You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/03/30 00:26:17 UTC
[47/50] [abbrv] incubator-geode git commit: GEODE-17: integrated
security for Pulse. Now different user will have a different cluster updator.
GEODE-17: integrated security for Pulse. Now different user will have a different cluster updator.
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/0efc8d84
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/0efc8d84
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/0efc8d84
Branch: refs/heads/feature/GEODE-17-3
Commit: 0efc8d843767f2b1feaaf1ee5f6afdb255a2664f
Parents: d7612d1
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Tue Mar 29 12:51:39 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Tue Mar 29 12:51:39 2016 -0700
----------------------------------------------------------------------
.../tools/pulse/internal/PulseAppListener.java | 2 +-
.../tools/pulse/internal/data/Cluster.java | 7 ++--
.../pulse/internal/data/JMXDataUpdater.java | 8 ++---
.../tools/pulse/internal/data/Repository.java | 35 ++++++++++++++++----
.../security/GemFireAuthenticationProvider.java | 2 +-
.../tools/pulse/tests/PulseAbstractTest.java | 10 ++----
.../tools/pulse/tests/PulseAuthTest.java | 2 +-
.../tools/pulse/tests/PulseAutomatedTest.java | 2 +-
.../tools/pulse/tests/PulseNoAuthTest.java | 2 +-
.../gemfire/tools/pulse/tests/Server.java | 3 +-
geode-pulse/src/test/resources/pulse-auth.json | 5 +--
11 files changed, 47 insertions(+), 31 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java
index 1732005..82e0cb8 100644
--- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java
+++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java
@@ -198,7 +198,7 @@ public class PulseAppListener implements ServletContextListener {
useGemFireCredentials = areWeUsingGemFireSecurityProfile(event);
}
-
+
// Set user details in repository
repository.setJmxUserName(jmxUserName);
repository.setJmxUserPassword(jmxUserPassword);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java
index 49ec7b3..905010d 100644
--- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java
+++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java
@@ -27,6 +27,7 @@ import com.vmware.gemfire.tools.pulse.internal.log.PulseLogWriter;
import com.vmware.gemfire.tools.pulse.internal.util.StringUtils;
import org.apache.commons.collections.buffer.CircularFifoBuffer;
+import javax.management.remote.JMXConnector;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
@@ -53,8 +54,6 @@ import java.util.Set;
import java.util.TimeZone;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
-
-import javax.management.remote.JMXConnector;
/**
* Class Cluster This class is the Data Model for the data used for the Pulse
* Web UI.
@@ -2901,9 +2900,9 @@ public class Cluster extends Thread {
return this.getDataBrowser().deleteQueryById(userId, queryId);
}
- public JMXConnector connectToGemFire(String user, String password) {
+ public JMXConnector connectToGemFire() {
if(this.updater instanceof JMXDataUpdater) {
- return ((JMXDataUpdater) this.updater).getJMXConnection(user, password, false);
+ return ((JMXDataUpdater) this.updater).getJMXConnection(false);
} else {
return null;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java
index 87b6e9c..d49a193 100644
--- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java
+++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java
@@ -204,18 +204,16 @@ public class JMXDataUpdater implements IClusterUpdater, NotificationListener {
* @return
*/
public JMXConnector getJMXConnection() {
- return getJMXConnection(this.userName, this.userPassword, true);
+ return getJMXConnection(true);
}
/**
* Get connection for given userName and password. This is used for DataBrowser
* queries which has to be fired using credentials provided at pulse login page
*
- * @param user jmxUser name
- * @param password password
* @return
*/
- public JMXConnector getJMXConnection(String user, String password, final boolean registerURL) {
+ public JMXConnector getJMXConnection(final boolean registerURL) {
JMXConnector connection = null;
// Reference to repository
Repository repository = Repository.get();
@@ -267,7 +265,7 @@ public class JMXDataUpdater implements IClusterUpdater, NotificationListener {
if (StringUtils.isNotNullNotEmptyNotWhiteSpace(jmxSerURL)) {
JMXServiceURL url = new JMXServiceURL(jmxSerURL);
- String[] creds = { user, password };
+ String[] creds = { this.userName, this.userPassword };
Map<String, Object> env = new HashMap<String, Object>();
env.put(JMXConnector.CREDENTIALS, creds);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java
index a11167e..0473ad3 100644
--- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java
+++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java
@@ -20,6 +20,8 @@
package com.vmware.gemfire.tools.pulse.internal.data;
import com.vmware.gemfire.tools.pulse.internal.log.PulseLogWriter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import java.net.ConnectException;
import java.util.HashMap;
@@ -149,16 +151,35 @@ public class Repository {
}
/**
- * Convenience method for now, seeing that we're maintaining a 1:1 mapping
- * between webapp and cluster
+ * we're maintaining a 1:1 mapping between webapp and cluster, there is no need for a map of clusters based on the host and port
+ * We are using this clusterMap to maintain cluster for different users now.
