This is an automated email from the ASF dual-hosted git repository. udo pushed a commit to branch feature/GEODE-3705 in repository https://gitbox.apache.org/repos/asf/geode.git
commit 7b1efca19efd096b3d0610f74185b6d8aa49a1d2 Author: kohlmu-pivotal <[email protected]> AuthorDate: Thu Oct 19 15:46:21 2017 -0700 Initial commit to to clean up Authentication + Authorzation issues --- .../internal/cache/tier/sockets/AcceptorImpl.java | 119 +++++++++---------- .../cache/tier/sockets/ClientProtocolService.java | 2 + .../sockets/GenericProtocolServerConnection.java | 8 +- .../tier/sockets/ClientProtocolMessageHandler.java | 4 +- .../tier/sockets/MessageExecutionContext.java | 15 ++- .../internal/protocol/ProtobufCachePipeline.java | 19 ++- .../internal/protocol/ProtobufLocatorPipeline.java | 6 +- .../internal/protocol/ProtobufProtocolService.java | 61 +++------- .../ClientProtocolHandshaker.java} | 22 ++-- .../internal/protocol/protobuf/Handshaker.java | 60 ++++++++++ .../protocol/protobuf/ProtobufOpsProcessor.java | 6 +- .../protocol/protobuf/ProtobufStreamProcessor.java | 6 +- .../protocol/protobuf/ProtocolErrorCode.java | 1 + .../HandshakerRequestOperationHandler.java | 59 ++++++++++ .../security/InvalidConfigAuthenticator.java | 12 +- .../security/ProtobufShiroAuthenticator.java | 17 ++- .../protobuf/security/ProtobufShiroAuthorizer.java | 6 +- .../statistics/ProtobufClientStatisticsImpl.java | 15 ++- .../protobuf/utilities/ProtobufUtilities.java | 6 - .../registry/OperationContextRegistry.java | 2 +- .../AuthenticationLookupService.java} | 31 ++--- .../{protobuf => }/security/Authenticator.java | 7 +- .../AuthorizationLookupService.java} | 34 +++--- .../{protobuf => }/security/Authorizer.java | 4 +- .../{protobuf => }/security/NoOpAuthenticator.java | 6 +- .../{protobuf => }/security/NoOpAuthorizer.java | 4 +- .../{protobuf => }/statistics/NoOpStatistics.java | 4 +- .../ProtocolClientStatistics.java} | 8 +- .../Authorizer.java => proto/handshake_API.proto} | 23 +++- .../protocol/ProtobufProtocolServiceJUnitTest.java | 6 +- .../acceptance/CacheConnectionJUnitTest.java | 6 +- .../acceptance/CacheOperationsJUnitTest.java | 5 +- .../acceptance/LocatorConnectionDUnitTest.java | 5 +- .../internal/protocol/protobuf/HandshakerTest.java | 128 +++++++++++++++++++++ .../ProtobufShiroAuthenticatorJUnitTest.java | 13 +-- .../protobuf/ProtobufStreamProcessorTest.java | 4 +- .../protobuf/ProtobufTestExecutionContext.java | 9 +- .../protocol/protobuf/ProtobufTestUtilities.java | 60 ++++++++++ ...tAvailableServersOperationHandlerJUnitTest.java | 2 +- 39 files changed, 548 insertions(+), 257 deletions(-) diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java index 59ef466..2dea63e 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java @@ -336,72 +336,24 @@ public class AcceptorImpl implements Acceptor, Runnable, CommBufferPool { this.isGatewayReceiver = isGatewayReceiver; this.gatewayTransportFilters = transportFilter; this.serverConnectionFactory = serverConnectionFactory; - { - int tmp_maxConnections = maxConnections; - if (tmp_maxConnections < MINIMUM_MAX_CONNECTIONS) { - tmp_maxConnections = MINIMUM_MAX_CONNECTIONS; - } - this.maxConnections = tmp_maxConnections; - } - { - int tmp_maxThreads = maxThreads; - if (maxThreads == CacheServer.DEFAULT_MAX_THREADS) { - // consult system properties for 5.0.2 backwards compatibility - if (DEPRECATED_SELECTOR) { - tmp_maxThreads = DEPRECATED_SELECTOR_POOL_SIZE; - } - } - if (tmp_maxThreads < 0) { - tmp_maxThreads = 0; - } else if (tmp_maxThreads > this.maxConnections) { - tmp_maxThreads = this.maxConnections; - } - boolean isWindows = false; - String os = System.getProperty("os.name"); - if (os != null) { - if (os.indexOf("Windows") != -1) { - isWindows = true; - } - } - if (tmp_maxThreads > 0 && isWindows) { - // bug #40472 and JDK bug 6230761 - NIO can't be used with IPv6 on Windows - if (getBindAddress() instanceof Inet6Address) { - logger.warn(LocalizedMessage - .create(LocalizedStrings.AcceptorImpl_IGNORING_MAX_THREADS_DUE_TO_JROCKIT_NIO_BUG)); - tmp_maxThreads = 0; - } - // bug #40198 - Selector.wakeup() hangs if VM starts to exit - if (isJRockit) { - logger.warn(LocalizedMessage - .create(LocalizedStrings.AcceptorImpl_IGNORING_MAX_THREADS_DUE_TO_WINDOWS_IPV6_BUG)); - tmp_maxThreads = 0; - } - } - this.maxThreads = tmp_maxThreads; - } - { - Selector tmp_s = null; - // Selector tmp2_s = null; - LinkedBlockingQueue tmp_q = null; - LinkedBlockingQueue tmp_commQ = null; - HashSet tmp_hs = null; - SystemTimer tmp_timer = null; - if (isSelector()) { - tmp_s = Selector.open(); // no longer catch ex to fix bug 36907 - // tmp2_s = Selector.open(); // workaround for bug 39624 - tmp_q = new LinkedBlockingQueue(); - tmp_commQ = new LinkedBlockingQueue(); - tmp_hs = new HashSet(512); - tmp_timer = new SystemTimer(internalCache.getDistributedSystem(), true); - } - this.selector = tmp_s; - // this.tmpSel = tmp2_s; - this.selectorQueue = tmp_q; - this.commBufferQueue = tmp_commQ; - this.selectorRegistrations = tmp_hs; - this.hsTimer = tmp_timer; - this.tcpNoDelay = tcpNoDelay; + + this.maxConnections = Math.min(maxConnections, MINIMUM_MAX_CONNECTIONS); + this.maxThreads = calculateMaxThreads(maxThreads); + + if (isSelector()) { + this.selector = Selector.open(); + this.selectorQueue = new LinkedBlockingQueue(); + this.commBufferQueue = new LinkedBlockingQueue(); + this.selectorRegistrations = new HashSet(512); + this.hsTimer = new SystemTimer(internalCache.getDistributedSystem(), true); + } else { + this.selector = null; + this.selectorQueue = null; + this.commBufferQueue = null; + this.selectorRegistrations = null; + this.hsTimer = null; } + this.tcpNoDelay = tcpNoDelay; { if (!isGatewayReceiver) { @@ -633,6 +585,43 @@ public class AcceptorImpl implements Acceptor, Runnable, CommBufferPool { (postAuthzFactoryName != null && postAuthzFactoryName.length() > 0) ? true : false; } + private int calculateMaxThreads(int maxThreads) throws IOException { + int tmp_maxThreads = maxThreads; + if (maxThreads == CacheServer.DEFAULT_MAX_THREADS) { + // consult system properties for 5.0.2 backwards compatibility + if (DEPRECATED_SELECTOR) { + tmp_maxThreads = DEPRECATED_SELECTOR_POOL_SIZE; + } + } + if (tmp_maxThreads < 0) { + tmp_maxThreads = 0; + } else if (tmp_maxThreads > this.maxConnections) { + tmp_maxThreads = this.maxConnections; + } + boolean isWindows = false; + String os = System.getProperty("os.name"); + if (os != null) { + if (os.indexOf("Windows") != -1) { + isWindows = true; + } + } + if (tmp_maxThreads > 0 && isWindows) { + // bug #40472 and JDK bug 6230761 - NIO can't be used with IPv6 on Windows + if (getBindAddress() instanceof Inet6Address) { + logger.warn(LocalizedMessage + .create(LocalizedStrings.AcceptorImpl_IGNORING_MAX_THREADS_DUE_TO_JROCKIT_NIO_BUG)); + tmp_maxThreads = 0; + } + // bug #40198 - Selector.wakeup() hangs if VM starts to exit + if (isJRockit) { + logger.warn(LocalizedMessage + .create(LocalizedStrings.AcceptorImpl_IGNORING_MAX_THREADS_DUE_TO_WINDOWS_IPV6_BUG)); + tmp_maxThreads = 0; + } + } + return tmp_maxThreads; + } + public long getAcceptorId() { return this.acceptorId; } diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolService.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolService.java index 544f286..79a33a4 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolService.java @@ -15,6 +15,8 @@ package org.apache.geode.internal.cache.tier.sockets; +import java.util.Map; + import org.apache.geode.StatisticsFactory; import org.apache.geode.cache.Cache; import org.apache.geode.distributed.internal.InternalLocator; diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java index 5be6cac..2671cbe 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java @@ -38,7 +38,7 @@ import org.apache.geode.internal.security.SecurityService; */ public class GenericProtocolServerConnection extends ServerConnection { // The new protocol lives in a separate module and gets loaded when this class is instantiated. - private final ClientProtocolProcessor protocolPipeline; + private final ClientProtocolProcessor protocolProcessor; private boolean cleanedUp; private ClientProxyMembershipID clientProxyMembershipID; @@ -52,7 +52,7 @@ public class GenericProtocolServerConnection extends ServerConnection { SecurityService securityService) { super(socket, c, helper, stats, hsTimeout, socketBufferSize, communicationModeStr, communicationMode, acceptor, securityService); - this.protocolPipeline = clientProtocolProcessor; + this.protocolProcessor = clientProtocolProcessor; setClientProxyMembershipId(); @@ -66,7 +66,7 @@ public class GenericProtocolServerConnection extends ServerConnection { InputStream inputStream = socket.getInputStream(); OutputStream outputStream = socket.getOutputStream(); - protocolPipeline.processMessage(inputStream, outputStream); + protocolProcessor.processMessage(inputStream, outputStream); } catch (EOFException e) { this.setFlagProcessMessagesAsFalse(); setClientDisconnectedException(e); @@ -94,7 +94,7 @@ public class GenericProtocolServerConnection extends ServerConnection { synchronized (this) { if (!cleanedUp) { cleanedUp = true; - protocolPipeline.close(); + protocolProcessor.close(); } } return super.cleanup(); diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java b/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java index 1d86d70..4de279b 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java @@ -19,7 +19,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import org.apache.geode.Statistics; import org.apache.geode.StatisticsFactory; @@ -30,6 +29,9 @@ import org.apache.geode.StatisticsFactory; * Currently, only one {@link ClientProtocolMessageHandler} at a time can be used in a Geode * instance. It gets wired into {@link ServerConnectionFactory} to create all instances of * {@link GenericProtocolServerConnection}. + * + * Implementors of this interface are expected to be able to be used for any number of connections + * at a time (stateless except for the statistics). */ public interface ClientProtocolMessageHandler { void receiveMessage(InputStream inputStream, OutputStream outputStream, diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java b/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java index b205b33..0978e41 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java @@ -20,10 +20,9 @@ import org.apache.geode.cache.Cache; import org.apache.geode.distributed.Locator; import org.apache.geode.distributed.internal.InternalLocator; import org.apache.geode.internal.exception.InvalidExecutionContextException; -import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; -import org.apache.geode.internal.protocol.protobuf.security.Authorizer; -import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthorizer; -import org.apache.geode.security.ResourcePermission; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; +import org.apache.geode.internal.protocol.security.Authorizer; +import org.apache.geode.internal.protocol.security.NoOpAuthorizer; @Experimental public class MessageExecutionContext { @@ -31,18 +30,18 @@ public class MessageExecutionContext { private Locator locator; private final Authorizer authorizer; private final Object authenticatedSubject; - private final ProtobufClientStatistics statistics; + private final ProtocolClientStatistics statistics; public MessageExecutionContext(Cache cache, Authorizer streamAuthorizer, - Object authenticatedSubject, ProtobufClientStatistics statistics) { + Object authenticatedSubject, ProtocolClientStatistics statistics) { this.cache = cache; this.authorizer = streamAuthorizer; this.authenticatedSubject = authenticatedSubject; this.statistics = statistics; } - public MessageExecutionContext(InternalLocator locator, ProtobufClientStatistics statistics) { + public MessageExecutionContext(InternalLocator locator, ProtocolClientStatistics statistics) { this.locator = locator; // set a no-op authorizer until such time as locators implement authentication // and authorization checks @@ -98,7 +97,7 @@ public class MessageExecutionContext { * Returns the statistics for recording operation stats. In a unit test environment this may not * be a protocol-specific statistics implementation. */ - public ProtobufClientStatistics getStatistics() { + public ProtocolClientStatistics getStatistics() { return statistics; } } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufCachePipeline.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufCachePipeline.java index 90c9895..3b6d2e5 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufCachePipeline.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufCachePipeline.java @@ -21,46 +21,43 @@ import java.io.OutputStream; import org.apache.geode.annotations.Experimental; import org.apache.geode.cache.Cache; -import org.apache.geode.cache.IncompatibleVersionException; import org.apache.geode.internal.cache.tier.sockets.ClientProtocolProcessor; import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext; import org.apache.geode.internal.protocol.protobuf.ProtobufStreamProcessor; -import org.apache.geode.internal.protocol.protobuf.security.Authenticator; -import org.apache.geode.internal.protocol.protobuf.security.Authorizer; -import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; +import org.apache.geode.internal.protocol.security.Authenticator; +import org.apache.geode.internal.protocol.security.Authorizer; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.AuthenticationFailedException; @Experimental public final class ProtobufCachePipeline implements ClientProtocolProcessor { - private final ProtobufClientStatistics statistics; + private final ProtocolClientStatistics statistics; private final Cache cache; private final Authorizer authorizer; - private final SecurityService securityService; private final ProtobufStreamProcessor streamProcessor; private final Authenticator authenticator; private Object authenticatorToken; ProtobufCachePipeline(ProtobufStreamProcessor protobufStreamProcessor, - ProtobufClientStatistics statistics, Cache cache, Authenticator authenticator, - Authorizer authorizer, SecurityService securityService) { + ProtocolClientStatistics statistics, Cache cache, Authenticator authenticator, + Authorizer authorizer) { this.streamProcessor = protobufStreamProcessor; this.statistics = statistics; this.cache = cache; this.authenticator = authenticator; this.authorizer = authorizer; - this.securityService = securityService; this.statistics.clientConnected(); } @Override public void processMessage(InputStream inputStream, OutputStream outputStream) - throws IOException, IncompatibleVersionException { + throws IOException { if (authenticatorToken == null) { try { - authenticatorToken = authenticator.authenticate(inputStream, outputStream, securityService); + authenticatorToken = authenticator.authenticate(inputStream, outputStream); } catch (AuthenticationFailedException ex) { statistics.incAuthenticationFailures(); throw new IOException(ex); diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufLocatorPipeline.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufLocatorPipeline.java index f4ed9e2..bc0bf6a 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufLocatorPipeline.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufLocatorPipeline.java @@ -25,16 +25,16 @@ import org.apache.geode.distributed.internal.InternalLocator; import org.apache.geode.internal.cache.tier.sockets.ClientProtocolProcessor; import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext; import org.apache.geode.internal.protocol.protobuf.ProtobufStreamProcessor; -import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; @Experimental public final class ProtobufLocatorPipeline implements ClientProtocolProcessor { - private final ProtobufClientStatistics statistics; + private final ProtocolClientStatistics statistics; private final InternalLocator locator; private final ProtobufStreamProcessor streamProcessor; ProtobufLocatorPipeline(ProtobufStreamProcessor protobufStreamProcessor, - ProtobufClientStatistics statistics, InternalLocator locator) { + ProtocolClientStatistics statistics, InternalLocator locator) { this.streamProcessor = protobufStreamProcessor; this.statistics = statistics; this.locator = locator; diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufProtocolService.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufProtocolService.java index 7c14852..97570db 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufProtocolService.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufProtocolService.java @@ -19,28 +19,28 @@ import org.apache.geode.cache.Cache; import org.apache.geode.distributed.internal.InternalLocator; import org.apache.geode.internal.cache.tier.sockets.ClientProtocolProcessor; import org.apache.geode.internal.cache.tier.sockets.ClientProtocolService; -import org.apache.geode.internal.protocol.protobuf.security.Authorizer; -import org.apache.geode.internal.protocol.protobuf.security.InvalidConfigAuthenticator; -import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthorizer; -import org.apache.geode.internal.protocol.protobuf.security.ProtobufShiroAuthenticator; import org.apache.geode.internal.protocol.protobuf.ProtobufStreamProcessor; -import org.apache.geode.internal.protocol.protobuf.security.ProtobufShiroAuthorizer; -import org.apache.geode.internal.protocol.protobuf.statistics.NoOpStatistics; -import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; +import org.apache.geode.internal.protocol.statistics.NoOpStatistics; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatisticsImpl; +import org.apache.geode.internal.protocol.security.AuthenticationLookupService; +import org.apache.geode.internal.protocol.security.Authenticator; +import org.apache.geode.internal.protocol.security.AuthorizationLookupService; +import org.apache.geode.internal.protocol.security.Authorizer; import org.apache.geode.internal.security.SecurityService; -import org.apache.geode.internal.protocol.protobuf.security.Authenticator; -import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthenticator; public class ProtobufProtocolService implements ClientProtocolService { - private volatile ProtobufClientStatistics statistics; + private volatile ProtocolClientStatistics statistics; private final ProtobufStreamProcessor protobufStreamProcessor = new ProtobufStreamProcessor(); + private final AuthenticationLookupService authenticationLookupService = + new AuthenticationLookupService(); + private final AuthorizationLookupService authorizationLookupService = + new AuthorizationLookupService(); @Override public synchronized void initializeStatistics(String statisticsName, StatisticsFactory factory) { if (statistics == null) { - statistics = new ProtobufClientStatisticsImpl(factory, statisticsName, - ProtobufClientStatistics.PROTOBUF_STATS_NAME); + statistics = new ProtobufClientStatisticsImpl(factory, statisticsName); } } @@ -49,18 +49,18 @@ public class ProtobufProtocolService implements ClientProtocolService { SecurityService securityService) { assert (statistics != null); - Authenticator authenticator = getAuthenticator(securityService); - Authorizer authorizer = getAuthorizer(securityService); + Authenticator authenticator = authenticationLookupService.getAuthenticator(securityService); + Authorizer authorizer = authorizationLookupService.getAuthorizer(securityService); return new ProtobufCachePipeline(protobufStreamProcessor, getStatistics(), cache, authenticator, - authorizer, securityService); + authorizer); } /** * For internal use. This is necessary because the statistics may get initialized in another * thread. */ - ProtobufClientStatistics getStatistics() { + ProtocolClientStatistics getStatistics() { if (statistics == null) { return new NoOpStatistics(); } @@ -71,33 +71,4 @@ public class ProtobufProtocolService implements ClientProtocolService { public ClientProtocolProcessor createProcessorForLocator(InternalLocator locator) { return new ProtobufLocatorPipeline(protobufStreamProcessor, getStatistics(), locator); } - - private Authenticator getAuthenticator(SecurityService securityService) { - if (securityService.isIntegratedSecurity()) { - // Simple authenticator...normal shiro - return new ProtobufShiroAuthenticator(); - } - if (securityService.isPeerSecurityRequired() || securityService.isClientSecurityRequired()) { - // Failing authentication...legacy security - return new InvalidConfigAuthenticator(); - } else { - // Noop authenticator...no security - return new NoOpAuthenticator(); - } - } - - private Authorizer getAuthorizer(SecurityService securityService) { - if (securityService.isIntegratedSecurity()) { - // Simple authenticator...normal shiro - return new ProtobufShiroAuthorizer(securityService); - } - if (securityService.isPeerSecurityRequired() || securityService.isClientSecurityRequired()) { - // Failing authentication...legacy security - // This should never be called. - return null; - } else { - // Noop authenticator...no security - return new NoOpAuthorizer(); - } - } } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/handshaker/ClientProtocolHandshaker.java similarity index 63% copy from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java copy to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/handshaker/ClientProtocolHandshaker.java index a8070c7..da81325 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/handshaker/ClientProtocolHandshaker.java @@ -12,20 +12,18 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.statistics; +package org.apache.geode.internal.protocol.handshaker; -public interface ProtobufClientStatistics { - String PROTOBUF_STATS_NAME = "ProtobufStats"; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; - void clientConnected(); +import org.apache.geode.cache.IncompatibleVersionException; +import org.apache.geode.internal.protocol.security.Authenticator; - void clientDisconnected(); +public interface ClientProtocolHandshaker { + void processHandshake(InputStream inputStream, OutputStream outputStream) + throws IOException, IncompatibleVersionException; - void messageReceived(int bytes); - - void messageSent(int bytes); - - void incAuthorizationViolations(); - - void incAuthenticationFailures(); + boolean completed(); } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/Handshaker.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/Handshaker.java new file mode 100644 index 0000000..1812f92 --- /dev/null +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/Handshaker.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.geode.internal.protocol.protobuf; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +import org.apache.logging.log4j.Logger; + +import org.apache.geode.cache.IncompatibleVersionException; +import org.apache.geode.internal.logging.LogService; +import org.apache.geode.internal.protocol.handshaker.ClientProtocolHandshaker; +import org.apache.geode.internal.protocol.protobuf.operations.handshaker.HandshakerRequestOperationHandler; + +public class Handshaker implements ClientProtocolHandshaker { + private static final Logger logger = LogService.getLogger(); + + private boolean succesfulHandshake = false; + private final HandshakerRequestOperationHandler handshakerRequestOperationHandler; + + public Handshaker() { + handshakerRequestOperationHandler = new HandshakerRequestOperationHandler(); + } + + @Override + public void processHandshake(InputStream inputStream, OutputStream outputStream) + throws IOException, IncompatibleVersionException { + HandshakeAPI.HandshakeRequest handshakeRequest = + HandshakeAPI.HandshakeRequest.parseDelimitedFrom(inputStream); + + // At this stage HandshakerRequestOperationHandler is not wired into the + // ProtobufOpsStreamProcesser. + // Thus passing in null serializationService and executionContext. + Result<HandshakeAPI.HandshakeResponse> result = + handshakerRequestOperationHandler.process(null, handshakeRequest, null); + + HandshakeAPI.HandshakeResponse handshakeResponse = result.getMessage(); + handshakeResponse.writeDelimitedTo(outputStream); + succesfulHandshake = handshakeResponse.getOk(); + } + + @Override + public boolean completed() { + return succesfulHandshake; + } +} diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufOpsProcessor.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufOpsProcessor.java index a8cde46..4fd1764 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufOpsProcessor.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufOpsProcessor.java @@ -20,8 +20,8 @@ import org.apache.geode.annotations.Experimental; import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext; import org.apache.geode.internal.exception.InvalidExecutionContextException; import org.apache.geode.internal.logging.LogService; -import org.apache.geode.internal.protocol.protobuf.registry.OperationContextRegistry; -import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; +import org.apache.geode.internal.protocol.registry.OperationContextRegistry; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufResponseUtilities; import org.apache.geode.internal.serialization.SerializationService; @@ -74,7 +74,7 @@ public class ProtobufOpsProcessor { } private void recordAuthorizationViolation(MessageExecutionContext context) { - ProtobufClientStatistics statistics = context.getStatistics(); + ProtocolClientStatistics statistics = context.getStatistics(); statistics.incAuthorizationViolations(); } } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessor.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessor.java index 89f02e3..9386ee7 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessor.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessor.java @@ -26,9 +26,9 @@ import org.apache.geode.internal.cache.tier.sockets.ClientProtocolMessageHandler import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext; import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.protocol.exception.InvalidProtocolMessageException; -import org.apache.geode.internal.protocol.protobuf.registry.OperationContextRegistry; +import org.apache.geode.internal.protocol.registry.OperationContextRegistry; import org.apache.geode.internal.protocol.protobuf.serializer.ProtobufProtocolSerializer; -import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufUtilities; /** @@ -67,7 +67,7 @@ public class ProtobufStreamProcessor implements ClientProtocolMessageHandler { logger.debug(errorMessage); throw new EOFException(errorMessage); } - ProtobufClientStatistics statistics = executionContext.getStatistics(); + ProtocolClientStatistics statistics = executionContext.getStatistics(); statistics.messageReceived(message.getSerializedSize()); ClientProtocol.Request request = message.getRequest(); diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtocolErrorCode.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtocolErrorCode.java index 0e41d7a..2c895d3 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtocolErrorCode.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtocolErrorCode.java @@ -19,6 +19,7 @@ public enum ProtocolErrorCode { VALUE_ENCODING_ERROR(1100), UNSUPPORTED_VERSION(1101), UNSUPPORTED_OPERATION(1102), + UNSUPPORTED_AUTHENTICATION_MODE(1103), AUTHENTICATION_FAILED(1200), AUTHORIZATION_FAILED(1201), UNAUTHORIZED_REQUEST(1202), diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/operations/handshaker/HandshakerRequestOperationHandler.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/operations/handshaker/HandshakerRequestOperationHandler.java new file mode 100644 index 0000000..b31247b --- /dev/null +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/operations/handshaker/HandshakerRequestOperationHandler.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.internal.protocol.protobuf.operations.handshaker; + +import static org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode.CONSTRAINT_VIOLATION; +import static org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode.UNSUPPORTED_VERSION; + +import org.apache.logging.log4j.Logger; + +import org.apache.geode.cache.IncompatibleVersionException; +import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext; +import org.apache.geode.internal.exception.InvalidExecutionContextException; +import org.apache.geode.internal.logging.LogService; +import org.apache.geode.internal.protocol.operations.OperationHandler; +import org.apache.geode.internal.protocol.protobuf.BasicTypes; +import org.apache.geode.internal.protocol.protobuf.ClientProtocol; +import org.apache.geode.internal.protocol.protobuf.Failure; +import org.apache.geode.internal.protocol.protobuf.HandshakeAPI; +import org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode; +import org.apache.geode.internal.protocol.protobuf.Result; +import org.apache.geode.internal.protocol.protobuf.Success; +import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufResponseUtilities; +import org.apache.geode.internal.serialization.SerializationService; + +public class HandshakerRequestOperationHandler + implements OperationHandler<HandshakeAPI.HandshakeRequest, HandshakeAPI.HandshakeResponse> { + private static final int MAJOR_VERSION = 1; + private static final int MINOR_VERSION = 0; + private static final Logger logger = + LogService.getLogger(HandshakerRequestOperationHandler.class); + + @Override + public Result<HandshakeAPI.HandshakeResponse> process(SerializationService serializationService, + HandshakeAPI.HandshakeRequest request, MessageExecutionContext executionContext) { + HandshakeAPI.Semver version = request.getVersion(); + if (version.getMajor() != MAJOR_VERSION || version.getMinor() < MINOR_VERSION) { + logger.warn("Version mismatch: incompatible version. Supported version is: " + MAJOR_VERSION + + "." + MINOR_VERSION); + return Success.of(HandshakeAPI.HandshakeResponse.newBuilder().setOk(false) + .setError(BasicTypes.Error.newBuilder().setErrorCode(UNSUPPORTED_VERSION.codeValue) + .setMessage("Version mismatch: incompatible version. Supported version is: " + + MAJOR_VERSION + "." + MINOR_VERSION)) + .build()); + } + return Success.of(HandshakeAPI.HandshakeResponse.newBuilder().setOk(true).build()); + } +} diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/InvalidConfigAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/InvalidConfigAuthenticator.java index bf3d669..e924bc6 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/InvalidConfigAuthenticator.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/InvalidConfigAuthenticator.java @@ -25,16 +25,20 @@ import org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode; import org.apache.logging.log4j.Logger; import org.apache.geode.internal.logging.LogService; -import org.apache.geode.internal.protocol.protobuf.AuthenticationAPI; +import org.apache.geode.internal.protocol.security.Authenticator; import org.apache.geode.internal.security.SecurityService; -import org.apache.geode.security.AuthenticationRequiredException; public class InvalidConfigAuthenticator implements Authenticator { private static final Logger logger = LogService.getLogger(InvalidConfigAuthenticator.class); + private final SecurityService securityService; + + public InvalidConfigAuthenticator(SecurityService securityService) { + this.securityService = securityService; + } @Override - public Object authenticate(InputStream inputStream, OutputStream outputStream, - SecurityService securityService) throws IOException { + public Object authenticate(InputStream inputStream, OutputStream outputStream) + throws IOException { logger.warn( "Attempting to authenticate incoming protobuf message using legacy security implementation. This is not supported. Failing authentication."); diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthenticator.java index ca47b94..6d6a497 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthenticator.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthenticator.java @@ -20,6 +20,7 @@ import org.apache.geode.internal.protocol.protobuf.AuthenticationAPI; import org.apache.geode.internal.protocol.protobuf.BasicTypes; import org.apache.geode.internal.protocol.protobuf.ClientProtocol; +import org.apache.geode.internal.protocol.security.Authenticator; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.AuthenticationFailedException; @@ -31,13 +32,17 @@ import java.util.Properties; import org.apache.shiro.subject.Subject; public class ProtobufShiroAuthenticator implements Authenticator { + private static final String UNEXECPTED_REQUEST = "Expected to receive an authentication request"; - private static final String SHOULD_HAVE_AUTHED = - "Got non-auth request while expecting authentication request"; + private final SecurityService securityService; + + public ProtobufShiroAuthenticator(SecurityService securityService) { + this.securityService = securityService; + } @Override - public Subject authenticate(InputStream inputStream, OutputStream outputStream, - SecurityService securityService) throws IOException, AuthenticationFailedException { + public Subject authenticate(InputStream inputStream, OutputStream outputStream) + throws IOException, AuthenticationFailedException { ClientProtocol.Message message = ClientProtocol.Message.parseDelimitedFrom(inputStream); if (message.getRequest().getRequestAPICase() @@ -79,9 +84,9 @@ public class ProtobufShiroAuthenticator implements Authenticator { .setResponse(ClientProtocol.Response.newBuilder() .setErrorResponse(ClientProtocol.ErrorResponse.newBuilder() .setError(BasicTypes.Error.newBuilder() - .setErrorCode(AUTHENTICATION_FAILED.codeValue).setMessage(SHOULD_HAVE_AUTHED)))) + .setErrorCode(AUTHENTICATION_FAILED.codeValue).setMessage(UNEXECPTED_REQUEST)))) .build().writeDelimitedTo(outputStream); - throw new IOException(SHOULD_HAVE_AUTHED); + throw new IOException(UNEXECPTED_REQUEST); } } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthorizer.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthorizer.java index 78d51c0..b078e4b 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthorizer.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthorizer.java @@ -20,7 +20,7 @@ import org.apache.shiro.util.ThreadState; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.NotAuthorizedException; import org.apache.geode.security.ResourcePermission; -import org.apache.geode.internal.protocol.protobuf.security.Authorizer; +import org.apache.geode.internal.protocol.security.Authorizer; public class ProtobufShiroAuthorizer implements Authorizer { private final SecurityService securityService; @@ -30,8 +30,8 @@ public class ProtobufShiroAuthorizer implements Authorizer { } @Override - public boolean authorize(Object authenticatedSubject, ResourcePermission permissionRequested) { - ThreadState threadState = securityService.bindSubject((Subject) authenticatedSubject); + public boolean authorize(Object authenticatedToken, ResourcePermission permissionRequested) { + ThreadState threadState = securityService.bindSubject((Subject) authenticatedToken); try { securityService.authorize(permissionRequested); diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatisticsImpl.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatisticsImpl.java index 24a3dbb..4868966 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatisticsImpl.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatisticsImpl.java @@ -18,8 +18,10 @@ import org.apache.geode.StatisticDescriptor; import org.apache.geode.Statistics; import org.apache.geode.StatisticsFactory; import org.apache.geode.StatisticsType; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; -public class ProtobufClientStatisticsImpl implements ProtobufClientStatistics { +public class ProtobufClientStatisticsImpl implements ProtocolClientStatistics { + public static final String PROTOBUF_CLIENT_STATISTICS = "ProtobufProtocolStats"; private final StatisticsType statType; private final Statistics stats; private final int currentClientConnectionsId; @@ -32,8 +34,7 @@ public class ProtobufClientStatisticsImpl implements ProtobufClientStatistics { private final int authorizationViolationsId; private final int authenticationFailuresId; - public ProtobufClientStatisticsImpl(StatisticsFactory statisticsFactory, String statisticsName, - String typeName) { + public ProtobufClientStatisticsImpl(StatisticsFactory statisticsFactory, String statisticsName) { StatisticDescriptor[] serverStatDescriptors = new StatisticDescriptor[] { statisticsFactory.createIntGauge("currentClientConnections", "Number of sockets accepted and used for client to server messaging.", "sockets"), @@ -53,7 +54,7 @@ public class ProtobufClientStatisticsImpl implements ProtobufClientStatistics { "messages"), statisticsFactory.createLongCounter("messagesSent", "Messages sent to clients.", "messages")}; - statType = statisticsFactory.createType(typeName, "Protobuf client/server statistics", + statType = statisticsFactory.createType(getStatsName(), "Protobuf client/server statistics", serverStatDescriptors); this.stats = statisticsFactory.createAtomicStatistics(statType, statisticsName); currentClientConnectionsId = this.stats.nameToId("currentClientConnections"); @@ -67,6 +68,12 @@ public class ProtobufClientStatisticsImpl implements ProtobufClientStatistics { messagesSentId = this.stats.nameToId("messagesSent"); } + + @Override + public String getStatsName() { + return PROTOBUF_CLIENT_STATISTICS; + } + @Override public void clientConnected() { stats.incInt(currentClientConnectionsId, 1); diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/utilities/ProtobufUtilities.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/utilities/ProtobufUtilities.java index a44bf74..320a10c 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/utilities/ProtobufUtilities.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/utilities/ProtobufUtilities.java @@ -194,12 +194,6 @@ public abstract class ProtobufUtilities { return protoRegionBuilder.build(); } - public static ClientProtocol.Request createProtobufRequestWithGetRegionNamesRequest( - RegionAPI.GetRegionNamesRequest getRegionNamesRequest) { - return ClientProtocol.Request.newBuilder().setGetRegionNamesRequest(getRegionNamesRequest) - .build(); - } - public static ClientProtocol.Request.Builder createProtobufRequestBuilder() { return ClientProtocol.Request.newBuilder(); } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/registry/OperationContextRegistry.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/registry/OperationContextRegistry.java similarity index 98% rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/registry/OperationContextRegistry.java rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/registry/OperationContextRegistry.java index 736fba5..dbf6259 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/registry/OperationContextRegistry.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/registry/OperationContextRegistry.java @@ -13,7 +13,7 @@ * the License. */ -package org.apache.geode.internal.protocol.protobuf.registry; +package org.apache.geode.internal.protocol.registry; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthenticationLookupService.java similarity index 51% copy from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java copy to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthenticationLookupService.java index 116d92c..f61a300 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthenticationLookupService.java @@ -12,23 +12,24 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.security; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; +package org.apache.geode.internal.protocol.security; +import org.apache.geode.internal.protocol.protobuf.security.InvalidConfigAuthenticator; +import org.apache.geode.internal.protocol.protobuf.security.ProtobufShiroAuthenticator; import org.apache.geode.internal.security.SecurityService; -/** - * An implementation of {@link Authenticator} that doesn't use its parameters and always returns - * true. - */ -public class NoOpAuthenticator implements Authenticator { - @Override - public Object authenticate(InputStream inputStream, OutputStream outputStream, - SecurityService securityService) throws IOException { - // this method needs to do nothing as it is a pass-through implementation - return new Object(); +public class AuthenticationLookupService { + public Authenticator getAuthenticator(SecurityService securityService) { + if (securityService.isIntegratedSecurity()) { + // Simple authenticator...normal shiro + return new ProtobufShiroAuthenticator(securityService); + } + if (securityService.isPeerSecurityRequired() || securityService.isClientSecurityRequired()) { + // Failing authentication...legacy security + return new InvalidConfigAuthenticator(securityService); + } else { + // Noop authenticator...no security + return new NoOpAuthenticator(); + } } } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authenticator.java similarity index 88% rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authenticator.java rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authenticator.java index 2873933..f4234cd 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authenticator.