You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/09/20 17:42:48 UTC
[1/2] incubator-geode git commit: GEODE-1648: commits related to
security-enabled-components.
Repository: incubator-geode
Updated Branches:
refs/heads/GEODE-1648 [created] f77f46d40
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/resources/org/apache/geode/codeAnalysis/excludedClasses.txt
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/codeAnalysis/excludedClasses.txt b/geode-core/src/test/resources/org/apache/geode/codeAnalysis/excludedClasses.txt
index 6d5c84c..b3bab0f 100644
--- a/geode-core/src/test/resources/org/apache/geode/codeAnalysis/excludedClasses.txt
+++ b/geode-core/src/test/resources/org/apache/geode/codeAnalysis/excludedClasses.txt
@@ -116,6 +116,7 @@ org/apache/geode/internal/process/ClusterConfigurationNotAvailableException
org/apache/geode/internal/security/GeodeSecurityUtil
org/apache/geode/internal/security/IntegratedSecurityService
org/apache/geode/internal/security/IntegratedSecurityService$SerializationProxy
+org/apache/geode/internal/security/SecurableComponent
org/apache/geode/internal/security/SecurityService
org/apache/geode/internal/statistics/platform/LinuxProcFsStatistics$CPU
com/gemstone/org/apache/logging/log4j/core/config/xml/GemFireXmlConfiguration
[2/2] incubator-geode git commit: GEODE-1648: commits related to
security-enabled-components.
Posted by ji...@apache.org.
GEODE-1648: commits related to security-enabled-components.
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/f77f46d4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/f77f46d4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/f77f46d4
Branch: refs/heads/GEODE-1648
Commit: f77f46d40ff512892e1fba04792429745132e030
Parents: efd0117
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Tue Sep 20 10:40:31 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Tue Sep 20 10:40:31 2016 -0700
----------------------------------------------------------------------
.../client/internal/ConnectionFactoryImpl.java | 11 +-
.../distributed/ConfigurationProperties.java | 16 ++
.../internal/AbstractDistributionConfig.java | 26 +++
.../internal/DistributionConfig.java | 29 ++++
.../internal/DistributionConfigImpl.java | 20 +++
.../membership/gms/auth/GMSAuthenticator.java | 2 +-
.../membership/gms/fd/GMSHealthMonitor.java | 1 +
.../internal/tcpserver/TcpClient.java | 1 +
.../internal/tcpserver/TcpServer.java | 1 +
.../apache/geode/internal/admin/SSLConfig.java | 1 +
.../cache/tier/sockets/AcceptorImpl.java | 4 +-
.../geode/internal/net/SocketCreator.java | 1 +
.../security/IntegratedSecurityService.java | 145 +++++++++++++++--
.../internal/security/SecurableComponent.java | 55 +++++++
.../internal/security/SecurityService.java | 73 ++-------
.../apache/geode/internal/tcp/TCPConduit.java | 1 +
.../geode/management/GemFireProperties.java | 1 +
.../management/internal/ManagementAgent.java | 13 +-
.../geode/security/SecurableComponents.java | 62 +++++++
.../CacheServerSSLConnectionDUnitTest.java | 7 +-
.../LocatorLauncherRemoteIntegrationTest.java | 29 ++--
.../ServerLauncherRemoteIntegrationTest.java | 34 ++--
.../AbstractDistributionConfigTest.java | 78 +++++++++
.../internal/DistributionConfigJUnitTest.java | 89 +++++++++-
.../security/IntegratedSecurityServiceTest.java | 163 +++++++++++++++++--
.../security/SecurityConfigIntegrationTest.java | 57 +++++++
.../ConnectToLocatorSSLDUnitTest.java | 1 +
.../geode/management/JMXMBeanDUnitTest.java | 1 +
...edSecurityCacheLifecycleDistributedTest.java | 14 +-
.../security/P2PAuthenticationDUnitTest.java | 32 ++--
.../geode/codeAnalysis/excludedClasses.txt | 1 +
31 files changed, 800 insertions(+), 169 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java
index 92b3dae..b6460eb 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java
@@ -16,10 +16,6 @@
*/
package org.apache.geode.cache.client.internal;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.concurrent.ScheduledExecutorService;
-
import org.apache.geode.CancelCriterion;
import org.apache.geode.CancelException;
import org.apache.geode.cache.GatewayConfigurationException;
@@ -28,6 +24,7 @@ import org.apache.geode.cache.client.internal.ServerBlackList.FailureTracker;
import org.apache.geode.cache.wan.GatewaySender;
import org.apache.geode.distributed.internal.InternalDistributedSystem;
import org.apache.geode.distributed.internal.ServerLocation;
+import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.cache.tier.Acceptor;
import org.apache.geode.internal.cache.tier.sockets.CacheClientUpdater;
import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID;
@@ -35,12 +32,16 @@ import org.apache.geode.internal.cache.tier.sockets.HandShake;
import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
-import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.net.SocketCreatorFactory;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.security.GemFireSecurityException;
import org.apache.logging.log4j.Logger;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.concurrent.ScheduledExecutorService;
+
/**
* Creates connections, using a connection source to determine
* which server to connect to.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
index 66b1472..d2dd371 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
@@ -1347,6 +1347,22 @@ public interface ConfigurationProperties {
*/
String SECURITY_PEER_VERIFY_MEMBER_TIMEOUT = SECURITY_PREFIX + "peer-verifymember-timeout";
/**
+ * The static String definition of the <i>"security-enabled-components"</i> property
+ * <a name="security-enabled-components"/>
+ * <p>
+ * <u>Description</u>: This setting is a comma delimited list of
+ * {@link org.apache.geode.security.SecurableComponents} specifying which components will be secured
+ * by a {@link #SECURITY_MANAGER}.
+ * <p>
+ * This property has no effect unless a {@link #SECURITY_MANAGER} is
+ * specified.
+ * <p>
+ * <u>Options</u>: "all","server","cluster","gateway","http","jmx"
+ * <p>
+ * <u>Since</u>: Geode 1.0
+ */
+ String SECURITY_ENABLED_COMPONENTS = SECURITY_PREFIX + "enabled-components";
+ /**
* The static String definition of the <i>"server-bind-address"</i> property
* <a name="server-bind-address"/a><p>
* <U>Description</U>: The IP address that this distributed system's
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java
index 31fa4f6..727c5ab 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java
@@ -42,6 +42,7 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.LogWriterImpl;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.memcached.GemFireMemcachedServer;
/**
@@ -495,6 +496,29 @@ public abstract class AbstractDistributionConfig extends AbstractConfig implemen
return value;
}
+ /**
+ * First check if sslComponents are in the list of valid components. If so, check that no other *-ssl-* properties other than cluster-ssl-* are set.
