SERVER_JSON);
Properties props = new Properties();
props.setProperty(SECURITY_MANAGER, JSONAuthorization.class.getName());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
index 9f06482..dc63f2f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
@@ -16,11 +16,10 @@
*/
package com.gemstone.gemfire.security;
-
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
import static org.assertj.core.api.Assertions.*;
-import java.security.Principal;
import java.util.Properties;
import org.junit.Test;
@@ -29,8 +28,6 @@ import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.cache.server.CacheServer;
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
-import com.gemstone.gemfire.security.IntegratedSecurityCacheLifecycleIntegrationTest.SpySecurityManager;
import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.NetworkUtils;
@@ -41,13 +38,14 @@ import com.gemstone.gemfire.test.junit.categories.SecurityTest;
@Category({DistributedTest.class, SecurityTest.class})
public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4CacheTestCase {
+
private VM locator;
@Override
public final void postSetUp() throws Exception {
Host host = Host.getHost(0);
locator = host.getVM(0);
- JSONAuthorization.setUpWithJsonFile("clientServer.json");
+ JSONAuthorization.setUpWithJsonFile(CLIENT_SERVER_JSON);
int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
String locators = NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]";
@@ -55,21 +53,19 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
DistributedTestUtils.deleteLocatorStateFile(locatorPort);
final Properties properties = new Properties();
+// properties.setProperty(LOCATORS, locators);
properties.setProperty(MCAST_PORT, "0");
- properties.setProperty(START_LOCATOR, locators);
properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
+ properties.setProperty(START_LOCATOR, locators);
properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
getSystem(properties);
getCache();
});
final Properties properties = new Properties();
+ properties.setProperty(LOCATORS, locators);
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
- properties.setProperty(LOCATORS, locators);
- properties.setProperty(JMX_MANAGER, "false");
- properties.setProperty(JMX_MANAGER_PORT, "0");
- properties.setProperty(JMX_MANAGER_START, "false");
properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
getSystem(properties);
@@ -95,8 +91,7 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
}
private void verifyInitCloseInvoked() {
- SpySecurityManager ssm = (SpySecurityManager) GeodeSecurityUtil
- .getSecurityManager();
+ SpySecurityManager ssm = (SpySecurityManager) GeodeSecurityUtil.getSecurityManager();
assertThat(ssm.initInvoked).isEqualTo(1);
getCache().close();
assertThat(ssm.closeInvoked).isEqualTo(1);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
index 712329d..228a8d6 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
@@ -14,13 +14,12 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package com.gemstone.gemfire.security;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
-import java.security.Principal;
import java.util.Properties;
import com.gemstone.gemfire.cache.Cache;
@@ -29,8 +28,6 @@ import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import org.apache.geode.security.GeodePermission;
-import org.apache.geode.security.SecurityManager;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -38,6 +35,7 @@ import org.junit.experimental.categories.Category;
@Category({IntegrationTest.class, SecurityTest.class})
public class IntegratedSecurityCacheLifecycleIntegrationTest {
+
private Properties securityProps;
private Cache cache;
@@ -52,7 +50,6 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest {
props.setProperty(LOCATORS, "");
cache = new CacheFactory(props).create();
-
}
@After
@@ -70,24 +67,4 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest {
assertThat(ssm.closeInvoked).isEqualTo(1);
}
- public static class SpySecurityManager implements SecurityManager {
-
- public int initInvoked = 0;
- public int closeInvoked = 0;
-
- @Override
- public void init(final Properties securityProps) {
- initInvoked++;
- }
-
- @Override
- public Principal authenticate(final Properties props) throws AuthenticationFailedException {
- return null;
- }
-
- @Override
- public void close() {
- closeInvoked++;
- }
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java
new file mode 100644
index 0000000..a5e0aa0
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.JSONAuthorization.*;
+import static com.gemstone.gemfire.test.dunit.Invoke.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.Properties;
+
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.NetworkUtils;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedSecurityPeerAuthDistributedTest extends JUnit4CacheTestCase{
+
+ private static SpyJSONAuthorization spyJSONAuthorization;
+
+ private VM locator;
+ private VM server1;
+ private VM server2;
+
+ private String locators;
+
+ @Override
+ public final void postSetUp() throws Exception {
+ Host host = Host.getHost(0);
+ locator = host.getVM(0);
+ server1 = host.getVM(1);
+ server2 = host.getVM(2);
+
+ int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ locators = NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]";
+
+ locator.invoke(() -> {
+ JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON);
+ spyJSONAuthorization = new SpyJSONAuthorization();
+
+ DistributedTestUtils.deleteLocatorStateFile(locatorPort);
+
+ final Properties properties = createProperties(locators);
+ properties.setProperty(UserPasswordAuthInit.USER_NAME, "locator1");
+ properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+ properties.setProperty(START_LOCATOR, locators);
