You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/06/27 21:21:07 UTC
[17/50] [abbrv] incubator-geode git commit: Integrated client auth
support for RegisterInterest, new dunit and refactoring of old dunit.
Integrated client auth support for RegisterInterest, new dunit and refactoring of old dunit.
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/46017f93
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/46017f93
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/46017f93
Branch: refs/heads/feature/GEODE-1571
Commit: 46017f938f291140cdf43c02bb01580767510ca4
Parents: a4c2dad
Author: gmeilen <gr...@gmail.com>
Authored: Thu Jun 23 15:08:40 2016 -0700
Committer: gmeilen <gr...@gmail.com>
Committed: Thu Jun 23 15:08:40 2016 -0700
----------------------------------------------------------------------
.../cache/tier/sockets/BaseCommand.java | 10 +
.../tier/sockets/command/RegisterInterest.java | 175 +++++++++---------
.../sockets/command/RegisterInterest61.java | 182 ++++++++++---------
.../sockets/command/RegisterInterestList.java | 6 +-
.../sockets/command/RegisterInterestList66.java | 5 +-
...ractIntegratedClientAuthDistributedTest.java | 71 ++++++++
.../security/IntegratedClientAuthDUnitTest.java | 55 +-----
...ientRegisterInterestAuthDistributedTest.java | 134 ++++++++++++++
8 files changed, 413 insertions(+), 225 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
index bdebb6b..b5bc033 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
@@ -41,8 +41,11 @@ import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.offheap.OffHeapHelper;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.internal.sequencelog.EntryLogger;
import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.security.NotAuthorizedException;
+
import org.apache.logging.log4j.Logger;
import java.io.*;
@@ -1218,6 +1221,13 @@ public abstract class BaseCommand implements Command {
}
}
+// try { // TODO:SECURITY: Swapnil: do we need to throw or continue?
+// GeodeSecurityUtil.authorizeRegionRead(region.getName(), key.toString());
+// }
+// catch (NotAuthorizedException e){
+// continue;
+// }
+
ClientProxyMembershipID id = servConn == null ? null : servConn.getProxyID();
data = region.get(key, null, true, true, true, id, versionHolder, true);
versionTag = versionHolder.getVersionTag();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java
index 6defab0..3cf4bf4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java
@@ -31,6 +31,7 @@ import com.gemstone.gemfire.cache.DynamicRegionFactory;
import com.gemstone.gemfire.cache.InterestResultPolicy;
import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
import com.gemstone.gemfire.i18n.StringId;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import java.io.IOException;
@@ -145,101 +146,105 @@ public class RegisterInterest extends BaseCommand {
writeChunkedErrorResponse(msg, MessageType.REGISTER_INTEREST_DATA_ERROR,
message.toLocalizedString(), servConn);
servConn.setAsTrue(RESPONDED);
+ return;
}
- else { // input key not null
- LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
- if (region == null) {
- logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterest_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_REQUEST, new Object[] {servConn.getName(), regionName}));
- // writeChunkedErrorResponse(msg,
- // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
- // responded = true;
- }
- // Register interest
- try {
- AuthorizeRequest authzRequest = servConn.getAuthzRequest();
- if (authzRequest != null) {
- // TODO SW: This is a workaround for DynamicRegionFactory
- // registerInterest calls. Remove this when the semantics of
- // DynamicRegionFactory are cleaned up.
- if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
- RegisterInterestOperationContext registerContext = authzRequest
- .registerInterestAuthorize(regionName, key, interestType,
- policy);
- key = registerContext.getKey();
- }
+
+ // TODO: add security changes here
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+
+ // input key not null
+ LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
+ if (region == null) {
+ logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterest_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_REQUEST, new Object[] {servConn.getName(), regionName}));
+ // writeChunkedErrorResponse(msg,
+ // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
+ // responded = true;
+ }
+ // Register interest
+ try {
+ AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+ if (authzRequest != null) {
+ // TODO SW: This is a workaround for DynamicRegionFactory
+ // registerInterest calls. Remove this when the semantics of
+ // DynamicRegionFactory are cleaned up.