+ * This would mean one is mixing the "old" with the "new"
+ */
+ @ConfigAttributeChecker(name = SECURITY_ENABLED_COMPONENTS)
+ protected String checkSecurityEnabledComponents(String value) {
+ // value with no commas
+ // empty value
+ // null
+ if (StringUtils.isEmpty(value) || SecurableComponent.NONE.name().equalsIgnoreCase(value)) {
+ return value;
+ }
+ if (!value.contains(",")) {
+ SecurableComponent.getEnum(value);
+ return value;
+ }
+ StringTokenizer stringTokenizer = new StringTokenizer(value, ",");
+ while (stringTokenizer.hasMoreTokens()) {
+ SecurableComponent.getEnum(stringTokenizer.nextToken());
+ }
+ return value;
+ }
+
// AbstractConfig overriding methods
@Override
@@ -950,6 +974,8 @@ public abstract class AbstractDistributionConfig extends AbstractConfig implemen
m.put(SECURITY_MANAGER, "User defined fully qualified class name implementing SecurityManager interface for integrated security. Defaults to \"{0}\". Legal values can be any \"class name\" implementing SecurityManager that is present in the classpath.");
m.put(SECURITY_POST_PROCESSOR, "User defined fully qualified class name implementing PostProcessor interface for integrated security. Defaults to \"{0}\". Legal values can be any \"class name\" implementing PostProcessor that is present in the classpath.");
+ m.put(SECURITY_ENABLED_COMPONENTS, "A comma delimited list of components that should be secured");
+
m.put(SSL_ENABLED_COMPONENTS, "A comma delimited list of components that require SSL communications");
m.put(SSL_CIPHERS, "List of available SSL cipher suites that are to be enabled. Defaults to \"" + DEFAULT_SSL_CIPHERS + "\" meaning your provider''s defaults.");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java
index 9da08da..692c2b9 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java
@@ -4595,6 +4595,35 @@ public interface DistributionConfig extends Config, LogConfig {
*/
boolean DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION = false;
+ /**
+ * Returns the value of the {@link ConfigurationProperties#SECURITY_ENABLED_COMPONENTS}
+ * property.
+ * @since Geode 1.0
+ */
+ @ConfigAttributeGetter(name = SECURITY_ENABLED_COMPONENTS)
+ String getSecurityEnabledComponents();
+
+ /**
+ * Sets the value of the {@link ConfigurationProperties#SECURITY_ENABLED_COMPONENTS}
+ * property.
+ * @since Geode 1.0
+ */
+ @ConfigAttributeSetter(name = SECURITY_ENABLED_COMPONENTS)
+ void setSecurityEnabledComponents(String securityEnabledComponents);
+
+ /**
+ * The name of the {@link ConfigurationProperties#SECURITY_ENABLED_COMPONENTS} property
+ * @since Geode 1.0
+ */
+ @ConfigAttribute(type = String.class)
+ String SECURITY_ENABLED_COMPONENTS_NAME = SECURITY_ENABLED_COMPONENTS;
+
+ /**
+ * The default ssl enabled components
+ * @since Geode 1.0
+ */
+ String DEFAULT_SECURITY_ENABLED_COMPONENTS = "all";
+
//*************** Initializers to gather all the annotations in this class ************************
Map<String, ConfigAttribute> attributes = new HashMap<>();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java
index 4d3d751..5a3ec27 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java
@@ -38,6 +38,7 @@ import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.builder.EqualsBuilder;
import org.apache.commons.lang.builder.HashCodeBuilder;
import org.apache.geode.redis.GeodeRedisServer;
+import org.apache.geode.security.SecurableComponents;
import org.apache.geode.GemFireConfigException;
import org.apache.geode.GemFireIOException;
@@ -49,6 +50,7 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.process.ProcessLauncherContext;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.memcached.GemFireMemcachedServer;
/**
@@ -572,6 +574,8 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
protected String userCommandPackages = DEFAULT_USER_COMMAND_PACKAGES;
+ private String securityEnabledComponents = DEFAULT_SECURITY_ENABLED_COMPONENTS;
+
/**
* "off-heap-memory-size" with value of "" or "<size>[g|m]"
*/
@@ -763,6 +767,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
this.securityManager = other.getSecurityManager();
this.postProcessor = other.getPostProcessor();
+ this.securityEnabledComponents = ((DistributionConfigImpl) other).securityEnabledComponents;
this.clusterSSLAlias = other.getClusterSSLAlias();
this.gatewaySSLAlias = other.getGatewaySSLAlias();
this.httpServiceSSLAlias = other.getHTTPServiceSSLAlias();
@@ -2188,6 +2193,9 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
}
public Properties getSecurityProps() {
+ if (security.containsKey(SECURITY_MANAGER) && !security.containsKey(SECURITY_ENABLED_COMPONENTS)) {
+ security.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL);
+ }
return security;
}
@@ -2506,6 +2514,16 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
}
@Override
+ public String getSecurityEnabledComponents() {
+ return securityEnabledComponents;
+ }
+
+ @Override
+ public void setSecurityEnabledComponents(final String securityEnabledComponents) {
+ this.securityEnabledComponents = securityEnabledComponents;
+ }
+
+ @Override
public String getClusterSSLAlias() {
return clusterSSLAlias;
}
@@ -2862,6 +2880,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
.append(sslDefaultAlias, that.sslDefaultAlias)
.append(sourceMap, that.sourceMap)
.append(userCommandPackages, that.userCommandPackages)
+ .append(securityEnabledComponents, that.securityEnabledComponents)
.append(offHeapMemorySize, that.offHeapMemorySize)
.append(shiroInit, that.shiroInit)
.isEquals();
@@ -3037,6 +3056,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
.append(sslDefaultAlias)
.append(sourceMap)
.append(userCommandPackages)
+ .append(securityEnabledComponents)
.append(offHeapMemorySize)
.append(lockMemory)
.append(shiroInit)
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
index 3f030c9..a448d8c 100755
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
@@ -106,7 +106,7 @@ public class GMSAuthenticator implements Authenticator {
* Method is package protected to be used in testing.
