This is an automated email from the ASF dual-hosted git repository. mmartell pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/geode-native.git
The following commit(s) were added to refs/heads/develop by this push: new f19b552 GEODE-6043: Improve Auth example (#405) f19b552 is described below commit f19b552c9c9ec68c3f2abeb227b8b0e1e90012ea Author: Michael Martell <mmart...@pivotal.io> AuthorDate: Fri Nov 16 14:58:14 2018 -0800 GEODE-6043: Improve Auth example (#405) * Improve Auth example - Implement end to end authentication - Updated function-execution script deploy command - Rename DummyAuth to SimpleAuth - Remove unneccessary java class comments - Checkin clang-format change to ExecutionImpl.cpp to fix Tracis CI. --- cppcache/src/ExecutionImpl.cpp | 5 +- examples/cpp/function-execution/startserver.sh | 2 +- .../dotnet/AuthInitialize/ExampleAuthInitialize.cs | 4 +- examples/dotnet/AuthInitialize/README.md | 29 ++++---- examples/dotnet/AuthInitialize/startserver.ps1 | 10 ++- examples/utilities/CMakeLists.txt | 3 + examples/utilities/CMakeLists.txt.in | 3 +- examples/utilities/SimpleAuthenticator.java | 84 ++++++++++++++++++++++ examples/utilities/UserPasswordAuthInit.java | 81 +++++++++++++++++++++ examples/utilities/UsernamePrincipal.java | 43 +++++++++++ 10 files changed, 242 insertions(+), 22 deletions(-) diff --git a/cppcache/src/ExecutionImpl.cpp b/cppcache/src/ExecutionImpl.cpp index 10de65b..516a5d5 100644 --- a/cppcache/src/ExecutionImpl.cpp +++ b/cppcache/src/ExecutionImpl.cpp @@ -131,9 +131,8 @@ std::shared_ptr<ResultCollector> ExecutionImpl::execute( serverOptimizeForWrite = ((attr->at(2) == 1) ? true : false); LOGDEBUG( - "ExecutionImpl::execute got functionAttributes from server for function = " - "%s serverHasResult = %d " - " serverIsHA = %d serverOptimizeForWrite = %d ", + "ExecutionImpl::execute got functionAttributes from server for function " + "= %s serverHasResult = %d serverIsHA = %d serverOptimizeForWrite = %d ", func.c_str(), serverHasResult, serverIsHA, serverOptimizeForWrite); if (serverHasResult == false) { diff --git a/examples/cpp/function-execution/startserver.sh b/examples/cpp/function-execution/startserver.sh index 057c379..9f6c8e8 100755 --- a/examples/cpp/function-execution/startserver.sh +++ b/examples/cpp/function-execution/startserver.sh @@ -29,6 +29,6 @@ else fi fi -$GFSH_PATH -e "start locator --name=locator" -e "deploy --jar=./example.jar" -e "start server --name=the-server --server-port=50505" -e "create region --name=partition_region --type=PARTITION" +$GFSH_PATH -e "start locator --name=locator" -e "deploy --jar=../../utilities/example.jar" -e "start server --name=the-server --server-port=50505" -e "create region --name=partition_region --type=PARTITION" diff --git a/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs b/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs index 022937f..103e6ff 100644 --- a/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs +++ b/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs @@ -40,8 +40,8 @@ namespace Apache.Geode.Examples.AuthInitialize Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called"); var credentials = new Properties<string, object>(); - credentials.Insert("username", "john"); - credentials.Insert("password", "secret"); + credentials.Insert("security-username", "root"); + credentials.Insert("security-password", "root"); return credentials; } } diff --git a/examples/dotnet/AuthInitialize/README.md b/examples/dotnet/AuthInitialize/README.md index 3298edf..45da800 100644 --- a/examples/dotnet/AuthInitialize/README.md +++ b/examples/dotnet/AuthInitialize/README.md @@ -1,24 +1,29 @@ # AuthInitialize Example This example shows how to create and register a custom `IAuthIntialize` authentication -handler. +handler on the client that authenticates against a server that was started with the corresponding authenticator. ## Prerequisites * Install [Apache Geode](https://geode.apache.org) * Build and install [Apache Geode Native](https://github.com/apache/geode-native) +* Apache Geode Native examples, built and installed. +* A `GEODE_HOME` environment variable set to the location of the Apache Geode installation. +* `GEODE_HOME/bin` in the execution path. ## Running -* Start Geode Server and create region. +1. Set the current directory to the `AuthInitialize` directory in your example workspace. + ``` - gfsh>start locator --name=locator - gfsh>start server --name=server - gfsh>create region --name=region --type=PARTITION + $ cd workspace/examples/dotnet/AuthInitialize ``` -* Execute `Apache.Geode.Examples.AuthInitialize.exe`. - - output: + +2. Run the `startserver.ps1` script to start the Geode cluster with authentication and create a region. + +3. Execute `AuthInitialize.exe`: + ``` - ExampleAuthInitialize::ExampleAuthInitialize called - ExampleAuthInitialize::GetCredentials called - a = 1 - b = 2 +.\AuthInitialize.exe +ExampleAuthInitialize::ExampleAuthInitialize called +ExampleAuthInitialize::GetCredentials called +a = 1 +b = 2 ``` diff --git a/examples/dotnet/AuthInitialize/startserver.ps1 b/examples/dotnet/AuthInitialize/startserver.ps1 index 8c99be1..354e7c3 100644 --- a/examples/dotnet/AuthInitialize/startserver.ps1 +++ b/examples/dotnet/AuthInitialize/startserver.ps1 @@ -35,5 +35,11 @@ else if ($GFSH_PATH -ne "") { - Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator' -e 'start server --name=server --dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'" -} \ No newline at end of file + # Set this variable to include your java object that implements the Authenticator class + $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar" + + # Set this variable to the full name of your Authenticator.create function + $AUTHENTICATOR = 'javaobject.SimpleAuthenticator.create' + + Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator' -e 'start server --name=server --classpath=$RESOLVEDPATH --J=-Dgemfire.security-client-authenticator=$AUTHENTICATOR --dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'" +} diff --git a/examples/utilities/CMakeLists.txt b/examples/utilities/CMakeLists.txt index 824a8ff..0fe49ba 100644 --- a/examples/utilities/CMakeLists.txt +++ b/examples/utilities/CMakeLists.txt @@ -22,5 +22,8 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMakeLists.txt.in ${CMAKE_CURRENT_BIN install(FILES ${CMAKE_CURRENT_BINARY_DIR}/CMakeLists.txt ${CMAKE_CURRENT_SOURCE_DIR}/ExampleMultiGetFunction.java + ${CMAKE_CURRENT_SOURCE_DIR}/SimpleAuthenticator.java + ${CMAKE_CURRENT_SOURCE_DIR}/UserPasswordAuthInit.java + ${CMAKE_CURRENT_SOURCE_DIR}/UsernamePrincipal.java DESTINATION examples/utilities) diff --git a/examples/utilities/CMakeLists.txt.in b/examples/utilities/CMakeLists.txt.in index 48cdc1a..c46dfa8 100644 --- a/examples/utilities/CMakeLists.txt.in +++ b/examples/utilities/CMakeLists.txt.in @@ -26,6 +26,5 @@ file(GLOB_RECURSE SOURCES "*.java") add_jar(example ${SOURCES} INCLUDE_JARS ${Geode_CLASSPATH} - OUTPUT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../cpp/function-execution + OUTPUT_DIR ${CMAKE_CURRENT_SOURCE_DIR}../ ) - diff --git a/examples/utilities/SimpleAuthenticator.java b/examples/utilities/SimpleAuthenticator.java new file mode 100644 index 0000000..68f0909 --- /dev/null +++ b/examples/utilities/SimpleAuthenticator.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javaobject; + +import java.security.Principal; +import java.util.Properties; + +import org.apache.geode.LogWriter; +import org.apache.geode.distributed.DistributedMember; +import org.apache.geode.security.AuthenticationFailedException; +import org.apache.geode.security.Authenticator; +import javaobject.UserPasswordAuthInit; +import javaobject.UsernamePrincipal; + +/** + * A dummy implementation of the {@link Authenticator} interface that expects a + * user name and password allowing authentication depending on the format of the + * user name. + * + */ +public class SimpleAuthenticator implements Authenticator { + + public static Authenticator create() { + return new SimpleAuthenticator(); + } + + public SimpleAuthenticator() { + } + + public void init(Properties systemProps, LogWriter systemLogger, + LogWriter securityLogger) throws AuthenticationFailedException { + } + + public static boolean testValidName(String userName) { + + return (userName.startsWith("user") || userName.startsWith("reader") + || userName.startsWith("writer") || userName.equals("admin") + || userName.equals("root") || userName.equals("administrator")); + } + + public Principal authenticate(Properties props, DistributedMember member) + throws AuthenticationFailedException { + + String userName = props.getProperty(UserPasswordAuthInit.USER_NAME); + if (userName == null) { + throw new AuthenticationFailedException( + "SimpleAuthenticator: user name property [" + + UserPasswordAuthInit.USER_NAME + "] not provided"); + } + String password = props.getProperty(UserPasswordAuthInit.PASSWORD); + if (password == null) { + throw new AuthenticationFailedException( + "SimpleAuthenticator: password property [" + + UserPasswordAuthInit.PASSWORD + "] not provided"); + } + + if (userName.equals(password) && testValidName(userName)) { + return new UsernamePrincipal(userName); + } + else { + throw new AuthenticationFailedException( + "SimpleAuthenticator: Invalid user name [" + userName + + "], password supplied."); + } + } + + public void close() { + } + +} diff --git a/examples/utilities/UserPasswordAuthInit.java b/examples/utilities/UserPasswordAuthInit.java new file mode 100644 index 0000000..d40ba67 --- /dev/null +++ b/examples/utilities/UserPasswordAuthInit.java @@ -0,0 +1,81 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javaobject; + +import java.util.Properties; + +import org.apache.geode.LogWriter; +import org.apache.geode.distributed.DistributedMember; +import org.apache.geode.security.AuthInitialize; +import org.apache.geode.security.AuthenticationFailedException; + +/** + * An {@link AuthInitialize} implementation that obtains the user name and + * password as the credentials from the given set of properties. + * + * To use this class the <c>security-client-auth-init</c> property should be + * set to the fully qualified name the static <code>create</code> function + * viz. <code>templates.security.UserPasswordAuthInit.create</code> + * + */ +public class UserPasswordAuthInit implements AuthInitialize { + + public static final String USER_NAME = "security-username"; + + public static final String PASSWORD = "security-password"; + + protected LogWriter securitylog; + + protected LogWriter systemlog; + + public static AuthInitialize create() { + return new UserPasswordAuthInit(); + } + + public void init(LogWriter systemLogger, LogWriter securityLogger) + throws AuthenticationFailedException { + this.systemlog = systemLogger; + this.securitylog = securityLogger; + } + + public UserPasswordAuthInit() { + } + + public Properties getCredentials(Properties props, DistributedMember server, + boolean isPeer) throws AuthenticationFailedException { + + Properties newProps = new Properties(); + String userName = props.getProperty(USER_NAME); + if (userName == null) { + throw new AuthenticationFailedException( + "UserPasswordAuthInit: user name property [" + USER_NAME + + "] not set."); + } + newProps.setProperty(USER_NAME, userName); + String passwd = props.getProperty(PASSWORD); + // If password is not provided then use empty string as the password. + if (passwd == null) { + passwd = ""; + } + newProps.setProperty(PASSWORD, passwd); + return newProps; + } + + public void close() { + } + +} diff --git a/examples/utilities/UsernamePrincipal.java b/examples/utilities/UsernamePrincipal.java new file mode 100644 index 0000000..faeb770 --- /dev/null +++ b/examples/utilities/UsernamePrincipal.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package javaobject; + +import java.io.Serializable; +import java.security.Principal; + +/** + * An implementation of {@link Principal} class for a simple user name. + * + */ +public class UsernamePrincipal implements Principal, Serializable { + + private final String userName; + + public UsernamePrincipal(String userName) { + this.userName = userName; + } + + public String getName() { + return this.userName; + } + + @Override + public String toString() { + return this.userName; + } + +}