http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/security/CredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/security/CredentialGenerator.java b/gemfire-core/src/test/java/security/CredentialGenerator.java deleted file mode 100644 index 7a430f1..0000000 --- a/gemfire-core/src/test/java/security/CredentialGenerator.java +++ /dev/null @@ -1,343 +0,0 @@ - -package security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -import java.security.Principal; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -import com.gemstone.gemfire.security.AuthInitialize; -import com.gemstone.gemfire.security.Authenticator; - -/** - * Encapsulates obtaining valid and invalid credentials. Implementations will be - * for different kinds of authentication schemes. - * - * @author sumedh - * @since 5.5 - */ -public abstract class CredentialGenerator { - - /** - * Enumeration for various {@link CredentialGenerator} implementations. - * - * The following schemes are supported as of now: - * <code>DummyAuthenticator</code>, <code>LdapUserAuthenticator</code>, - * <code>PKCSAuthenticator</code>. In addition SSL socket mode with mutual - * authentication is also supported. - * - * To add a new authentication scheme the following needs to be done: - * <ul> - * <li>Add implementations for {@link AuthInitialize} and - * {@link Authenticator} classes for clients/peers.</li> - * <li>Add a new enumeration value for the scheme in this class. Notice the - * size of <code>VALUES</code> array and increase that if it is getting - * overflowed. Note the methods and fields for existing schemes and add for - * the new one in a similar manner.</li> - * <li>Add an implementation for {@link CredentialGenerator}.</li> - * <li>Modify the CredentialGenerator.Factory#create [no such Factory exists] method to add - * creation of an instance of the new implementation for the - * <code>ClassCode</code> enumeration value.</li> - * </ul> - * All security dunit tests will automagically start testing the new - * implementation after this. - * - * @author sumedh - * @since 5.5 - */ - public static final class ClassCode { - - private static final byte ID_DUMMY = 1; - - private static final byte ID_LDAP = 2; - - private static final byte ID_PKCS = 3; - - private static final byte ID_SSL = 4; - - private static byte nextOrdinal = 0; - - private static final ClassCode[] VALUES = new ClassCode[10]; - - private static final Map CodeNameMap = new HashMap(); - - public static final ClassCode DUMMY = new ClassCode( - "templates.security.DummyAuthenticator.create", ID_DUMMY); - - public static final ClassCode LDAP = new ClassCode( - "templates.security.LdapUserAuthenticator.create", ID_LDAP); - - public static final ClassCode PKCS = new ClassCode( - "templates.security.PKCSAuthenticator.create", ID_PKCS); - - public static final ClassCode SSL = new ClassCode("SSL", ID_SSL); - - /** The name of this class. */ - private final String name; - - /** byte used as ordinal to represent this class */ - private final byte ordinal; - - /** - * One of the following: ID_DUMMY, ID_LDAP, ID_PKCS - */ - private final byte classType; - - /** Creates a new instance of class code. */ - private ClassCode(String name, byte classType) { - this.name = name; - this.classType = classType; - this.ordinal = nextOrdinal++; - VALUES[this.ordinal] = this; - CodeNameMap.put(name, this); - } - - public boolean isDummy() { - return (this.classType == ID_DUMMY); - } - - public boolean isLDAP() { - return (this.classType == ID_LDAP); - } - - public boolean isPKCS() { - return (this.classType == ID_PKCS); - } - - public boolean isSSL() { - return (this.classType == ID_SSL); - } - - /** - * Returns the <code>ClassCode</code> represented by specified ordinal. - */ - public static ClassCode fromOrdinal(byte ordinal) { - return VALUES[ordinal]; - } - - /** - * Returns the <code>ClassCode</code> represented by specified string. - */ - public static ClassCode parse(String operationName) { - return (ClassCode)CodeNameMap.get(operationName); - } - - /** - * Returns all the possible values. - */ - public static List getAll() { - List codes = new ArrayList(); - Iterator iter = CodeNameMap.values().iterator(); - while (iter.hasNext()) { - codes.add(iter.next()); - } - return codes; - } - - /** - * Returns the ordinal for this operation code. - * - * @return the ordinal of this operation. - */ - public byte toOrdinal() { - return this.ordinal; - } - - /** - * Returns a string representation for this operation. - * - * @return the name of this operation. - */ - final public String toString() { - return this.name; - } - - /** - * Indicates whether other object is same as this one. - * - * @return true if other object is same as this one. - */ - @Override - final public boolean equals(final Object obj) { - if (obj == this) { - return true; - } - if (!(obj instanceof ClassCode)) { - return false; - } - final ClassCode other = (ClassCode)obj; - return (other.ordinal == this.ordinal); - } - - /** - * Indicates whether other <code>ClassCode</code> is same as this one. - * - * @return true if other <code>ClassCode</code> is same as this one. - */ - final public boolean equals(final ClassCode opCode) { - return (opCode != null && opCode.ordinal == this.ordinal); - } - - /** - * Returns a hash code value for this <code>ClassCode</code> which is the - * same as its ordinal. - * - * @return the ordinal of this operation. - */ - @Override - final public int hashCode() { - return this.ordinal; - } - - } - - /** - * A set of properties that should be added to the Gemfire system properties - * before using the authentication module. - */ - private Properties sysProps = null; - - /** - * A set of properties that should be added to the java system properties - * before using the authentication module. - */ - protected Properties javaProps = null; - - /** - * A factory method to create a new instance of an {@link CredentialGenerator} - * for the given {@link ClassCode}. Caller is supposed to invoke - * {@link CredentialGenerator#init} immediately after obtaining the instance. - * - * @param classCode - * the <code>ClassCode</code> of the - * <code>CredentialGenerator</code> implementation - * - * @return an instance of <code>CredentialGenerator</code> for the given - * class code - */ - public static CredentialGenerator create(ClassCode classCode) { - switch (classCode.classType) { - // Removing dummy one to reduce test run times - // case ClassCode.ID_DUMMY: - // return new DummyCredentialGenerator(); - case ClassCode.ID_LDAP: - return new LdapUserCredentialGenerator(); - // case ClassCode.ID_SSL:ø - // return new SSLCredentialGenerator(); - case ClassCode.ID_PKCS: - return new PKCSCredentialGenerator(); - default: - return null; - } - } - - /** - * Initialize the credential generator. - * - * @throws IllegalArgumentException - * when there is a problem during initialization - */ - public void init() throws IllegalArgumentException { - this.sysProps = initialize(); - } - - /** - * Initialize the credential generator. This is provided separately from the - * {@link #init} method for convenience of implementations so that they do not - * need to store in {@link #sysProps}. The latter is convenient for the users - * who do not need to store these