http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanShiroJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanShiroJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanShiroJUnitTest.java deleted file mode 100644 index d0ea209..0000000 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanShiroJUnitTest.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.management.internal.security; - -import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; -import static org.assertj.core.api.Assertions.assertThatThrownBy; - -import org.apache.geode.management.CacheServerMXBean; -import org.apache.geode.test.dunit.rules.ConnectionConfiguration; -import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; -import org.apache.geode.test.dunit.rules.ServerStarterRule; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Before; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -@Category({IntegrationTest.class, SecurityTest.class}) -public class CacheServerMBeanShiroJUnitTest { - private CacheServerMXBean bean; - - @ClassRule - public static ServerStarterRule server = new ServerStarterRule() - .withProperty(SECURITY_SHIRO_INIT, "shiro.ini").withJMXManager().withAutoStart(); - - @Rule - public MBeanServerConnectionRule connectionRule = - new MBeanServerConnectionRule(server::getJmxPort); - - @Before - public void setUp() throws Exception { - bean = connectionRule.getProxyMBean(CacheServerMXBean.class); - } - - @Test - @ConnectionConfiguration(user = "root", password = "secret") - public void testAllAccess() throws Exception { - bean.removeIndex("foo"); - bean.executeContinuousQuery("bar"); - bean.fetchLoadProbe(); - bean.getActiveCQCount(); - bean.stopContinuousQuery("bar"); - bean.closeAllContinuousQuery("bar"); - bean.isRunning(); - bean.showClientQueueDetails("foo"); - } - - @Test - @ConnectionConfiguration(user = "guest", password = "guest") - public void testNoAccess() throws Exception { - assertThatThrownBy(() -> bean.removeIndex("foo")) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.executeContinuousQuery("bar")) - .hasMessageContaining(TestCommand.dataRead.toString()); - assertThatThrownBy(() -> bean.fetchLoadProbe()) - .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getActiveCQCount()) - .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.stopContinuousQuery("bar")) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar")) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.isRunning()) - .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.showClientQueueDetails("bar")) - .hasMessageContaining(TestCommand.clusterRead.toString()); - } - - @Test - @ConnectionConfiguration(user = "regionAReader", password = "password") - public void testRegionAccess() throws Exception { - assertThatThrownBy(() -> bean.removeIndex("foo")) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.fetchLoadProbe()) - .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getActiveCQCount()) - .hasMessageContaining(TestCommand.clusterRead.toString()); - - assertThatThrownBy(() -> bean.executeContinuousQuery("bar")) - .hasMessageContaining(TestCommand.dataRead.toString()); - } - - @Test - @ConnectionConfiguration(user = "dataReader", password = "12345") - public void testDataRead() throws Exception { - assertThatThrownBy(() -> bean.removeIndex("foo")) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.fetchLoadProbe()) - .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getActiveCQCount()) - .hasMessageContaining(TestCommand.clusterRead.toString()); - - bean.executeContinuousQuery("bar"); - } -}
http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java new file mode 100644 index 0000000..55f592e --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java @@ -0,0 +1,109 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.management.internal.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +import org.apache.geode.management.CacheServerMXBean; +import org.apache.geode.test.dunit.rules.ConnectionConfiguration; +import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category({IntegrationTest.class, SecurityTest.class}) +public class CacheServerMBeanWithShiroIniIntegrationTest { + private CacheServerMXBean bean; + + @ClassRule + public static ServerStarterRule server = new ServerStarterRule() + .withProperty(SECURITY_SHIRO_INIT, "shiro.ini").withJMXManager().withAutoStart(); + + @Rule + public MBeanServerConnectionRule connectionRule = + new MBeanServerConnectionRule(server::getJmxPort); + + @Before + public void setUp() throws Exception { + bean = connectionRule.getProxyMBean(CacheServerMXBean.class); + } + + @Test + @ConnectionConfiguration(user = "root", password = "secret") + public void testAllAccess() throws Exception { + bean.removeIndex("foo"); + bean.executeContinuousQuery("bar"); + bean.fetchLoadProbe(); + bean.getActiveCQCount(); + bean.stopContinuousQuery("bar"); + bean.closeAllContinuousQuery("bar"); + bean.isRunning(); + bean.showClientQueueDetails("foo"); + } + + @Test + @ConnectionConfiguration(user = "guest", password = "guest") + public void testNoAccess() throws Exception { + assertThatThrownBy(() -> bean.removeIndex("foo")) + .hasMessageContaining(TestCommand.dataManage.toString()); + assertThatThrownBy(() -> bean.executeContinuousQuery("bar")) + .hasMessageContaining(TestCommand.dataRead.toString()); + assertThatThrownBy(() -> bean.fetchLoadProbe()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + assertThatThrownBy(() -> bean.getActiveCQCount()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + assertThatThrownBy(() -> bean.stopContinuousQuery("bar")) + .hasMessageContaining(TestCommand.dataManage.toString()); + assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar")) + .hasMessageContaining(TestCommand.dataManage.toString()); + assertThatThrownBy(() -> bean.isRunning()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + assertThatThrownBy(() -> bean.showClientQueueDetails("bar")) + .hasMessageContaining(TestCommand.clusterRead.toString()); + } + + @Test + @ConnectionConfiguration(user = "regionAReader", password = "password") + public void testRegionAccess() throws Exception { + assertThatThrownBy(() -> bean.removeIndex("foo")) + .hasMessageContaining(TestCommand.dataManage.toString()); + assertThatThrownBy(() -> bean.fetchLoadProbe()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + assertThatThrownBy(() -> bean.getActiveCQCount()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + + assertThatThrownBy(() -> bean.executeContinuousQuery("bar")) + .hasMessageContaining(TestCommand.dataRead.toString()); + } + + @Test + @ConnectionConfiguration(user = "dataReader", password = "12345") + public void testDataRead() throws Exception { + assertThatThrownBy(() -> bean.removeIndex("foo")) + .hasMessageContaining(TestCommand.dataManage.toString()); + assertThatThrownBy(() -> bean.fetchLoadProbe()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + assertThatThrownBy(() -> bean.getActiveCQCount()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + + bean.executeContinuousQuery("bar"); + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/management/internal/security/IntegratedSecurityServiceCustomRealmJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/IntegratedSecurityServiceCustomRealmJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/IntegratedSecurityServiceCustomRealmJUnitTest.java deleted file mode 100644 index 22a7eae..0000000 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/IntegratedSecurityServiceCustomRealmJUnitTest.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.management.internal.security; - -import static org.apache.geode.distributed.ConfigurationProperties.