+ if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
+ RegisterInterestOperationContext registerContext = authzRequest
+ .registerInterestAuthorize(regionName, key, interestType,
+ policy);
+ key = registerContext.getKey();
}
- servConn.getAcceptor().getCacheClientNotifier().registerClientInterest(
- regionName, key, servConn.getProxyID(), interestType, isDurable,
- sendUpdatesAsInvalidates, false, 0, true);
}
- catch (Exception e) {
- // If an interrupted exception is thrown , rethrow it
- checkForInterrupt(servConn, e);
- // Otherwise, write an exception message and continue
- writeChunkedException(msg, e, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
+ servConn.getAcceptor().getCacheClientNotifier().registerClientInterest(
+ regionName, key, servConn.getProxyID(), interestType, isDurable,
+ sendUpdatesAsInvalidates, false, 0, true);
+ }
+ catch (Exception e) {
+ // If an interrupted exception is thrown , rethrow it
+ checkForInterrupt(servConn, e);
+ // Otherwise, write an exception message and continue
+ writeChunkedException(msg, e, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+ // System.out.println("Received register interest for " + regionName);
+
+ // Update the statistics and write the reply
+ // bserverStats.incLong(processDestroyTimeId,
+ // DistributionStats.getStatTime() - start);
+ // start = DistributionStats.getStatTime();
+
+ CacheClientProxy ccp = servConn.getAcceptor().getCacheClientNotifier()
+ .getClientProxy(servConn.getProxyID());
+ if (ccp == null) {
+ // fix for 37593
+ IOException ioex = new IOException(LocalizedStrings.RegisterInterest_CACHECLIENTPROXY_FOR_THIS_CLIENT_IS_NO_LONGER_ON_THE_SERVER_SO_REGISTERINTEREST_OPERATION_IS_UNSUCCESSFUL.toLocalizedString());
+ writeChunkedException(msg, ioex, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+ boolean isPrimary = ccp.isPrimary();
+ ChunkedMessage chunkedResponseMsg = servConn.getRegisterInterestResponseMessage();
+ if (!isPrimary) {
+ chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_SECONDARY);
+ chunkedResponseMsg.setTransactionId(msg.getTransactionId());
+ chunkedResponseMsg.sendHeader();
+ chunkedResponseMsg.setLastChunk(true);
+
+ if (logger.isDebugEnabled()) {
+ logger.debug("{}: Sending register interest response chunk from secondary for region: {} for key: {} chunk=<{}>", servConn.getName(), regionName, key, chunkedResponseMsg);
}
+ chunkedResponseMsg.sendChunk(servConn);
+ } // !isPrimary
+ else { // isPrimary
- // System.out.println("Received register interest for " + regionName);
+ // Send header which describes how many chunks will follow
+ chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_PRIMARY);
+ chunkedResponseMsg.setTransactionId(msg.getTransactionId());
+ chunkedResponseMsg.sendHeader();
- // Update the statistics and write the reply
- // bserverStats.incLong(processDestroyTimeId,
- // DistributionStats.getStatTime() - start);
- // start = DistributionStats.getStatTime();
-
- CacheClientProxy ccp = servConn.getAcceptor().getCacheClientNotifier()
- .getClientProxy(servConn.getProxyID());
- if (ccp == null) {
- // fix for 37593
- IOException ioex = new IOException(LocalizedStrings.RegisterInterest_CACHECLIENTPROXY_FOR_THIS_CLIENT_IS_NO_LONGER_ON_THE_SERVER_SO_REGISTERINTEREST_OPERATION_IS_UNSUCCESSFUL.toLocalizedString());
- writeChunkedException(msg, ioex, false, servConn);
+ // Send chunk response
+ try {
+ fillAndSendRegisterInterestResponseChunks(region, key, interestType,
+ policy, servConn);
+ servConn.setAsTrue(RESPONDED);
+ }
+ catch (Exception e) {
+ writeChunkedException(msg, e, false, servConn, chunkedResponseMsg);
servConn.setAsTrue(RESPONDED);
return;
}
- boolean isPrimary = ccp.isPrimary();