properties rather can obtain it later by - * invoking {@link #getSystemProperties} - * - * Required to be implemented by concrete classes that implement this abstract - * class. - * - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - * - * @throws IllegalArgumentException - * when there is a problem during initialization - */ - protected abstract Properties initialize() throws IllegalArgumentException; - - /** - * - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - */ - public Properties getSystemProperties() { - return this.sysProps; - } - - /** - * - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - */ - public Properties getJavaProperties() { - return this.javaProps; - } - - /** - * The {@link ClassCode} of this particular implementation. - * - * @return the <code>ClassCode</code> - */ - public abstract ClassCode classCode(); - - /** - * The name of the {@link AuthInitialize} factory function that should be used - * in conjunction with the credentials generated by this generator. - * - * @return name of the <code>AuthInitialize</code> factory function - */ - public abstract String getAuthInit(); - - /** - * The name of the {@link Authenticator} factory function that should be used - * in conjunction with the credentials generated by this generator. - * - * @return name of the <code>Authenticator</code> factory function - */ - public abstract String getAuthenticator(); - - /** - * Get a set of valid credentials generated using the given index. - */ - public abstract Properties getValidCredentials(int index); - - /** - * Get a set of valid credentials for the given {@link Principal}. - * - * @return credentials for the given <code>Principal</code> or null if none - * possible. - */ - public abstract Properties getValidCredentials(Principal principal); - - /** - * Get a set of invalid credentials generated using the given index. - */ - public abstract Properties getInvalidCredentials(int index); -}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/security/DummyAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/security/DummyAuthzCredentialGenerator.java b/gemfire-core/src/test/java/security/DummyAuthzCredentialGenerator.java deleted file mode 100644 index 7e40d13..0000000 --- a/gemfire-core/src/test/java/security/DummyAuthzCredentialGenerator.java +++ /dev/null @@ -1,145 +0,0 @@ - -package security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -import java.security.Principal; -import java.util.HashSet; -import java.util.Properties; -import java.util.Set; - -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import security.AuthzCredentialGenerator; -import templates.security.DummyAuthorization; -import templates.security.UsernamePrincipal; - -public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator { - - public static final byte READER_ROLE = 1; - - public static final byte WRITER_ROLE = 2; - - public static final byte ADMIN_ROLE = 3; - - private static Set readerOpsSet; - - private static Set writerOpsSet; - - static { - - readerOpsSet = new HashSet(); - for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) { - readerOpsSet.add(DummyAuthorization.READER_OPS[index]); - } - writerOpsSet = new HashSet(); - for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) { - writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]); - } - } - - public DummyAuthzCredentialGenerator() { - } - - protected Properties init() throws IllegalArgumentException { - - if (!this.cGen.classCode().isDummy()) { - throw new IllegalArgumentException( - "DummyAuthorization module only works with DummyAuthenticator"); - } - return null; - } - - public ClassCode classCode() { - return ClassCode.DUMMY; - } - - public String getAuthorizationCallback() { - return "templates.security.DummyAuthorization.create"; - } - - public static byte getRequiredRole(OperationCode[] opCodes) { - - byte roleType = ADMIN_ROLE; - boolean requiresReader = true; - boolean requiresWriter = true; - - for (int opNum = 0; opNum < opCodes.length; opNum++) { - if (requiresReader && !readerOpsSet.contains(opCodes[opNum])) { - requiresReader = false; - } - if (requiresWriter && !writerOpsSet.contains(opCodes[opNum])) { - requiresWriter = false; - } - } - if (requiresReader) { - roleType = READER_ROLE; - } - else if (requiresWriter) { - roleType = WRITER_ROLE; - } - return roleType; - } - - private Principal getPrincipal(byte roleType, int index) { - - String[] admins = new String[] { "root", "admin", "administrator" }; - switch (roleType) { - case READER_ROLE: - return new UsernamePrincipal("reader" + index); - case WRITER_ROLE: - return new UsernamePrincipal("writer" + index); - default: - return new UsernamePrincipal(admins[index % admins.length]); - } - } - - protected Principal getAllowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index) { - - byte roleType = getRequiredRole(opCodes); - return getPrincipal(roleType, index); - } - - protected Principal getDisallowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index) { - - byte roleType = getRequiredRole(opCodes); - byte disallowedRoleType; - switch (roleType) { - case READER_ROLE: - disallowedRoleType = WRITER_ROLE; - break; - case WRITER_ROLE: - disallowedRoleType = READER_ROLE; - break; - default: - disallowedRoleType = READER_ROLE; - break; - } - return getPrincipal(disallowedRoleType, index); - } - - protected int getNumPrincipalTries(OperationCode[] opCodes, - String[] regionNames) { - return 5; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/security/DummyCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/security/DummyCredentialGenerator.java b/gemfire-core/src/test/java/security/DummyCredentialGenerator.java deleted file mode 100644 index 86b26a7..0000000 --- a/gemfire-core/src/test/java/security/DummyCredentialGenerator.java +++ /dev/null @@ -1,94 +0,0 @@ - -package security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -import security.CredentialGenerator; -import templates.security.DummyAuthenticator; -import templates.security.UserPasswordAuthInit; - -import java.security.Principal; -import java.util.Properties; - -public class DummyCredentialGenerator extends CredentialGenerator { - - public DummyCredentialGenerator() { - } - - protected Properties initialize() throws IllegalArgumentException { - return null; - } - - public ClassCode classCode() { - return ClassCode.DUMMY; - } - - public String getAuthInit() { - return "templates.security.UserPasswordAuthInit.create"; - } - - public String getAuthenticator() { - return "templates.security.DummyAuthenticator.create"; - } - - public Properties getValidCredentials(int index) { - - String[] validGroups = new String[] { "admin", "user", "reader", "writer" }; - String[] admins = new String[] { "root", "admin", "administrator" }; - - Properties props = new Properties(); - int groupNum = (index % validGroups.length); - String userName; - if (groupNum == 0) { - userName = admins[index % admins.length]; - } - else { - userName = validGroups[groupNum] + (index / validGroups.length); - } - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, userName); - return props; - } - - public Properties getValidCredentials(Principal principal) { - - String userName = principal.getName(); - if (DummyAuthenticator.testValidName(userName)) { - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, userName); - return props; - } - else { - throw new IllegalArgumentException("Dummy: [" + userName - + "] is not a valid user"); - } - } - - public Properties getInvalidCredentials(int index) { - - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index); - props.setProperty(UserPasswordAuthInit.PASSWORD, "none"); - return props; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/security/LdapUserCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/security/LdapUserCredentialGenerator.java b/gemfire-core/src/test/java/security/LdapUserCredentialGenerator.java deleted file mode 100644 index 12bcb62..0000000 --- a/gemfire-core/src/test/java/security/LdapUserCredentialGenerator.java +++ /dev/null @@ -1,160 +0,0 @@ - -package security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -import java.security.Principal; -import java.util.Properties; - -import com.gemstone.gemfire.distributed.internal.DistributionConfig; -import com.gemstone.gemfire.internal.cache.tier.sockets.HandShake; -import com.gemstone.gemfire.util.test.TestUtil; -import templates.security.LdapUserAuthenticator; -import templates.security.UserPasswordAuthInit; - -import java.util.Random; - -public class LdapUserCredentialGenerator extends CredentialGenerator { - - private static final String USER_PREFIX = "gemfire"; - - private static boolean enableServerAuthentication = false; - - private boolean serverAuthEnabled = false; - - private static final Random prng = new Random(); - - private static final String[] algos = new String[] { "", "DESede", "AES:128", - "Blowfish:128" }; - - public LdapUserCredentialGenerator() { - // Toggle server authentication enabled for each test - // This is done instead of running all the tests with both - // server auth enabled/disabled to reduce test run time. - enableServerAuthentication = !enableServerAuthentication; - serverAuthEnabled = enableServerAuthentication; - } - - @Override - protected Properties initialize() throws IllegalArgumentException { - - Properties extraProps = new Properties(); - String ldapServer = System.getProperty("gf.ldap.server", "ldap"); - String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com"); - String ldapUseSSL = System.getProperty("gf.ldap.usessl"); - extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer); - extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN); - if (ldapUseSSL != null && ldapUseSSL.length() > 0) { - extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL); - } - if (serverAuthEnabled) { - String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore"); - extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile); - extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, "gemfire1"); - extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire"); - } - return extraProps; - } - - @Override - public ClassCode classCode() { - return ClassCode.LDAP; - } - - @Override - public String getAuthInit() { - return "templates.security.UserPasswordAuthInit.create"; - } - - @Override - public String getAuthenticator() { - return "templates.security.LdapUserAuthenticator.create"; - } - - @Override - public Properties getValidCredentials(int index) { - - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX - + ((index % 10) + 1)); - props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX - + ((index % 10) + 1)); - props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, - algos[prng.nextInt(algos.length)]); - if (serverAuthEnabled) { - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); - props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); - props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); - } - return props; - } - - @Override - public Properties getValidCredentials(Principal principal) { - - Properties props = null; - String userName = principal.getName(); - if (userName != null && userName.startsWith(USER_PREFIX)) { - boolean isValid; - try { - int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length())); - isValid = (suffix >= 1 && suffix <= 10); - } - catch (Exception ex) { - isValid = false; - } - if (isValid) { - props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, userName); - } - } - if (props == null) { - throw new IllegalArgumentException("LDAP: [" + userName - + "] not a valid user"); - } - props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, - algos[prng.nextInt(algos.length)]); - if (serverAuthEnabled) { - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); - props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); - props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); - } - return props; - } - - @Override - public Properties getInvalidCredentials(int index) { - - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index); - props.setProperty(UserPasswordAuthInit.PASSWORD, "none"); - props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, - algos[prng.nextInt(algos.length)]); - if (serverAuthEnabled) { - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); - props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); - props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); - } - return props; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/security/PKCSCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/security/PKCSCredentialGenerator.java b/gemfire-core/src/test/java/security/PKCSCredentialGenerator.java deleted file mode 100644 index 24c0100..0000000 --- a/gemfire-core/src/test/java/security/PKCSCredentialGenerator.java +++ /dev/null @@ -1,112 +0,0 @@ - -package security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -import java.security.Principal; -import java.security.Provider; -import java.security.Security; -import java.util.Properties; - -import com.gemstone.gemfire.util.test.TestUtil; -import templates.security.PKCSAuthInit; -import templates.security.PKCSAuthenticator; - -/** - * @author kneeraj - * - */ -public class PKCSCredentialGenerator extends CredentialGenerator { - - public static String keyStoreDir = getKeyStoreDir(); - - public static boolean usesIBMJSSE; - - // Checks if the current JVM uses only IBM JSSE providers. - private static boolean usesIBMProviders() { - Provider[] providers = Security.getProviders(); - for (int index = 0; index < providers.length; ++index) { - if (!providers[index].getName().toLowerCase().startsWith("ibm")) { - return false; - } - } - return true; - } - - private static String getKeyStoreDir() { - usesIBMJSSE = usesIBMProviders(); - if (usesIBMJSSE) { - return "/lib/keys/ibm"; - } - else { - return "/lib/keys"; - } - } - - public ClassCode classCode() { - return ClassCode.PKCS; - } - - public String getAuthInit() { - return "templates.security.PKCSAuthInit.create"; - } - - public String getAuthenticator() { - return "templates.security.PKCSAuthenticator.create"; - } - - public Properties getInvalidCredentials(int index) { - Properties props = new Properties(); - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore"); - props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); - props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11"); - props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); - return props; - } - - public Properties