*; - -import org.apache.geode.security.TestSecurityManager; -import org.junit.BeforeClass; -import org.junit.experimental.categories.Category; - -import org.apache.geode.internal.security.IntegratedSecurityService; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; - -/** - * Integration tests for {@link IntegratedSecurityService} using shiro-ini.json. - * - * @see IntegratedSecurityServiceWithIniFileJUnitTest - */ -@Category({IntegrationTest.class, SecurityTest.class}) -public class IntegratedSecurityServiceCustomRealmJUnitTest - extends IntegratedSecurityServiceWithIniFileJUnitTest { - - @BeforeClass - public static void beforeClass() throws Exception { - props.put(TestSecurityManager.SECURITY_JSON, - "org/apache/geode/management/internal/security/shiro-ini.json"); - props.put(SECURITY_MANAGER, TestSecurityManager.class.getName()); - IntegratedSecurityService.getSecurityService().initSecurity(props); - } - -} http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/management/internal/security/IntegratedSecurityServiceWithIniFileJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/IntegratedSecurityServiceWithIniFileJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/IntegratedSecurityServiceWithIniFileJUnitTest.java deleted file mode 100644 index 8561f18..0000000 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/IntegratedSecurityServiceWithIniFileJUnitTest.java +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.management.internal.security; - -import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; -import static org.assertj.core.api.Assertions.assertThatThrownBy; - -import org.apache.geode.internal.security.IntegratedSecurityService; -import org.apache.geode.internal.security.SecurityService; -import org.apache.geode.security.GemFireSecurityException; -import org.apache.geode.security.ResourcePermission; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import java.util.Properties; - -/** - * Integration tests for {@link IntegratedSecurityService} using shiro.ini - */ -@Category({IntegrationTest.class, SecurityTest.class}) -public class IntegratedSecurityServiceWithIniFileJUnitTest { - - protected static Properties props = new Properties(); - - private SecurityService securityService = SecurityService.getSecurityService(); - - @BeforeClass - public static void beforeClass() throws Exception { - props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); - } - - @Before - public void before() { - securityService.initSecurity(props); - } - - @Test - public void testRoot() { - this.securityService.login(loginCredentials("root", "secret")); - this.securityService.authorize(TestCommand.none); - this.securityService.authorize(TestCommand.everyOneAllowed); - this.securityService.authorize(TestCommand.dataRead); - this.securityService.authorize(TestCommand.dataWrite); - this.securityService.authorize(TestCommand.regionARead); - this.securityService.authorize(TestCommand.regionAWrite); - this.securityService.authorize(TestCommand.clusterWrite); - this.securityService.authorize(TestCommand.clusterRead); - } - - @Test - public void testGuest() { - this.securityService.login(loginCredentials("guest", "guest")); - this.securityService.authorize(TestCommand.none); - this.securityService.authorize(TestCommand.everyOneAllowed); - - assertNotAuthorized(TestCommand.dataRead); - assertNotAuthorized(TestCommand.dataWrite); - assertNotAuthorized(TestCommand.regionARead); - assertNotAuthorized(TestCommand.regionAWrite); - assertNotAuthorized(TestCommand.clusterRead); - assertNotAuthorized(TestCommand.clusterWrite); - this.securityService.logout(); - } - - @Test - public void testRegionAReader() { - this.securityService.login(loginCredentials("regionAReader", "password")); - this.securityService.authorize(TestCommand.none); - this.securityService.authorize(TestCommand.everyOneAllowed); - this.securityService.authorize(TestCommand.regionARead); - - assertNotAuthorized(TestCommand.regionAWrite); - assertNotAuthorized(TestCommand.dataRead); - assertNotAuthorized(TestCommand.dataWrite); - assertNotAuthorized(TestCommand.clusterRead); - assertNotAuthorized(TestCommand.clusterWrite); - this.securityService.logout(); - } - - @Test - public void testRegionAUser() { - this.securityService.login(loginCredentials("regionAUser", "password")); - this.securityService.authorize(TestCommand.none); - this.securityService.authorize(TestCommand.everyOneAllowed); - this.securityService.authorize(TestCommand.regionAWrite); - this.securityService.authorize(TestCommand.regionARead); - - assertNotAuthorized(TestCommand.dataRead); - assertNotAuthorized(TestCommand.dataWrite); - assertNotAuthorized(TestCommand.clusterRead); - assertNotAuthorized(TestCommand.clusterWrite); - this.securityService.logout(); - } - - @Test - public void testDataReader() { - this.securityService.login(loginCredentials("dataReader", "12345")); - this.securityService.authorize(TestCommand.none); - this.securityService.authorize(TestCommand.everyOneAllowed); - this.securityService.authorize(TestCommand.regionARead); - this.securityService.authorize(TestCommand.dataRead); - - assertNotAuthorized(TestCommand.regionAWrite); - assertNotAuthorized(TestCommand.dataWrite); - assertNotAuthorized(TestCommand.clusterRead); - assertNotAuthorized(TestCommand.clusterWrite); - this.securityService.logout(); - } - - @Test - public void testReader() { - this.securityService.login(loginCredentials("reader", "12345")); - this.securityService.authorize(TestCommand.none); - this.securityService.authorize(TestCommand.everyOneAllowed); - this.securityService.authorize(TestCommand.regionARead); - this.securityService.authorize(TestCommand.dataRead); - this.securityService.authorize(TestCommand.clusterRead); - - assertNotAuthorized(TestCommand.regionAWrite); - assertNotAuthorized(TestCommand.dataWrite); - assertNotAuthorized(TestCommand.clusterWrite); - this.securityService.logout(); - } - - private void assertNotAuthorized(ResourcePermission context) { - assertThatThrownBy(() -> this.securityService.authorize(context)) - .isInstanceOf(GemFireSecurityException.class).hasMessageContaining(context.toString()); - } - - private Properties loginCredentials(String username, String password) { - Properties credentials = new Properties(); - credentials.put(ResourceConstants.USER_NAME, username); - credentials.put(ResourceConstants.PASSWORD, password); - return credentials; - } -} http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java index 30ed267..091b1db 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java @@ -46,6 +46,7 @@ import javax.management.ReflectionException; @Category({IntegrationTest.class, SecurityTest.class}) public class MBeanSecurityJUnitTest { + @ClassRule public static ServerStarterRule server = new ServerStarterRule().withJMXManager() .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java index 6ae8d3f..77ddcc9 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java @@ -32,6 +32,7 @@ import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class MemberMBeanSecurityJUnitTest { + private MemberMXBean bean; @Rule http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithCustomRealmIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithCustomRealmIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithCustomRealmIntegrationTest.java new file mode 100644 index 0000000..01d6bb6 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithCustomRealmIntegrationTest.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.management.internal.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; + +import org.apache.geode.internal.security.SecurityServiceFactory; +import org.apache.geode.security.TestSecurityManager; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Before; +import org.junit.experimental.categories.Category; + +/** + * Integration tests for SecurityService using shiro-ini.json. + * + * @see SecurityServiceWithShiroIniIntegrationTest + */ +@Category({IntegrationTest.class, SecurityTest.class}) +public class SecurityServiceWithCustomRealmIntegrationTest + extends SecurityServiceWithShiroIniIntegrationTest { + + @Before + public void before() throws Exception { + this.props.setProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/shiro-ini.json"); + this.props.setProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()); + this.props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); + this.securityService = SecurityServiceFactory.create(this.props, null, null); + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithShiroIniIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithShiroIniIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithShiroIniIntegrationTest.java new file mode 100644 index 0000000..1caedbc --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithShiroIniIntegrationTest.java @@ -0,0 +1,148 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.management.internal.