Reformat security test classes
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/a6388000 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/a6388000 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/a6388000 Branch: refs/heads/feature/GEODE-949-2 Commit: a63880009bda01a247c0f0d1ead4dbfd7b73dd49 Parents: 37b978c Author: Kirk Lund <kl...@apache.org> Authored: Fri Mar 11 16:04:15 2016 -0800 Committer: Kirk Lund <kl...@apache.org> Committed: Fri Mar 11 16:04:15 2016 -0800 ---------------------------------------------------------------------- .../java/security/AuthzCredentialGenerator.java | 516 +++++++------- .../test/java/security/CredentialGenerator.java | 354 +++++----- .../security/DummyAuthzCredentialGenerator.java | 78 +-- .../java/security/DummyCredentialGenerator.java | 39 +- .../security/LdapUserCredentialGenerator.java | 76 +- .../java/security/PKCSCredentialGenerator.java | 54 +- .../java/security/SSLCredentialGenerator.java | 101 +-- .../UserPasswordWithExtraPropsAuthInit.java | 28 +- .../security/XmlAuthzCredentialGenerator.java | 208 +++--- .../templates/security/DummyAuthenticator.java | 57 +- .../templates/security/DummyAuthorization.java | 111 +-- .../security/FunctionSecurityPrmsHolder.java | 28 +- .../security/LdapUserAuthenticator.java | 99 ++- .../java/templates/security/PKCSAuthInit.java | 106 ++- .../templates/security/PKCSAuthenticator.java | 171 +++-- .../java/templates/security/PKCSPrincipal.java | 9 +- .../templates/security/PKCSPrincipalTest.java | 8 +- .../security/UserPasswordAuthInit.java | 58 +- .../templates/security/UsernamePrincipal.java | 5 +- .../security/UsernamePrincipalTest.java | 8 +- .../templates/security/XmlAuthorization.java | 686 +++++++++---------- .../templates/security/XmlErrorHandler.java | 38 +- 22 files changed, 1340 insertions(+), 1498 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/AuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/AuthzCredentialGenerator.java b/geode-core/src/test/java/security/AuthzCredentialGenerator.java index fdd10b0..e7644ee 100755 --- a/geode-core/src/test/java/security/AuthzCredentialGenerator.java +++ b/geode-core/src/test/java/security/AuthzCredentialGenerator.java @@ -36,186 +36,22 @@ import java.util.Properties; * operation in a region. Implementations will be for different kinds of * authorization scheme and authentication scheme combos. * - * @author sumedh * @since 5.5 */ public abstract class AuthzCredentialGenerator { + private static final Logger logger = LogService.getLogger(); /** - * Enumeration for various {@link AuthzCredentialGenerator} implementations. - * - * The following schemes are supported as of now: - * <ul> - * <li><code>DummyAuthorization</code> with <code>DummyAuthenticator</code></li> - * <li><code>XMLAuthorization</code> with <code>DummyAuthenticator</code></li> - * <li><code>XMLAuthorization</code> with <code>LDAPAuthenticator</code></li> - * <li><code>XMLAuthorization</code> with <code>PKCSAuthenticator</code></li> - * <li><code>XMLAuthorization</code> when using SSL sockets</li> - * </ul> - * - * To add a new authorization scheme the following needs to be done: - * <ul> - * <li>Add implementation for {@link AccessControl}.</li> - * <li>Choose the authentication schemes that it shall work with from - * {@link CredentialGenerator.ClassCode}</li> - * <li>Add a new enumeration value for the scheme in this class. Notice the - * size of <code>VALUES</code> array and increase that if it is getting - * overflowed. Note the methods and fields for existing schemes and add for - * the new one in a similar manner.</li> - * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the - * {@link AuthzCredentialGenerator#init} method where different authentication - * schemes can be passed and initialize differently for the authentication - * schemes that shall be handled.</li> - * <li>Modify the {@link AuthzCredentialGenerator#create} method to add - * creation of an instance of the new implementation for the - * <code>ClassCode</code> enumeration value.</li> - * </ul> - * All dunit tests will automagically start testing the new implementation - * after this. - * - * @author sumedh - * @since 5.5 - */ - public static final class ClassCode { - - private static final byte ID_DUMMY = 1; - - private static final byte ID_XML = 2; - - private static byte nextOrdinal = 0; - - private static final ClassCode[] VALUES = new ClassCode[10]; - - private static final Map CodeNameMap = new HashMap(); - - public static final ClassCode DUMMY = new ClassCode( - templates.security.DummyAuthorization.class.getName() + ".create", ID_DUMMY); - - public static final ClassCode XML = new ClassCode( - templates.security.XmlAuthorization.class.getName() + ".create", ID_XML); - - /** The name of this class. */ - private final String name; - - /** byte used as ordinal to represent this class */ - private final byte ordinal; - - /** - * One of the following: ID_DUMMY, ID_LDAP, ID_PKI - */ - private final byte classType; - - /** Creates a new instance of class code. */ - private ClassCode(String name, byte classType) { - this.name = name; - this.classType = classType; - this.ordinal = nextOrdinal++; - VALUES[this.ordinal] = this; - CodeNameMap.put(name, this); - } - - public boolean isDummy() { - return (this.classType == ID_DUMMY); - } - - public boolean isXml() { - return (this.classType == ID_XML); - } - - /** - * Returns the <code>ClassCode</code> represented by specified ordinal. - */ - public static ClassCode fromOrdinal(byte ordinal) { - return VALUES[ordinal]; - } - - /** - * Returns the <code>ClassCode</code> represented by specified string. - */ - public static ClassCode