GEODE-2920: handle non-existent role in ExampleSecurityManager
Project: http://git-wip-us.apache.org/repos/asf/geode/repo Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/c5e77792 Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/c5e77792 Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/c5e77792 Branch: refs/heads/feature/GEM-1483 Commit: c5e777923e12b5484042b62a10db13500386f9df Parents: aa4878e Author: Jinmei Liao <jil...@pivotal.io> Authored: Mon Jul 17 14:35:43 2017 -0700 Committer: Jinmei Liao <jil...@pivotal.io> Committed: Tue Jul 18 16:21:38 2017 -0700 ---------------------------------------------------------------------- .../security/ExampleSecurityManager.java | 27 +++++++------ .../security/ExampleSecurityManagerTest.java | 40 ++++++++++++++++---- .../geode/security/templates/security.json | 5 +++ 3 files changed, 52 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/geode/blob/c5e77792/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java b/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java index c1d7ebf..cd5fd30 100644 --- a/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java +++ b/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java @@ -14,18 +14,6 @@ */ package org.apache.geode.examples.security; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.commons.io.IOUtils; -import org.apache.geode.management.internal.security.ResourceConstants; -import org.apache.geode.security.AuthenticationFailedException; -import org.apache.geode.security.NotAuthorizedException; -import org.apache.geode.security.ResourcePermission; -import org.apache.geode.security.ResourcePermission.Operation; -import org.apache.geode.security.ResourcePermission.Resource; -import org.apache.geode.security.SecurityManager; -import org.apache.shiro.authz.Permission; - import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; @@ -40,6 +28,19 @@ import java.util.Set; import java.util.stream.Collectors; import java.util.stream.StreamSupport; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.commons.io.IOUtils; +import org.apache.shiro.authz.Permission; + +import org.apache.geode.management.internal.security.ResourceConstants; +import org.apache.geode.security.AuthenticationFailedException; +import org.apache.geode.security.NotAuthorizedException; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.security.ResourcePermission.Operation; +import org.apache.geode.security.ResourcePermission.Resource; +import org.apache.geode.security.SecurityManager; + /** * This class provides a sample implementation of {@link SecurityManager} for authentication and * authorization initialized from data provided as JSON. @@ -112,6 +113,8 @@ public class ExampleSecurityManager implements SecurityManager { // check if the user has this permission defined in the context for (Role role : this.userNameToUser.get(user.name).roles) { + if (role == null) + continue; for (Permission permitted : role.permissions) { if (permitted.implies(context)) { return true; http://git-wip-us.apache.org/repos/asf/geode/blob/c5e77792/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java b/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java index 9093a7b..93097c7 100644 --- a/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java @@ -16,22 +16,26 @@ package org.apache.geode.security; import static org.assertj.core.api.Assertions.assertThat; +import java.io.File; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.util.Properties; + import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; -import org.apache.geode.examples.security.ExampleSecurityManager; -import org.apache.geode.examples.security.ExampleSecurityManager.User; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; import org.junit.rules.TemporaryFolder; -import java.io.File; -import java.io.FileOutputStream; -import java.io.InputStream; -import java.util.Properties; +import org.apache.geode.examples.security.ExampleSecurityManager; +import org.apache.geode.examples.security.ExampleSecurityManager.User; +import org.apache.geode.security.ResourcePermission.Operation; +import org.apache.geode.security.ResourcePermission.Resource; +import org.apache.geode.security.ResourcePermission.Target; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; @Category({IntegrationTest.class, SecurityTest.class}) public class ExampleSecurityManagerTest { @@ -87,6 +91,26 @@ public class ExampleSecurityManagerTest { verifySecurityManagerState(); } + @Test + public void userThatDoesNotExistInJson() throws Exception { + Properties securityProperties = new Properties(); + securityProperties.setProperty(TestSecurityManager.SECURITY_JSON, this.jsonResource); + this.exampleSecurityManager.init(securityProperties); + ResourcePermission permission = + new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, Target.DISK); + assertThat(exampleSecurityManager.authorize("diskWriter", permission)).isFalse(); + } + + @Test + public void roleThatDoesNotExistInJson() throws Exception { + Properties securityProperties = new Properties(); + securityProperties.setProperty(TestSecurityManager.SECURITY_JSON, this.jsonResource); + this.exampleSecurityManager.init(securityProperties); + ResourcePermission permission = + new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, Target.DISK); + assertThat(exampleSecurityManager.authorize("phantom", permission)).isFalse(); + } + private void verifySecurityManagerState() { User adminUser = this.exampleSecurityManager.getUser("admin"); assertThat(adminUser).isNotNull(); http://git-wip-us.apache.org/repos/asf/geode/blob/c5e77792/geode-core/src/test/resources/org/apache/geode/security/templates/security.json ---------------------------------------------------------------------- diff --git a/geode-core/src/test/resources/org/apache/geode/security/templates/security.json b/geode-core/src/test/resources/org/apache/geode/security/templates/security.json index c1ee9fc..184fa04 100644 --- a/geode-core/src/test/resources/org/apache/geode/security/templates/security.json +++ b/geode-core/src/test/resources/org/apache/geode/security/templates/security.json @@ -25,6 +25,11 @@ "name": "guest", "password": "guest", "roles": ["readRegionA"] + }, + { + "name": "phantom", + "password": "guest", + "roles": ["notExist"] } ] }