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +import org.apache.geode.internal.security.SecurityService; +import org.apache.geode.internal.security.SecurityServiceFactory; +import org.apache.geode.security.GemFireSecurityException; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import java.util.Properties; + +/** + * Integration tests for SecurityService using shiro.ini + */ +@Category({IntegrationTest.class, SecurityTest.class}) +public class SecurityServiceWithShiroIniIntegrationTest { + + protected Properties props = new Properties(); + + protected SecurityService securityService; + + @Before + public void before() throws Exception { + this.props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); + this.securityService = SecurityServiceFactory.create(this.props, null, null); + } + + @After + public void after() throws Exception { + this.securityService.logout(); + } + + @Test + public void testRoot() throws Exception { + this.securityService.login(loginCredentials("root", "secret")); + this.securityService.authorize(TestCommand.none); + this.securityService.authorize(TestCommand.everyOneAllowed); + this.securityService.authorize(TestCommand.dataRead); + this.securityService.authorize(TestCommand.dataWrite); + this.securityService.authorize(TestCommand.regionARead); + this.securityService.authorize(TestCommand.regionAWrite); + this.securityService.authorize(TestCommand.clusterWrite); + this.securityService.authorize(TestCommand.clusterRead); + } + + @Test + public void testGuest() throws Exception { + this.securityService.login(loginCredentials("guest", "guest")); + this.securityService.authorize(TestCommand.none); + this.securityService.authorize(TestCommand.everyOneAllowed); + + assertNotAuthorized(TestCommand.dataRead); + assertNotAuthorized(TestCommand.dataWrite); + assertNotAuthorized(TestCommand.regionARead); + assertNotAuthorized(TestCommand.regionAWrite); + assertNotAuthorized(TestCommand.clusterRead); + assertNotAuthorized(TestCommand.clusterWrite); + } + + @Test + public void testRegionAReader() throws Exception { + this.securityService.login(loginCredentials("regionAReader", "password")); + this.securityService.authorize(TestCommand.none); + this.securityService.authorize(TestCommand.everyOneAllowed); + this.securityService.authorize(TestCommand.regionARead); + + assertNotAuthorized(TestCommand.regionAWrite); + assertNotAuthorized(TestCommand.dataRead); + assertNotAuthorized(TestCommand.dataWrite); + assertNotAuthorized(TestCommand.clusterRead); + assertNotAuthorized(TestCommand.clusterWrite); + } + + @Test + public void testRegionAUser() throws Exception { + this.securityService.login(loginCredentials("regionAUser", "password")); + this.securityService.authorize(TestCommand.none); + this.securityService.authorize(TestCommand.everyOneAllowed); + this.securityService.authorize(TestCommand.regionAWrite); + this.securityService.authorize(TestCommand.regionARead); + + assertNotAuthorized(TestCommand.dataRead); + assertNotAuthorized(TestCommand.dataWrite); + assertNotAuthorized(TestCommand.clusterRead); + assertNotAuthorized(TestCommand.clusterWrite); + } + + @Test + public void testDataReader() throws Exception { + this.securityService.login(loginCredentials("dataReader", "12345")); + this.securityService.authorize(TestCommand.none); + this.securityService.authorize(TestCommand.everyOneAllowed); + this.securityService.authorize(TestCommand.regionARead); + this.securityService.authorize(TestCommand.dataRead); + + assertNotAuthorized(TestCommand.regionAWrite); + assertNotAuthorized(TestCommand.dataWrite); + assertNotAuthorized(TestCommand.clusterRead); + assertNotAuthorized(TestCommand.clusterWrite); + } + + @Test + public void testReader() throws Exception { + this.securityService.login(loginCredentials("reader", "12345")); + this.securityService.authorize(TestCommand.none); + this.securityService.authorize(TestCommand.everyOneAllowed); + this.securityService.authorize(TestCommand.regionARead); + this.securityService.authorize(TestCommand.dataRead); + this.securityService.authorize(TestCommand.clusterRead); + + assertNotAuthorized(TestCommand.regionAWrite); + assertNotAuthorized(TestCommand.dataWrite); + assertNotAuthorized(TestCommand.clusterWrite); + } + + private void assertNotAuthorized(ResourcePermission context) { + assertThatThrownBy(() -> this.securityService.authorize(context)) + .isInstanceOf(GemFireSecurityException.class).hasMessageContaining(context.toString()); + } + + private Properties loginCredentials(String username, String password) { + Properties credentials = new Properties(); + credentials.put(ResourceConstants.USER_NAME, username); + credentials.put(ResourceConstants.PASSWORD, password); + return credentials; + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java b/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java index 89030f5..cdb90f1 100644 --- a/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java @@ -12,16 +12,16 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.security; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; -import org.apache.geode.cache.Cache; import org.apache.geode.cache.CacheFactory; import org.apache.geode.distributed.ConfigurationProperties; +import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.templates.DummyAuthenticator; import org.apache.geode.test.junit.categories.IntegrationTest; @@ -36,53 +36,80 @@ import java.util.Properties; @Category({IntegrationTest.class, SecurityTest.class}) public class CacheFactoryWithSecurityObjectTest { - private SecurityService securityService; private SecurityManager simpleSecurityManager; private Properties properties = new Properties(); - Cache cache; + private InternalCache cache; @Before public void before() throws Exception { - securityService = SecurityService.getSecurityService(); - simpleSecurityManager = new SimpleTestSecurityManager(); - properties.setProperty("mcast-port", "0"); + this.simpleSecurityManager = new SimpleTestSecurityManager(); + this.properties.setProperty("mcast-port", "0"); } @Test public void testCreateCacheWithSecurityManager() throws Exception { - cache = new CacheFactory(properties).setSecurityManager(simpleSecurityManager) - .setPostProcessor(null).create(); + this.cache = (InternalCache) new CacheFactory(this.properties) + .setSecurityManager(this.simpleSecurityManager).setPostProcessor(null).create(); + SecurityService securityService = this.cache.getSecurityService(); assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); assertFalse(securityService.needPostProcess()); assertNotNull(securityService.getSecurityManager()); } @Test public void testCreateCacheWithPostProcessor() throws Exception { - cache = new CacheFactory(properties).setPostProcessor(new TestPostProcessor()) - .setSecurityManager(null).create(); + this.cache = (InternalCache) new CacheFactory(this.properties) + .setPostProcessor(new TestPostProcessor()).setSecurityManager(null).create(); + SecurityService securityService = this.cache.getSecurityService(); assertFalse(securityService.isIntegratedSecurity()); + assertFalse(securityService.isClientSecurityRequired()); + assertFalse(securityService.isPeerSecurityRequired()); assertFalse(securityService.needPostProcess()); + assertNull(securityService.getPostProcessor()); + } + + @Test + public void testCreateCacheWithSecurityManagerAndPostProcessor() throws Exception { + this.cache = (InternalCache) new CacheFactory(this.properties) + .setSecurityManager(this.simpleSecurityManager).setPostProcessor(new TestPostProcessor()) + .create(); + SecurityService securityService = this.cache.getSecurityService(); + assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); + assertTrue(securityService.needPostProcess()); + assertNotNull(securityService.getSecurityManager()); assertNotNull(securityService.getPostProcessor()); } + /** + * This test seems to be misleading. Nothing is overridden here. SecurityManager is preferred over + * SECURITY_CLIENT_AUTHENTICATOR. + */ @Test public void testOverride() throws Exception { - properties.setProperty(ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR, + this.properties.setProperty(ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR, DummyAuthenticator.class.getName()); - cache = new CacheFactory(properties).setSecurityManager(simpleSecurityManager) - .setPostProcessor(new TestPostProcessor()).create(); + this.cache = (InternalCache) new CacheFactory(this.properties) + .setSecurityManager(this.simpleSecurityManager).setPostProcessor(new TestPostProcessor()) + .create(); + + SecurityService securityService = this.cache.getSecurityService(); assertTrue(securityService.isIntegratedSecurity()); assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); assertTrue(securityService.needPostProcess()); assertNotNull(securityService.getSecurityManager()); + assertNotNull(securityService.getPostProcessor()); } @After public void after() { - cache.close(); + this.cache.close(); } } http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/ClusterConfigWithoutSecurityDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClusterConfigWithoutSecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClusterConfigWithoutSecurityDUnitTest.java index 805d000..e90bc0a 100644 --- a/geode-core/src/test/java/org/apache/geode/security/ClusterConfigWithoutSecurityDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/ClusterConfigWithoutSecurityDUnitTest.java @@ -12,11 +12,11 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR; +import static org.apache.geode.distributed.ConfigurationProperties.USE_CLUSTER_CONFIGURATION; import static org.assertj.core.api.Java6Assertions.assertThatThrownBy; import static org.junit.Assert.assertEquals; @@ -51,28 +51,28 @@ public class ClusterConfigWithoutSecurityDUnitTest { .addIgnoredException(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION.toString()); IgnoredException .addIgnoredException(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION_2.toString()); - lsRule.startLocatorVM(0, new Properties()); + this.lsRule.startLocatorVM(0, new Properties()); } @After - public void after() { + public void after() throws Exception { IgnoredException.removeAllExpectedExceptions(); } - // when locator is not secured, a secured server should be allowed to start with its own security - // manager - // if use-cluster-config is false + /** + * when locator is not secured, a secured server should be allowed to start with its own security + * manager if use-cluster-config is false + */ @Test public void serverShouldBeAllowedToStartWithSecurityIfNotUsingClusterConfig() throws Exception { Properties props = new Properties(); props.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); props.setProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName()); - - props.setProperty("use-cluster-configuration", "false"); + props.setProperty(USE_CLUSTER_CONFIGURATION, "false"); // initial security properties should only contain initial set of values - serverStarter.startServer(props, lsRule.getMember(0).getPort()); - DistributedSystem ds = serverStarter.getCache().getDistributedSystem(); + this.serverStarter.startServer(props, this.lsRule.getMember(0).getPort()); + DistributedSystem ds = this.serverStarter.getCache().getDistributedSystem(); // after cache is created, the configuration won't chagne Properties secProps = ds.getSecurityProperties(); @@ -82,18 +82,30 @@ public class ClusterConfigWithoutSecurityDUnitTest { assertEquals(PDXPostProcessor.class.getName(), secProps.getProperty("security-post-processor")); } - + /** + * when locator is not secured, server should not be secured if use-cluster-config is true + */ @Test - // when locator is not secured, server should not be secured if use-cluster-config is true - public void serverShouldNotBeAllowedToStartWithSecurityIfUsingClusterConfig() { + public void serverShouldNotBeAllowedToStartWithSecurityIfUsingClusterConfig() throws Exception { Properties props = new Properties(); + props.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); + props.setProperty(USE_CLUSTER_CONFIGURATION, "true"); - props.setProperty("security-manager", "mySecurityManager"); - props.setProperty("use-cluster-configuration", "true"); + assertThatThrownBy( + () -> this.serverStarter.startServer(props, this.lsRule.getMember(0).getPort())) + .isInstanceOf(GemFireConfigException.class).hasMessage( + LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION.toLocalizedString()); + } + + @Test + public void nonExistentSecurityManagerThrowsGemFireSecurityException() throws Exception { + Properties props = new Properties(); + props.setProperty(SECURITY_MANAGER, "mySecurityManager"); + props.setProperty(USE_CLUSTER_CONFIGURATION, "true"); - assertThatThrownBy(() -> serverStarter.startServer(props, lsRule.getMember(0).getPort())) - .isInstanceOf(GemFireConfigException.class) - .hasMessage(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION.toLocalizedString()); + assertThatThrownBy(() -> this.serverStarter.startServer(props, this.lsRule.getMember(0) + .getPort())).isInstanceOf(GemFireSecurityException.class).hasMessage( + "Instance could not be obtained, java.lang.ClassNotFoundException: mySecurityManager"); } } http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleIntegrationTest.java deleted file mode 100644 index 4f0ea0d..0000000 --- a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleIntegrationTest.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.security; - -import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS; -import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT; -import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; -import static org.assertj.core.api.Assertions.assertThat; - -import java.util.Properties; - -import org.apache.geode.cache.Cache; -import org.apache.geode.cache.CacheFactory; -import org.apache.geode.internal.security.IntegratedSecurityService; -import org.apache.geode.internal.security.SecurityService; -import org.apache.geode.test.junit.categories.FlakyTest; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -@Category({IntegrationTest.class, SecurityTest.class}) -public class IntegratedSecurityCacheLifecycleIntegrationTest { - - private Properties securityProps; - private Cache cache; - private SecurityService securityService; - - @Before - public void before() { - securityService = IntegratedSecurityService.getSecurityService(); - - securityProps = new Properties(); - securityProps.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()); - - Properties props = new Properties(); - props.putAll(securityProps); - props.setProperty(MCAST_PORT, "0"); - props.setProperty(LOCATORS, ""); - - cache = new CacheFactory(props).create(); - } - - @After - public void after() { - if (cache != null && !cache.isClosed()) { - cache.close(); - } - } - - @Category(FlakyTest.class) // GEODE-1661 - @Test - public void initAndCloseTest() { - SpySecurityManager ssm = (SpySecurityManager) securityService.getSecurityManager(); - assertThat(ssm.initInvoked).isEqualTo(1); - cache.close(); - assertThat(ssm.closeInvoked).isEqualTo(1); - } - -} http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/OtherPDXPostProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/OtherPDXPostProcessor.java b/geode-core/src/test/java/org/apache/geode/security/OtherPDXPostProcessor.java new file mode 100644 index 0000000..336bc98 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/OtherPDXPostProcessor.java @@ -0,0 +1,18 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +public class OtherPDXPostProcessor extends PDXPostProcessor { +} http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/OtherSimplySecurityManager.