getValidCredentials(int index) { - Properties props = new Properties(); - int aliasnum = (index % 10) + 1; - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore"); - props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); - props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum); - props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); - return props; - } - - public Properties getValidCredentials(Principal principal) { - Properties props = new Properties(); - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore"); - props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); - props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName()); - props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); - return props; - } - - protected Properties initialize() throws IllegalArgumentException { - Properties props = new Properties(); - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile"); - props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile); - props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire"); - return props; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/security/SSLCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/security/SSLCredentialGenerator.java b/gemfire-core/src/test/java/security/SSLCredentialGenerator.java deleted file mode 100644 index 29a1a30..0000000 --- a/gemfire-core/src/test/java/security/SSLCredentialGenerator.java +++ /dev/null @@ -1,117 +0,0 @@ - -package security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -import java.io.File; -import java.io.IOException; -import java.security.Principal; -import java.util.Properties; - -import com.gemstone.gemfire.security.AuthenticationFailedException; -import security.CredentialGenerator; - -public class SSLCredentialGenerator extends CredentialGenerator { - - private File findTrustedJKS() { - File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); - return new File(ssldir, "trusted.keystore"); - } - - private File findUntrustedJKS() { - File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); - return new File(ssldir, "untrusted.keystore"); - } - - private Properties getValidJavaSSLProperties() { - File jks = findTrustedJKS(); - try { - Properties props = new Properties(); - props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath()); - props.setProperty("javax.net.ssl.trustStorePassword", "password"); - props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath()); - props.setProperty("javax.net.ssl.keyStorePassword", "password"); - return props; - } - catch (IOException ex) { - throw new AuthenticationFailedException( - "SSL: Exception while opening the key store: " + ex); - } - } - - private Properties getInvalidJavaSSLProperties() { - File jks = findUntrustedJKS(); - try { - Properties props = new Properties(); - props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath()); - props.setProperty("javax.net.ssl.trustStorePassword", "password"); - props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath()); - props.setProperty("javax.net.ssl.keyStorePassword", "password"); - return props; - } - catch (IOException ex) { - throw new AuthenticationFailedException( - "SSL: Exception while opening the key store: " + ex); - } - } - - private Properties getSSLProperties() { - Properties props = new Properties(); - props.setProperty("ssl-enabled", "true"); - props.setProperty("ssl-require-authentication", "true"); - props.setProperty("ssl-ciphers", "SSL_RSA_WITH_RC4_128_MD5"); - props.setProperty("ssl-protocols", "TLSv1"); - return props; - } - - protected Properties initialize() throws IllegalArgumentException { - this.javaProps = getValidJavaSSLProperties(); - return getSSLProperties(); - } - - public ClassCode classCode() { - return ClassCode.SSL; - } - - public String getAuthInit() { - return null; - } - - public String getAuthenticator() { - return null; - } - - public Properties getValidCredentials(int index) { - this.javaProps = getValidJavaSSLProperties(); - return getSSLProperties(); - } - - public Properties getValidCredentials(Principal principal) { - this.javaProps = getValidJavaSSLProperties(); - return getSSLProperties(); - } - - public Properties getInvalidCredentials(int index) { - this.javaProps = getInvalidJavaSSLProperties(); - return getSSLProperties(); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java b/gemfire-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java deleted file mode 100644 index a41f73a..0000000 --- a/gemfire-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java +++ /dev/null @@ -1,77 +0,0 @@ - -package security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -import java.util.Properties; -import java.util.Iterator; - -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AuthInitialize; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import templates.security.UserPasswordAuthInit; - -/** - * An {@link AuthInitialize} implementation that obtains the user name and - * password as the credentials from the given set of properties. If - * keep-extra-props property exits, it will copy rest of the - * properties provided in getCredential props argument will also be - * copied as new credentials. - * - * @author Soubhik - * @since 5.5 - */ -public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit { - - public static final String EXTRA_PROPS = "security-keep-extra-props"; - - public static final String SECURITY_PREFIX = "security-"; - - public static AuthInitialize create() { - return new UserPasswordWithExtraPropsAuthInit(); - } - - public UserPasswordWithExtraPropsAuthInit() { - super(); - } - - public Properties getCredentials(Properties props, DistributedMember server, - boolean isPeer) throws AuthenticationFailedException { - - Properties newProps = super.getCredentials(props, server, isPeer); - String extraProps = props.getProperty(EXTRA_PROPS); - if(extraProps != null) { - for(Iterator it = props.keySet().iterator(); it.hasNext();) { - String key = (String)it.next(); - if( key.startsWith(SECURITY_PREFIX) && - key.equalsIgnoreCase(USER_NAME) == false && - key.equalsIgnoreCase(PASSWORD) == false && - key.equalsIgnoreCase(EXTRA_PROPS) == false) { - newProps.setProperty(key, props.getProperty(key)); - } - } - this.securitylog.fine("got everything and now have: " - + newProps.keySet().toString()); - } - return newProps; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/security/XmlAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/security/XmlAuthzCredentialGenerator.java b/gemfire-core/src/test/java/security/XmlAuthzCredentialGenerator.java deleted file mode 100644 index 929eafb..0000000 --- a/gemfire-core/src/test/java/security/XmlAuthzCredentialGenerator.java +++ /dev/null @@ -1,264 +0,0 @@ - -package security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -import java.security.Principal; -import java.util.HashSet; -import java.util.Properties; -import java.util.Set; - -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.util.test.TestUtil; -import templates.security.UsernamePrincipal; -import templates.security.XmlAuthorization; - -public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { - - private static final String dummyXml = "authz-dummy.xml"; - - private static final String ldapXml = "authz-ldap.xml"; - - private