*/
String authenticate(DistributedMember member, Properties credentials, Properties secProps, DistributedMember localMember) throws AuthenticationFailedException {
- if (!securityService.isPeerSecurityRequired()) {
+ if (!this.securityService.isPeerSecurityRequired()) {
return null;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java
index aafb498..5717c30 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java
@@ -66,6 +66,7 @@ import org.apache.geode.internal.ConnectionWatcher;
import org.apache.geode.internal.Version;
import org.apache.geode.internal.net.SocketCreatorFactory;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
/**
* Failure Detection
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
index def631f..495a85b 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
@@ -41,6 +41,7 @@ import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.net.SocketCreatorFactory;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
/**
* <p>Client for the TcpServer component of the Locator.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java
index 3c07771..bd6a8f8 100755
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java
@@ -61,6 +61,7 @@ import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.net.SocketCreatorFactory;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
/**
* TCP server which listens on a port and delegates requests to a request
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
index 6f0c52f..4b96d55 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
@@ -23,6 +23,7 @@ import java.util.Properties;
import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.management.internal.SSLUtil;
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
index 74fca50..5bddfa5 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
@@ -87,6 +87,7 @@ import org.apache.geode.internal.logging.LoggingThreadGroup;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.IntegratedSecurityService;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.internal.net.SocketCreatorFactory;
import org.apache.geode.internal.tcp.ConnectionTable;
@@ -629,7 +630,8 @@ public class AcceptorImpl extends Acceptor implements Runnable
this.hsPool = tmp_hsPool;
}
- isAuthenticationRequired = this.securityService.isClientSecurityRequired();
+ isAuthenticationRequired = (this.isGatewayReceiver && this.securityService.isGatewaySecurityRequired()) ||
+ (! this.isGatewayReceiver && this.securityService.isClientSecurityRequired());
isIntegratedSecurity = this.securityService.isIntegratedSecurity();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index bc1e896..c6ad9ce 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -97,6 +97,7 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.internal.util.PasswordUtil;
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
index a515de5..a328acb 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
@@ -20,6 +20,7 @@ import static org.apache.geode.distributed.ConfigurationProperties.*;
import java.io.IOException;
import java.io.Serializable;
+import java.lang.reflect.Method;
import java.security.AccessController;
import java.util.Properties;
import java.util.Set;
@@ -27,22 +28,11 @@ import java.util.concurrent.Callable;
import org.apache.commons.lang.SerializationException;
import org.apache.commons.lang.StringUtils;
-import org.apache.geode.GemFireIOException;
-import org.apache.geode.internal.cache.EntryEventImpl;
-import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.security.shiro.CustomAuthRealm;
-import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
-import org.apache.geode.internal.security.shiro.ShiroPrincipal;
-import org.apache.geode.internal.util.BlobHelper;
-import org.apache.geode.management.internal.security.ResourceConstants;
-import org.apache.geode.management.internal.security.ResourceOperation;
-import org.apache.geode.security.AuthenticationFailedException;
-import org.apache.geode.security.GemFireSecurityException;
-import org.apache.geode.security.NotAuthorizedException;
import org.apache.geode.security.PostProcessor;
import org.apache.geode.security.ResourcePermission;
import org.apache.geode.security.ResourcePermission.Operation;
import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.SecurableComponents;
import org.apache.geode.security.SecurityManager;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.SecurityUtils;
@@ -56,6 +46,21 @@ import org.apache.shiro.subject.support.SubjectThreadState;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.util.ThreadState;
+import org.apache.geode.GemFireIOException;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.internal.ClassLoadUtil;
+import org.apache.geode.internal.cache.EntryEventImpl;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.security.shiro.CustomAuthRealm;
+import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
+import org.apache.geode.internal.security.shiro.ShiroPrincipal;
+import org.apache.geode.internal.util.BlobHelper;
+import org.apache.geode.management.internal.security.ResourceConstants;
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.NotAuthorizedException;
+
public class IntegratedSecurityService implements SecurityService{
private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
@@ -77,6 +82,12 @@ public class IntegratedSecurityService implements SecurityService{
private boolean isClientAuthenticator; // is there a SECURITY_CLIENT_AUTHENTICATOR
private boolean isPeerAuthenticator; // is there a SECURITY_PEER_AUTHENTICATOR
+ private boolean isJmxSecurityRequired;
+ private boolean isHttpSecurityRequired;
+ private boolean isGatewaySecurityRequired;
+ private boolean isClusterSecurityRequired;
+ private boolean isServerSecurityRequired;
+
/**
* It first looks the shiro subject in AccessControlContext since JMX will
* use multiple threads to process operations from the same client, then it
@@ -311,6 +322,17 @@ public class IntegratedSecurityService implements SecurityService{
return;
}
+ String enabledComponentsString = securityProps.getProperty(SECURITY_ENABLED_COMPONENTS);
+ if (enabledComponentsString == null) {
+ enabledComponentsString = DistributionConfig.DEFAULT_SECURITY_ENABLED_COMPONENTS;
+ }
+
+ boolean isClusterSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.CLUSTER);
+ boolean isGatewaySecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.GATEWAY);
+ boolean isHttpSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.HTTP_SERVICE);
+ boolean isJmxSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.JMX);
+ boolean isServerSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.SERVER);
+
String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
String securityConfig = securityProps.getProperty(SECURITY_MANAGER);
String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
@@ -332,7 +354,7 @@ public class IntegratedSecurityService implements SecurityService{
}
// only set up shiro realm if user has implemented SecurityManager
else if (!StringUtils.isBlank(securityConfig)) {
- securityManager = SecurityService.getObjectOfTypeFromClassName(securityConfig, SecurityManager.class);
+ securityManager = getObjectOfTypeFromClassName(securityConfig, SecurityManager.class);
securityManager.init(securityProps);
Realm realm = new CustomAuthRealm(securityManager);
org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm);
@@ -351,10 +373,17 @@ public class IntegratedSecurityService implements SecurityService{
isPeerAuthenticator = false;
}
+ isServerSecurityRequired = isClientAuthenticator || (isIntegratedSecurity && isServerSecured);
+ isClusterSecurityRequired = isPeerAuthenticator || (isIntegratedSecurity && isClusterSecured);
+
+ isGatewaySecurityRequired = isClientAuthenticator || (isIntegratedSecurity && isGatewaySecured);
+ isHttpSecurityRequired = isIntegratedSecurity && isHttpSecured;
+ isJmxSecurityRequired = isIntegratedSecurity && isJmxSecured;
+
// this initializes the post processor
String customPostProcessor = securityProps.getProperty(SECURITY_POST_PROCESSOR);
if( !StringUtils.isBlank(customPostProcessor)) {
- postProcessor = SecurityService.getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class);
+ postProcessor = getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class);
postProcessor.init(securityProps);
}
else{
@@ -424,6 +453,74 @@ public class IntegratedSecurityService implements SecurityService{
return newValue;
}
+ private static void checkSameClass(Object obj1, Object obj2){
+
+ }
+
+ /**
+ * this method would never return null, it either throws an exception or
+ * returns an object
+ */
+ public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
+ Class actualClass = null;
+ try {
+ actualClass = ClassLoadUtil.classFromName(className);
+ }
+ catch (Exception ex) {
+ throw new GemFireSecurityException("Instance could not be obtained, "+ex.toString(), ex);
+ }
+
+ if(!expectedClazz.isAssignableFrom(actualClass)){
+ throw new GemFireSecurityException("Instance could not be obtained. Expecting a "+expectedClazz.getName()+" class.");
+ }
+
+ T actualObject = null;
+ try {
+ actualObject = (T)actualClass.newInstance();
+ } catch (Exception e) {
+ throw new GemFireSecurityException("Instance could not be obtained. Error instantiating "+actualClass.getName(), e);
+ }
+ return actualObject;
+ }
+
+ /**
+ * this method would never return null, it either throws an exception or
+ * returns an object
+ */
+ public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz){
+ T actualObject = null;
+ try {
+ Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
+ actualObject = (T)factoryMethod.invoke(null, (Object[])null);
+ } catch (Exception e) {
+ throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName, e);
+ }
+
+ if(actualObject == null){
+ throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName);
+ }
+
+ return actualObject;
+ }
+
+ /**
+ * this method would never return null, it either throws an exception or
+ * returns an object
+ *
+ * @return an object of type expectedClazz. This method would never return
+ * null. It either returns an non-null object or throws exception.