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/OtherSimplySecurityManager.java b/geode-core/src/test/java/org/apache/geode/security/OtherSimplySecurityManager.java new file mode 100644 index 0000000..159e3f4 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/OtherSimplySecurityManager.java @@ -0,0 +1,18 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +public class OtherSimplySecurityManager extends SimpleTestSecurityManager { +} http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java b/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java index c28f7aa..37d4ad0 100644 --- a/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java @@ -12,11 +12,11 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR; +import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; @@ -24,7 +24,7 @@ import org.apache.geode.cache.Cache; import org.apache.geode.cache.CacheFactory; import org.apache.geode.cache.Region; import org.apache.geode.cache.RegionShortcut; -import org.apache.geode.internal.security.SecurityService; +import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.management.ManagementService; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.cli.result.CommandResult; @@ -46,7 +46,8 @@ import java.util.concurrent.TimeUnit; @Category({DistributedTest.class, SecurityTest.class}) public class PDXGfshPostProcessorOnRemoteServerTest { - protected static final String REGION_NAME = "AuthRegion"; + + private static final String REGION_NAME = "AuthRegion"; @Rule public LocatorServerStartupRule lsRule = new LocatorServerStartupRule(); @@ -64,15 +65,22 @@ public class PDXGfshPostProcessorOnRemoteServerTest { MemberVM<Locator> locatorVM = lsRule.startLocatorVM(0, locatorProps); - Properties serverProps = new Properties(); + Properties serverProps = new Properties(locatorProps); serverProps.setProperty(TestSecurityManager.SECURITY_JSON, "org/apache/geode/management/internal/security/clientServer.json"); + serverProps.setProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()); + serverProps.setProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName()); serverProps.setProperty("security-username", "super-user"); serverProps.setProperty("security-password", "1234567"); + MemberVM<Server> serverVM = lsRule.startServerVM(1, serverProps, locatorVM.getPort()); serverVM.invoke(() -> { - Cache cache = LocatorServerStartupRule.serverStarter.getCache(); + InternalCache cache = LocatorServerStartupRule.serverStarter.getCache(); + assertThat(cache.getSecurityService()).isNotNull(); + assertThat(cache.getSecurityService().getSecurityManager()).isNotNull(); + assertThat(cache.getSecurityService().getPostProcessor()).isNotNull(); + Region region = cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME); for (int i = 0; i < 5; i++) { SimpleClass obj = new SimpleClass(i, (byte) i); @@ -82,7 +90,7 @@ public class PDXGfshPostProcessorOnRemoteServerTest { // wait until the region bean is visible locatorVM.invoke(() -> { - Awaitility.await().pollInterval(500, TimeUnit.MICROSECONDS).atMost(5, TimeUnit.SECONDS) + Awaitility.await().pollInterval(500, TimeUnit.MICROSECONDS).atMost(2, TimeUnit.MINUTES) .until(() -> { Cache cache = CacheFactory.getAnyInstance(); Object bean = ManagementService.getManagementService(cache) @@ -101,8 +109,8 @@ public class PDXGfshPostProcessorOnRemoteServerTest { gfsh.executeAndVerifyCommand("query --query=\"select * from /AuthRegion\""); serverVM.invoke(() -> { - PDXPostProcessor pp = - (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor(); + PDXPostProcessor pp = (PDXPostProcessor) LocatorServerStartupRule.serverStarter.getCache() + .getSecurityService().getPostProcessor(); // verify that the post processor is called 6 times. (5 for the query, 1 for the get) assertEquals(pp.getCount(), 6); }); http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessor.java b/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessor.java index 2b84246..8b99dd9 100644 --- a/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessor.java +++ b/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessor.java @@ -14,7 +14,7 @@ */ package org.apache.geode.security; -import static org.junit.Assert.assertTrue; +import static org.assertj.core.api.Assertions.*; import org.apache.geode.pdx.SimpleClass; import org.apache.geode.pdx.internal.PdxInstanceImpl; @@ -23,31 +23,37 @@ import java.util.Arrays; import java.util.Properties; public class PDXPostProcessor implements PostProcessor { - public static byte[] BYTES = {1, 0}; + + private static final byte[] BYTES = {1, 0}; + + static byte[] bytes() { + return BYTES; + } private boolean pdx = false; private int count = 0; - public void init(Properties props) { - pdx = Boolean.parseBoolean(props.getProperty("security-pdx")); - count = 0; + @Override + public void init(Properties securityProps) { + this.pdx = Boolean.parseBoolean(securityProps.getProperty("security-pdx")); + this.count = 0; } @Override public Object processRegionValue(final Object principal, final String regionName, final Object key, final Object value) { - count++; + this.count++; if (value instanceof byte[]) { - assertTrue(Arrays.equals(BYTES, (byte[]) value)); - } else if (pdx) { - assertTrue(value instanceof PdxInstanceImpl); + assertThat(Arrays.equals(BYTES, (byte[]) value)).isTrue(); + } else if (this.pdx) { + assertThat(value).isInstanceOf(PdxInstanceImpl.class); } else { - assertTrue(value instanceof SimpleClass); + assertThat(value).isInstanceOf(SimpleClass.class); } return value; } public int getCount() { - return count; + return this.count; } } http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java index 134e33f..c4a2547 100644 --- a/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java @@ -12,16 +12,13 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR; import static org.apache.geode.security.SecurityTestUtil.createClientCache; import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import static org.assertj.core.api.Assertions.*; import org.apache.geode.cache.EntryEvent; import org.apache.geode.cache.Region; @@ -32,7 +29,6 @@ import org.apache.geode.cache.client.ClientRegionShortcut; import org.apache.geode.cache.query.SelectResults; import org.apache.geode.cache.util.CacheListenerAdapter; import org.apache.geode.internal.cache.EntryEventImpl; -import org.apache.geode.internal.security.SecurityService; import org.apache.geode.management.internal.cli.result.CommandResult; import org.apache.geode.pdx.SimpleClass; import org.apache.geode.test.dunit.Host; @@ -45,6 +41,7 @@ import org.apache.geode.test.junit.categories.DistributedTest; import org.apache.geode.test.junit.categories.SecurityTest; import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory; import org.awaitility.Awaitility; +import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; @@ -60,14 +57,14 @@ import java.util.concurrent.TimeUnit; @RunWith(Parameterized.class) @Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class) public class PDXPostProcessorDUnitTest extends JUnit4DistributedTestCase { - private static String REGION_NAME = "AuthRegion"; - final Host host = Host.getHost(0); - final VM client1 = host.getVM(1); - final VM client2 = host.getVM(2); + private static final byte[] BYTES = PDXPostProcessor.bytes(); + private static final String REGION_NAME = "AuthRegion"; + + private VM client1; + private VM client2; - private boolean pdxPersistent = false; - private static byte[] BYTES = PDXPostProcessor.BYTES; + private boolean pdxPersistent; @Parameterized.Parameters public static Collection<Object[]> parameters() { @@ -79,19 +76,26 @@ public class PDXPostProcessorDUnitTest extends JUnit4DistributedTestCase { this.pdxPersistent = pdxPersistent; } + @Before + public void before() throws Exception { + Host host = Host.getHost(0); + this.client1 = host.getVM(1); + this.client2 = host.getVM(2); + } + @Rule public ServerStarterRule server = ServerStarterRule.createWithoutTemporaryWorkingDir() .