- ChunkedMessage chunkedResponseMsg = servConn.getRegisterInterestResponseMessage();
- if (!isPrimary) {
- chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_SECONDARY);
- chunkedResponseMsg.setTransactionId(msg.getTransactionId());
- chunkedResponseMsg.sendHeader();
- chunkedResponseMsg.setLastChunk(true);
-
- if (logger.isDebugEnabled()) {
- logger.debug("{}: Sending register interest response chunk from secondary for region: {} for key: {} chunk=<{}>", servConn.getName(), regionName, key, chunkedResponseMsg);
- }
- chunkedResponseMsg.sendChunk(servConn);
- } // !isPrimary
- else { // isPrimary
-
- // Send header which describes how many chunks will follow
- chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_PRIMARY);
- chunkedResponseMsg.setTransactionId(msg.getTransactionId());
- chunkedResponseMsg.sendHeader();
-
- // Send chunk response
- try {
- fillAndSendRegisterInterestResponseChunks(region, key, interestType,
- policy, servConn);
- servConn.setAsTrue(RESPONDED);
- }
- catch (Exception e) {
- writeChunkedException(msg, e, false, servConn, chunkedResponseMsg);
- servConn.setAsTrue(RESPONDED);
- return;
- }
- if (logger.isDebugEnabled()) {
- // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
- // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
- // region " + regionName + " key " + key);
- logger.debug("{}: Sent register interest response for region {} key {}", servConn.getName(), regionName, key);
- }
- // bserverStats.incLong(writeDestroyResponseTimeId,
- // DistributionStats.getStatTime() - start);
- // bserverStats.incInt(destroyResponsesId, 1);
- } // isPrimary
- } // input key not null
+ if (logger.isDebugEnabled()) {
+ // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
+ // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
+ // region " + regionName + " key " + key);
+ logger.debug("{}: Sent register interest response for region {} key {}", servConn.getName(), regionName, key);
+ }
+ // bserverStats.incLong(writeDestroyResponseTimeId,
+ // DistributionStats.getStatTime() - start);
+ // bserverStats.incInt(destroyResponsesId, 1);
+ } // isPrimary
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
index 5b4109c..a797a6c 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
@@ -23,6 +23,7 @@ import com.gemstone.gemfire.internal.Version;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
+import com.gemstone.gemfire.internal.cache.tier.InterestType;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
import com.gemstone.gemfire.internal.cache.tier.sockets.*;
import com.gemstone.gemfire.internal.cache.vmotion.VMotionObserver;
@@ -34,6 +35,7 @@ import com.gemstone.gemfire.cache.DynamicRegionFactory;
import com.gemstone.gemfire.cache.InterestResultPolicy;
import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
import com.gemstone.gemfire.i18n.StringId;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import java.io.IOException;
/**
@@ -179,103 +181,109 @@ public class RegisterInterest61 extends BaseCommand {
message.toLocalizedString(), servConn);
servConn.setAsTrue(RESPONDED);
}
- else { // input key not null
- LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
- if (region == null) {
- logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterest_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_REQUEST, new Object[] {servConn.getName(), regionName}));
- // writeChunkedErrorResponse(msg,
- // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
- // responded = true;
- }
- // Register interest
- try {
- AuthorizeRequest authzRequest = servConn.getAuthzRequest();
- if (authzRequest != null) {
- // TODO SW: This is a workaround for DynamicRegionFactory
- // registerInterest calls. Remove this when the semantics of
- // DynamicRegionFactory are cleaned up.