parse(String operationName) { - return (ClassCode)CodeNameMap.get(operationName); - } - - /** - * Returns all the possible values. - */ - public static List getAll() { - List codes = new ArrayList(); - Iterator iter = CodeNameMap.values().iterator(); - while (iter.hasNext()) { - codes.add(iter.next()); - } - return codes; - } - - /** - * Returns the ordinal for this class code. - * - * @return the ordinal of this class code. - */ - public byte toOrdinal() { - return this.ordinal; - } - - /** - * Returns a string representation for this class code. - * - * @return the name of this class code. - */ - final public String toString() { - return this.name; - } - - /** - * Indicates whether other object is same as this one. - * - * @return true if other object is same as this one. - */ - @Override - final public boolean equals(final Object obj) { - if (obj == this) { - return true; - } - if (!(obj instanceof ClassCode)) { - return false; - } - final ClassCode other = (ClassCode)obj; - return (other.ordinal == this.ordinal); - } - - /** - * Indicates whether other <code>ClassCode</code> is same as this one. - * - * @return true if other <code>ClassCode</code> is same as this one. - */ - final public boolean equals(final ClassCode opCode) { - return (opCode != null && opCode.ordinal == this.ordinal); - } - - /** - * Returns a hash code value for this <code>ClassCode</code> which is the - * same as its ordinal. - * - * @return the ordinal of this <code>ClassCode</code>. - */ - @Override - final public int hashCode() { - return this.ordinal; - } - - } - - /** * The {@link CredentialGenerator} being used. */ - protected CredentialGenerator cGen; + protected CredentialGenerator generator; /** * A set of system properties that should be added to the gemfire system * properties before using the authorization module. */ - private Properties sysProps; + private Properties systemProperties; /** * A factory method to create a new instance of an @@ -223,14 +59,14 @@ public abstract class AuthzCredentialGenerator { * is supposed to invoke {@link AuthzCredentialGenerator#init} immediately * after obtaining the instance. * - * @param classCode - * the <code>ClassCode</code> of the - * <code>AuthzCredentialGenerator</code> implementation + * @param classCode + * the {@code ClassCode} of the {@code AuthzCredentialGenerator} + * implementation * - * @return an instance of <code>AuthzCredentialGenerator</code> for the - * given class code + * @return an instance of {@code AuthzCredentialGenerator} for the given + * class code */ - public static AuthzCredentialGenerator create(ClassCode classCode) { + public static AuthzCredentialGenerator create(final ClassCode classCode) { switch (classCode.classType) { case ClassCode.ID_DUMMY: return new DummyAuthzCredentialGenerator(); @@ -244,20 +80,19 @@ public abstract class AuthzCredentialGenerator { /** * Initialize the authorized credential generator. * - * @param cGen - * an instance of {@link CredentialGenerator} of the credential - * implementation for which to obtain authorized/unauthorized - * credentials. + * @param generator + * an instance of {@link CredentialGenerator} of the credential + * implementation for which to obtain authorized/unauthorized + * credentials. * * @return false when the given {@link CredentialGenerator} is incompatible * with this authorization module. */ - public boolean init(CredentialGenerator cGen) { - this.cGen = cGen; + public boolean init(final CredentialGenerator generator) { + this.generator = generator; try { - this.sysProps = init(); - } - catch (IllegalArgumentException ex) { + this.systemProperties = init(); + } catch (IllegalArgumentException ex) { return false; } return true; @@ -269,20 +104,34 @@ public abstract class AuthzCredentialGenerator { * properties when not null. */ public Properties getSystemProperties() { - return this.sysProps; + return this.systemProperties; } /** * Get the {@link CredentialGenerator} being used by this instance. */ public CredentialGenerator getCredentialGenerator() { - return this.cGen; + return this.generator; } /** + * Initialize the authorized credential generator. + * + * Required to be implemented by concrete classes that implement this abstract + * class. + * + * @return A set of extra properties that should be added to Gemfire system + * properties when not null. + * + * @throws IllegalArgumentException when the {@link CredentialGenerator} is + * incompatible with this authorization module. + */ + protected abstract Properties init() throws IllegalArgumentException; + + /** * The {@link ClassCode} of the particular implementation. * - * @return the <code>ClassCode</code> + * @return the {@code ClassCode} */ public abstract ClassCode classCode(); @@ -290,7 +139,7 @@ public abstract class AuthzCredentialGenerator { * The name of the {@link AccessControl} factory function that should be used * as the authorization module on the server side. * - * @return name of the <code>AccessControl</code> factory function + * @return name of the {@code AccessControl} factory function */ public abstract String getAuthorizationCallback(); @@ -298,33 +147,30 @@ public abstract class AuthzCredentialGenerator { * Get a set of credentials generated using the given index allowed to perform * the given {@link OperationCode}s for the given regions. * - * @param opCodes - * the list of {@link OperationCode}s of the operations - * requiring authorization; should not be null - * @param regionNames - * list of the region names requiring authorization; a value of - * null indicates all regions - * @param index - * used to generate multiple such credentials by passing - * different