static final String pkcsXml = "authz-pkcs.xml"; - - private static final String sslXml = "authz-ssl.xml"; - - private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", - "/AuthRegion" }; - - public static OperationCode[] READER_OPS = { OperationCode.GET, - OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, - OperationCode.KEY_SET, OperationCode.CONTAINS_KEY, OperationCode.EXECUTE_FUNCTION }; - - public static OperationCode[] WRITER_OPS = { OperationCode.PUT, - OperationCode.DESTROY, OperationCode.INVALIDATE, OperationCode.REGION_CLEAR }; - - public static OperationCode[] QUERY_OPS = { OperationCode.QUERY, - OperationCode.EXECUTE_CQ, OperationCode.STOP_CQ, OperationCode.CLOSE_CQ }; - - private static final byte READER_ROLE = 1; - - private static final byte WRITER_ROLE = 2; - - private static final byte QUERY_ROLE = 3; - - private static final byte ADMIN_ROLE = 4; - - private static Set readerOpsSet; - - private static Set writerOpsSet; - - private static Set queryOpsSet; - - private static Set queryRegionSet; - - static { - - readerOpsSet = new HashSet(); - for (int index = 0; index < READER_OPS.length; index++) { - readerOpsSet.add(READER_OPS[index]); - } - writerOpsSet = new HashSet(); - for (int index = 0; index < WRITER_OPS.length; index++) { - writerOpsSet.add(WRITER_OPS[index]); - } - queryOpsSet = new HashSet(); - for (int index = 0; index < QUERY_OPS.length; index++) { - queryOpsSet.add(QUERY_OPS[index]); - } - queryRegionSet = new HashSet(); - for (int index = 0; index < QUERY_REGIONS.length; index++) { - queryRegionSet.add(QUERY_REGIONS[index]); - } - } - - public XmlAuthzCredentialGenerator() { - } - - protected Properties init() throws IllegalArgumentException { - - Properties sysProps = new Properties(); - String dirName = "/lib/"; - if (this.cGen.classCode().isDummy()) { - String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml); - sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename); - } - else if (this.cGen.classCode().isLDAP()) { - String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml); - sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename); - } - // else if (this.cGen.classCode().isPKCS()) { - // sysProps - // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml); - // } - // else if (this.cGen.classCode().isSSL()) { - // sysProps - // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml); - // } - else { - throw new IllegalArgumentException( - "No XML defined for XmlAuthorization module to work with " - + this.cGen.getAuthenticator()); - } - return sysProps; - } - - public ClassCode classCode() { - return ClassCode.XML; - } - - public String getAuthorizationCallback() { - return "templates.security.XmlAuthorization.create"; - } - - private Principal getDummyPrincipal(byte roleType, int index) { - - String[] admins = new String[] { "root", "admin", "administrator" }; - int numReaders = 3; - int numWriters = 3; - - switch (roleType) { - case READER_ROLE: - return new UsernamePrincipal("reader" + (index % numReaders)); - case WRITER_ROLE: - return new UsernamePrincipal("writer" + (index % numWriters)); - case QUERY_ROLE: - return new UsernamePrincipal("reader" + ((index % 2) + 3)); - default: - return new UsernamePrincipal(admins[index % admins.length]); - } - } - - private Principal getLdapPrincipal(byte roleType, int index) { - - final String userPrefix = "gemfire"; - final int[] readerIndices = { 3, 4, 5 }; - final int[] writerIndices = { 6, 7, 8 }; - final int[] queryIndices = { 9, 10 }; - final int[] adminIndices = { 1, 2 }; - - switch (roleType) { - case READER_ROLE: - int readerIndex = readerIndices[index % readerIndices.length]; - return new UsernamePrincipal(userPrefix + readerIndex); - case WRITER_ROLE: - int writerIndex = writerIndices[index % writerIndices.length]; - return new UsernamePrincipal(userPrefix + writerIndex); - case QUERY_ROLE: - int queryIndex = queryIndices[index % queryIndices.length]; - return new UsernamePrincipal(userPrefix + queryIndex); - default: - int adminIndex = adminIndices[index % adminIndices.length]; - return new UsernamePrincipal(userPrefix + adminIndex); - } - } - - private byte getRequiredRole(OperationCode[] opCodes, String[] regionNames) { - - byte roleType = ADMIN_ROLE; - boolean requiresReader = true; - boolean requiresWriter = true; - boolean requiresQuery = true; - - for (int opNum = 0; opNum < opCodes.length; opNum++) { - OperationCode opCode = opCodes[opNum]; - if (requiresReader && !readerOpsSet.contains(opCode)) { - requiresReader = false; - } - if (requiresWriter && !writerOpsSet.contains(opCode)) { - requiresWriter = false; - } - if (requiresQuery && !queryOpsSet.contains(opCode)) { - requiresQuery = false; - } - } - if (requiresReader) { - roleType = READER_ROLE; - } - else if (requiresWriter) { - roleType = WRITER_ROLE; - } - else if (requiresQuery) { - if (regionNames != null && regionNames.length > 0) { - for (int index = 0; index < regionNames.length; index++) { - String regionName = XmlAuthorization - .normalizeRegionName(regionNames[index]); - if (requiresQuery && !queryRegionSet.contains(regionName)) { - requiresQuery = false; - break; - } - } - if (requiresQuery) { - roleType = QUERY_ROLE; - } - } - } - return roleType; - } - - protected Principal getAllowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index) { - - if (this.cGen.classCode().isDummy()) { - byte roleType = getRequiredRole(opCodes, regionNames); - return getDummyPrincipal(roleType, index); - } - else if (this.cGen.classCode().isLDAP()) { - byte roleType = getRequiredRole(opCodes, regionNames); - return getLdapPrincipal(roleType, index); - } - return null; - } - - protected Principal getDisallowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index) { - - byte roleType = getRequiredRole(opCodes, regionNames); - byte disallowedRoleType = READER_ROLE; - switch (roleType) { - case READER_ROLE: - disallowedRoleType = WRITER_ROLE; - break; - case WRITER_ROLE: - disallowedRoleType = READER_ROLE; - break; - case QUERY_ROLE: - disallowedRoleType = READER_ROLE; - break; - case ADMIN_ROLE: - disallowedRoleType = READER_ROLE; - break; - } - if (this.cGen.classCode().isDummy()) { - return getDummyPrincipal(disallowedRoleType, index); - } - else if (this.cGen.classCode().isLDAP()) { - return getLdapPrincipal(disallowedRoleType, index); - } - return null; - } - - protected int getNumPrincipalTries(OperationCode[] opCodes, - String[] regionNames) { - return 5; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/templates/security/DummyAuthenticator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/DummyAuthenticator.java b/gemfire-core/src/test/java/templates/security/DummyAuthenticator.java deleted file mode 100644 index 5d33f22..0000000 --- a/gemfire-core/src/test/java/templates/security/DummyAuthenticator.java +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package templates.security; - -import java.security.Principal; -import java.util.Properties; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import com.gemstone.gemfire.security.Authenticator; -import templates.security.UserPasswordAuthInit; -import templates.security.UsernamePrincipal; - -/** - * A dummy implementation of the {@link Authenticator} interface that expects a - * user