You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/07/13 17:32:02 UTC
incubator-geode git commit: GEODE-1571: use constructor instead of
static method to create security-manager and post-processor
Repository: incubator-geode
Updated Branches:
refs/heads/develop c7667075a -> 29b487028
GEODE-1571: use constructor instead of static method to create security-manager and post-processor
* use security-post-processor to specify the new PostProcessor
* use constructor instead of static method to create security-manager and post-processor
* fix tests
* This closes #198
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/29b48702
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/29b48702
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/29b48702
Branch: refs/heads/develop
Commit: 29b4870286ee28aac8db1e05a9012eb617354fd7
Parents: c766707
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Tue Jul 12 11:59:17 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Wed Jul 13 10:26:30 2016 -0700
----------------------------------------------------------------------
.../distributed/ConfigurationProperties.java | 8 ++++
.../internal/AbstractDistributionConfig.java | 3 +-
.../internal/DistributionConfig.java | 34 ++++++++++++--
.../internal/DistributionConfigImpl.java | 45 +++++++++++++-----
.../internal/security/GeodeSecurityUtil.java | 48 ++++++++------------
.../security/shiro/CustomAuthRealm.java | 2 +-
.../security/templates/SamplePostProcessor.java | 4 --
.../templates/SampleSecurityManager.java | 35 +++++---------
.../internal/DistributionConfigJUnitTest.java | 13 +++---
.../security/GeodeSecurityUtilTest.java | 48 ++++++++++++++++++++
.../GeodeSecurityUtilCustomRealmJUnitTest.java | 2 +-
.../internal/security/JSONAuthorization.java | 25 +++++++---
.../JsonAuthorizationCacheStartRule.java | 5 +-
.../internal/security/MultiUserDUnitTest.java | 2 +-
...ractIntegratedClientAuthDistributedTest.java | 4 +-
...edSecurityCacheLifecycleDistributedTest.java | 43 ++++--------------
...edSecurityCacheLifecycleIntegrationTest.java | 30 ++++--------
.../security/NoShowValue1PostProcessor.java | 9 ----
.../gemfire/tools/pulse/tests/Server.java | 2 +-
19 files changed, 200 insertions(+), 162 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
index 49a421a..59700fb 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
@@ -1182,6 +1182,14 @@ public interface ConfigurationProperties {
* @since Geode 1.0
*/
String SECURITY_MANAGER = SECURITY_PREFIX + "manager";
+
+ /**
+ * The static String definition of the <i>"security-post-processor"</i>
+ * property
+ * @since Geode 1.0
+ */
+ String SECURITY_POST_PROCESSOR = SECURITY_PREFIX + "post-processor";
+
/**
* The static String definition of the <i>"security-client-authenticator"</i>
* property
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
index 8731fdc..531e462 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
@@ -1131,7 +1131,8 @@ public abstract class AbstractDistributionConfig
m.put(DISTRIBUTED_TRANSACTIONS, "Flag to indicate whether all transactions including JTA should be distributed transactions. Default is false, meaning colocated transactions.");
m.put(SECURITY_SHIRO_INIT, "The name of the shiro configuration file in the classpath, e.g. shiro.ini");
- m.put(SECURITY_MANAGER, "User defined fully qualified method name implementing SecurityManager interface for integrated security. Defaults to \"{0}\". Legal values can be any \"method name\" of a static method that is present in the classpath.");
+ m.put(SECURITY_MANAGER, "User defined fully qualified class name implementing SecurityManager interface for integrated security. Defaults to \"{0}\". Legal values can be any \"class name\" implementing SecurityManager that is present in the classpath.");
+ m.put(SECURITY_POST_PROCESSOR, "User defined fully qualified class name implementing PostProcessor interface for integrated security. Defaults to \"{0}\". Legal values can be any \"class name\" implementing PostProcessor that is present in the classpath.");
dcAttDescriptions = Collections.unmodifiableMap(m);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
index 71651d7..816742e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
@@ -2095,30 +2095,54 @@ public interface DistributionConfig extends Config, LogConfig {
String DEFAULT_SECURITY_CLIENT_AUTHENTICATOR = "";
/**
- * Returns user module name authenticating client credentials in {@link ConfigurationProperties#SECURITY_MANAGER}
+ * Returns user defined class name authenticating client credentials in {@link ConfigurationProperties#SECURITY_MANAGER}
*/
@ConfigAttributeGetter(name = SECURITY_MANAGER)
String getSecurityManager();
/**
- * Sets the user defined method name in {@link ConfigurationProperties#SECURITY_MANAGER}
+ * Sets the user defined class name in {@link ConfigurationProperties#SECURITY_MANAGER}
* property.