values for this + * @param opCodes + * the list of {@link OperationCode}s of the operations requiring + * authorization; should not be null + * @param regionNames + * list of the region names requiring authorization; a value of + * null indicates all regions + * @param index + * used to generate multiple such credentials by passing different + * values for this * * @return the set of credentials authorized to perform the given operation in * the given regions */ - public Properties getAllowedCredentials(OperationCode[] opCodes, - String[] regionNames, int index) { - + public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) { int numTries = getNumPrincipalTries(opCodes, regionNames); if (numTries <= 0) { numTries = 1; } + for (int tries = 0; tries < numTries; tries++) { - Principal principal = getAllowedPrincipal(opCodes, regionNames, - (index + tries) % numTries); + final Principal principal = getAllowedPrincipal(opCodes, regionNames, (index + tries) % numTries); try { - return this.cGen.getValidCredentials(principal); - } - catch (IllegalArgumentException ex) { + return this.generator.getValidCredentials(principal); + } catch (IllegalArgumentException ex) { } } return null; @@ -335,63 +181,46 @@ public abstract class AuthzCredentialGenerator { * perform the given {@link OperationCode}s for the given regions. The * credentials are required to be valid for authentication. * - * @param opCodes - * the {@link OperationCode}s of the operations requiring - * authorization failure; should not be null - * @param regionNames - * list of the region names requiring authorization failure; a - * value of null indicates all regions - * @param index - * used to generate multiple such credentials by passing - * different values for this + * @param opCodes + * the {@link OperationCode}s of the operations requiring + * authorization failure; should not be null + * @param regionNames + * list of the region names requiring authorization failure; a value + * of null indicates all regions + * @param index + * used to generate multiple such credentials by passing different + * values for this * * @return the set of credentials that are not authorized to perform the given * operation in the given region */ - public Properties getDisallowedCredentials(OperationCode[] opCodes, - String[] regionNames, int index) { - + public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) { // This may not be very correct since we use the value of // getNumPrincipalTries() but is used to avoid adding another method. // Also something like getNumDisallowedPrincipals() will be normally always // infinite, and the number here is just to perform some number of tries // before giving up. + int numTries = getNumPrincipalTries(opCodes, regionNames); if (numTries <= 0) { numTries = 1; } + for (int tries = 0; tries < numTries; tries++) { - Principal principal = getDisallowedPrincipal(opCodes, regionNames, - (index + tries) % numTries); + final Principal principal = getDisallowedPrincipal(opCodes, regionNames, (index + tries) % numTries); try { - return this.cGen.getValidCredentials(principal); - } - catch (IllegalArgumentException ex) { + return this.generator.getValidCredentials(principal); + } catch (IllegalArgumentException ex) { } } return null; } /** - * Initialize the authorized credential generator. - * - * Required to be implemented by concrete classes that implement this abstract - * class. - * - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - * - * @throws IllegalArgumentException - * when the {@link CredentialGenerator} is incompatible with - * this authorization module. - */ - protected abstract Properties init() throws IllegalArgumentException; - - /** * Get the number of tries to be done for obtaining valid credentials for the * given operations in the given region. It is required that * {@link #getAllowedPrincipal} method returns valid principals for values of - * <code>index</code> from 0 through (n-1) where <code>n</code> is the + * {@code index} from 0 through (n-1) where {@code n} is the * value returned by this method. It is recommended that the principals so * returned be unique for efficiency. * @@ -401,18 +230,17 @@ public abstract class AuthzCredentialGenerator { * Required to be implemented by concrete classes that implement this abstract * class. * - * @param opCodes - * the {@link OperationCode}s of the operations requiring - * authorization - * @param regionNames - * list of the region names requiring authorization; a value of - * null indicates all regions + * @param opCodes + * the {@link OperationCode}s of the operations requiring + * authorization + * @param regionNames + * list of the region names requiring authorization; a value of null + * indicates all regions * * @return the number of principals allowed to perform the given operation in * the given region */ - protected abstract int getNumPrincipalTries(OperationCode[] opCodes, - String[] regionNames); + protected abstract int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames); /** * Get a {@link Principal} generated using the given index allowed to perform @@ -421,21 +249,20 @@ public abstract class AuthzCredentialGenerator { * Required to be implemented by concrete classes that implement this abstract * class. * - * @param opCodes - * the {@link OperationCode}s of the operations requiring - * authorization - * @param regionNames - * list of the region names requiring authorization; a value of - * null indicates all regions - * @param index - * used to generate multiple such principals by passing - * different values for this + * @param opCodes + * the {@link OperationCode}s of the operations