name and password allowing authentication depending on the format of the - * user name. - * - * @author Sumedh Wale - * @since 5.5 - */ -public class DummyAuthenticator implements Authenticator { - - public static Authenticator create() { - return new DummyAuthenticator(); - } - - public DummyAuthenticator() { - } - - public void init(Properties systemProps, LogWriter systemLogger, - LogWriter securityLogger) throws AuthenticationFailedException { - } - - public static boolean testValidName(String userName) { - - return (userName.startsWith("user") || userName.startsWith("reader") - || userName.startsWith("writer") || userName.equals("admin") - || userName.equals("root") || userName.equals("administrator")); - } - - public Principal authenticate(Properties props, DistributedMember member) - throws AuthenticationFailedException { - - String userName = props.getProperty(UserPasswordAuthInit.USER_NAME); - if (userName == null) { - throw new AuthenticationFailedException( - "DummyAuthenticator: user name property [" - + UserPasswordAuthInit.USER_NAME + "] not provided"); - } - String password = props.getProperty(UserPasswordAuthInit.PASSWORD); - if (password == null) { - throw new AuthenticationFailedException( - "DummyAuthenticator: password property [" - + UserPasswordAuthInit.PASSWORD + "] not provided"); - } - - if (userName.equals(password) && testValidName(userName)) { - return new UsernamePrincipal(userName); - } - else { - throw new AuthenticationFailedException( - "DummyAuthenticator: Invalid user name [" + userName - + "], password supplied."); - } - } - - public void close() { - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/templates/security/DummyAuthorization.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/DummyAuthorization.java b/gemfire-core/src/test/java/templates/security/DummyAuthorization.java deleted file mode 100644 index fe8e908..0000000 --- a/gemfire-core/src/test/java/templates/security/DummyAuthorization.java +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package templates.security; - -import java.security.Principal; -import java.util.HashSet; -import java.util.Set; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.cache.Cache; -import com.gemstone.gemfire.cache.operations.OperationContext; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AccessControl; -import com.gemstone.gemfire.security.NotAuthorizedException; - -/** - * A dummy implementation of the <code>AccessControl</code> interface that - * allows authorization depending on the format of the <code>Principal</code> - * string. - * - * @author Sumedh Wale - * @since 5.5 - */ -public class DummyAuthorization implements AccessControl { - - private Set allowedOps; - - private DistributedMember remoteDistributedMember; - - private LogWriter logger; - - public static final OperationCode[] READER_OPS = { OperationCode.GET, - OperationCode.QUERY, OperationCode.EXECUTE_CQ, OperationCode.CLOSE_CQ, - OperationCode.STOP_CQ, OperationCode.REGISTER_INTEREST, - OperationCode.UNREGISTER_INTEREST, OperationCode.KEY_SET, - OperationCode.CONTAINS_KEY, OperationCode.EXECUTE_FUNCTION }; - - public static final OperationCode[] WRITER_OPS = { OperationCode.PUT, OperationCode.PUTALL, - OperationCode.DESTROY, OperationCode.INVALIDATE, OperationCode.REGION_CLEAR }; - - public DummyAuthorization() { - this.allowedOps = new HashSet(20); - } - - public static AccessControl create() { - return new DummyAuthorization(); - } - - private void addReaderOps() { - - for (int index = 0; index < READER_OPS.length; index++) { - this.allowedOps.add(READER_OPS[index]); - } - } - - private void addWriterOps() { - - for (int index = 0; index < WRITER_OPS.length; index++) { - this.allowedOps.add(WRITER_OPS[index]); - } - } - - public void init(Principal principal, - DistributedMember remoteMember, - Cache cache) throws NotAuthorizedException { - - if (principal != null) { - String name = principal.getName().toLowerCase(); - if (name != null) { - if (name.equals("root") || name.equals("admin") - || name.equals("administrator")) { - addReaderOps(); - addWriterOps(); - this.allowedOps.add(OperationCode.REGION_CREATE); - this.allowedOps.add(OperationCode.REGION_DESTROY); - } - else if (name.startsWith("writer")) { - addWriterOps(); - } - else if (name.startsWith("reader")) { - addReaderOps(); - } - } - } - this.remoteDistributedMember = remoteMember; - this.logger = cache.getSecurityLogger(); - } - - public boolean authorizeOperation(String regionName, OperationContext context) { - - OperationCode opCode = context.getOperationCode(); - this.logger.fine("Invoked authorize operation for [" + opCode - + "] in region [" + regionName + "] for client: " + remoteDistributedMember); - return this.allowedOps.contains(opCode); - } - - public void close() { - - this.allowedOps.clear(); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/templates/security/FunctionSecurityPrmsHolder.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/FunctionSecurityPrmsHolder.java b/gemfire-core/src/test/java/templates/security/FunctionSecurityPrmsHolder.java deleted file mode 100755 index 76827bb..0000000 --- a/gemfire-core/src/test/java/templates/security/FunctionSecurityPrmsHolder.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package templates.security; - -import java.util.HashSet; - -/** - * This is a sample class for objects which hold information of the authorized - * function names and authorized value for the optimizeForWrite. - * - * @author Aneesh Karayil - * @since 6.0 - */ -public class FunctionSecurityPrmsHolder { - - private final Boolean isOptimizeForWrite; - - private final HashSet<String> functionIds; - - private final HashSet<String> keySet; - - public FunctionSecurityPrmsHolder(Boolean isOptimizeForWrite, - HashSet<String> functionIds, HashSet<String> keySet) { - this.isOptimizeForWrite = isOptimizeForWrite; - this.functionIds = functionIds; - this.keySet = keySet; - } - - public Boolean isOptimizeForWrite() { - return isOptimizeForWrite; - } - - public HashSet<String> getFunctionIds() { - return functionIds; - } - - public HashSet<String> getKeySet() { - return keySet; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/templates/security/LdapUserAuthenticator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/LdapUserAuthenticator.java b/gemfire-core/src/test/java/templates/security/LdapUserAuthenticator.java deleted file mode 100755 index db55219..0000000 --- a/gemfire-core/src/test/java/templates/security/LdapUserAuthenticator.java +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package templates.security; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import com.gemstone.gemfire.security.Authenticator; - -import java.security.Principal; -import java.util.Properties; -import javax.naming.Context; -import javax.naming.directory.DirContext; -import javax.naming.directory.InitialDirContext; - -/** - * @author Kumar Neeraj - * @since 5.5 - */ -public class LdapUserAuthenticator implements Authenticator { - - private String ldapServer = null; - - private String basedn = null; - - private String ldapUrlScheme = null; - - public static final String LDAP_SERVER_NAME = "security-ldap-server"; - - public static final String LDAP_BASEDN_NAME = "security-ldap-basedn"; - - public