+ */
+ public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
+ T object = null;
+ try{
+ object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
+ }
+ catch (Exception e){
+ object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
+ }
+ return object;
+ }
+
public SecurityManager getSecurityManager(){
return securityManager;
}
@@ -436,11 +533,23 @@ public class IntegratedSecurityService implements SecurityService{
return isIntegratedSecurity;
}
- public boolean isClientSecurityRequired() {
- return isClientAuthenticator || isIntegratedSecurity;
+ public boolean isClientSecurityRequired() { // TODO: rename as isServerSecurityRequired
+ return isServerSecurityRequired;
+ }
+
+ public boolean isPeerSecurityRequired() { // TODO: rename as isClusterSecurityRequired
+ return isClusterSecurityRequired;
+ }
+
+ public boolean isJmxSecurityRequired() {
+ return isJmxSecurityRequired;
+ }
+
+ public boolean isGatewaySecurityRequired() {
+ return isGatewaySecurityRequired;
}
- public boolean isPeerSecurityRequired() {
- return isPeerAuthenticator || isIntegratedSecurity;
+ public boolean isHttpSecurityRequired() {
+ return isHttpSecurityRequired;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java
new file mode 100644
index 0000000..1eac87c
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.security.SecurableComponents;
+
+public enum SecurableComponent {
+ ALL(SecurableComponents.ALL),
+ CLUSTER(SecurableComponents.CLUSTER),
+ SERVER(SecurableComponents.SERVER),
+ JMX(SecurableComponents.JMX),
+ HTTP_SERVICE(SecurableComponents.HTTP_SERVICE),
+ GATEWAY(SecurableComponents.GATEWAY),
+ LOCATOR(SecurableComponents.LOCATOR),
+ NONE("NO_COMPONENT");
+
+ private final String constant;
+
+ SecurableComponent(final String constant) {
+ this.constant = constant;
+ }
+
+ public static SecurableComponent getEnum(String enumString) {
+ for (SecurableComponent securableComponent : SecurableComponent.values()) {
+ if (securableComponent.constant.equalsIgnoreCase(enumString)) {
+ return securableComponent;
+ }
+ }
+ throw new GemFireConfigException("There is no registered component for the name: " + enumString);
+ }
+
+ public String getConstant() {
+ return constant;
+ }
+
+ @Override
+ public String toString() {
+ return constant;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
index d645bbf..4d4fcfa 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
@@ -16,14 +16,11 @@
*/
package org.apache.geode.internal.security;
-import java.lang.reflect.Method;
import java.util.Properties;
import java.util.concurrent.Callable;
-import org.apache.geode.internal.ClassLoadUtil;
import org.apache.geode.management.internal.security.ResourceConstants;
import org.apache.geode.management.internal.security.ResourceOperation;
-import org.apache.geode.security.GemFireSecurityException;
import org.apache.geode.security.PostProcessor;
import org.apache.geode.security.ResourcePermission;
import org.apache.geode.security.SecurityManager;
@@ -59,73 +56,24 @@ public interface SecurityService {
Object postProcess(String regionPath, Object key, Object value, boolean valueIsSerialized);
Object postProcess(Object principal, String regionPath, Object key, Object value, boolean valueIsSerialized);
boolean isClientSecurityRequired();
- boolean isIntegratedSecurity();
+ boolean isJmxSecurityRequired();
+ boolean isGatewaySecurityRequired();
+ boolean isHttpSecurityRequired();
boolean isPeerSecurityRequired();
+ boolean isIntegratedSecurity();
SecurityManager getSecurityManager();
PostProcessor getPostProcessor();
- /**
- * this method would never return null, it either throws an exception or
- * returns an object
- */
- public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
- Class actualClass = null;
- try {
- actualClass = ClassLoadUtil.classFromName(className);
- }
- catch (Exception ex) {
- throw new GemFireSecurityException("Instance could not be obtained, " + ex.toString(), ex);
- }
-
- if(!expectedClazz.isAssignableFrom(actualClass)){
- throw new GemFireSecurityException("Instance could not be obtained. Expecting a "+expectedClazz.getName()+" class.");
- }
-
- T actualObject = null;
- try {
- actualObject = (T)actualClass.newInstance();
- } catch (Exception e) {
- throw new GemFireSecurityException("Instance could not be obtained. Error instantiating "+actualClass.getName(), e);
- }
- return actualObject;
+ static <T> T getObjectOfType(String factoryName, Class<T> clazz) {
+ return IntegratedSecurityService.getObjectOfType(factoryName, clazz);
}
- /**
- * this method would never return null, it either throws an exception or
- * returns an object
- */
- public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz){
- T actualObject = null;
- try {
- Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
- actualObject = (T)factoryMethod.invoke(null, (Object[])null);
- } catch (Exception e) {
- throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName, e);
- }
-
- if(actualObject == null){
- throw new GemFireSecurityException("Instance could not be obtained from " + factoryMethodName);
- }
-
- return actualObject;
+ static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz) {
+ return IntegratedSecurityService.getObjectOfTypeFromFactoryMethod(factoryMethodName, expectedClazz);
}
- /**
- * this method would never return null, it either throws an exception or
- * returns an object
- *
- * @return an object of type expectedClazz. This method would never return
- * null. It either returns an non-null object or throws exception.
