You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/03/10 22:04:37 UTC
incubator-geode git commit: GEODE-17: make ResourceOperation a class
level annoation as well
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-17-2 575660a01 -> 57282de8e
GEODE-17: make ResourceOperation a class level annoation as well
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/57282de8
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/57282de8
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/57282de8
Branch: refs/heads/feature/GEODE-17-2
Commit: 57282de8ea6ab088308a2f24e5521e8a75d55060
Parents: 575660a
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Thu Mar 10 11:22:48 2016 -0800
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Thu Mar 10 13:03:29 2016 -0800
----------------------------------------------------------------------
.../gemfire/management/CacheServerMXBean.java | 1 +
.../internal/security/MBeanServerWrapper.java | 102 +++++++++----------
.../security/ManagementInterceptor.java | 6 +-
.../internal/security/ResourceOperation.java | 4 +-
.../CacheServerMBeanSecurityJUnitTest.java | 4 +-
.../security/MBeanServerConnectionRule.java | 9 +-
.../security/MemberMBeanSecurityJUnitTest.java | 4 +-
7 files changed, 62 insertions(+), 68 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/57282de8/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
index 4ebe07b..48148f1 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
@@ -57,6 +57,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
* @since 7.0
*
*/
+@ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=OperationCode.LIST_DS)
public interface CacheServerMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/57282de8/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
index 31a9a3d..f2030c0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
@@ -28,10 +28,9 @@ import javax.management.InstanceNotFoundException;
import javax.management.IntrospectionException;
import javax.management.InvalidAttributeValueException;
import javax.management.ListenerNotFoundException;
-import javax.management.MBeanAttributeInfo;
import javax.management.MBeanException;
+import javax.management.MBeanFeatureInfo;
import javax.management.MBeanInfo;
-import javax.management.MBeanOperationInfo;
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.NotCompliantMBeanException;
@@ -48,7 +47,7 @@ import java.io.ObjectInputStream;
import java.util.HashSet;
import java.util.Set;
-import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*;
+import static com.gemstone.gemfire.management.internal.security.ResourceConstants.ACCESS_DENIED_MESSAGE;
/**
* This class intercepts all MBean requests for GemFire MBeans and passed it to
@@ -163,7 +162,7 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
@Override
public Object getAttribute(ObjectName name, String attribute) throws MBeanException, AttributeNotFoundException,
InstanceNotFoundException, ReflectionException {
- ResourceOperationContext ctx = getAttributeContext(name, attribute);
+ ResourceOperationContext ctx = getOperationContext(name, attribute, false);
doAuthorization(ctx);
Object result = mbs.getAttribute(name, attribute);
ctx.setPostOperationResult(result);
@@ -190,59 +189,11 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
@Override
public void setAttribute(ObjectName name, Attribute attribute) throws InstanceNotFoundException,
AttributeNotFoundException, InvalidAttributeValueException, MBeanException, ReflectionException {
- ResourceOperationContext ctx = getAttributeContext(name, attribute.getName());
+ ResourceOperationContext ctx = getOperationContext(name, attribute.getName(), false);
doAuthorization(ctx);
mbs.setAttribute(name, attribute);
}
- // TODO: cache this
- private ResourceOperationContext getAttributeContext(ObjectName name, String attribute)
- throws InstanceNotFoundException, ReflectionException {
- MBeanInfo beanInfo = null;
- try {
- beanInfo = mbs.getMBeanInfo(name);
- } catch (IntrospectionException e) {
- throw new GemFireSecurityException("error getting beanInfo of "+name);
- }
- MBeanAttributeInfo[] attributeInfos = beanInfo.getAttributes();
- for(MBeanAttributeInfo attributeInfo:attributeInfos){
- if(attributeInfo.getName().equals(attribute)){
- // found the operationInfo of this method on the bean
- Descriptor descriptor = attributeInfo.getDescriptor();
- Resource resource = (Resource)descriptor.getFieldValue("resource");