static final String LDAP_SSL_NAME = "security-ldap-usessl"; - - public static Authenticator create() { - return new LdapUserAuthenticator(); - } - - public LdapUserAuthenticator() { - } - - public void init(Properties securityProps, LogWriter systemLogger, - LogWriter securityLogger) throws AuthenticationFailedException { - this.ldapServer = securityProps.getProperty(LDAP_SERVER_NAME); - if (this.ldapServer == null || this.ldapServer.length() == 0) { - throw new AuthenticationFailedException( - "LdapUserAuthenticator: LDAP server property [" + LDAP_SERVER_NAME - + "] not specified"); - } - this.basedn = securityProps.getProperty(LDAP_BASEDN_NAME); - if (this.basedn == null || this.basedn.length() == 0) { - throw new AuthenticationFailedException( - "LdapUserAuthenticator: LDAP base DN property [" + LDAP_BASEDN_NAME - + "] not specified"); - } - String sslStr = securityProps.getProperty(LDAP_SSL_NAME); - if (sslStr != null && sslStr.toLowerCase().equals("true")) { - this.ldapUrlScheme = "ldaps://"; - } - else { - this.ldapUrlScheme = "ldap://"; - } - } - - public Principal authenticate(Properties props, DistributedMember member) { - - String userName = props.getProperty(UserPasswordAuthInit.USER_NAME); - if (userName == null) { - throw new AuthenticationFailedException( - "LdapUserAuthenticator: user name property [" - + UserPasswordAuthInit.USER_NAME + "] not provided"); - } - String passwd = props.getProperty(UserPasswordAuthInit.PASSWORD); - if (passwd == null) { - passwd = ""; - } - - Properties env = new Properties(); - env - .put(Context.INITIAL_CONTEXT_FACTORY, - "com.sun.jndi.ldap.LdapCtxFactory"); - env.put(Context.PROVIDER_URL, this.ldapUrlScheme + this.ldapServer + '/' - + this.basedn); - String fullentry = "uid=" + userName + "," + this.basedn; - env.put(Context.SECURITY_PRINCIPAL, fullentry); - env.put(Context.SECURITY_CREDENTIALS, passwd); - try { - DirContext ctx = new InitialDirContext(env); - ctx.close(); - } - catch (Exception e) { - //TODO:hitesh need to add getCause message - throw new AuthenticationFailedException( - "LdapUserAuthenticator: Failure with provided username, password " - + "combination for user name: " + userName); - } - return new UsernamePrincipal(userName); - } - - public void close() { - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/templates/security/PKCSAuthInit.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/PKCSAuthInit.java b/gemfire-core/src/test/java/templates/security/PKCSAuthInit.java deleted file mode 100755 index d43b78e..0000000 --- a/gemfire-core/src/test/java/templates/security/PKCSAuthInit.java +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package templates.security; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AuthInitialize; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import com.gemstone.gemfire.security.GemFireSecurityException; - -import java.io.FileInputStream; -import java.security.Key; -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.Signature; -import java.security.cert.X509Certificate; -import java.util.Properties; - -/** - * An {@link AuthInitialize} implementation that obtains the digital signature - * for use with PKCS scheme on server from the given set of properties. - * - * To use this class the <c>security-client-auth-init</c> property should be - * set to the fully qualified name the static <code>create</code> function - * viz. <code>templates.security.PKCSAuthInit.create</code> - * - * @author Kumar Neeraj - * @since 5.5 - */ -public class PKCSAuthInit implements AuthInitialize { - - public static final String KEYSTORE_FILE_PATH = "security-keystorepath"; - - public static final String KEYSTORE_ALIAS = "security-alias"; - - public static final String KEYSTORE_PASSWORD = "security-keystorepass"; - - public static final String SIGNATURE_DATA = "security-signature"; - - protected LogWriter securitylog; - - protected LogWriter systemlog; - - public void close() { - } - - public static AuthInitialize create() { - return new PKCSAuthInit(); - } - - public PKCSAuthInit() { - } - - public void init(LogWriter systemLogger, LogWriter securityLogger) - throws AuthenticationFailedException { - this.systemlog = systemLogger; - this.securitylog = securityLogger; - } - - public Properties getCredentials(Properties props, DistributedMember server, - boolean isPeer) throws AuthenticationFailedException { - String keyStorePath = props.getProperty(KEYSTORE_FILE_PATH); - if (keyStorePath == null) { - throw new AuthenticationFailedException( - "PKCSAuthInit: key-store file path property [" + KEYSTORE_FILE_PATH - + "] not set."); - } - String alias = props.getProperty(KEYSTORE_ALIAS); - if (alias == null) { - throw new AuthenticationFailedException( - "PKCSAuthInit: key alias name property [" + KEYSTORE_ALIAS - + "] not set."); - } - String keyStorePass = props.getProperty(KEYSTORE_PASSWORD); - - try { - KeyStore ks = KeyStore.getInstance("PKCS12"); - char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() - : null); - FileInputStream certificatefile = new FileInputStream(keyStorePath); - try { - ks.load(certificatefile, passPhrase); - } - finally { - certificatefile.close(); - } - - Key key = ks.getKey(alias, passPhrase); - - if (key instanceof PrivateKey) { - - PrivateKey privKey = (PrivateKey)key; - X509Certificate cert = (X509Certificate)ks.getCertificate(alias); - Signature sig = Signature.getInstance(cert.getSigAlgName()); - - sig.initSign(privKey); - sig.update(alias.getBytes("UTF-8")); - byte[] signatureBytes = sig.sign(); - - Properties newprops = new Properties(); - newprops.put(KEYSTORE_ALIAS, alias); - newprops.put(SIGNATURE_DATA, signatureBytes); - return newprops; - } - else { - throw new AuthenticationFailedException("PKCSAuthInit: " - + "Failed to load private key from the given file: " + keyStorePath); - } - } - catch (GemFireSecurityException ex) { - throw ex; - } - catch (Exception ex) { - throw new AuthenticationFailedException( - "PKCSAuthInit: Exception while getting credentials: " + ex, ex); - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/templates/security/PKCSAuthenticator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/PKCSAuthenticator.java b/gemfire-core/src/test/java/templates/security/PKCSAuthenticator.java deleted file mode 100755 index d3610c4..0000000 --- a/gemfire-core/src/test/java/templates/security/PKCSAuthenticator.java +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package templates.security; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import com.gemstone.gemfire.security.Authenticator; -import com.gemstone.gemfire.security.GemFireSecurityException; - -import java.io.FileInputStream; -import java.security.KeyStore; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.Signature; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; -import java.util.Properties; - -/** - * @author kneeraj - * - */ -public class PKCSAuthenticator implements Authenticator { - - public static final String PUBLIC_KEY_FILE = "security-publickey-filepath"; - - public static final String PUBLIC_KEYSTORE_PASSWORD = "security-publickey-pass"; - - private String pubKeyFilePath; - - private String pubKeyPass; - - private Map aliasCertificateMap; - - protected LogWriter systemlog; - - protected