+
+ getSystem(properties);
+ getCache();
+ });
+
+ server1.invoke(()-> {
+ JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON);
+ spyJSONAuthorization = new SpyJSONAuthorization();
+
+ final Properties properties = createProperties(locators);
+ properties.setProperty(UserPasswordAuthInit.USER_NAME, "server1");
+ properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+
+ getSystem(properties);
+ getCache();
+ });
+
+ server2.invoke(()-> {
+ JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON);
+ spyJSONAuthorization = new SpyJSONAuthorization();
+
+ final Properties properties = createProperties(locators);
+ properties.setProperty(UserPasswordAuthInit.USER_NAME, "server2");
+ properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+
+ getSystem(properties);
+ getCache();
+ });
+ }
+
+ @Test
+ public void initAndCloseTest() throws Exception {
+ JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON);
+ spyJSONAuthorization = new SpyJSONAuthorization();
+
+ final Properties properties = createProperties(locators);
+ properties.setProperty(UserPasswordAuthInit.USER_NAME, "stranger");
+ properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+
+ assertThatThrownBy(() -> getSystem(properties)).isExactlyInstanceOf(AuthenticationFailedException.class);
+ }
+
+ @Override
+ public void postTearDownCacheTestCase() throws Exception {
+ closeAllCache();
+ spyJSONAuthorization = null;
+ invokeInEveryVM(() -> { spyJSONAuthorization = null; });
+ }
+
+ private static Properties createProperties(String locators) {
+ Properties allProperties = new Properties();
+ allProperties.setProperty(LOCATORS, locators);
+ allProperties.setProperty(MCAST_PORT, "0");
+ allProperties.setProperty(SECURITY_MANAGER, SpyJSONAuthorization.class.getName());
+ allProperties.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
+ allProperties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
+ return allProperties;
+ }
+
+ public static class SpyJSONAuthorization extends JSONAuthorization {
+
+ static int initInvoked = 0;
+ static int closeInvoked = 0;
+
+ @Override
+ public void init(final Properties securityProps) {
+ initInvoked++;
+ super.init(securityProps);
+ }
+
+ @Override
+ public void close() {
+ closeInvoked++;
+ super.close();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java
new file mode 100644
index 0000000..bf7990a
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+
+import org.apache.geode.security.templates.SampleSecurityManager;
+import com.gemstone.gemfire.util.test.TestUtil;
+
+/**
+ * Used by test code. when using this class for security-manager, you will need explicitly call setUpWithJsonFile
+ * to initialize the acl (access control list).
+ */
+public class JSONAuthorization extends SampleSecurityManager {
+
+ public static String AUTH1_JSON = "/com/gemstone/gemfire/management/internal/security/auth1.json";
+ public static String AUTH2_JSON = "/com/gemstone/gemfire/management/internal/security/auth2.json";
+ public static String AUTH3_JSON = "/com/gemstone/gemfire/management/internal/security/auth3.json";
+ public static String CACHE_SERVER_JSON = "/com/gemstone/gemfire/management/internal/security/cacheServer.json";
+ public static String CLIENT_SERVER_JSON = "/com/gemstone/gemfire/management/internal/security/clientServer.json";
+ public static String SHIRO_INI_JSON = "/com/gemstone/gemfire/management/internal/security/shiro-ini.json";
+ public static String PEER_AUTH_JSON = "/com/gemstone/gemfire/security/peerAuth.json";
+
+ /**
+ * Override the child class's implemention to look for jsonFile in the same package as this class instead of
+ * in the classpath
+ */
+ public static void setUpWithJsonFile(String jsonFileName) throws IOException {
+ String filePath = TestUtil.getResourcePath(JSONAuthorization.class, jsonFileName);
+ File file = new File(filePath);
+ FileReader reader = new FileReader(file);
+ char[] buffer = new char[(int) file.length()];
+ reader.read(buffer);
+ String json = new String(buffer);
+ reader.close();
+ readSecurityDescriptor(json);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java
new file mode 100644
index 0000000..6d04a0d
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import org.apache.geode.security.SecurityManager;
+
+public class SpySecurityManager implements SecurityManager {
+
+ public int initInvoked = 0;
+ public int closeInvoked = 0;
+
+ @Override
+ public void init(final Properties securityProps) {
+ initInvoked++;
+ }
+
+ @Override
+ public Principal authenticate(final Properties props) throws AuthenticationFailedException {
+ return null;
+ }
+
+ @Override
+ public void close() {
+ closeInvoked++;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json b/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json
new file mode 100644
index 0000000..9bd8936
--- /dev/null
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json
@@ -0,0 +1,36 @@
+{
+ "users": [
+ {
+ "name": "locator1",
+ "password": "1234567",
+ "roles": [
+ ]
+ },
+ {
+ "name": "server1",
+ "password": "1234567",
+ "roles": [
+ ]
+ },
+ {
+ "name": "server2",
+ "password": "1234567",
+ "roles": [
+ ]
+ }
+ ]
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
index 7385e7f..8f47145 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
@@ -46,7 +46,7 @@ import org.apache.shiro.realm.Realm;
import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator;
import com.gemstone.gemfire.management.internal.security.AccessControlMBean;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.security.JSONAuthorization;
import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
import com.gemstone.gemfire.management.internal.security.ResourceConstants;