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) .withProperty(TestSecurityManager.SECURITY_JSON, "org/apache/geode/management/internal/security/clientServer.json") .withProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName()) - .withProperty("security-pdx", pdxPersistent + "").withJMXManager() + .withProperty("security-pdx", this.pdxPersistent + "").withJMXManager() .withRegion(RegionShortcut.REPLICATE, REGION_NAME); @Test public void testRegionGet() { - client2.invoke(() -> { - ClientCache cache = createClientCache("super-user", "1234567", server.getPort()); + this.client2.invoke(() -> { + ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort()); Region region = createProxyRegion(cache, REGION_NAME); // put in a value that's a domain object region.put("key1", new SimpleClass(1, (byte) 1)); @@ -99,37 +103,37 @@ public class PDXPostProcessorDUnitTest extends JUnit4DistributedTestCase { region.put("key2", BYTES); }); - client1.invoke(() -> { - ClientCache cache = createClientCache("super-user", "1234567", server.getPort()); + this.client1.invoke(() -> { + ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort()); Region region = createProxyRegion(cache, REGION_NAME); // post process for get the client domain object Object value = region.get("key1"); - assertTrue(value instanceof SimpleClass); + assertThat(value).isInstanceOf(SimpleClass.class); // post process for get the raw byte value value = region.get("key2"); - assertTrue(Arrays.equals(BYTES, (byte[]) value)); + assertThat(Arrays.equals(BYTES, (byte[]) value)).isTrue(); }); // this makes sure PostProcessor is getting called PDXPostProcessor pp = - (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor(); - assertEquals(pp.getCount(), 2); + (PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor(); + assertThat(pp.getCount()).isEqualTo(2); } @Test public void testQuery() { - client2.invoke(() -> { - ClientCache cache = createClientCache("super-user", "1234567", server.getPort()); + this.client2.invoke(() -> { + ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort()); Region region = createProxyRegion(cache, REGION_NAME); // put in a value that's a domain object region.put("key1", new SimpleClass(1, (byte) 1)); region.put("key2", BYTES); }); - client1.invoke(() -> { - ClientCache cache = createClientCache("super-user", "1234567", server.getPort()); + this.client1.invoke(() -> { + ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort()); Region region = createProxyRegion(cache, REGION_NAME); // post process for query @@ -140,24 +144,25 @@ public class PDXPostProcessorDUnitTest extends JUnit4DistributedTestCase { while (itr.hasNext()) { Object obj = itr.next(); if (obj instanceof byte[]) { - assertTrue(Arrays.equals(BYTES, (byte[]) obj)); + assertThat(Arrays.equals(BYTES, (byte[]) obj)).isTrue(); } else { - assertTrue(obj instanceof SimpleClass); + assertThat(obj).isInstanceOf(SimpleClass.class); } } }); // this makes sure PostProcessor is getting called PDXPostProcessor pp = - (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor(); - assertEquals(pp.getCount(), 2); + (PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor(); + assertThat(pp.getCount()).isEqualTo(2); } @Test public void testRegisterInterest() { IgnoredException.addIgnoredException("NoAvailableServersException"); - client1.invoke(() -> { - ClientCache cache = createClientCache("super-user", "1234567", server.getPort()); + + this.client1.invoke(() -> { + ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort()); ClientRegionFactory factory = cache.createClientRegionFactory(ClientRegionShortcut.PROXY); factory.addCacheListener(new CacheListenerAdapter() { @@ -166,9 +171,9 @@ public class PDXPostProcessorDUnitTest extends JUnit4DistributedTestCase { Object key = event.getKey(); Object value = ((EntryEventImpl) event).getDeserializedValue(); if (key.equals("key1")) { - assertTrue(value instanceof SimpleClass); + assertThat(value).isInstanceOf(SimpleClass.class); } else if (key.equals("key2")) { - assertTrue(Arrays.equals(BYTES, (byte[]) value)); + assertThat(Arrays.equals(BYTES, (byte[]) value)).isTrue(); } } }); @@ -179,26 +184,25 @@ public class PDXPostProcessorDUnitTest extends JUnit4DistributedTestCase { region.registerInterest("key2"); }); - client2.invoke(() -> { - ClientCache cache = createClientCache("dataUser", "1234567", server.getPort()); + this.client2.invoke(() -> { + ClientCache cache = createClientCache("dataUser", "1234567", this.server.getPort()); Region region = createProxyRegion(cache, REGION_NAME); // put in a value that's a domain object region.put("key1", new SimpleClass(1, (byte) 1)); region.put("key2", BYTES); }); - // wait for events to fire - Awaitility.await().atMost(1, TimeUnit.SECONDS); PDXPostProcessor pp = - (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor(); - assertEquals(pp.getCount(), 2); + (PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor(); + Awaitility.await().atMost(2, TimeUnit.MINUTES) + .until(() -> assertThat(pp.getCount()).isEqualTo(2)); } @Test public void testGfshCommand() { // have client2 input some domain data into the region - client2.invoke(() -> { - ClientCache cache = createClientCache("super-user", "1234567", server.getPort()); + this.client2.invoke(() -> { + ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort()); Region region = createProxyRegion(cache, REGION_NAME); // put in a value that's a domain object region.put("key1", new SimpleClass(1, (byte) 1)); @@ -206,28 +210,29 @@ public class PDXPostProcessorDUnitTest extends JUnit4DistributedTestCase { region.put("key2", BYTES); }); - client1.invoke(() -> { + this.client1.invoke(() -> { GfshShellConnectionRule gfsh = new GfshShellConnectionRule(); - gfsh.secureConnectAndVerify(server.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger, - "dataUser", "1234567"); + gfsh.secureConnectAndVerify(this.server.getJmxPort(), + GfshShellConnectionRule.PortType.jmxManger, "dataUser", "1234567"); // get command CommandResult result = gfsh.executeAndVerifyCommand("get --key=key1 --region=AuthRegion"); - if (pdxPersistent) + if (this.pdxPersistent) { assertThat(gfsh.getGfshOutput().contains("org.apache.geode.pdx.internal.PdxInstanceImpl")); - else + } else { assertThat(gfsh.getGfshOutput()).contains("SimpleClass"); + } result = gfsh.executeAndVerifyCommand("get --key=key2 --region=AuthRegion"); - assertTrue(result.getContent().toString().contains("byte[]")); + assertThat(result.getContent().toString()).contains("byte[]"); gfsh.executeAndVerifyCommand("query --query=\"select * from /AuthRegion\""); gfsh.close(); }); PDXPostProcessor pp = - (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor(); - assertEquals(pp.getCount(), 4); + (PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor(); + assertThat(pp).isNotNull(); // TODO: what else to check here? } } http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/SecurityClusterConfigDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/SecurityClusterConfigDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/SecurityClusterConfigDUnitTest.java index 1fe4175..46767ff 100644 --- a/geode-core/src/test/java/org/apache/geode/security/SecurityClusterConfigDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/SecurityClusterConfigDUnitTest.java @@ -12,7 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.security; import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER; @@ -20,14 +19,14 @@ import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_P import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_START; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR; -import static org.assertj.core.api.Java6Assertions.assertThatThrownBy; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import static org.apache.geode.distributed.ConfigurationProperties.USE_CLUSTER_CONFIGURATION; +import static org.apache.geode.test.dunit.IgnoredException.addIgnoredException; +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; import org.apache.geode.GemFireConfigException; import org.apache.geode.distributed.DistributedSystem; import org.apache.geode.internal.i18n.LocalizedStrings; -import org.apache.geode.test.dunit.IgnoredException; import org.apache.geode.test.dunit.rules.LocatorServerStartupRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.DistributedTest; @@ -50,36 +49,38 @@ public class SecurityClusterConfigDUnitTest { @Before public void before() throws Exception { - IgnoredException - .addIgnoredException(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION.toString()); - IgnoredException - .addIgnoredException(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION_2.toString()); + addIgnoredException(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION.toString()); + addIgnoredException(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION_2.toString()); + Properties props = new Properties(); - props.