LogWriter securitylog; - - public static Authenticator create() { - return new PKCSAuthenticator(); - } - - public PKCSAuthenticator() { - } - - private void populateMap() { - try { - KeyStore ks = KeyStore.getInstance("JKS"); - char[] passPhrase = (pubKeyPass != null ? pubKeyPass.toCharArray() : null); - FileInputStream keystorefile = new FileInputStream(this.pubKeyFilePath); - try { - ks.load(keystorefile, passPhrase); - } - finally { - keystorefile.close(); - } - Enumeration e = ks.aliases(); - while (e.hasMoreElements()) { - Object alias = e.nextElement(); - Certificate cert = ks.getCertificate((String)alias); - if (cert instanceof X509Certificate) { - this.aliasCertificateMap.put(alias, cert); - } - } - } - catch (Exception e) { - throw new AuthenticationFailedException( - "Exception while getting public keys: " + e.getMessage()); - } - } - - public void init(Properties systemProps, LogWriter systemLogger, - LogWriter securityLogger) throws AuthenticationFailedException { - this.systemlog = systemLogger; - this.securitylog = securityLogger; - this.pubKeyFilePath = systemProps.getProperty(PUBLIC_KEY_FILE); - if (this.pubKeyFilePath == null) { - throw new AuthenticationFailedException("PKCSAuthenticator: property " - + PUBLIC_KEY_FILE + " not specified as the public key file."); - } - this.pubKeyPass = systemProps.getProperty(PUBLIC_KEYSTORE_PASSWORD); - this.aliasCertificateMap = new HashMap(); - populateMap(); - } - - private AuthenticationFailedException getException(String exStr, - Exception cause) { - - String exMsg = "PKCSAuthenticator: Authentication of client failed due to: " - + exStr; - if (cause != null) { - return new AuthenticationFailedException(exMsg, cause); - } - else { - return new AuthenticationFailedException(exMsg); - } - } - - private AuthenticationFailedException getException(String exStr) { - return getException(exStr, null); - } - - private X509Certificate getCertificate(String alias) - throws NoSuchAlgorithmException, InvalidKeySpecException { - if (this.aliasCertificateMap.containsKey(alias)) { - return (X509Certificate)this.aliasCertificateMap.get(alias); - } - return null; - } - - public Principal authenticate(Properties props, DistributedMember member) - throws AuthenticationFailedException { - String alias = (String)props.get(PKCSAuthInit.KEYSTORE_ALIAS); - if (alias == null || alias.length() <= 0) { - throw new AuthenticationFailedException("No alias received"); - } - try { - X509Certificate cert = getCertificate(alias); - if (cert == null) { - throw getException("No certificate found for alias:" + alias); - } - byte[] signatureBytes = (byte[])props.get(PKCSAuthInit.SIGNATURE_DATA); - if (signatureBytes == null) { - throw getException("signature data property [" - + PKCSAuthInit.SIGNATURE_DATA + "] not provided"); - } - Signature sig = Signature.getInstance(cert.getSigAlgName()); - sig.initVerify(cert); - sig.update(alias.getBytes("UTF-8")); - - if (!sig.verify(signatureBytes)) { - throw getException("verification of client signature failed"); - } - return new PKCSPrincipal(alias); - } - catch (GemFireSecurityException ex) { - throw ex; - } - catch (Exception ex) { - throw getException(ex.toString(), ex); - } - } - - public void close() { - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/templates/security/PKCSPrincipal.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/PKCSPrincipal.java b/gemfire-core/src/test/java/templates/security/PKCSPrincipal.java deleted file mode 100755 index 563689b..0000000 --- a/gemfire-core/src/test/java/templates/security/PKCSPrincipal.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package templates.security; - -import java.security.Principal; - -/** - * @author kneeraj - * - */ -public class PKCSPrincipal implements Principal { - - private String alias; - - public PKCSPrincipal(String alias) { - this.alias = alias; - } - - public String getName() { - return this.alias; - } - - @Override - public String toString() { - return this.alias; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/templates/security/UserPasswordAuthInit.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/UserPasswordAuthInit.java b/gemfire-core/src/test/java/templates/security/UserPasswordAuthInit.java deleted file mode 100644 index f4b6eec..0000000 --- a/gemfire-core/src/test/java/templates/security/UserPasswordAuthInit.java +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package templates.security; - -import java.util.Properties; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AuthInitialize; -import com.gemstone.gemfire.security.AuthenticationFailedException; - -/** - * An {@link AuthInitialize} implementation that obtains the user name and - * password as the credentials from the given set of properties. - * - * To use this class the <c>security-client-auth-init</c> property should be - * set to the fully qualified name the static <code>create</code> function - * viz. <code>templates.security.UserPasswordAuthInit.create</code> - * - * @author Sumedh Wale - * @since 5.5 - */ -public class UserPasswordAuthInit implements AuthInitialize { - - public static final String USER_NAME = "security-username"; - - public static final String PASSWORD = "security-password"; - - protected LogWriter securitylog; - - protected LogWriter systemlog; - - public static AuthInitialize create() { - return new UserPasswordAuthInit(); - } - - public void init(LogWriter systemLogger, LogWriter securityLogger) - throws AuthenticationFailedException { - this.systemlog = systemLogger; - this.securitylog = securityLogger; - } - - public UserPasswordAuthInit() { - } - - public Properties getCredentials(Properties props, DistributedMember server, - boolean isPeer) throws AuthenticationFailedException { - - Properties newProps = new Properties(); - String userName = props.getProperty(USER_NAME); - if (userName == null) { - throw new AuthenticationFailedException( - "UserPasswordAuthInit: user name property [" + USER_NAME - + "] not set."); - } - newProps.setProperty(USER_NAME, userName); - String passwd = props.getProperty(PASSWORD); - // If password is not provided then use empty string as the password. - if (passwd == null) { - passwd = ""; - } - newProps.setProperty(PASSWORD, passwd); - return newProps; - } - - public void close() { - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4383a711/gemfire-core/src/test/java/templates/security/UsernamePrincipal.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/UsernamePrincipal.java b/gemfire-core/src/test/java/templates/security/UsernamePrincipal.java deleted file mode 100644 index 739dd52..0000000 --- a/gemfire-core/src/test/java/templates/security/UsernamePrincipal.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package templates.security; - -import java.io.Serializable; -import java.security.Principal; - -/** - * An implementation of {@link Principal} class for a simple user name. - * - * @author Kumar Neeraj - * @since 5.5 - */ -public class UsernamePrincipal implements Principal, Serializable { - - private final String userName; - - public UsernamePrincipal(String userName) { - this.userName = userName; - } - - public String getName() { - return this.userName; - } - - @Override - public String toString() { - return this.userName; - } - -}