+ * For a single-user connection to gemfire JMX, we will use the default username/password in the pulse.properties
+ * (# JMX User Properties )
+ * pulse.jmxUserName=admin
+ * pulse.jmxUserPassword=admin
+ *
+ * But for multi-user connections to gemfireJMX, i.e pulse that uses gemfire integrated security, we will need to get the username form the context
*/
public Cluster getCluster() {
- return this.getCluster(getJmxHost(), getJmxPort());
+ String username = null;
+ String password = null;
+ if(useGemFireCredentials) {
+ Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+ if(auth!=null) {
+ username = auth.getName();
+ password = (String) auth.getCredentials();
+ }
+ }
+ else{
+ username = this.jmxUserName;
+ password = this.jmxUserPassword;
+ }
+ return this.getCluster(username, password);
}
- public Cluster getCluster(String host, String port) {
+ public Cluster getCluster(String username, String password) {
synchronized (this.clusterMap) {
- String key = this.getClusterKey(host, port);
+ String key = username;
Cluster data = this.clusterMap.get(key);
LOGGER = PulseLogWriter.getLogger();
@@ -169,9 +190,9 @@ public class Repository {
LOGGER.info(resourceBundle.getString("LOG_MSG_CREATE_NEW_THREAD")
+ " : " + key);
}
- data = new Cluster(host, port, this.getJmxUserName(), this.getJmxUserPassword());
+ data = new Cluster(this.jmxHost, this.jmxPort, username, password);
// Assign name to thread created
- data.setName(PulseConstants.APP_NAME + "-" + host + ":" + port);
+ data.setName(PulseConstants.APP_NAME + "-" + this.jmxHost + ":" + this.jmxPort + ":" + username);
// Start Thread
data.start();
this.clusterMap.put(key, data);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java
index 723f093..548c3a5 100644
--- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java
+++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java
@@ -58,7 +58,7 @@ public class GemFireAuthenticationProvider implements AuthenticationProvider {
try {
LOGGER.fine("Connecting to GemFire with user=" + name);
- JMXConnector jmxc = Repository.get().getCluster().connectToGemFire(name, password);
+ JMXConnector jmxc = Repository.get().getCluster(name, password).connectToGemFire();
if (jmxc != null) {
Collection<GrantedAuthority> list = GemFireAuthentication.populateAuthorities(jmxc);
GemFireAuthentication auth = new GemFireAuthentication(authentication.getPrincipal(),
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java
index aa151dd..9a84e87 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java
@@ -51,8 +51,6 @@ public abstract class PulseAbstractTest extends PulseBaseTest {
private static Server server = null;
private static String pulseURL = null;
public static WebDriver driver;
- private static final String userName = "admin";
- private static final String pasword = "admin";
/* Constants for executing Data Browser queries */
public static final String QUERY_TYPE_ONE = "query1";
@@ -129,9 +127,7 @@ public abstract class PulseAbstractTest extends PulseBaseTest {
private static final String MEMBER_DROPDOWN_ID = "Members";
private static final String DATA_DROPDOWN_ID = "Data";
- public static void setUpServer(String jsonAuthFile) throws Exception {
- System.setProperty("spring.profiles.active", "pulse.authentication.gemfire");
-
+ public static void setUpServer(String username, String password, String jsonAuthFile) throws Exception {
ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
jmxPropertiesFile = classLoader.getResource("test.properties").getPath();
path = getPulseWarPath();
@@ -155,8 +151,8 @@ public abstract class PulseAbstractTest extends PulseBaseTest {
driver.get(pulseURL);
WebElement userNameElement = driver.findElement(By.id("user_name"));
WebElement passwordElement = driver.findElement(By.id("user_password"));
- userNameElement.sendKeys(userName);
- passwordElement.sendKeys(pasword);
+ userNameElement.sendKeys(username);
+ passwordElement.sendKeys(password);
passwordElement.submit();
Thread.sleep(3000);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java
index e6bfc1c..65cd47f 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java
@@ -28,6 +28,6 @@ public class PulseAuthTest extends PulseAbstractTest {
@BeforeClass
public static void beforeClassSetup() throws Exception {
- setUpServer("/pulse-auth.json");
+ setUpServer("pulseUser", "12345", "/pulse-auth.json");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java
index 4e82e6f..e3029dd 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java
@@ -48,7 +48,7 @@ public class PulseAutomatedTest extends PulseAbstractTest {
@BeforeClass
public static void beforeClassSetup() throws Exception {
- setUpServer("/pulse-auth.json");
+ setUpServer("pulseUser", "12345", "/pulse-auth.json");
}
@Test
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java
index cf08fd7..6ea4655 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java
@@ -28,6 +28,6 @@ public class PulseNoAuthTest extends PulseAbstractTest {
@BeforeClass
public static void beforeClassSetup() throws Exception {
- setUpServer(null);
+ setUpServer("admin", "admin", null);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
index 86504b0..970eb34 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
@@ -43,7 +43,6 @@ import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
-import java.util.Set;
public class Server {
private static final String DEFAULT_HOST = "127.0.0.1"; //"localhost"
@@ -62,6 +61,7 @@ public class Server {
loadMBeans();
if (jsonAuthFile != null) {
+ System.setProperty("spring.profiles.active", "pulse.authentication.gemfire");
Properties props = new Properties();
props.put(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, JSONAuthorization.class.getName() + ".create");
props.put(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME, JSONAuthorization.class.getName() + ".create");
@@ -73,6 +73,7 @@ public class Server {
cs = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
cs.setMBeanServerForwarder(new MBeanServerWrapper(interceptor));
} else {
+ System.setProperty("spring.profiles.active", "pulse.authentication.default");
cs = JMXConnectorServerFactory.newJMXConnectorServer(url, null, mbs);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/resources/pulse-auth.json
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/resources/pulse-auth.json b/geode-pulse/src/test/resources/pulse-auth.json
index 248016f..ab3c342 100644
--- a/geode-pulse/src/test/resources/pulse-auth.json
+++ b/geode-pulse/src/test/resources/pulse-auth.json
@@ -11,11 +11,12 @@
],
"users": [
{
- "name": "admin",
- "password": "admin",
+ "name": "pulseUser",
+ "password": "12345",
"roles": [
"pulse"
]
}
]
+
}