- */
- public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
- T object = null;
- try{
- object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
- }
- catch (Exception e){
- object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
- }
- return object;
+ static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
+ return IntegratedSecurityService.getObjectOfTypeFromClassName(className, expectedClazz);
}
public static Properties getCredentials(Properties securityProps){
@@ -141,5 +89,4 @@ public interface SecurityService {
static SecurityService getSecurityService(){
return IntegratedSecurityService.getSecurityService();
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java b/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java
index 08f4e10..20083cf 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java
@@ -62,6 +62,7 @@ import org.apache.geode.internal.logging.log4j.LogMarker;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.net.SocketCreatorFactory;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
/**
* <p>TCPConduit manages a server socket and a collection of connections to
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java b/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java
index 2b2c1a6..592bfdd 100644
--- a/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java
+++ b/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java
@@ -18,6 +18,7 @@ package org.apache.geode.management;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
/**
* Composite Data type to be used by member to depict gemfire properties in key value manner
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index f1daa78..ad4b3b7 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -56,7 +56,7 @@ import org.apache.geode.internal.GemFireVersion;
import org.apache.geode.internal.cache.GemFireCacheImpl;
import org.apache.geode.internal.lang.StringUtils;
import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.security.IntegratedSecurityService;
import org.apache.geode.internal.net.SSLConfigurationFactory;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.net.SocketCreatorFactory;
@@ -95,7 +95,7 @@ public class ManagementAgent {
private JMXConnectorServer jmxConnectorServer;
private JMXShiroAuthenticator shiroAuthenticator;
private final DistributionConfig config;
- private SecurityService securityService = SecurityService.getSecurityService();
+ // TODO: add this -- private boolean isSecured;
private boolean isHttpServiceRunning = false;
/**
@@ -205,7 +205,7 @@ public class ManagementAgent {
if (logger.isDebugEnabled()) {
logger.debug(message);
}
- } else if (securityService.isIntegratedSecurity()) {
+ } else if (isIntegratedSecurity()) {
System.setProperty("spring.profiles.active", "pulse.authentication.gemfire");
}
@@ -437,7 +437,7 @@ public class ManagementAgent {
}
};
- if (securityService.isIntegratedSecurity()) {
+ if (isIntegratedSecurity()) {
shiroAuthenticator = new JMXShiroAuthenticator();
env.put(JMXConnectorServer.AUTHENTICATOR, shiroAuthenticator);
jmxConnectorServer.addNotificationListener(shiroAuthenticator, null, jmxConnectorServer.getAttributes());
@@ -494,6 +494,11 @@ public class ManagementAgent {
}
}
+
+ private boolean isIntegratedSecurity() {
+ return IntegratedSecurityService.getSecurityService().isJmxSecurityRequired();
+ }
+
private static class GemFireRMIClientSocketFactory implements RMIClientSocketFactory, Serializable {
private static final long serialVersionUID = -7604285019188827617L;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java b/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java
new file mode 100644
index 0000000..beb5600
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.security;
+
+import org.apache.geode.distributed.ConfigurationProperties;
+
+/**
+ * This class defines all the static definitions for the {@link ConfigurationProperties#SECURITY_ENABLED_COMPONENTS}
+ * <U>Since</U>: Geode 1.0
+ */
+public interface SecurableComponents {
+
+ /**
+ * This determines that all components will be secured.
+ * <U>Since</U>: Geode 1.0
+ */
+ String ALL = "all";
+ /**
+ * This determines that the client-server communication will be secured.
+ * <U>Since</U>: Geode 1.0
+ */
+ String SERVER = "server";
+ /**
+ * This determines that the inter-server (or server-to-server) communication will be secured.
+ * <U>Since</U>: Geode 1.0
+ */
+ String CLUSTER = "cluster";
+ /**
+ * This determines that test jmx communication will be secured.
+ * <U>Since</U>: Geode 1.0
+ */
+ String JMX = "jmx";
+ /**
+ * This determines that the http service communication will be secured.
+ * <U>Since</U>: Geode 1.0
+ */
+ String HTTP_SERVICE = "http";
+ /**
+ * This determines that the gateway communication will be secured.
+ * <U>Since</U>: Geode 1.0
+ */
+ String GATEWAY = "gateway";
+ /**
+ * This determines that the locator communication will be secured.
+ * <U>Since</U>: Geode 1.0
+ */
+ String LOCATOR = "locator";
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java b/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
index 9d53265..e1ee4b1 100644
--- a/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
@@ -24,6 +24,9 @@ import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Properties;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
import org.apache.geode.cache.Cache;
import org.apache.geode.cache.CacheFactory;
import org.apache.geode.cache.Region;
@@ -34,7 +37,9 @@ import org.apache.geode.cache.client.ClientCacheFactory;
import org.apache.geode.cache.client.ClientRegionFactory;
import org.apache.geode.cache.client.ClientRegionShortcut;
import org.apache.geode.cache.server.CacheServer;
+import org.apache.geode.internal.net.SocketCreatorFactory;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.security.AuthenticationRequiredException;
import org.apache.geode.test.dunit.Host;
import org.apache.geode.test.dunit.IgnoredException;
@@ -42,8 +47,6 @@ import org.apache.geode.test.dunit.VM;
import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.util.test.TestUtil;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
/**
* Tests cacheserver ssl support added. See https://svn.gemstone.com/trac/gemfire/ticket/48995 for details
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java
index 312ca56..2aa0c7d 100755
--- a/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java
+++ b/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java
@@ -16,20 +16,6 @@
*/
package org.apache.geode.distributed;
-import static org.apache.geode.distributed.ConfigurationProperties.*;
-import static org.hamcrest.CoreMatchers.*;
-import static org.junit.Assert.*;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.PrintStream;
-import java.lang.management.ManagementFactory;
-import java.net.InetAddress;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.atomic.AtomicBoolean;
-
import org.apache.geode.distributed.AbstractLauncher.Status;
import org.apache.geode.distributed.LocatorLauncher.Builder;
import org.apache.geode.distributed.LocatorLauncher.LocatorState;
@@ -44,6 +30,7 @@ import org.apache.geode.internal.process.ProcessControllerFactory;
import org.apache.geode.internal.process.ProcessStreamReader;
import org.apache.geode.internal.process.ProcessType;
import org.apache.geode.internal.process.ProcessUtils;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.test.junit.categories.FlakyTest;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
@@ -55,6 +42,20 @@ import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.PrintStream;
+import java.lang.management.ManagementFactory;
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+
/**
* Integration tests for launching a Locator in a forked process.