*/
@ConfigAttributeSetter(name = SECURITY_MANAGER)
void setSecurityManager(String attValue);
/**
- * The name of factory method for {@link ConfigurationProperties#SECURITY_MANAGER} property
+ * The name of class for {@link ConfigurationProperties#SECURITY_MANAGER} property
*/
@ConfigAttribute(type = String.class)
String SECURITY_MANAGER_NAME = SECURITY_MANAGER;
/**
- * The default {@link ConfigurationProperties#SECURITY_MANAGER} method name.
- * <p> Actual value of this is fully qualified <code>"method name"</code>.
+ * The default {@link ConfigurationProperties#SECURITY_MANAGER} class name.
+ * <p> Actual value of this is fully qualified <code>"class name"</code>.
*/
String DEFAULT_SECURITY_MANAGER = "";
+ /**
+ * Returns user defined post processor name in {@link ConfigurationProperties#SECURITY_POST_PROCESSOR}
+ */
+ @ConfigAttributeGetter(name = SECURITY_POST_PROCESSOR)
+ String getPostProcessor();
+
+ /**
+ * Sets the user defined class name in {@link ConfigurationProperties#SECURITY_POST_PROCESSOR}
+ * property.
+ */
+ @ConfigAttributeSetter(name = SECURITY_POST_PROCESSOR)
+ void setPostProcessor(String attValue);
+
+ /**
+ * The name of class for {@link ConfigurationProperties#SECURITY_POST_PROCESSOR} property
+ */
+ @ConfigAttribute(type = String.class)
+ String SECURITY_POST_PROCESSOR_NAME = SECURITY_POST_PROCESSOR;
+
+ /**
+ * The default {@link ConfigurationProperties#SECURITY_POST_PROCESSOR} class name.
+ * <p> Actual value of this is fully qualified <code>"class name"</code>.
+ */
+ String DEFAULT_SECURITY_POST_PROCESSOR = "";
/**
* Returns name of algorithm to use for Diffie-Hellman key exchange {@link ConfigurationProperties#SECURITY_CLIENT_DHALGO}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 2b4cc5c..6ac100c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -19,16 +19,6 @@ package com.gemstone.gemfire.distributed.internal;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import com.gemstone.gemfire.GemFireConfigException;
-import com.gemstone.gemfire.GemFireIOException;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.internal.ConfigSource;
-import com.gemstone.gemfire.internal.SocketCreator;
-import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
-import com.gemstone.gemfire.internal.process.ProcessLauncherContext;
-import com.gemstone.gemfire.memcached.GemFireMemcachedServer;
-import org.apache.geode.redis.GeodeRedisServer;
-
import java.io.File;
import java.io.IOException;
import java.io.Serializable;
@@ -44,6 +34,17 @@ import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import org.apache.geode.redis.GeodeRedisServer;
+
+import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.GemFireIOException;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.internal.ConfigSource;
+import com.gemstone.gemfire.internal.SocketCreator;
+import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
+import com.gemstone.gemfire.internal.process.ProcessLauncherContext;
+import com.gemstone.gemfire.memcached.GemFireMemcachedServer;
+
/**
* Provides an implementation of <code>DistributionConfig</code> that
* knows how to read the configuration file.