- OperationCode operationCode = (OperationCode)descriptor.getFieldValue("operation");
- if(resource!=null && operationCode!=null){
- return new ResourceOperationContext(resource, operationCode);
- }
- }
- }
- return new ResourceOperationContext(Resource.DEFAULT, OperationCode.LIST_DS);
- }
-
- // TODO: cache this
- private ResourceOperationContext getOperationContext(ObjectName name, String operationName)
- throws InstanceNotFoundException, ReflectionException {
- MBeanInfo beanInfo = null;
- try {
- beanInfo = mbs.getMBeanInfo(name);
- } catch (IntrospectionException e) {
- throw new GemFireSecurityException("error getting beanInfo of "+name);
- }
- MBeanOperationInfo[] opInfos = beanInfo.getOperations();
- for(MBeanOperationInfo opInfo:opInfos){
- if(opInfo.getName().equals(operationName)){
- // found the operationInfo of this method on the bean
- Descriptor descriptor = opInfo.getDescriptor();
- String resource = (String)descriptor.getFieldValue("resource");
- String operationCode = (String)descriptor.getFieldValue("operation");
- if(resource!=null && operationCode!=null){
- return new ResourceOperationContext(resource, operationCode);
- }
- }
- }
- return new ResourceOperationContext(Resource.DEFAULT, OperationCode.LIST_DS);
- }
-
@Override
public AttributeList setAttributes(ObjectName name, AttributeList attributes) throws InstanceNotFoundException,
ReflectionException {
@@ -260,7 +211,7 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
@Override
public Object invoke(ObjectName name, String operationName, Object[] params, String[] signature)
throws InstanceNotFoundException, MBeanException, ReflectionException {
- ResourceOperationContext ctx = getOperationContext(name, operationName);
+ ResourceOperationContext ctx = getOperationContext(name, operationName, true);
doAuthorization(ctx);
Object result = mbs.invoke(name, operationName, params, signature);
ctx.setPostOperationResult(result);
@@ -268,6 +219,49 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
return result;
}
+ // TODO: cache this
+ private ResourceOperationContext getOperationContext(ObjectName objectName, String featureName, boolean isOp)
+ throws InstanceNotFoundException, ReflectionException {
+ MBeanInfo beanInfo = null;
+ try {
+ beanInfo = mbs.getMBeanInfo(objectName);
+ } catch (IntrospectionException e) {
+ throw new GemFireSecurityException("error getting beanInfo of "+objectName);
+ }
+ // Initialize the context with the default value
+ ResourceOperationContext result = new ResourceOperationContext(Resource.DEFAULT, OperationCode.LIST_DS);
+
+ // find the context in the beanInfo if defined in the class level
+ result = getOperationContext(beanInfo.getDescriptor(), result);
+
+ MBeanFeatureInfo[] featureInfos = null;
+ if(isOp){
+ featureInfos = beanInfo.getOperations();
+ }
+ else{
+ featureInfos = beanInfo.getAttributes();
+ }
+ // still look into the attributes/operations to see if it's defined in the method level
+ for(MBeanFeatureInfo info:featureInfos){
+ if(info.getName().equals(featureName)){
+ // found the featureInfo of this method on the bean
+ result = getOperationContext(info.getDescriptor(), result);
+ break;
+ }
+ }
+ return result;
+ }
+
+ private ResourceOperationContext getOperationContext(Descriptor descriptor, ResourceOperationContext defaultValue){
+ String resource = (String)descriptor.getFieldValue("resource");
+ String operationCode = (String)descriptor.getFieldValue("operation");
+ if(resource!=null && operationCode!=null){
+ return new ResourceOperationContext(resource, operationCode);
+ }
+ return defaultValue;
+ }
+
+
@Override
public String getDefaultDomain() {
return mbs.getDefaultDomain();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/57282de8/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java
index 0edc812..d7c1474 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java
@@ -56,8 +56,6 @@ import static com.gemstone.gemfire.management.internal.security.ResourceConstant
*
* ManagementInterceptor is central go-to place for all M&M Clients Authentication and Authorization
* requests
- *
- * @author tushark
* @since 9.0
*
*/
@@ -135,8 +133,8 @@ public class ManagementInterceptor implements JMXAuthenticator{
final String[] aCredentials = (String[]) credentials;
username = (String) aCredentials[0];
password = (String) aCredentials[1];
- pr.put(USER_NAME, username);