*
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java
index 3b3d11e..98ee86f 100755
--- a/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java
+++ b/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java
@@ -16,22 +16,6 @@
*/
package org.apache.geode.distributed;
-import static org.apache.geode.distributed.ConfigurationProperties.*;
-import static org.hamcrest.CoreMatchers.*;
-import static org.junit.Assert.*;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.lang.management.ManagementFactory;
-import java.net.InetAddress;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.atomic.AtomicBoolean;
-
import org.apache.geode.cache.DataPolicy;
import org.apache.geode.cache.Scope;
import org.apache.geode.distributed.AbstractLauncher.Status;
@@ -48,11 +32,8 @@ import org.apache.geode.internal.cache.xmlcache.RegionAttributesCreation;
import org.apache.geode.internal.logging.InternalLogWriter;
import org.apache.geode.internal.logging.LocalLogWriter;
import org.apache.geode.internal.net.SocketCreatorFactory;
-import org.apache.geode.internal.process.PidUnavailableException;
-import org.apache.geode.internal.process.ProcessControllerFactory;
-import org.apache.geode.internal.process.ProcessStreamReader;
-import org.apache.geode.internal.process.ProcessType;
-import org.apache.geode.internal.process.ProcessUtils;
+import org.apache.geode.internal.process.*;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.test.junit.categories.FlakyTest;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.process.ProcessWrapper;
@@ -60,6 +41,17 @@ import org.junit.Ignore;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import java.io.*;
+import java.lang.management.ManagementFactory;
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+
/**
* Integration tests for launching a Server in a forked process.
*
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java b/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java
new file mode 100644
index 0000000..293cbd2
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.distributed.internal;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Answers.*;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.security.SecurableComponents;
+import org.apache.geode.test.junit.categories.UnitTest;
+
+@Category(UnitTest.class)
+@RunWith(MockitoJUnitRunner.class)
+public class AbstractDistributionConfigTest {
+
+ @Mock(answer = CALLS_REAL_METHODS)
+ private AbstractDistributionConfig abstractDistributionConfig;
+
+ @Test
+ public void testNoCommaInvalidStringThrows() {
+ assertThatThrownBy(() -> abstractDistributionConfig.checkSecurityEnabledComponents("This has no commas in it")).isExactlyInstanceOf(GemFireConfigException.class);
+ }
+
+ @Test
+ public void testOneSecurityEnabledComponents() {
+ String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents(SecurableComponents.JMX);
+ assertThat(returnValue).isEqualTo(SecurableComponents.JMX);
+ }
+
+ @Test
+ public void testEmptySecurityEnabledComponents() {
+ String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents("");
+ assertThat(returnValue).isEqualTo("");
+ }
+
+ @Test
+ public void testNoneSecurityEnabledComponents() {
+ String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents("none");
+ assertThat(returnValue).isEqualTo("none");
+ }
+
+ @Test
+ public void testNullSecurityEnabledComponents() {
+ String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents(null);
+ assertThat(returnValue).isEqualTo(null);
+ }
+
+ @Test
+ public void testTwoSecurityEnabledComponents() {
+ String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents(SecurableComponents.JMX + "," + SecurableComponents.SERVER);
+ assertThat(returnValue).isEqualTo(SecurableComponents.JMX + "," + SecurableComponents.SERVER);
+ }
+
+ @Test
+ public void testOneValidSecurityEnabledComponentAndOneInvalid() {
+ assertThatThrownBy(() -> abstractDistributionConfig.checkSecurityEnabledComponents(SecurableComponents.JMX + "," + SecurableComponents.SERVER + "," + "this should throw")).isExactlyInstanceOf(GemFireConfigException.class);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java
index 04bfad6..978a0d0 100644
--- a/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java
@@ -17,6 +17,7 @@
package org.apache.geode.distributed.internal;
import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
import static org.junit.Assert.*;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*;
@@ -30,16 +31,19 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
-import org.apache.geode.InternalGemFireException;
-import org.apache.geode.UnmodifiableException;
-import org.apache.geode.internal.ConfigSource;
import org.apache.geode.security.templates.SamplePostProcessor;
import org.apache.geode.security.templates.SampleSecurityManager;
-import org.apache.geode.test.junit.categories.UnitTest;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.InternalGemFireException;
+import org.apache.geode.UnmodifiableException;
+import org.apache.geode.security.SecurableComponents;
+import org.apache.geode.internal.ConfigSource;
+import org.apache.geode.test.junit.categories.UnitTest;
+
@Category(UnitTest.class)
public class DistributionConfigJUnitTest {
@@ -77,7 +81,7 @@ public class DistributionConfigJUnitTest {
@Test
public void testGetAttributeNames() {
String[] attNames = AbstractDistributionConfig._getAttNames();
- assertEquals(attNames.length, 156);
+ assertEquals(attNames.length, 157);
List boolList = new ArrayList();
List intList = new ArrayList();
@@ -112,7 +116,7 @@ public class DistributionConfigJUnitTest {
//TODO - This makes no sense. One has no idea what the correct expected number of attributes are.