@@ -214,9 +215,12 @@ public class DistributionConfigImpl
/** The client authenticating method name*/
private String securityClientAuthenticator = DEFAULT_SECURITY_CLIENT_AUTHENTICATOR;
- /** The security manager method name*/
+ /** The security manager class name*/
private String securityManager = DEFAULT_SECURITY_MANAGER;
+ /** The post processor class name*/
+ private String postProcessor = DEFAULT_SECURITY_POST_PROCESSOR;
+
/** The client Diffie-Hellman method name*/
private String securityClientDHAlgo = DEFAULT_SECURITY_CLIENT_DHALGO;
@@ -583,6 +587,7 @@ public class DistributionConfigImpl
this.distributedTransactions = other.getDistributedTransactions();
this.shiroInit = other.getShiroInit();
this.securityManager = other.getSecurityManager();
+ this.postProcessor = other.getPostProcessor();
}
/**
@@ -1923,6 +1928,10 @@ public class DistributionConfigImpl
return securityManager;
}
+ public String getPostProcessor() {
+ return postProcessor;
+ }
+
public boolean getEnableNetworkPartitionDetection() {
return this.enableNetworkPartitionDetection;
}
@@ -1945,6 +1954,10 @@ public class DistributionConfigImpl
securityManager = (String)checkAttribute(SECURITY_MANAGER, value);
}
+ public void setPostProcessor(String value) {
+ postProcessor = (String) checkAttribute(SECURITY_POST_PROCESSOR, value);
+ }
+
public String getSecurityClientDHAlgo() {
return securityClientDHAlgo;
}
@@ -2675,6 +2688,12 @@ public class DistributionConfigImpl
} else if (!securityManager
.equals(other.securityManager))
return false;
+ if (postProcessor == null) {
+ if (other.postProcessor != null)
+ return false;
+ } else if (!postProcessor
+ .equals(other.postProcessor))
+ return false;
if (shiroInit == null) {
if (other.shiroInit != null)
return false;
@@ -3029,6 +3048,10 @@ public class DistributionConfigImpl
: securityManager.hashCode());
result = prime
* result
+ + ((postProcessor == null) ? 0
+ : postProcessor.hashCode());
+ result = prime
+ * result
+ ((shiroInit == null) ? 0
: shiroInit.hashCode());
result = prime
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index c56eb03..59bcb12 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -19,7 +19,6 @@ package com.gemstone.gemfire.internal.security;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Principal;
import java.util.Properties;
@@ -47,7 +46,6 @@ import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.AuthenticationRequiredException;
import com.gemstone.gemfire.security.GemFireSecurityException;
import org.apache.geode.security.GeodePermission;
import org.apache.geode.security.GeodePermission.Operation;
@@ -315,7 +313,7 @@ public class GeodeSecurityUtil {
// only set up shiro realm if user has implemented SecurityManager
else if (!StringUtils.isBlank(securityConfig)) {
- securityManager = getObject(securityConfig, SecurityManager.class);
+ securityManager = getObjectOfType(securityConfig, SecurityManager.class);
securityManager.init(securityProps);
Realm realm = new CustomAuthRealm(securityManager);
org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm);
@@ -326,16 +324,14 @@ public class GeodeSecurityUtil {
}
// this initializes the post processor
- String customPostProcessor = securityProps.getProperty(SECURITY_CLIENT_ACCESSOR_PP);
- Object postProcessObject = getObject(customPostProcessor);
- if(postProcessObject instanceof PostProcessor){
- postProcessor = (PostProcessor) postProcessObject;
+ String customPostProcessor = securityProps.getProperty(SECURITY_POST_PROCESSOR);
+ if( !StringUtils.isBlank(customPostProcessor)) {
+ postProcessor = getObjectOfType(customPostProcessor, PostProcessor.class);
postProcessor.init(securityProps);
}
else{
postProcessor = null;
}
-
}
public static void close() {
@@ -375,39 +371,31 @@ public class GeodeSecurityUtil {
}
- public static <T> T getObject(String factoryName, Class<T> clazz) {
- Object object = null;
-
- if (StringUtils.isBlank(factoryName)) {
- return null;
- }
+ public static <T> T getObjectOfType(String className, Class<T> expectedClazz) {
+ Class actualClass = null;
try {
- Method instanceGetter = ClassLoadUtil.methodFromName(factoryName);
- object = instanceGetter.invoke(null, (Object[]) null);
+ actualClass = ClassLoadUtil.classFromName(className);
}
catch (Exception ex) {
- throw new AuthenticationRequiredException(ex.toString(), ex);
+ throw new GemFireSecurityException(ex.toString(), ex);