requiring + * authorization + * @param regionNames + * list of the region names requiring authorization; a value of null + * indicates all regions + * @param index + * used to generate multiple such principals by passing different + * values for this * * @return the {@link Principal} authorized to perform the given operation in * the given region */ - protected abstract Principal getAllowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index); + protected abstract Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index); /** * Get a {@link Principal} generated using the given index not allowed to @@ -444,19 +271,176 @@ public abstract class AuthzCredentialGenerator { * Required to be implemented by concrete classes that implement this abstract * class. * - * @param opCodes - * the {@link OperationCode}s of the operations requiring - * authorization failure - * @param regionNames - * list of the region names requiring authorization failure; a - * value of null indicates all regions - * @param index - * used to generate multiple such principals by passing - * different values for this + * @param opCodes + * the {@link OperationCode}s of the operations requiring + * authorization failure + * @param regionNames + * list of the region names requiring authorization failure; a value + * of null indicates all regions + * @param index + * used to generate multiple such principals by passing different + * values for this * * @return a {@link Principal} not authorized to perform the given operation * in the given region */ - protected abstract Principal getDisallowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index); + protected abstract Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index); + + /** + * Enumeration for various {@link AuthzCredentialGenerator} implementations. + * + * <p>The following schemes are supported as of now: + * <ul> + * <li>{@code DummyAuthorization} with {@code DummyAuthenticator}</li> + * <li>{@code XMLAuthorization} with {@code DummyAuthenticator}</li> + * <li>{@code XMLAuthorization} with {@code LDAPAuthenticator}</li> + * <li>{@code XMLAuthorization} with {@code PKCSAuthenticator}</li> + * <li>{@code XMLAuthorization} when using SSL sockets</li> + * </ul> + * + * <p>To add a new authorization scheme the following needs to be done: + * <ul> + * <li>Add implementation for {@link AccessControl}.</li> + * <li>Choose the authentication schemes that it shall work with from + * {@link CredentialGenerator.ClassCode}</li> + * <li>Add a new enumeration value for the scheme in this class. Notice the + * size of {@code VALUES} array and increase that if it is getting + * overflowed. Note the methods and fields for existing schemes and add for + * the new one in a similar manner.</li> + * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the + * {@link AuthzCredentialGenerator#init} method where different authentication + * schemes can be passed and initialize differently for the authentication + * schemes that shall be handled.</li> + * <li>Modify the {@link AuthzCredentialGenerator#create} method to add + * creation of an instance of the new implementation for the + * {@code ClassCode} enumeration value.</li> + * </ul> + * + * <p>All dunit tests will automagically start testing the new implementation + * after this. + * + * @since 5.5 + */ + public static final class ClassCode { + + private static final byte ID_DUMMY = 1; + private static final byte ID_XML = 2; + + public static final ClassCode DUMMY = new ClassCode(templates.security.DummyAuthorization.class.getName() + ".create", ID_DUMMY); + public static final ClassCode XML = new ClassCode(templates.security.XmlAuthorization.class.getName() + ".create", ID_XML); + + private static final ClassCode[] VALUES = new ClassCode[10]; + private static final Map CODE_NAME_MAP = new HashMap(); + + private static byte nextOrdinal = 0; + + /** The name of this class. */ + private final String name; + + /** byte used as ordinal to represent this class */ + private final byte ordinal; + + /** + * One of the following: ID_DUMMY, ID_LDAP, ID_PKI + */ + private final byte classType; + + /** Creates a new instance of class code. */ + private ClassCode(final String name, final byte classType) { + this.name = name; + this.classType = classType; + this.ordinal = nextOrdinal++; + VALUES[this.ordinal] = this; + CODE_NAME_MAP.put(name, this); + } + + public boolean isDummy() { + return this.classType == ID_DUMMY; + } + + public boolean isXml() { + return this.classType == ID_XML; + } + + /** + * Returns the {@code ClassCode} represented by specified ordinal. + */ + public static ClassCode fromOrdinal(final byte ordinal) { + return VALUES[ordinal]; + } + + /** + * Returns the {@code ClassCode} represented by specified string. + */ + public static ClassCode parse(final String operationName) { + return (ClassCode) CODE_NAME_MAP.get(operationName); + } + + /** + * Returns all the possible values. + */ + public static List getAll() { + final List codes = new ArrayList(); + for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) { + codes.add(iter.next()); + } + return codes; + } + + /** + * Returns the ordinal for this class code. + * + * @return the ordinal of this class code. + */ + public byte toOrdinal() { + return this.ordinal; + } + + /** + * Returns a string representation for this class code. + * + * @return the name of this class code. + */ + @Override + public final String toString() { + return this.name; + } + + /** + * Indicates whether other object is same as this one. + * + * @return true if other object is same as this one. + */ + @Override + public final boolean