- if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
- RegisterInterestOperationContext registerContext = authzRequest
- .registerInterestAuthorize(regionName, key, interestType,
- policy);
- key = registerContext.getKey();
- }
+
+ if(interestType == InterestType.REGULAR_EXPRESSION)
+ GeodeSecurityUtil.authorizeRegionRead(regionName);
+ else
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+
+ // input key not null
+ LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
+ if (region == null) {
+ logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterest_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_REQUEST, new Object[] {servConn.getName(), regionName}));
+ // writeChunkedErrorResponse(msg,
+ // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
+ // responded = true;
+ }
+ // Register interest
+ try {
+ AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+ if (authzRequest != null) {
+ // TODO SW: This is a workaround for DynamicRegionFactory
+ // registerInterest calls. Remove this when the semantics of
+ // DynamicRegionFactory are cleaned up.
+ if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
+ RegisterInterestOperationContext registerContext = authzRequest
+ .registerInterestAuthorize(regionName, key, interestType,
+ policy);
+ key = registerContext.getKey();
}
- servConn.getAcceptor().getCacheClientNotifier()
- .registerClientInterest(regionName, key, servConn.getProxyID(),
- interestType, isDurable, sendUpdatesAsInvalidates, true,
- regionDataPolicyPartBytes[0], true);
- }
- catch (Exception e) {
- // If an interrupted exception is thrown , rethrow it
- checkForInterrupt(servConn, e);
- // Otherwise, write an exception message and continue
- writeChunkedException(msg, e, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
}
+ servConn.getAcceptor().getCacheClientNotifier()
+ .registerClientInterest(regionName, key, servConn.getProxyID(),
+ interestType, isDurable, sendUpdatesAsInvalidates, true,
+ regionDataPolicyPartBytes[0], true);
+ }
+ catch (Exception e) {
+ // If an interrupted exception is thrown , rethrow it
+ checkForInterrupt(servConn, e);
+ // Otherwise, write an exception message and continue
+ writeChunkedException(msg, e, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
- // System.out.println("Received register interest for " + regionName);
+ // System.out.println("Received register interest for " + regionName);
- // Update the statistics and write the reply
- // bserverStats.incLong(processDestroyTimeId,
- // DistributionStats.getStatTime() - start);
- // start = DistributionStats.getStatTime();
+ // Update the statistics and write the reply
+ // bserverStats.incLong(processDestroyTimeId,
+ // DistributionStats.getStatTime() - start);
+ // start = DistributionStats.getStatTime();
- CacheClientProxy ccp = servConn.getAcceptor().getCacheClientNotifier()
- .getClientProxy(servConn.getProxyID());
- if (ccp == null) {
- // fix for 37593
- IOException ioex = new IOException(
- LocalizedStrings.RegisterInterest_CACHECLIENTPROXY_FOR_THIS_CLIENT_IS_NO_LONGER_ON_THE_SERVER_SO_REGISTERINTEREST_OPERATION_IS_UNSUCCESSFUL
- .toLocalizedString());
- writeChunkedException(msg, ioex, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
+ CacheClientProxy ccp = servConn.getAcceptor().getCacheClientNotifier()
+ .getClientProxy(servConn.getProxyID());
+ if (ccp == null) {
+ // fix for 37593
+ IOException ioex = new IOException(
+ LocalizedStrings.RegisterInterest_CACHECLIENTPROXY_FOR_THIS_CLIENT_IS_NO_LONGER_ON_THE_SERVER_SO_REGISTERINTEREST_OPERATION_IS_UNSUCCESSFUL
+ .toLocalizedString());
+ writeChunkedException(msg, ioex, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+ boolean isPrimary = ccp.isPrimary();
+ ChunkedMessage chunkedResponseMsg = servConn.getRegisterInterestResponseMessage();
+ if (!isPrimary) {
+ chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_SECONDARY);
+ chunkedResponseMsg.setTransactionId(msg.getTransactionId());
+ chunkedResponseMsg.sendHeader();
+ chunkedResponseMsg.setLastChunk(true);
+
+ if (logger.isDebugEnabled()) {