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authenticator.java @@ -12,7 +12,7 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.security; +package org.apache.geode.internal.protocol.security; import java.io.IOException; import java.io.InputStream; @@ -34,10 +34,9 @@ public interface Authenticator { * * @param inputStream to read auth messages from. * @param outputStream to send messages to. - * @param securityService used for validating credentials. * @return authenticated principal * @throws IOException if EOF or if invalid input is received. */ - Object authenticate(InputStream inputStream, OutputStream outputStream, - SecurityService securityService) throws IOException, AuthenticationFailedException; + Object authenticate(InputStream inputStream, OutputStream outputStream) + throws IOException, AuthenticationFailedException; } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthorizationLookupService.java similarity index 50% copy from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java copy to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthorizationLookupService.java index 116d92c..ed81ea6 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthorizationLookupService.java @@ -12,23 +12,29 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.security; +package org.apache.geode.internal.protocol.security; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; +import java.util.HashMap; +import java.util.Map; +import java.util.ServiceLoader; +import org.apache.geode.GemFireConfigException; +import org.apache.geode.internal.protocol.protobuf.security.ProtobufShiroAuthorizer; import org.apache.geode.internal.security.SecurityService; -/** - * An implementation of {@link Authenticator} that doesn't use its parameters and always returns - * true. - */ -public class NoOpAuthenticator implements Authenticator { - @Override - public Object authenticate(InputStream inputStream, OutputStream outputStream, - SecurityService securityService) throws IOException { - // this method needs to do nothing as it is a pass-through implementation - return new Object(); +public class AuthorizationLookupService { + public Authorizer getAuthorizer(SecurityService securityService) { + if (securityService.isIntegratedSecurity()) { + // Simple authenticator...normal shiro + return new ProtobufShiroAuthorizer(securityService); + } + if (securityService.isPeerSecurityRequired() || securityService.isClientSecurityRequired()) { + // Failing authentication...legacy security + // This should never be called. + return null; + } else { + // Noop authenticator...no security + return new NoOpAuthorizer(); + } } } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authorizer.java similarity index 85% copy from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java copy to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authorizer.java index 3cfb2db..525e42d 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authorizer.java @@ -12,10 +12,10 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.security; +package org.apache.geode.internal.protocol.security; import org.apache.geode.security.ResourcePermission; public interface Authorizer { - boolean authorize(Object authenticatedSubject, ResourcePermission permissionRequested); + boolean authorize(Object authenticatedToken, ResourcePermission permissionRequested); } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthenticator.java similarity index 90% rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthenticator.java index 116d92c..d4f96e4 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthenticator.java @@ -12,7 +12,7 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.security; +package org.apache.geode.internal.protocol.security; import java.io.IOException; import java.io.InputStream; @@ -26,8 +26,8 @@ import org.apache.geode.internal.security.SecurityService; */ public class NoOpAuthenticator implements Authenticator { @Override - public Object authenticate(InputStream inputStream, OutputStream outputStream, - SecurityService securityService) throws IOException { + public Object authenticate(InputStream inputStream, OutputStream outputStream) + throws IOException { // this method needs to do nothing as it is a pass-through implementation return new Object(); } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthorizer.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthorizer.java similarity index 86% rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthorizer.java rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthorizer.java index 3add18c..61d0383 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthorizer.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthorizer.java @@ -12,7 +12,7 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.security; +package org.apache.geode.internal.protocol.security; import org.apache.geode.security.ResourcePermission; @@ -21,7 +21,7 @@ import org.apache.geode.security.ResourcePermission; */ public class NoOpAuthorizer implements Authorizer { @Override - public boolean authorize(Object authenticatedSubject, ResourcePermission permissionRequested) { + public boolean authorize(Object authenticatedToken, ResourcePermission permissionRequested) { return true; } } diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/NoOpStatistics.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/NoOpStatistics.java similarity index 89% rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/NoOpStatistics.java rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/NoOpStatistics.java index e06ea8d..8bacd32 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/NoOpStatistics.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/NoOpStatistics.java @@ -12,9 +12,9 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.statistics; +package org.apache.geode.internal.protocol.statistics; -public class NoOpStatistics implements ProtobufClientStatistics { +public class NoOpStatistics implements ProtocolClientStatistics { @Override public void clientConnected() { diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/ProtocolClientStatistics.java similarity index 85% rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/ProtocolClientStatistics.java index a8070c7..9b6ca63 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java +++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/ProtocolClientStatistics.java @@ -12,10 +12,12 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.statistics; +package org.apache.geode.internal.protocol.statistics; -public interface ProtobufClientStatistics { - String PROTOBUF_STATS_NAME = "ProtobufStats"; +public interface ProtocolClientStatistics { + default String getStatsName() { + return "ClientProtocolStats"; + } void clientConnected(); diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java b/geode-protobuf/src/main/proto/handshake_API.proto similarity index 66% rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java rename to geode-protobuf/src/main/proto/handshake_API.proto index 3cfb2db..17f7d40 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java +++ b/geode-protobuf/src/main/proto/handshake_API.proto @@ -1,7 +1,7 @@ /* * Licensed to the Apache Software Foundation (ASF) under one or more contributor license * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance with the License. You may obtain a * copy of the License at * @@ -12,10 +12,23 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.protocol.protobuf.security; -import org.apache.geode.security.ResourcePermission; +syntax = "proto3"; +package org.apache.geode.internal.protocol.protobuf; -public interface Authorizer { - boolean authorize(Object authenticatedSubject, ResourcePermission permissionRequested); +import "basicTypes.proto"; + + +enum AuthenticationMode { + NONE = 0; + SIMPLE = 1; } + +message HandshakeRequest { + Semver version = 1; +} + +message HandshakeResponse { + bool ok = 1; + Error error = 2; // only set if not OK. +} \ No newline at end of file diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/ProtobufProtocolServiceJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/ProtobufProtocolServiceJUnitTest.java index d952f0f..91e133d 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/ProtobufProtocolServiceJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/ProtobufProtocolServiceJUnitTest.java @@ -19,7 +19,7 @@ import static org.junit.Assert.