equals(final Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof ClassCode)) { + return false; + } + final ClassCode other = (ClassCode)obj; + return other.ordinal == this.ordinal; + } + + /** + * Indicates whether other {@code ClassCode} is same as this one. + * + * @return true if other {@code ClassCode} is same as this one. + */ + public final boolean equals(final ClassCode opCode) { + return opCode != null && opCode.ordinal == this.ordinal; + } + + /** + * Returns a hash code value for this {@code ClassCode} which is the + * same as its ordinal. + * + * @return the ordinal of this {@code ClassCode}. + */ + @Override + public final int hashCode() { + return this.ordinal; + } + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/CredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/CredentialGenerator.java b/geode-core/src/test/java/security/CredentialGenerator.java index 475cefa..704343c 100755 --- a/geode-core/src/test/java/security/CredentialGenerator.java +++ b/geode-core/src/test/java/security/CredentialGenerator.java @@ -33,64 +33,178 @@ import java.util.Properties; * Encapsulates obtaining valid and invalid credentials. Implementations will be * for different kinds of authentication schemes. * - * @author sumedh * @since 5.5 */ public abstract class CredentialGenerator { /** - * Enumeration for various {@link CredentialGenerator} implementations. + * A set of properties that should be added to the Gemfire system properties + * before using the authentication module. + */ + private Properties systemProperties = null; + + /** + * A set of properties that should be added to the java system properties + * before using the authentication module. + */ + protected Properties javaProperties = null; + + /** + * A factory method to create a new instance of an {@link CredentialGenerator} + * for the given {@link ClassCode}. Caller is supposed to invoke + * {@link CredentialGenerator#init} immediately after obtaining the instance. * - * The following schemes are supported as of now: - * <code>DummyAuthenticator</code>, <code>LdapUserAuthenticator</code>, - * <code>PKCSAuthenticator</code>. In addition SSL socket mode with mutual - * authentication is also supported. + * @param classCode + * the {@code ClassCode} of the {@code CredentialGenerator} + * implementation + * + * @return an instance of {@code CredentialGenerator} for the given class + * code + */ + public static CredentialGenerator create(final ClassCode classCode) { + switch (classCode.classType) { + // Removing dummy one to reduce test run times + // case ClassCode.ID_DUMMY: + // return new DummyCredentialGenerator(); + case ClassCode.ID_LDAP: + return new LdapUserCredentialGenerator(); + // case ClassCode.ID_SSL:ø + // return new SSLCredentialGenerator(); + case ClassCode.ID_PKCS: + return new PKCSCredentialGenerator(); + default: + return null; + } + } + + /** + * Initialize the credential generator. + * + * @throws IllegalArgumentException when there is a problem during + * initialization + */ + public void init() throws IllegalArgumentException { + this.systemProperties = initialize(); + } + + /** + * @return A set of extra properties that should be added to Gemfire system + * properties when not null. + */ + public Properties getSystemProperties() { + return this.systemProperties; + } + + /** + * @return A set of extra properties that should be added to Gemfire system + * properties when not null. + */ + public Properties getJavaProperties() { + return this.javaProperties; + } + + /** + * The {@link ClassCode} of this particular implementation. + * + * @return the {@code ClassCode} + */ + public abstract ClassCode classCode(); + + /** + * The name of the {@link AuthInitialize} factory function that should be used + * in conjunction with the credentials generated by this generator. * - * To add a new authentication scheme the following needs to be done: + * @return name of the {@code AuthInitialize} factory function + */ + public abstract String getAuthInit(); + + /** + * The name of the {@link Authenticator} factory function that should be used + * in conjunction with the credentials generated by this generator. + * + * @return name of the {@code Authenticator} factory function + */ + public abstract String getAuthenticator(); + + /** + * Get a set of valid credentials generated using the given index. + */ + public abstract Properties getValidCredentials(final int index); + + /** + * Get a set of valid credentials for the given {@link Principal}. + * + * @return credentials for the given {@code Principal} or null if none + * possible. + */ + public abstract Properties getValidCredentials(final Principal principal); + + /** + * Get a set of invalid credentials generated using the given index. + */ + public abstract Properties getInvalidCredentials(final int index); + + /** + * Initialize the credential generator. This is provided separately from the + * {@link #init()} method for convenience of implementations so that they do not + * need to store in {@link #systemProperties}. The latter is convenient for the users + * who do not need to store these properties rather can obtain it later by + * invoking {@link #getSystemProperties()} + * + * <p>Required to be implemented by concrete classes that implement this abstract + * class. + * + * @return A set of extra properties that should be added to Gemfire system + * properties when not null. + * + * @throws IllegalArgumentException when there is a problem during + * initialization + */ + protected abstract Properties initialize() throws IllegalArgumentException; + + /** + * Enumeration for various {@link CredentialGenerator} implementations. + * + * <p>The following schemes are supported as of now: + * {@code DummyAuthenticator}, {@code LdapUserAuthenticator}, + * {@code PKCSAuthenticator}. In addition SSL socket mode with mutual + * authentication is also supported. + * + * <p>To add a new authentication scheme the following needs to be done: * <ul> * <li>Add implementations for {@link AuthInitialize} and * {@link Authenticator} classes for clients/peers.