+ logger.debug("{}: Sending register interest response chunk from secondary for region: {} for key: {} chunk=<{}>", servConn.getName(), regionName, key, chunkedResponseMsg);
}
- boolean isPrimary = ccp.isPrimary();
- ChunkedMessage chunkedResponseMsg = servConn.getRegisterInterestResponseMessage();
- if (!isPrimary) {
- chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_SECONDARY);
- chunkedResponseMsg.setTransactionId(msg.getTransactionId());
- chunkedResponseMsg.sendHeader();
- chunkedResponseMsg.setLastChunk(true);
+ chunkedResponseMsg.sendChunk(servConn);
+ } // !isPrimary
+ else { // isPrimary
- if (logger.isDebugEnabled()) {
- logger.debug("{}: Sending register interest response chunk from secondary for region: {} for key: {} chunk=<{}>", servConn.getName(), regionName, key, chunkedResponseMsg);
- }
- chunkedResponseMsg.sendChunk(servConn);
- } // !isPrimary
- else { // isPrimary
+ // Send header which describes how many chunks will follow
+ chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_PRIMARY);
+ chunkedResponseMsg.setTransactionId(msg.getTransactionId());
+ chunkedResponseMsg.sendHeader();
- // Send header which describes how many chunks will follow
- chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_PRIMARY);
- chunkedResponseMsg.setTransactionId(msg.getTransactionId());
- chunkedResponseMsg.sendHeader();
+ // Send chunk response
+ try {
+ fillAndSendRegisterInterestResponseChunks(region, key, interestType,
+ serializeValues, policy, servConn);
+ servConn.setAsTrue(RESPONDED);
+ }
+ catch (Exception e) {
+ writeChunkedException(msg, e, false, servConn, chunkedResponseMsg);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
- // Send chunk response
- try {
- fillAndSendRegisterInterestResponseChunks(region, key, interestType,
- serializeValues, policy, servConn);
- servConn.setAsTrue(RESPONDED);
- }
- catch (Exception e) {
- writeChunkedException(msg, e, false, servConn, chunkedResponseMsg);
- servConn.setAsTrue(RESPONDED);
- return;
- }
+ if (logger.isDebugEnabled()) {
+ // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
+ // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
+ // region " + regionName + " key " + key);
+ logger.debug("{}: Sent register interest response for region {} key {}", servConn.getName(), regionName, key);
+ }
+ // bserverStats.incLong(writeDestroyResponseTimeId,
+ // DistributionStats.getStatTime() - start);
+ // bserverStats.incInt(destroyResponsesId, 1);
+ } // isPrimary
- if (logger.isDebugEnabled()) {
- // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
- // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
- // region " + regionName + " key " + key);
- logger.debug("{}: Sent register interest response for region {} key {}", servConn.getName(), regionName, key);
- }
- // bserverStats.incLong(writeDestroyResponseTimeId,
- // DistributionStats.getStatTime() - start);
- // bserverStats.incInt(destroyResponsesId, 1);
- } // isPrimary
- } // input key not null
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java
index c43c28e..71b29fe 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java
@@ -32,6 +32,7 @@ import com.gemstone.gemfire.cache.DynamicRegionFactory;
import com.gemstone.gemfire.cache.InterestResultPolicy;
import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
import com.gemstone.gemfire.i18n.StringId;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import java.io.IOException;
import java.util.ArrayList;
@@ -161,8 +162,10 @@ public class RegisterInterestList extends BaseCommand {
s, servConn);
servConn.setAsTrue(RESPONDED);
}
- else { // key not null
+ GeodeSecurityUtil.authorizeRegionRead(regionName);
+
+ // key not null
LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
if (region == null) {
logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterestList_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_LIST_REQUEST, new Object[]{servConn.getName(), regionName}));
@@ -246,7 +249,6 @@ public class RegisterInterestList extends BaseCommand {
// bserverStats.incInt(destroyResponsesId, 1);
} // isPrimary