assertEquals(29, boolList.size());
assertEquals(33, intList.size());
- assertEquals(85, stringList.size());
+ assertEquals(86, stringList.size());
assertEquals(5, fileList.size());
assertEquals(4, otherList.size());
}
@@ -339,7 +343,7 @@ public class DistributionConfigJUnitTest {
DistributionConfig config = new DistributionConfigImpl(props);
// SECURITY_ENABLED_COMPONENTS is automatically added to getSecurityProps
- assertEquals(config.getSecurityProps().size(), 3);
+ assertEquals(config.getSecurityProps().size(), 4);
}
@Test
@@ -354,7 +358,76 @@ public class DistributionConfigJUnitTest {
DistributionConfig config = new DistributionConfigImpl(props);
// SECURITY_ENABLED_COMPONENTS is automatically added to getSecurityProps
- assertEquals(config.getSecurityProps().size(), 4);
+ assertEquals(config.getSecurityProps().size(), 5);
+ }
+
+ @Test
+ public void securityEnabledComponentsDefaultShouldBeAll() throws Exception {
+ Properties props = new Properties();
+ props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+
+ DistributionConfig config = new DistributionConfigImpl(props);
+
+ assertThat(config.getSecurityEnabledComponents()).contains(SecurableComponents.ALL);
+ }
+
+ @Test
+ public void oneSecurityEnabledComponent() throws Exception {
+ Properties props = new Properties();
+ props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ props.put(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX);
+
+ DistributionConfig config = new DistributionConfigImpl(props);
+
+ assertThat(config.getSecurityEnabledComponents())
+ .doesNotContain(SecurableComponents.ALL)
+ .doesNotContain(SecurableComponents.GATEWAY)
+ .doesNotContain(SecurableComponents.SERVER)
+ .doesNotContain(SecurableComponents.HTTP_SERVICE)
+ .doesNotContain(SecurableComponents.CLUSTER)
+ .contains(SecurableComponents.JMX);
+ }
+
+ @Test
+ public void twoSecurityEnabledComponents() throws Exception {
+ Properties props = new Properties();
+ props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ props.put(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.CLUSTER);
+
+ DistributionConfig config = new DistributionConfigImpl(props);
+
+ assertThat(config.getSecurityEnabledComponents())
+ .doesNotContain(SecurableComponents.ALL)
+ .doesNotContain(SecurableComponents.GATEWAY)
+ .doesNotContain(SecurableComponents.SERVER)
+ .doesNotContain(SecurableComponents.HTTP_SERVICE)
+ .contains(SecurableComponents.CLUSTER)
+ .contains(SecurableComponents.JMX);
+ }
+
+ @Test
+ public void multipleSecurityEnabledComponents() throws Exception {
+ Properties props = new Properties();
+ props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ props.put(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.CLUSTER+ "," + SecurableComponents.HTTP_SERVICE);
+
+ DistributionConfig config = new DistributionConfigImpl(props);
+
+ assertThat(config.getSecurityEnabledComponents())
+ .doesNotContain(SecurableComponents.ALL)
+ .doesNotContain(SecurableComponents.GATEWAY)
+ .doesNotContain(SecurableComponents.SERVER)
+ .contains(SecurableComponents.HTTP_SERVICE)
+ .contains(SecurableComponents.CLUSTER)
+ .contains(SecurableComponents.JMX);
+ }
+
+ @Test
+ public void nonExistentSecurityEnabledComponentShouldThrow() throws Exception {
+ Properties props = new Properties();
+ props.put(SECURITY_ENABLED_COMPONENTS, "notapplicable");
+
+ assertThatThrownBy(() -> new DistributionConfigImpl(props)).isExactlyInstanceOf(GemFireConfigException.class);
}
@Test
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
index e3e140e..333875e 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
@@ -27,6 +27,7 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import org.apache.geode.security.SecurableComponents;
import org.apache.geode.security.GemFireSecurityException;
import org.apache.geode.test.junit.categories.UnitTest;
@@ -45,42 +46,47 @@ public class IntegratedSecurityServiceTest {
@Test
public void testGetObjectFromConstructor() {
- String string = SecurityService.getObjectOfType(String.class.getName(), String.class);
+ String string = IntegratedSecurityService.getObjectOfType(String.class.getName(), String.class);
assertNotNull(string);
- CharSequence charSequence = SecurityService.getObjectOfType(String.class.getName(), CharSequence.class);
+ CharSequence charSequence = IntegratedSecurityService.getObjectOfType(String.class.getName(), CharSequence.class);
assertNotNull(charSequence);
- assertThatThrownBy(() -> SecurityService.getObjectOfType("com.abc.testString", String.class)).isInstanceOf(GemFireSecurityException.class);
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType("com.abc.testString", String.class)).isInstanceOf(GemFireSecurityException.class);
- assertThatThrownBy(() -> SecurityService.getObjectOfType(String.class.getName(), Boolean.class)).isInstanceOf(GemFireSecurityException.class);
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(String.class.getName(), Boolean.class)).isInstanceOf(GemFireSecurityException.class);
- assertThatThrownBy(() -> SecurityService.getObjectOfType("", String.class)).isInstanceOf(GemFireSecurityException.class);
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType("", String.class)).isInstanceOf(GemFireSecurityException.class);
- assertThatThrownBy(() -> SecurityService.getObjectOfType(null, String.class)).isInstanceOf(GemFireSecurityException.class);
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(null, String.class)).isInstanceOf(GemFireSecurityException.class);
- assertThatThrownBy(() -> SecurityService.getObjectOfType(" ", String.class)).isInstanceOf(GemFireSecurityException.class);
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(" ", String.class)).isInstanceOf(GemFireSecurityException.class);
}
@Test
public void testGetObjectFromFactoryMethod() {
- String string = SecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class);
+ String string = IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class);
assertNotNull(string);
- CharSequence charSequence = SecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class);
+ CharSequence charSequence = IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class);
assertNotNull(charSequence);
- assertThatThrownBy(() -> SecurityService.getObjectOfType(Factories.class.getName() + ".getStringNonStatic", String.class))
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getStringNonStatic", String.class))
.isInstanceOf(GemFireSecurityException.class);
- assertThatThrownBy(() -> SecurityService.getObjectOfType(Factories.class.getName() + ".getNullString", String.class))
+ assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getNullString", String.class))
.isInstanceOf(GemFireSecurityException.class);
}
+
@Test
public void testInitialSecurityFlags() {
// initial state of IntegratedSecurityService
assertFalse(securityService.isIntegratedSecurity());
+
assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
assertFalse(securityService.isPeerSecurityRequired());
}
@@ -92,7 +98,11 @@ public class IntegratedSecurityServiceTest {
securityService.initSecurity(properties);
assertTrue(securityService.isIntegratedSecurity());
+
assertTrue(securityService.isClientSecurityRequired());
+ assertTrue(securityService.isGatewaySecurityRequired());
+ assertTrue(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
assertTrue(securityService.isPeerSecurityRequired());
}
@@ -101,8 +111,14 @@ public class IntegratedSecurityServiceTest {
properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test");
securityService.initSecurity(properties);
+
assertFalse(securityService.isIntegratedSecurity());
+
assertTrue(securityService.isClientSecurityRequired());
+ assertTrue(securityService.isGatewaySecurityRequired());
+
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
assertFalse(securityService.isPeerSecurityRequired());
}
@@ -113,7 +129,11 @@ public class IntegratedSecurityServiceTest {
securityService.initSecurity(properties);
assertFalse(securityService.isIntegratedSecurity());
+
assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
assertTrue(securityService.isPeerSecurityRequired());
}
@@ -124,7 +144,128 @@ public class IntegratedSecurityServiceTest {
securityService.initSecurity(properties);
assertTrue(securityService.isIntegratedSecurity());
+
+ assertTrue(securityService.isClientSecurityRequired());