*; import org.junit.Test; import org.junit.experimental.categories.Category; -import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; import org.apache.geode.internal.statistics.DummyStatisticsFactory; import org.apache.geode.test.junit.categories.UnitTest; @@ -29,9 +29,9 @@ public class ProtobufProtocolServiceJUnitTest { public void initializeStatistics() { ProtobufProtocolService service = new ProtobufProtocolService(); service.initializeStatistics("first", new DummyStatisticsFactory()); - ProtobufClientStatistics firstStatistics = service.getStatistics(); + ProtocolClientStatistics firstStatistics = service.getStatistics(); service.initializeStatistics("second", new DummyStatisticsFactory()); - ProtobufClientStatistics secondStatistics = service.getStatistics(); + ProtocolClientStatistics secondStatistics = service.getStatistics(); assertEquals(firstStatistics, secondStatistics); } } diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheConnectionJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheConnectionJUnitTest.java index a7d0313..4a76966 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheConnectionJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheConnectionJUnitTest.java @@ -34,7 +34,6 @@ import java.util.Collection; import java.util.Properties; import java.util.concurrent.TimeUnit; -import org.apache.geode.distributed.internal.SecurityConfig; import org.awaitility.Awaitility; import org.junit.After; import org.junit.Before; @@ -67,7 +66,8 @@ import org.apache.geode.internal.protocol.protobuf.ClientProtocol; import org.apache.geode.internal.protocol.protobuf.ProtobufSerializationService; import org.apache.geode.internal.protocol.protobuf.RegionAPI; import org.apache.geode.internal.protocol.protobuf.serializer.ProtobufProtocolSerializer; -import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; +import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatisticsImpl; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; import org.apache.geode.internal.serialization.SerializationService; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.util.test.TestUtil; @@ -170,7 +170,7 @@ public class CacheConnectionJUnitTest { InternalDistributedSystem distributedSystem = (InternalDistributedSystem) cache.getDistributedSystem(); Statistics[] protobufStats = distributedSystem.findStatisticsByType( - distributedSystem.findType(ProtobufClientStatistics.PROTOBUF_STATS_NAME)); + distributedSystem.findType(ProtobufClientStatisticsImpl.PROTOBUF_CLIENT_STATISTICS)); assertEquals(1, protobufStats.length); Statistics statistics = protobufStats[0]; assertEquals(1, statistics.get("currentClientConnections")); diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheOperationsJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheOperationsJUnitTest.java index 08d648f..d5638ca 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheOperationsJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheOperationsJUnitTest.java @@ -251,8 +251,9 @@ public class CacheOperationsJUnitTest { RegionAPI.GetRegionNamesRequest getRegionNamesRequest = ProtobufRequestUtilities.createGetRegionNamesRequest(); - ClientProtocol.Message getRegionsMessage = ProtobufUtilities.createProtobufMessage( - ProtobufUtilities.createProtobufRequestWithGetRegionNamesRequest(getRegionNamesRequest)); + ClientProtocol.Message getRegionsMessage = + ProtobufUtilities.createProtobufMessage(ClientProtocol.Request.newBuilder() + .setGetRegionNamesRequest(getRegionNamesRequest).build()); protobufProtocolSerializer.serialize(getRegionsMessage, outputStream); validateGetRegionNamesResponse(socket, protobufProtocolSerializer); } diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/LocatorConnectionDUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/LocatorConnectionDUnitTest.java index b4be1b6..01dac04 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/LocatorConnectionDUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/LocatorConnectionDUnitTest.java @@ -40,7 +40,8 @@ import org.apache.geode.internal.protocol.protobuf.ClientProtocol; import org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode; import org.apache.geode.internal.protocol.protobuf.ServerAPI; import org.apache.geode.internal.protocol.protobuf.serializer.ProtobufProtocolSerializer; -import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; +import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatisticsImpl; +import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics; import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufRequestUtilities; import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufUtilities; import org.apache.geode.test.dunit.DistributedTestUtils; @@ -166,7 +167,7 @@ public class LocatorConnectionDUnitTest extends JUnit4CacheTestCase { (InternalDistributedSystem) Locator.getLocator().getDistributedSystem(); Statistics[] protobufServerStats = distributedSystem.findStatisticsByType( - distributedSystem.findType(ProtobufClientStatistics.PROTOBUF_STATS_NAME)); + distributedSystem.findType(ProtobufClientStatisticsImpl.PROTOBUF_CLIENT_STATISTICS)); assertEquals(1, protobufServerStats.length); return protobufServerStats[0]; } diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/HandshakerTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/HandshakerTest.java new file mode 100644 index 0000000..6eba760 --- /dev/null +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/HandshakerTest.java @@ -0,0 +1,128 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.geode.internal.protocol.protobuf; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.HashMap; +import java.util.Map; + +import org.junit.Before; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import org.apache.geode.cache.IncompatibleVersionException; +import org.apache.geode.internal.protocol.security.Authenticator; +import org.apache.geode.internal.protocol.security.Authorizer; +import org.apache.geode.security.AuthenticationFailedException; +import org.apache.geode.security.AuthenticationRequiredException; +import org.apache.geode.test.junit.categories.UnitTest; + +@Category(UnitTest.class) +public class HandshakerTest { + + private Map<String, Class<? extends Authenticator>> authenticatorMap; + private Handshaker handshaker; + + private static class AuthenticatorMock implements Authenticator { + + @Override + public Object authenticate(InputStream inputStream, OutputStream outputStream) + throws IOException, AuthenticationFailedException { + return null; + } + } + + private static class SimpleMock extends AuthenticatorMock { + } + + private static class NoopMock extends AuthenticatorMock { + } + + @Before + public void setUp() { + handshaker = new Handshaker(); + assertFalse(handshaker.completed()); + } + + @Test + public void version1_0IsSupported() throws Exception { + HandshakeAPI.HandshakeRequest handshakeRequest = HandshakeAPI.HandshakeRequest.newBuilder() + .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(1).setMinor(1)) + .setAuthenticationMode(HandshakeAPI.AuthenticationMode.SIMPLE).build(); + + ByteArrayInputStream byteArrayInputStream = + ProtobufTestUtilities.messageToByteArrayInputStream(handshakeRequest); + + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + + handshaker.processHandshake(byteArrayInputStream, byteArrayOutputStream); + // assertTrue(actualAuthenticator instanceof NoopMock); + + assertTrue(handshaker.completed()); + } + + @Test + public void version2NotSupported() throws Exception { + HandshakeAPI.HandshakeRequest handshakeRequest = HandshakeAPI.HandshakeRequest.newBuilder() + .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(2).setMinor(0)) + .setAuthenticationMode(HandshakeAPI.AuthenticationMode.NONE).build(); + + ByteArrayInputStream byteArrayInputStream = + ProtobufTestUtilities.messageToByteArrayInputStream(handshakeRequest); + + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + + handshaker.processHandshake(byteArrayInputStream, byteArrayOutputStream); + } + + @Test + public void bogusAuthenticationMode() throws Exception { + HandshakeAPI.HandshakeRequest handshakeRequest = HandshakeAPI.HandshakeRequest.newBuilder() + .