// } // region not null
- } // key not null
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java
index 862e58b..264f1fb 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java
@@ -33,6 +33,7 @@ import com.gemstone.gemfire.cache.DynamicRegionFactory;
import com.gemstone.gemfire.cache.InterestResultPolicy;
import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
import com.gemstone.gemfire.i18n.StringId;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import java.io.IOException;
import java.util.List;
@@ -174,8 +175,9 @@ public class RegisterInterestList66 extends BaseCommand {
s, servConn);
servConn.setAsTrue(RESPONDED);
}
- else { // key not null
+ GeodeSecurityUtil.authorizeRegionRead(regionName);
+ // key not null
LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
if (region == null) {
logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterestList_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_LIST_REQUEST, new Object[]{servConn.getName(), regionName}));
@@ -260,7 +262,6 @@ public class RegisterInterestList66 extends BaseCommand {
// bserverStats.incInt(destroyResponsesId, 1);
} // isPrimary
// } // region not null
- } // key not null
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
new file mode 100644
index 0000000..4a2db57
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static org.assertj.core.api.Assertions.*;
+import static org.junit.Assert.*;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+
+import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
+import org.junit.After;
+import org.junit.Before;
+
+public class AbstractIntegratedClientAuthDistributedTest extends JUnit4DistributedTestCase {
+
+ protected VM client1 = null;
+ protected VM client2 = null;
+ protected VM client3 = null;
+ protected int serverPort;
+
+ @Before
+ public void before() throws Exception{
+ final Host host = Host.getHost(0);
+ client1 = host.getVM(1);
+ client2 = host.getVM(2);
+ client3 = host.getVM(3);
+
+ JSONAuthorization.setUpWithJsonFile("clientServer.json");
+ serverPort = SecurityTestUtils.createCacheServer(JSONAuthorization.class.getName()+".create");
+ Region region = getCache().getRegion(SecurityTestUtils.REGION_NAME);
+ assertEquals(0, region.size());
+ for (int i = 0; i < 5; i++) {
+ String key = "key" + i;
+ String value = "value" + i;
+ region.put(key, value);
+ }
+ assertEquals(5, region.size());
+ }
+
+ @After
+ public void after(){
+ client1.invoke(() -> closeCache());
+ client2.invoke(() -> closeCache());
+ client3.invoke(() -> closeCache());
+ closeCache();
+ }
+
+ public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) {
+ assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
index 212c9c9..506a171 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
@@ -17,8 +17,6 @@
package com.gemstone.gemfire.security;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static org.assertj.core.api.Assertions.*;
import static org.junit.Assert.*;
import java.util.ArrayList;
@@ -27,55 +25,17 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
-import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.SerializableRunnable;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-@Category(DistributedTest.class)
-public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
- private VM client1 = null;
- private VM client2 = null;
- private VM client3 = null;
- private int serverPort;
-
- @Before
- public void before() throws Exception{
- final Host host = Host.getHost(0);
- client1 = host.getVM(1);
- client2 = host.getVM(2);
- client3 = host.getVM(3);
-
- JSONAuthorization.setUpWithJsonFile("clientServer.json");
- serverPort = SecurityTestUtils.createCacheServer(JSONAuthorization.class.getName()+".create");
- Region region = getCache().getRegion(SecurityTestUtils.REGION_NAME);
- assertEquals(0, region.size());
- for (int i = 0; i < 5; i++) {
- String key = "key" + i;
- String value = "value" + i;
- region.put(key, value);
- }
- assertEquals(5, region.size());
- }
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
- @After
- public void after(){
- client1.invoke(() -> closeCache());