}
- if(!clazz.isAssignableFrom(object.getClass())){
- throw new GemFireSecurityException("Expecting a "+clazz.getName()+" interface.");
+ if(!expectedClazz.isAssignableFrom(actualClass)){
+ throw new GemFireSecurityException("Expecting a "+expectedClazz.getName()+" class.");
}
- return (T)object;
- }
- public static Object getObject(String factoryName) {
- if (StringUtils.isBlank(factoryName)) {
- return null;
- }
+ T actualObject = null;
try {
- Method instanceGetter = ClassLoadUtil.methodFromName(factoryName);
- return instanceGetter.invoke(null, (Object[]) null);
- }
- catch (Exception ex) {
- throw new AuthenticationRequiredException(ex.toString(), ex);
+ actualObject = (T)actualClass.newInstance();
+ } catch (Exception e) {
+ throw new GemFireSecurityException("Error instantiating "+actualClass.getName(), e);
}
+ return actualObject;
}
+ public static SecurityManager getSecurityManager(){
+ return securityManager;
+ }
public static boolean isSecurityRequired(Properties securityProps){
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
index 362d3df..3d6275b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
@@ -45,7 +45,7 @@ public class CustomAuthRealm extends AuthorizingRealm{
}
public CustomAuthRealm (String authenticatorFactory) {
- this.securityManager = GeodeSecurityUtil.getObject(authenticatorFactory, SecurityManager.class);
+ this.securityManager = GeodeSecurityUtil.getObjectOfType(authenticatorFactory, SecurityManager.class);
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
index 1245c1d..7e078da 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
@@ -25,10 +25,6 @@ import org.apache.geode.security.PostProcessor;
public class SamplePostProcessor implements PostProcessor{
public static String MASK = "****";
- public static SamplePostProcessor create(){
- return new SamplePostProcessor();
- }
-
@Override
public void init(final Properties securityProps) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
index 55a2079..1c71516 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
@@ -16,8 +16,6 @@
*/
package org.apache.geode.security.templates;
-import java.io.File;
-import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
@@ -93,6 +91,15 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
*/
public class SampleSecurityManager implements SecurityManager {
+ public SampleSecurityManager() {
+ try {
+ setUpWithJsonFile("security.json");
+ }
+ catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
public static class Role {
List<GeodePermission> permissions = new ArrayList<>();
String name;
@@ -107,18 +114,11 @@ public class SampleSecurityManager implements SecurityManager {
private static Map<String, User> acl = null;
- public static SampleSecurityManager create() throws IOException {
- if (acl == null) {
- setUpWithJsonFile("security.json");
- }
- return new SampleSecurityManager();
- }
public static void setUpWithJsonFile(String jsonFileName) throws IOException {
InputStream input = ClassLoader.getSystemResourceAsStream(jsonFileName);
- if (input == null) {
- throw new RuntimeException("Could not find the required JSON security file on the classpath: " + jsonFileName);
- }
+ if (input == null)
+ return;
StringWriter writer = new StringWriter();
IOUtils.copy(input, writer, "UTF-8");
@@ -201,9 +201,6 @@ public class SampleSecurityManager implements SecurityManager {
return acl;
}
- private Principal principal = null;
-
-
@Override
public boolean authorize(Principal principal, GeodePermission context) {
if (principal == null) return false;
@@ -243,14 +240,4 @@ public class SampleSecurityManager implements SecurityManager {
return new JMXPrincipal(user);
}
-
- protected static String readFile(String name) throws IOException {
- File file = new File(name);
- FileReader reader = new FileReader(file);
- char[] buffer = new char[(int) file.length()];
- reader.read(buffer);
- String json = new String(buffer);
- reader.close();
- return json;
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
index aab46fb..4f7cbaf 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
@@ -38,6 +38,7 @@ import com.gemstone.gemfire.InternalGemFireException;
import com.gemstone.gemfire.UnmodifiableException;
import com.gemstone.gemfire.internal.ConfigSource;