- pr.put(PASSWORD, password);
+ pr.put(USER_NAME, username);
+ pr.put(PASSWORD, password);
} else if (credentials instanceof Properties) {
pr = (Properties) credentials;
} else {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/57282de8/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
index 9734c37..47fd79c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
@@ -23,9 +23,11 @@ import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
+
import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-@Target(ElementType.METHOD)
+@Target({ElementType.METHOD, ElementType.TYPE})
+
@Retention(RetentionPolicy.RUNTIME)
@Inherited
public @interface ResourceOperation {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/57282de8/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanSecurityJUnitTest.java
index 5813267..077ddac 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanSecurityJUnitTest.java
@@ -46,12 +46,12 @@ public class CacheServerMBeanSecurityJUnitTest {
public static JsonAuthorizationMBeanServerStartRule serverRule = new JsonAuthorizationMBeanServerStartRule(jmxManagerPort, "cacheServer.json");
@Rule
- public MBeanServerConnectionRule<CacheServerMXBean> connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
+ public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@Before
public void setUp() throws Exception {
//assertThat(cache.getCacheServers()).hasSize(1);
- cacheServerMXBean = connectionRule.getProxyMBean(CacheServerMXBean.class, "GemFire:service=CacheServer,*");
+ cacheServerMXBean = (CacheServerMXBean)connectionRule.getProxyMBean(CacheServerMXBean.class, "GemFire:service=CacheServer,*");
con = connectionRule.getMBeanServerConnection();
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/57282de8/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
index ce3b63b..68ad261 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
@@ -38,9 +38,8 @@ import java.util.Set;
* Class which eases the creation of MBeans for security testing. When combined with {@link JMXConnectionConfiguration}
* it allows for the creation of per-test connections with different user/password combinations.
*
- * @param <T> The type of MBean which will be returned.
*/
-public class MBeanServerConnectionRule<T> extends DescribedExternalResource {
+public class MBeanServerConnectionRule extends DescribedExternalResource {
private final int jmxServerPort;
private JMXConnector jmxConnector;
@@ -59,7 +58,7 @@ public class MBeanServerConnectionRule<T> extends DescribedExternalResource {
* Retrieve a new proxy MBean
* @return A new proxy MBean of the same type with which the class was constructed
*/
- public T getProxyMBean(Class<T> proxyClass, String beanQueryName) throws MalformedObjectNameException, IOException {
+ public Object getProxyMBean(Class proxyClass, String beanQueryName) throws MalformedObjectNameException, IOException {
ObjectName name = null;
QueryExp query = null;
@@ -82,11 +81,11 @@ public class MBeanServerConnectionRule<T> extends DescribedExternalResource {
* Retrieve a new proxy MBean
* @return A new proxy MBean of the same type with which the class was constructed
*/
- public T getProxyMBean(Class<T> proxyClass) throws MalformedObjectNameException, IOException {
+ public Object getProxyMBean(Class proxyClass) throws MalformedObjectNameException, IOException {
return getProxyMBean(proxyClass, null);
}
- public T getProxyMBean(String beanQueryName) throws MalformedObjectNameException, IOException {
+ public Object getProxyMBean(String beanQueryName) throws MalformedObjectNameException, IOException {
return getProxyMBean(null, beanQueryName);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/57282de8/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
index 1c9375e..4494acd 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
@@ -40,11 +40,11 @@ public class MemberMBeanSecurityJUnitTest {
public static JsonAuthorizationMBeanServerStartRule serverRule = new JsonAuthorizationMBeanServerStartRule(jmxManagerPort, "cacheServer.json");
@Rule
- public MBeanServerConnectionRule<MemberMXBean> connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
+ public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@Before
public void setUp() throws Exception {
- bean = connectionRule.getProxyMBean(MemberMXBean.class);
+ bean = (MemberMXBean)connectionRule.getProxyMBean(MemberMXBean.class);
con = connectionRule.getMBeanServerConnection();
}