- client2.invoke(() -> closeCache());
- client3.invoke(() -> closeCache());
- closeCache();
- }
+@Category(DistributedTest.class)
+public class IntegratedClientAuthDUnitTest extends AbstractIntegratedClientAuthDistributedTest {
@Test
public void testAuthentication(){
@@ -218,10 +178,6 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
ai2.checkException();
}
- public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) {
- assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
- }
-
@Test
public void testRegionClear() throws InterruptedException {
// Verify that an unauthorized user can't clear the region
@@ -246,5 +202,6 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
};
client2.invoke(clearAuthorized);
}
-
}
+
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
new file mode 100644
index 0000000..d533a20
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(DistributedTest.class)
+public class IntegratedClientRegisterInterestAuthDistributedTest extends AbstractIntegratedClientAuthDistributedTest {
+
+ @Test
+ public void testRegisterInterest() throws InterruptedException {
+ // client1 connects to server as a user not authorized to do any operations
+ AsyncInvocation ai1 = client1.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ assertNotAuthorized(()->region.registerInterest("key3"), "DATA:READ:AuthRegion:key3");
+ });
+
+ // client2 connects to user as a user authorized to use AuthRegion region
+ AsyncInvocation ai2 = client2.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ region.registerInterest("key3"); // DATA:READ:AuthRegion:key3;
+ });
+
+ // client3 connects to user as a user authorized to use key1 in AuthRegion region
+ AsyncInvocation ai3 = client3.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ assertNotAuthorized(()->region.registerInterest("key2"), "DATA:READ:AuthRegion:key2");
+ });
+
+ ai1.join();
+ ai2.join();
+ ai3.join();
+
+ ai1.checkException();
+ ai2.checkException();
+ ai3.checkException();
+ }
+
+ @Test
+ public void testRegisterInterestRegex() throws InterruptedException {
+ //client1 connects to server as a user not authorized to do any operations
+ AsyncInvocation ai1 = client1.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ assertNotAuthorized(()->region.registerInterestRegex("key.*"), "DATA:READ:AuthRegion");
+ });
+
+ // client2 connects to user as a user authorized to use AuthRegion region
+ AsyncInvocation ai2 = client2.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ region.registerInterestRegex("key[0-9]+"); // DATA:READ:AuthRegion:key3;
+ });
+
+ // client3 connects to user as a user authorized to use key1 in AuthRegion region
+ AsyncInvocation ai3 = client3.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ assertNotAuthorized(()->region.registerInterestRegex("key[0-9]+"), "DATA:READ:AuthRegion");
+ assertNotAuthorized(()->region.registerInterestRegex("key1"), "DATA:READ:AuthRegion");
+ });
+
+ ai1.join();
+ ai2.join();
+ ai3.join();
+
+ ai1.checkException();
+ ai2.checkException();
+ ai3.checkException();
+ }
+
+ @Test
+ public void testRegisterInterestList() throws InterruptedException {
+ List<String> keys = new ArrayList<>();
+ keys.add("key1");
+ keys.add("key2");
+
+ //client1 connects to server as a user not authorized to do any operations
+ AsyncInvocation ai1 = client1.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ assertNotAuthorized(()->region.registerInterest(keys), "DATA:READ:AuthRegion");
+ });
+
+ // client2 connects to user as a user authorized to use AuthRegion region
+ AsyncInvocation ai2 = client2.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ region.registerInterest(keys); // DATA:READ:AuthRegion;
+ });
+
+ // client3 connects to user as a user authorized to use key1 in AuthRegion region
+ AsyncInvocation ai3 = client3.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ assertNotAuthorized(()->region.registerInterest(keys), "DATA:READ:AuthRegion");
+ });
+
+ ai1.join();
+ ai2.join();
+ ai3.join();
+
+ ai1.checkException();
+ ai2.checkException();
+ ai3.checkException();
+ }
+
+}