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(1).setMinor(0)) + .setAuthenticationModeValue(-1).build(); + + ByteArrayInputStream byteArrayInputStream = + ProtobufTestUtilities.messageToByteArrayInputStream(handshakeRequest); + + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + + handshaker.processHandshake(byteArrayInputStream, byteArrayOutputStream); + } + + @Test + public void simpleIsSupported() throws Exception { + HandshakeAPI.HandshakeRequest handshakeRequest = HandshakeAPI.HandshakeRequest.newBuilder() + .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(1).setMinor(0)) + .setAuthenticationMode(HandshakeAPI.AuthenticationMode.SIMPLE).build(); + + ByteArrayInputStream byteArrayInputStream = + ProtobufTestUtilities.messageToByteArrayInputStream(handshakeRequest); + + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + + handshaker.processHandshake(byteArrayInputStream, byteArrayOutputStream); + // assertTrue(actualAuthenticator instanceof SimpleMock); + + assertTrue(handshaker.completed()); + } +} diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufShiroAuthenticatorJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufShiroAuthenticatorJUnitTest.java index 1972e31..419d9fe 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufShiroAuthenticatorJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufShiroAuthenticatorJUnitTest.java @@ -41,7 +41,7 @@ public class ProtobufShiroAuthenticatorJUnitTest { private static final String TEST_USERNAME = "user1"; private static final String TEST_PASSWORD = "hunter2"; private ByteArrayInputStream byteArrayInputStream; // initialized with an incoming request in - // setUp. + // setUp. private ByteArrayOutputStream byteArrayOutputStream; private ProtobufShiroAuthenticator protobufShiroAuthenticator; private SecurityService mockSecurityService; @@ -70,13 +70,12 @@ public class ProtobufShiroAuthenticatorJUnitTest { mockSecurityService = mock(SecurityService.class); when(mockSecurityService.login(expectedAuthProperties)).thenReturn(mockSecuritySubject); - protobufShiroAuthenticator = new ProtobufShiroAuthenticator(); + protobufShiroAuthenticator = new ProtobufShiroAuthenticator(mockSecurityService); } @Test public void successfulAuthentication() throws IOException { - protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream, - mockSecurityService); + protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream); AuthenticationAPI.AuthenticationResponse authenticationResponse = getSimpleAuthenticationResponse(byteArrayOutputStream); @@ -89,8 +88,7 @@ public class ProtobufShiroAuthenticatorJUnitTest { when(mockSecurityService.login(expectedAuthProperties)) .thenThrow(new AuthenticationFailedException("BOOM!")); - protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream, - mockSecurityService); + protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream); } @Test @@ -99,8 +97,7 @@ public class ProtobufShiroAuthenticatorJUnitTest { when(mockSecurityService.isClientSecurityRequired()).thenReturn(false); when(mockSecurityService.isPeerSecurityRequired()).thenReturn(false); - protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream, - mockSecurityService); + protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream); AuthenticationAPI.AuthenticationResponse authenticationResponse = getSimpleAuthenticationResponse(byteArrayOutputStream); diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessorTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessorTest.java index 54b4e54..a9578ff 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessorTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessorTest.java @@ -16,8 +16,8 @@ package org.apache.geode.internal.protocol.protobuf; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext; -import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthorizer; -import org.apache.geode.internal.protocol.protobuf.statistics.NoOpStatistics; +import org.apache.geode.internal.protocol.security.NoOpAuthorizer; +import org.apache.geode.internal.protocol.statistics.NoOpStatistics; import org.apache.geode.test.junit.categories.UnitTest; import org.junit.Test; import org.junit.experimental.categories.Category; diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestExecutionContext.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestExecutionContext.java index 56beb0e..43b1efa 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestExecutionContext.java +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestExecutionContext.java @@ -14,15 +14,10 @@ */ package org.apache.geode.internal.protocol.protobuf; -import com.google.protobuf.GeneratedMessageV3; import org.apache.geode.cache.Cache; import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext; -import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthorizer; -import org.apache.geode.internal.protocol.protobuf.statistics.NoOpStatistics; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; +import org.apache.geode.internal.protocol.security.NoOpAuthorizer; +import org.apache.geode.internal.protocol.statistics.NoOpStatistics; public class ProtobufTestExecutionContext { public static MessageExecutionContext getNoAuthExecutionContext(Cache cache) { diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestUtilities.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestUtilities.java new file mode 100644 index 0000000..827599f --- /dev/null +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestUtilities.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.internal.protocol.protobuf; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +import com.google.protobuf.GeneratedMessageV3; + +public class ProtobufTestUtilities { + public static ByteArrayInputStream messageToByteArrayInputStream(GeneratedMessageV3 message) + throws IOException { + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + message.writeDelimitedTo(byteArrayOutputStream); + return new ByteArrayInputStream(byteArrayOutputStream.toByteArray()); + } + + + public static ClientProtocol.Request createProtobufRequestWithGetRegionNamesRequest( + RegionAPI.GetRegionNamesRequest getRegionNamesRequest) { + return ClientProtocol.Request.newBuilder().setGetRegionNamesRequest(getRegionNamesRequest) + .build(); + } + + public static void verifyHandshake(InputStream inputStream, OutputStream outputStream, + HandshakeAPI.AuthenticationMode authenticationMode) throws IOException { + buildHandshakeRequest(authenticationMode).writeDelimitedTo(outputStream); + + HandshakeAPI.HandshakeResponse handshakeResponse = + HandshakeAPI.HandshakeResponse.parseDelimitedFrom(inputStream); + + assertTrue(handshakeResponse.getOk()); + assertFalse(handshakeResponse.hasError()); + } + + public static HandshakeAPI.HandshakeRequest buildHandshakeRequest( + HandshakeAPI.AuthenticationMode authenticationMode) { + return HandshakeAPI.HandshakeRequest.newBuilder() + .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(1).setMinor(0)) + .setAuthenticationMode(authenticationMode).build(); + } +} diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/operations/GetAvailableServersOperationHandlerJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/operations/GetAvailableServersOperationHandlerJUnitTest.java index 5f724d6..393fab8 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/operations/GetAvailableServersOperationHandlerJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/operations/GetAvailableServersOperationHandlerJUnitTest.java @@ -25,7 +25,7 @@ import org.apache.geode.internal.protocol.protobuf.Result; import org.apache.geode.internal.protocol.protobuf.ServerAPI; import org.apache.geode.internal.protocol.protobuf.ServerAPI.GetAvailableServersResponse; import org.apache.geode.internal.protocol.protobuf.Success; -import org.apache.geode.internal.protocol.protobuf.statistics.NoOpStatistics; +import org.apache.geode.internal.protocol.statistics.NoOpStatistics; import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufRequestUtilities; import org.apache.geode.test.junit.categories.UnitTest; import org.junit.Before; -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