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); props.setProperty(JMX_MANAGER, "false"); props.setProperty(JMX_MANAGER_START, "false"); props.setProperty(JMX_MANAGER_PORT, 0 + ""); + props.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); props.setProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName()); - lsRule.startLocatorVM(0, props); + + this.lsRule.startLocatorVM(0, props); } @Test public void testStartServerWithClusterConfig() throws Exception { Properties props = new Properties(); + // the following are needed for peer-to-peer authentication props.setProperty("security-username", "cluster"); props.setProperty("security-password", "cluster"); - props.setProperty("use-cluster-configuration", "true"); + props.setProperty(USE_CLUSTER_CONFIGURATION, "true"); // initial security properties should only contain initial set of values - serverStarter.startServer(props, lsRule.getMember(0).getPort()); - DistributedSystem ds = serverStarter.getCache().getDistributedSystem(); + this.serverStarter.startServer(props, this.lsRule.getMember(0).getPort()); + DistributedSystem ds = this.serverStarter.getCache().getDistributedSystem(); // after cache is created, we got the security props passed in by cluster config Properties secProps = ds.getSecurityProperties(); - assertEquals(4, secProps.size()); - assertTrue(secProps.containsKey("security-manager")); - assertTrue(secProps.containsKey("security-post-processor")); + assertThat(secProps).containsKey("security-username"); + assertThat(secProps).containsKey("security-password"); + assertThat(secProps).containsKey(SECURITY_MANAGER); + assertThat(secProps).containsKey(SECURITY_POST_PROCESSOR); } @Test @@ -89,67 +90,71 @@ public class SecurityClusterConfigDUnitTest { // the following are needed for peer-to-peer authentication props.setProperty("security-username", "cluster"); props.setProperty("security-password", "cluster"); - props.setProperty("use-cluster-configuration", "true"); props.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); + props.setProperty(USE_CLUSTER_CONFIGURATION, "true"); // initial security properties should only contain initial set of values - serverStarter.startServer(props, lsRule.getMember(0).getPort()); - DistributedSystem ds = serverStarter.getCache().getDistributedSystem(); + this.serverStarter.startServer(props, this.lsRule.getMember(0).getPort()); + DistributedSystem ds = this.serverStarter.getCache().getDistributedSystem(); // after cache is created, we got the security props passed in by cluster config Properties secProps = ds.getSecurityProperties(); - assertTrue(secProps.containsKey("security-manager")); - assertTrue(secProps.containsKey("security-post-processor")); + assertThat(secProps).containsKey("security-username"); + assertThat(secProps).containsKey("security-password"); + assertThat(secProps).containsKey(SECURITY_MANAGER); + assertThat(secProps).containsKey(SECURITY_POST_PROCESSOR); } @Test - public void serverWithDifferentSecurityManagerShouldThrowException() { + public void serverWithDifferentSecurityManagerShouldThrowGemFireConfigException() + throws Exception { Properties props = new Properties(); // the following are needed for peer-to-peer authentication props.setProperty("security-username", "cluster"); props.setProperty("security-password", "cluster"); - props.setProperty("security-manager", "mySecurityManager"); - props.setProperty("use-cluster-configuration", "true"); + props.setProperty(SECURITY_MANAGER, OtherSimplySecurityManager.class.getName()); + props.setProperty(USE_CLUSTER_CONFIGURATION, "true"); // initial security properties should only contain initial set of values - assertThatThrownBy(() -> serverStarter.startServer(props, lsRule.getMember(0).getPort())) - .isInstanceOf(GemFireConfigException.class) - .hasMessage(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION.toLocalizedString()); - + assertThatThrownBy( + () -> this.serverStarter.startServer(props, this.lsRule.getMember(0).getPort())) + .isInstanceOf(GemFireConfigException.class).hasMessage( + LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION.toLocalizedString()); } @Test - public void serverWithDifferentPostProcessorShouldThrowException() { + public void serverWithDifferentPostProcessorShouldThrowGemFireConfigException() throws Exception { Properties props = new Properties(); // the following are needed for peer-to-peer authentication props.setProperty("security-username", "cluster"); props.setProperty("security-password", "cluster"); - props.setProperty(SECURITY_POST_PROCESSOR, "this-is-not-ok"); - props.setProperty("use-cluster-configuration", "true"); + props.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); + props.setProperty(SECURITY_POST_PROCESSOR, OtherPDXPostProcessor.class.getName()); + props.setProperty(USE_CLUSTER_CONFIGURATION, "true"); // initial security properties should only contain initial set of values - assertThatThrownBy(() -> serverStarter.startServer(props, lsRule.getMember(0).getPort())) - .isInstanceOf(GemFireConfigException.class) - .hasMessage(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION.toLocalizedString()); - + assertThatThrownBy( + () -> this.serverStarter.startServer(props, this.lsRule.getMember(0).getPort())) + .isInstanceOf(GemFireConfigException.class).hasMessage( + LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION.toLocalizedString()); } @Test - public void serverConnectingToSecuredLocatorMustUseClusterConfig() { + public void serverConnectingToSecuredLocatorMustUseClusterConfig() throws Exception { Properties props = new Properties(); // the following are needed for peer-to-peer authentication props.setProperty("security-username", "cluster"); props.setProperty("security-password", "cluster"); - props.setProperty("security-manager", "mySecurityManager"); - props.setProperty("use-cluster-configuration", "false"); - - assertThatThrownBy(() -> serverStarter.startServer(props, lsRule.getMember(0).getPort())) - .isInstanceOf(GemFireConfigException.class) - .hasMessage(LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION_2.toLocalizedString()); + props.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); + props.setProperty(USE_CLUSTER_CONFIGURATION, "false"); + assertThatThrownBy( + () -> this.serverStarter.startServer(props, this.lsRule.getMember(0).getPort())) + .isInstanceOf(GemFireConfigException.class).hasMessage( + LocalizedStrings.GEMFIRE_CACHE_SECURITY_MISCONFIGURATION_2.toLocalizedString()); } } http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/SecurityManagerCallbacksDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/SecurityManagerCallbacksDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/SecurityManagerCallbacksDistributedTest.java deleted file mode 100644 index 09c30f5..0000000 --- a/geode-core/src/test/java/org/apache/geode/security/SecurityManagerCallbacksDistributedTest.java +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.security; - -import static org.apache.geode.distributed.ConfigurationProperties.*; -import static org.apache.geode.internal.AvailablePortHelper.getRandomAvailableTCPPorts; -import static org.apache.geode.internal.security.IntegratedSecurityService.getSecurityService; -import static org.apache.geode.management.ManagementService.getExistingManagementService; -import static org.apache.geode.test.dunit.DistributedTestUtils.deleteLocatorStateFile; -import static org.apache.geode.test.dunit.Host.getHost; -import static org.apache.geode.test.dunit.NetworkUtils.getServerHostName; -import static org.assertj.core.api.Assertions.