</li> * <li>Add a new enumeration value for the scheme in this class. Notice the - * size of <code>VALUES</code> array and increase that if it is getting + * size of {@code VALUES} array and increase that if it is getting * overflowed. Note the methods and fields for existing schemes and add for * the new one in a similar manner.</li> * <li>Add an implementation for {@link CredentialGenerator}.</li> * <li>Modify the CredentialGenerator.Factory#create [no such Factory exists] method to add * creation of an instance of the new implementation for the - * <code>ClassCode</code> enumeration value.</li> + * {@code ClassCode} enumeration value.</li> * </ul> - * All security dunit tests will automagically start testing the new + * + * <p>All security dunit tests will automagically start testing the new * implementation after this. - * - * @author sumedh + * * @since 5.5 */ public static final class ClassCode { private static final byte ID_DUMMY = 1; - private static final byte ID_LDAP = 2; - private static final byte ID_PKCS = 3; - private static final byte ID_SSL = 4; - private static byte nextOrdinal = 0; + public static final ClassCode DUMMY = new ClassCode(templates.security.DummyAuthenticator.class.getName() + ".create", ID_DUMMY); + public static final ClassCode LDAP = new ClassCode(templates.security.LdapUserAuthenticator.class.getName() + ".create", ID_LDAP); + public static final ClassCode PKCS = new ClassCode(templates.security.PKCSAuthenticator.class.getName() + ".create", ID_PKCS); + public static final ClassCode SSL = new ClassCode("SSL", ID_SSL); private static final ClassCode[] VALUES = new ClassCode[10]; + private static final Map CODE_NAME_MAP = new HashMap(); - private static final Map CodeNameMap = new HashMap(); - - public static final ClassCode DUMMY = new ClassCode( - templates.security.DummyAuthenticator.class.getName() + ".create", ID_DUMMY); - - public static final ClassCode LDAP = new ClassCode( - templates.security.LdapUserAuthenticator.class.getName() + ".create", ID_LDAP); - - public static final ClassCode PKCS = new ClassCode( - templates.security.PKCSAuthenticator.class.getName() + ".create", ID_PKCS); - - public static final ClassCode SSL = new ClassCode("SSL", ID_SSL); + private static byte nextOrdinal = 0; /** The name of this class. */ private final String name; @@ -104,51 +218,50 @@ public abstract class CredentialGenerator { private final byte classType; /** Creates a new instance of class code. */ - private ClassCode(String name, byte classType) { + private ClassCode(final String name, final byte classType) { this.name = name; this.classType = classType; this.ordinal = nextOrdinal++; VALUES[this.ordinal] = this; - CodeNameMap.put(name, this); + CODE_NAME_MAP.put(name, this); } public boolean isDummy() { - return (this.classType == ID_DUMMY); + return this.classType == ID_DUMMY; } public boolean isLDAP() { - return (this.classType == ID_LDAP); + return this.classType == ID_LDAP; } public boolean isPKCS() { - return (this.classType == ID_PKCS); + return this.classType == ID_PKCS; } public boolean isSSL() { - return (this.classType == ID_SSL); + return this.classType == ID_SSL; } /** - * Returns the <code>ClassCode</code> represented by specified ordinal. + * Returns the {@code ClassCode} represented by specified ordinal. */ - public static ClassCode fromOrdinal(byte ordinal) { + public static ClassCode fromOrdinal(final byte ordinal) { return VALUES[ordinal]; } /** - * Returns the <code>ClassCode</code> represented by specified string. + * Returns the {@code ClassCode} represented by specified string. */ - public static ClassCode parse(String operationName) { - return (ClassCode)CodeNameMap.get(operationName); + public static ClassCode parse(final String operationName) { + return (ClassCode) CODE_NAME_MAP.get(operationName); } /** * Returns all the possible values. */ public static List getAll() { - List codes = new ArrayList(); - Iterator iter = CodeNameMap.values().iterator(); - while (iter.hasNext()) { + final List codes = new ArrayList(); + for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) { codes.add(iter.next()); } return codes; @@ -156,7 +269,7 @@ public abstract class CredentialGenerator { /** * Returns the ordinal for this operation code. - * + * * @return the ordinal of this operation. */ public byte toOrdinal() { @@ -165,20 +278,21 @@ public abstract class CredentialGenerator { /** * Returns a string representation for this operation. - * + * * @return the name of this operation. */ - final public String toString() { + @Override + public final String toString() { return this.name; } /** * Indicates whether other object is same as this one. - * + * * @return true if other object is same as this one. */ @Override - final public boolean equals(final Object obj) { + public final boolean equals(final Object obj) { if (obj == this) { return true; } @@ -186,155 +300,27 @@ public abstract class CredentialGenerator { return false; } final ClassCode other = (ClassCode)obj; - return (other.ordinal == this.ordinal); + return other.ordinal == this.ordinal; } /** - * Indicates whether other <code>ClassCode</code> is same as this one. - * - * @return true if other <code>ClassCode</code> is same as this one. + * Indicates whether other {@code ClassCode} is same as this one. + * + * @return true if other {@code ClassCode} is same as this one. */ - final public boolean equals(final ClassCode opCode) { - return (opCode != null && opCode.ordinal == this.ordinal); + public final boolean equals(final ClassCode opCode) { + return opCode != null && opCode.ordinal == this.ordinal; } /** - * Returns a hash code value for this <code>ClassCode</code> which is the + * Returns a hash code value for this {@code ClassCode} which is the * same as its ordinal. - * + * * @return the ordinal of this operation. */ @Override - final public int hashCode() { + public final int hashCode() { return this.ordinal; } - - } - - /** - * A set of properties that should be added to the Gemfire system properties - * before using the authentication module. - */ - private Properties sysProps = null; - - /** - * A set of properties that should be added to the java system properties - * before using the authentication module. - */ - protected Properties javaProps = null; - - /** - * A factory method to create a new instance of an {@link CredentialGenerator} - * for the given {@link ClassCode}. Caller is supposed to invoke - * {@link CredentialGenerator#init} immediately after obtaining the instance. - * - * @param classCode - * the <code>ClassCode</code> of the - * <code>CredentialGenerator</code> implementation - * - * @return an instance of <code>CredentialGenerator</code> for the given - * class code - */ - public static CredentialGenerator create(ClassCode classCode) { - switch (classCode.classType) { - // Removing dummy one to reduce test run times - // case ClassCode.ID_DUMMY: - // return new DummyCredentialGenerator(); - case ClassCode.ID_LDAP: - return new LdapUserCredentialGenerator(); - // case ClassCode.ID_SSL:ø - // return new SSLCredentialGenerator(); - case ClassCode.ID_PKCS: - return new PKCSCredentialGenerator(); - default: - return null; - } - } - - /** - * Initialize the credential generator. - * - * @throws IllegalArgumentException - * when there is a problem during initialization - */ - public void init() throws IllegalArgumentException { - this.sysProps = initialize(); - } - - /** - * Initialize the credential generator. This is provided separately from the - * {@link #init} method for convenience of implementations so that they do not - * need to store in {@link #sysProps}. The latter is convenient for the users - * who do not need to store these properties rather can obtain it later by - * invoking {@link #getSystemProperties} - * - * Required to be implemented by concrete classes that implement this abstract - * class. - * - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - * - * @throws IllegalArgumentException - * when there is a problem during initialization - */ - protected abstract Properties initialize() throws IllegalArgumentException; - - /** - * - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - */ - public Properties getSystemProperties() { - return this.sysProps; } - - /** - * - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - */ - public Properties getJavaProperties() { - return this.javaProps; - } - - /** - * The {@link ClassCode} of this particular implementation. - * - * @return the <code>ClassCode</code> - */ - public abstract ClassCode classCode(); - - /** - * The name of the {@link AuthInitialize} factory function that should be used - * in conjunction with the credentials generated by this generator. - * - * @return name of the <code>AuthInitialize</code> factory function - */ - public abstract String getAuthInit(); - - /** - * The name of the {@link Authenticator} factory function that should be used - * in conjunction with the credentials generated by this generator. - * - * @return name of the <code>Authenticator</code> factory function - */ - public abstract String getAuthenticator(); - - /** - * Get a set of valid credentials generated using the given index. - */ - public abstract Properties getValidCredentials(int index); - - /** - * Get a set of valid credentials for the given {@link Principal}. - * - * @return credentials for the given <code>Principal</code> or null if none - * possible. - */ - public abstract Properties getValidCredentials(Principal principal); - - /** - * Get a set of invalid credentials generated using the given index. - */ - public abstract Properties getInvalidCredentials(int index); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java b/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java index 8496be3..5e30a89 100755 --- a/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java +++ b/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java @@ -30,49 +30,25 @@ import templates.security.UsernamePrincipal; public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator { public static final byte READER_ROLE = 1; - public static final byte WRITER_ROLE = 2; - public static final byte ADMIN_ROLE = 3; private static Set readerOpsSet; - private static Set writerOpsSet; static { - readerOpsSet = new HashSet(); for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) { readerOpsSet.add(DummyAuthorization.READER_OPS[index]); } + writerOpsSet = new HashSet(); for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) { writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]); } } - public DummyAuthzCredentialGenerator() { - } - - protected Properties init() throws IllegalArgumentException { - - if (!this.cGen.classCode().isDummy()) { - throw new IllegalArgumentException( - "DummyAuthorization module only works with DummyAuthenticator"); - } - return null; - } - - public ClassCode classCode() { - return ClassCode.DUMMY; - } - - public