+ assertTrue(securityService.isGatewaySecurityRequired());
+ assertTrue(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertTrue(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void allEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL);
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertTrue(securityService.isClientSecurityRequired());
+ assertTrue(securityService.isGatewaySecurityRequired());
+ assertTrue(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertTrue(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void emptyEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS,"");
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void noneEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS,"none");
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void allSecurableComponentsWithoutAnySecurity() {
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL);
+
+ securityService.initSecurity(properties);
+
+ assertFalse(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertFalse(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void oneSecurableComponentEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX);
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertFalse(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void twoSecurableComponentEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.SERVER);
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
+ assertTrue(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
+ assertFalse(securityService.isPeerSecurityRequired());
+ }
+
+ @Test
+ public void manySecurableComponentEnabledWithSecurityManager() {
+ properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.SERVER + "," + SecurableComponents.CLUSTER);
+
+ securityService.initSecurity(properties);
+
+ assertTrue(securityService.isIntegratedSecurity());
+
assertTrue(securityService.isClientSecurityRequired());
+ assertFalse(securityService.isGatewaySecurityRequired());
+ assertFalse(securityService.isHttpSecurityRequired());
+ assertTrue(securityService.isJmxSecurityRequired());
assertTrue(securityService.isPeerSecurityRequired());
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java
new file mode 100644
index 0000000..aab934e
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.Properties;
+
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.security.SecurableComponents;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.distributed.internal.DistributionConfigImpl;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+
+@Category(IntegrationTest.class)
+public class SecurityConfigIntegrationTest {
+
+ @Test
+ public void securityEnabledComponentsDefaultShouldBeAll() throws Exception {
+ SecurityService securityService = SecurityService.getSecurityService();
+ Properties props = new Properties();
+ props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ props.put(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
+
+ DistributionConfig config = new DistributionConfigImpl(props);
+ Properties securityProps = config.getSecurityProps();
+
+ assertThat(securityProps).containsKeys(SECURITY_MANAGER, SECURITY_ENABLED_COMPONENTS);
+ assertThat(securityProps.getProperty(SECURITY_ENABLED_COMPONENTS)).isEqualTo(SecurableComponents.ALL);
+
+ securityService.initSecurity(securityProps);
+
+ assertThat(securityService.isClientSecurityRequired());
+ assertThat(securityService.isGatewaySecurityRequired());
+ assertThat(securityService.isPeerSecurityRequired());
+ assertThat(securityService.isJmxSecurityRequired());
+ assertThat(securityService.isHttpSecurityRequired());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
index 41ffa48..1bf1056 100644
--- a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
@@ -37,6 +37,7 @@ import org.junit.rules.TemporaryFolder;
import org.apache.geode.distributed.Locator;
import org.apache.geode.internal.AvailablePortHelper;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.management.cli.Result.Status;
import org.apache.geode.management.internal.cli.CliUtil;
import org.apache.geode.management.internal.cli.HeadlessGfsh;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java
index ffa024f..05c9022 100644
--- a/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java
@@ -41,6 +41,7 @@ import org.junit.experimental.categories.Category;
import org.apache.geode.distributed.LocatorLauncher;
import org.apache.geode.internal.AvailablePortHelper;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.security.SecurableComponent;
import org.apache.geode.test.dunit.DistributedTestCase;
import org.apache.geode.test.dunit.DistributedTestUtils;
import org.apache.geode.test.dunit.Host;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
index 040bbf0..494c4d4 100644
--- a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
@@ -22,12 +22,17 @@ import static org.assertj.core.api.Assertions.*;
import java.io.IOException;
import java.util.Properties;
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
import org.apache.geode.cache.server.CacheServer;
-import org.apache.geode.internal.AvailablePortHelper;
+import org.apache.geode.internal.AvailablePort;
import org.apache.geode.internal.security.IntegratedSecurityService;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.internal.AvailablePortHelper;
import org.apache.geode.management.ManagementService;
-import org.apache.geode.security.templates.SampleSecurityManager;
import org.apache.geode.test.dunit.DistributedTestUtils;
import org.apache.geode.test.dunit.Host;
import org.apache.geode.test.dunit.NetworkUtils;
@@ -35,9 +40,6 @@ import org.apache.geode.test.dunit.VM;
import org.apache.geode.test.dunit.cache.internal.JUnit4CacheTestCase;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
@Ignore("This is broken but fixed on feature/GEODE-1673")
@Category({DistributedTest.class, SecurityTest.class})
@@ -67,6 +69,7 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/management/internal/security/clientServer.json");
properties.setProperty(LOCATORS, locators);
properties.setProperty(MCAST_PORT, "0");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, "");
properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
properties.setProperty(START_LOCATOR, locators);
properties.setProperty(JMX_MANAGER, "true");
@@ -104,6 +107,7 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/management/internal/security/clientServer.json");
properties.setProperty(LOCATORS, locators);
properties.setProperty(MCAST_PORT, "0");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, "");
properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
index 9fcf4cd..ba4cb59 100644
--- a/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
@@ -18,6 +18,22 @@
*/
package org.apache.geode.security;
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.apache.geode.internal.AvailablePort.*;
+import static org.apache.geode.security.SecurityTestUtils.*;
+import static org.apache.geode.test.dunit.Assert.*;
+import static org.apache.geode.test.dunit.IgnoredException.*;
+import static org.apache.geode.test.dunit.NetworkUtils.*;
+import static org.apache.geode.test.dunit.Wait.*;
+
+import java.util.Properties;
+
+import javax.net.ssl.SSLHandshakeException;
+
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
import org.apache.geode.distributed.ConfigurationProperties;
import org.apache.geode.distributed.DistributedSystem;
import org.apache.geode.distributed.Locator;
@@ -36,22 +52,6 @@ import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.FlakyTest;
import org.apache.geode.test.junit.categories.SecurityTest;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import javax.net.ssl.SSLHandshakeException;
-import java.util.Properties;
-
-import static org.apache.geode.distributed.ConfigurationProperties.*;
-import static org.apache.geode.internal.AvailablePort.SOCKET;
-import static org.apache.geode.internal.AvailablePort.getRandomAvailablePort;
-import static org.apache.geode.security.SecurityTestUtils.startLocator;
-import static org.apache.geode.security.SecurityTestUtils.stopLocator;
-import static org.apache.geode.test.dunit.Assert.*;
-import static org.apache.geode.test.dunit.IgnoredException.addIgnoredException;
-import static org.apache.geode.test.dunit.NetworkUtils.getIPLiteral;
-import static org.apache.geode.test.dunit.Wait.pause;
/**
* Tests peer to peer authentication in Gemfire