*; - -import java.io.IOException; -import java.util.Properties; - -import org.apache.geode.cache.server.CacheServer; -import org.apache.geode.cache30.CacheTestCase; -import org.apache.geode.management.ManagementService; -import org.apache.geode.test.dunit.Host; -import org.apache.geode.test.dunit.VM; -import org.apache.geode.test.junit.categories.DistributedTest; -import org.apache.geode.test.junit.categories.SecurityTest; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -@Category({DistributedTest.class, SecurityTest.class}) -public class SecurityManagerCallbacksDistributedTest extends CacheTestCase { - - private String locators; - private VM locatorVM; - - @Before - public void before() throws Exception { - Host host = getHost(0); - this.locatorVM = host.getVM(0); - - int[] ports = getRandomAvailableTCPPorts(2); - int locatorPort = ports[0]; - int managerPort = ports[1]; - - this.locators = getServerHostName(host) + "[" + locatorPort + "]"; - - this.locatorVM.invoke(() -> { - deleteLocatorStateFile(locatorPort); - - Properties properties = new Properties(); - properties.setProperty(LOCATORS, locators); - properties.setProperty(MCAST_PORT, "0"); - properties.setProperty(START_LOCATOR, locators); - properties.setProperty(JMX_MANAGER, "true"); - properties.setProperty(JMX_MANAGER_PORT, String.valueOf(managerPort)); - properties.setProperty(JMX_MANAGER_START, "true"); - properties.setProperty(USE_CLUSTER_CONFIGURATION, "false"); - properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()); - properties.setProperty("security-username", "secure"); - properties.setProperty("security-password", "secure"); - - getSystem(properties); - getCache(); - }); - } - - @After - public void after() throws Exception { - closeAllCache(); - } - - @Test - public void callbacksShouldBeInvoked() throws Exception { - connectServer(); - - verifyCallbacksRegardlessOfManager(false); - - this.locatorVM.invoke(() -> { - verifyCallbacksRegardlessOfManager(true); - }); - } - - private void connectServer() throws IOException { - Properties properties = new Properties(); - properties.setProperty(LOCATORS, locators); - properties.setProperty(MCAST_PORT, "0"); - properties.setProperty(USE_CLUSTER_CONFIGURATION, "false"); - properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()); - properties.setProperty("security-username", "secure"); - properties.setProperty("security-password", "secure"); - - getSystem(properties); - - CacheServer server1 = getCache().addCacheServer(); - server1.setPort(0); - server1.start(); - - getCache(); - } - - private void verifyCallbacksRegardlessOfManager(final boolean isManager) { - ManagementService ms = getExistingManagementService(getCache()); - assertThat(ms).isNotNull(); - assertThat(ms.isManager()).isEqualTo(isManager); - - verifyInitAndCloseInvoked(); - } - - private void verifyInitAndCloseInvoked() { - SpySecurityManager ssm = (SpySecurityManager) getSecurityService().getSecurityManager(); - - assertThat(ssm.initInvoked).isEqualTo(1); - assertThat(ssm.closeInvoked).isEqualTo(0); - - getCache().close(); - - assertThat(ssm.initInvoked).isEqualTo(1); - assertThat(ssm.closeInvoked).isEqualTo(1); - } -} http://git-wip-us.apache.org/repos/asf/geode/blob/5eca6f03/geode-core/src/test/java/org/apache/geode/security/SecurityManagerLifecycleDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/SecurityManagerLifecycleDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/SecurityManagerLifecycleDistributedTest.java new file mode 100644 index 0000000..a9048b9 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/SecurityManagerLifecycleDistributedTest.java @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER; +import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_PORT; +import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_START; +import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS; +import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.distributed.ConfigurationProperties.START_LOCATOR; +import static org.apache.geode.distributed.ConfigurationProperties.USE_CLUSTER_CONFIGURATION; +import static org.apache.geode.internal.AvailablePortHelper.getRandomAvailableTCPPorts; +import static org.apache.geode.management.ManagementService.getExistingManagementService; +import static org.apache.geode.test.dunit.DistributedTestUtils.deleteLocatorStateFile; +import static org.apache.geode.test.dunit.Host.getHost; +import static org.apache.geode.test.dunit.NetworkUtils.getServerHostName; +import static org.assertj.core.api.Assertions.assertThat; + +import org.apache.geode.cache.server.CacheServer; +import org.apache.geode.cache30.CacheTestCase; +import org.apache.geode.internal.security.EnabledSecurityService; +import org.apache.geode.internal.security.SecurityService; +import org.apache.geode.management.ManagementService; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import java.io.IOException; +import java.util.Properties; + +@Category({DistributedTest.class, SecurityTest.class}) +public class SecurityManagerLifecycleDistributedTest extends CacheTestCase { + + private String locators; + private VM locatorVM; + + @Before + public void before() throws Exception { + Host host = getHost(0); + this.locatorVM = host.getVM(0); + + int[] ports = getRandomAvailableTCPPorts(2); + int locatorPort = ports[0]; + int managerPort = ports[1]; + + this.locators = getServerHostName(host) + "[" + locatorPort + "]"; + + this.locatorVM.invoke(() -> { + deleteLocatorStateFile(locatorPort); + + Properties properties = new Properties(); + properties.setProperty(LOCATORS, locators); + properties.setProperty(MCAST_PORT, "0"); + properties.setProperty(START_LOCATOR, locators); + properties.setProperty(JMX_MANAGER, "true"); + properties.setProperty(JMX_MANAGER_PORT, String.valueOf(managerPort)); + properties.setProperty(JMX_MANAGER_START, "true"); + properties.setProperty(USE_CLUSTER_CONFIGURATION, "false"); + properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()); + properties.setProperty("security-username", "secure"); + properties.setProperty("security-password", "secure"); + + getSystem(properties); + getCache(); + }); + } + + @After + public void after() throws Exception { + closeAllCache(); + } + + @Test + public void callbacksShouldBeInvoked() throws Exception { + connectServer(); + + verifyCallbacksRegardlessOfManager(false); + + this.locatorVM.invoke(() -> { + verifyCallbacksRegardlessOfManager(true); + }); + } + + private void connectServer() throws IOException { + Properties properties = new Properties(); + properties.setProperty(LOCATORS, locators); + properties.setProperty(MCAST_PORT, "0"); + properties.setProperty(USE_CLUSTER_CONFIGURATION, "false"); + properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()); + properties.setProperty("security-username", "secure"); + properties.setProperty("security-password", "secure"); + + getSystem(properties); + + CacheServer server1 = getCache().addCacheServer(); + server1.setPort(0); + server1.start(); + + getCache(); + } + + private void verifyCallbacksRegardlessOfManager(final boolean isManager) { + ManagementService ms = getExistingManagementService(getCache()); + assertThat(ms).isNotNull(); + assertThat(ms.isManager()).isEqualTo(isManager); + + verifyInitAndCloseInvoked(); + } + + private void verifyInitAndCloseInvoked() { + SecurityService securityService = getCache().getSecurityService(); + assertThat(securityService).isNotNull().isInstanceOf(EnabledSecurityService.class); + + SpySecurityManager ssm = + (SpySecurityManager) getCache().getSecurityService().getSecurityManager(); + + assertThat(ssm.getInitInvocationCount()).isEqualTo(1); + assertThat(ssm.getCloseInvocationCount()).isEqualTo(0); + + getCache().close(); + + assertThat(ssm.getInitInvocationCount()).isEqualTo(1); + assertThat(ssm.getCloseInvocationCount()).isEqualTo(1); + } +}