import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.security.templates.SamplePostProcessor;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -77,7 +78,7 @@ public class DistributionConfigJUnitTest {
@Test
public void testGetAttributeNames() {
String[] attNames = AbstractDistributionConfig._getAttNames();
- assertEquals(attNames.length, 142);
+ assertEquals(attNames.length, 143);
List boolList = new ArrayList();
List intList = new ArrayList();
@@ -111,7 +112,7 @@ public class DistributionConfigJUnitTest {
assertEquals(boolList.size(), 30);
assertEquals(intList.size(), 33);
- assertEquals(stringList.size(), 71);
+ assertEquals(stringList.size(), 72);
assertEquals(fileList.size(), 5);
assertEquals(otherList.size(), 3);
}
@@ -329,8 +330,8 @@ public class DistributionConfigJUnitTest {
@Test
public void testSecurityProps(){
Properties props = new Properties();
- props.put(SECURITY_CLIENT_AUTHENTICATOR, JSONAuthorization.class.getName() + ".create");
- props.put(SECURITY_CLIENT_ACCESSOR, JSONAuthorization.class.getName() + ".create");
+ props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
+ props.put(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName());
props.put(SECURITY_LOG_LEVEL, "config");
// add another non-security property to verify it won't get put in the security properties
props.put(ACK_WAIT_THRESHOLD, 2);
@@ -342,8 +343,8 @@ public class DistributionConfigJUnitTest {
@Test
public void testSecurityPropsWithNoSetter(){
Properties props = new Properties();
- props.put(SECURITY_CLIENT_AUTHENTICATOR, JSONAuthorization.class.getName() + ".create");
- props.put(SECURITY_CLIENT_ACCESSOR, JSONAuthorization.class.getName() + ".create");
+ props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
+ props.put(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName());
props.put(SECURITY_LOG_LEVEL, "config");
// add another non-security property to verify it won't get put in the security properties
props.put(ACK_WAIT_THRESHOLD, 2);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
new file mode 100644
index 0000000..d1dd466
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.internal.security;
+
+
+import static org.assertj.core.api.Java6Assertions.*;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+@Category({ UnitTest.class, SecurityTest.class })
+public class GeodeSecurityUtilTest {
+
+ @Test
+ public void testGetObject(){
+ String string = GeodeSecurityUtil.getObjectOfType(String.class.getName(), String.class);
+
+ CharSequence charSequence = GeodeSecurityUtil.getObjectOfType(String.class.getName(), CharSequence.class);
+
+ assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType("com.abc.testString", String.class)).isInstanceOf(GemFireSecurityException.class);
+
+ assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType(String.class.getName(), Boolean.class)).isInstanceOf(GemFireSecurityException.class);
+
+ assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType("", String.class)).isInstanceOf(GemFireSecurityException.class);
+
+ assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType(null, String.class)).isInstanceOf(GemFireSecurityException.class);
+
+ assertThatThrownBy(() -> GeodeSecurityUtil.getObjectOfType(" ", String.class)).isInstanceOf(GemFireSecurityException.class);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
index 8b174a4..5627c9e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
@@ -34,7 +34,7 @@ import com.gemstone.gemfire.test.junit.categories.UnitTest;
public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWithIniFileJUnitTest {
@BeforeClass
public static void beforeClass() throws Exception{
- props.put(SECURITY_MANAGER, JSONAuthorization.class.getName() + ".create");
+ props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
JSONAuthorization.setUpWithJsonFile("shiro-ini.json");
GeodeSecurityUtil.initSecurity(props);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
index 7e6f226..b97cf85 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
@@ -16,20 +16,33 @@
*/
package com.gemstone.gemfire.management.internal.security;
+import java.io.File;
+import java.io.FileReader;
import java.io.IOException;
import org.apache.geode.security.templates.SampleSecurityManager;
import com.gemstone.gemfire.util.test.TestUtil;
+/**
+ * Used by test code. when using this class for security-manager, you will need explicitly call setUpWithJsonFile
+ * to initialize the acl (access control list).
+ */
public class JSONAuthorization extends SampleSecurityManager {
- public static JSONAuthorization create() throws IOException {
- return new JSONAuthorization();
- }
-
+ /**
+ * Override the child class's implemention to look for jsonFile in the same package as this class instead of
+ * in the classpath
+ * @param jsonFileName
+ * @throws IOException
+ */
public static void setUpWithJsonFile(String jsonFileName) throws IOException {
- String json = readFile(TestUtil.getResourcePath(JSONAuthorization.class, jsonFileName));
+ String filePath = TestUtil.getResourcePath(JSONAuthorization.class, jsonFileName);
+ File file = new File(filePath);
+ FileReader reader = new FileReader(file);
+ char[] buffer = new char[(int) file.length()];
+ reader.read(buffer);
+ String json = new String(buffer);
+ reader.close();
readSecurityDescriptor(json);
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
index 78ba970..d64e2ee 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
@@ -59,11 +59,10 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
properties.put(JMX_MANAGER_START, "true");
properties.put(JMX_MANAGER_PORT, String.valueOf(jmxManagerPort));
properties.put(HTTP_SERVICE_PORT, String.valueOf(httpPort));
- properties.put(SECURITY_MANAGER,
- JSONAuthorization.class.getName() + ".create");
+ properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
if(postProcessor!=null){
- properties.put(SECURITY_CLIENT_ACCESSOR_PP, postProcessor.getName()+".create");
+ properties.put(SECURITY_POST_PROCESSOR, postProcessor.getName());
}
JSONAuthorization.setUpWithJsonFile(jsonFile);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
index e645373..1c55a3c 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
@@ -51,7 +51,7 @@ public class MultiUserDUnitTest extends CliCommandTestBase {
public void testMultiUser() throws IOException, JSONException, InterruptedException {
Properties properties = new Properties();
properties.put(NAME, MultiUserDUnitTest.class.getSimpleName());
- properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName() + ".create");
+ properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
// set up vm_0 the secure jmx manager
Object[] results = setUpJMXManagerOnVM(0, properties, "cacheServer.json");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
index 45ecfe0..10c316a 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
@@ -59,9 +59,9 @@ public class AbstractIntegratedClientAuthDistributedTest extends JUnit4CacheTest
JSONAuthorization.setUpWithJsonFile("clientServer.json");
Properties props = new Properties();
- props.setProperty(SECURITY_MANAGER, JSONAuthorization.class.getName()+".create");
+ props.setProperty(SECURITY_MANAGER, JSONAuthorization.class.getName());
if(postProcessor!=null){
- props.setProperty(SECURITY_CLIENT_ACCESSOR_PP, postProcessor.getName()+".create");
+ props.setProperty(SECURITY_POST_PROCESSOR, postProcessor.getName());
}
props.setProperty(MCAST_PORT, "0");
props.setProperty(LOCATORS, "");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
index 6634f17..9f06482 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
@@ -28,7 +28,9 @@ import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.cache.server.CacheServer;
import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.security.IntegratedSecurityCacheLifecycleIntegrationTest.SpySecurityManager;
import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.NetworkUtils;
@@ -39,9 +41,6 @@ import com.gemstone.gemfire.test.junit.categories.SecurityTest;
@Category({DistributedTest.class, SecurityTest.class})
public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4CacheTestCase {
-
- private static SpySecurityManager spySecurityManager;
-
private VM locator;
@Override
@@ -52,16 +51,13 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
String locators = NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]";
- spySecurityManager = new SpySecurityManager();
-
locator.invoke(() -> {
- spySecurityManager = new SpySecurityManager();
DistributedTestUtils.deleteLocatorStateFile(locatorPort);
final Properties properties = new Properties();
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(START_LOCATOR, locators);
- properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()+".create");
+ properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
getSystem(properties);
getCache();
@@ -69,7 +65,7 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
final Properties properties = new Properties();
properties.setProperty(MCAST_PORT, "0");
- properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()+".create");
+ properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
properties.setProperty(LOCATORS, locators);
properties.setProperty(JMX_MANAGER, "false");
properties.setProperty(JMX_MANAGER_PORT, "0");
@@ -99,33 +95,10 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache
}
private void verifyInitCloseInvoked() {
- assertThat(spySecurityManager.initInvoked).isEqualTo(1);
+ SpySecurityManager ssm = (SpySecurityManager) GeodeSecurityUtil
+ .getSecurityManager();
+ assertThat(ssm.initInvoked).isEqualTo(1);
getCache().close();
- assertThat(spySecurityManager.closeInvoked).isEqualTo(1);
- }
-
- public static class SpySecurityManager extends JSONAuthorization {
-
- private static int initInvoked = 0;
- private static int closeInvoked = 0;
-
- public static SpySecurityManager create() {
- return spySecurityManager;
- }
-
- @Override
- public void init(final Properties securityProps) {
- initInvoked++;
- }
-
- @Override
- public Principal authenticate(final Properties props) throws AuthenticationFailedException {
- return null;
- }
-
- @Override
- public void close() {
- closeInvoked++;
- }
+ assertThat(ssm.closeInvoked).isEqualTo(1);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
index 6be88d3..712329d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
@@ -25,6 +25,7 @@ import java.util.Properties;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
@@ -37,18 +38,13 @@ import org.junit.experimental.categories.Category;
@Category({IntegrationTest.class, SecurityTest.class})
public class IntegratedSecurityCacheLifecycleIntegrationTest {
-
- private static SpySecurityManager spySecurityManager;
-
private Properties securityProps;
private Cache cache;
@Before
public void before() {
securityProps = new Properties();
- securityProps.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()+".create");
-
- spySecurityManager = new SpySecurityManager();
+ securityProps.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
Properties props = new Properties();
props.putAll(securityProps);
@@ -56,6 +52,7 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest {
props.setProperty(LOCATORS, "");
cache = new CacheFactory(props).create();
+
}
@After
@@ -67,26 +64,20 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest {
@Test
public void initAndCloseTest () {
- assertThat(spySecurityManager.initInvoked).isEqualTo(1);
- assertThat(spySecurityManager.securityPropsInvoked).isEqualTo(securityProps);
+ SpySecurityManager ssm = (SpySecurityManager)GeodeSecurityUtil.getSecurityManager();
+ assertThat(ssm.initInvoked).isEqualTo(1);
cache.close();
- assertThat(spySecurityManager.closeInvoked).isEqualTo(1);
+ assertThat(ssm.closeInvoked).isEqualTo(1);
}
public static class SpySecurityManager implements SecurityManager {
- private int initInvoked = 0;
- private int closeInvoked = 0;
- private Properties securityPropsInvoked;
-
- public static SecurityManager create() {
- return spySecurityManager;
- }
+ public int initInvoked = 0;
+ public int closeInvoked = 0;
@Override
public void init(final Properties securityProps) {
initInvoked++;
- this.securityPropsInvoked = securityProps;
}
@Override
@@ -95,11 +86,6 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest {
}
@Override
- public boolean authorize(final Principal principal, final GeodePermission permission) {
- return false;
- }
-
- @Override
public void close() {
closeInvoked++;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
index 7feece7..b6fd2f7 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
@@ -18,20 +18,11 @@
package com.gemstone.gemfire.security;
import java.security.Principal;
-import java.util.Properties;
import org.apache.geode.security.PostProcessor;
public class NoShowValue1PostProcessor implements PostProcessor {
- public static NoShowValue1PostProcessor create(){
- return new NoShowValue1PostProcessor();
- }
-
- @Override
- public void init(final Properties securityProps) {
- }
-
@Override
public Object processRegionValue(final Principal principal,
final String regionName,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/29b48702/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
index 9356eb9..7385e7f 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
@@ -72,7 +72,7 @@ public class Server {
Map<String, Object> env = new HashMap<String, Object>();
// set up Shiro Security Manager
- Realm realm = new CustomAuthRealm(JSONAuthorization.class.getName() + ".create");
+ Realm realm = new CustomAuthRealm(JSONAuthorization.class.getName());
SecurityManager securityManager = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(securityManager);