String getAuthorizationCallback() { - return templates.security.DummyAuthorization.class.getName() + ".create"; - } - - public static byte getRequiredRole(OperationCode[] opCodes) { - + public static byte getRequiredRole(final OperationCode[] opCodes) { byte roleType = ADMIN_ROLE; boolean requiresReader = true; boolean requiresWriter = true; @@ -94,29 +70,32 @@ public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator { return roleType; } - private Principal getPrincipal(byte roleType, int index) { - - String[] admins = new String[] { "root", "admin", "administrator" }; - switch (roleType) { - case READER_ROLE: - return new UsernamePrincipal("reader" + index); - case WRITER_ROLE: - return new UsernamePrincipal("writer" + index); - default: - return new UsernamePrincipal(admins[index % admins.length]); + @Override + protected Properties init() throws IllegalArgumentException { + if (!this.generator.classCode().isDummy()) { + throw new IllegalArgumentException("DummyAuthorization module only works with DummyAuthenticator"); } + return null; } - protected Principal getAllowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index) { + @Override + public ClassCode classCode() { + return ClassCode.DUMMY; + } - byte roleType = getRequiredRole(opCodes); - return getPrincipal(roleType, index); + @Override + public String getAuthorizationCallback() { + return templates.security.DummyAuthorization.class.getName() + ".create"; } - protected Principal getDisallowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index) { + @Override + protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) { + final byte roleType = getRequiredRole(opCodes); + return getPrincipal(roleType, index); + } + @Override + protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) { byte roleType = getRequiredRole(opCodes); byte disallowedRoleType; switch (roleType) { @@ -133,9 +112,20 @@ public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator { return getPrincipal(disallowedRoleType, index); } - protected int getNumPrincipalTries(OperationCode[] opCodes, - String[] regionNames) { + @Override + protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) { return 5; } + private Principal getPrincipal(final byte roleType, final int index) { + String[] admins = new String[] { "root", "admin", "administrator" }; + switch (roleType) { + case READER_ROLE: + return new UsernamePrincipal("reader" + index); + case WRITER_ROLE: + return new UsernamePrincipal("writer" + index); + default: + return new UsernamePrincipal(admins[index % admins.length]); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/DummyCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/DummyCredentialGenerator.java b/geode-core/src/test/java/security/DummyCredentialGenerator.java index 5419587..9f15f88 100755 --- a/geode-core/src/test/java/security/DummyCredentialGenerator.java +++ b/geode-core/src/test/java/security/DummyCredentialGenerator.java @@ -26,65 +26,66 @@ import java.util.Properties; public class DummyCredentialGenerator extends CredentialGenerator { - public DummyCredentialGenerator() { - } - + @Override protected Properties initialize() throws IllegalArgumentException { return null; } + @Override public ClassCode classCode() { return ClassCode.DUMMY; } + @Override public String getAuthInit() { return templates.security.UserPasswordAuthInit.class.getName() + ".create"; } + @Override public String getAuthenticator() { return templates.security.DummyAuthenticator.class.getName() + ".create"; } - public Properties getValidCredentials(int index) { + @Override + public Properties getValidCredentials(final int index) { + final String[] validGroups = new String[] { "admin", "user", "reader", "writer" }; + final String[] admins = new String[] { "root", "admin", "administrator" }; - String[] validGroups = new String[] { "admin", "user", "reader", "writer" }; - String[] admins = new String[] { "root", "admin", "administrator" }; + final Properties props = new Properties(); + final int groupNum = index % validGroups.length; - Properties props = new Properties(); - int groupNum = (index % validGroups.length); String userName; if (groupNum == 0) { userName = admins[index % admins.length]; - } - else { + } else { userName = validGroups[groupNum] + (index / validGroups.length); } + props.setProperty(UserPasswordAuthInit.USER_NAME, userName); props.setProperty(UserPasswordAuthInit.PASSWORD, userName); return props; } - public Properties getValidCredentials(Principal principal) { + @Override + public Properties getValidCredentials(final Principal principal) { + final String userName = principal.getName(); - String userName = principal.getName(); - if (DummyAuthenticator.testValidName(userName)) { + if (DummyAuthenticator.checkValidName(userName)) { Properties props = new Properties(); props.setProperty(UserPasswordAuthInit.USER_NAME, userName); props.setProperty(UserPasswordAuthInit.PASSWORD, userName); return props; - } - else { - throw new IllegalArgumentException("Dummy: [" + userName - + "] is not a valid user"); + + } else { + throw new IllegalArgumentException("Dummy: [" + userName + "] is not a valid user"); } } + @Override public Properties getInvalidCredentials(int index) { - Properties props = new Properties(); props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index); props.setProperty(UserPasswordAuthInit.PASSWORD, "none"); return props; } - } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/LdapUserCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/LdapUserCredentialGenerator.java b/geode-core/src/test/java/security/LdapUserCredentialGenerator.java index 2b95616..bed169e 100755 --- a/geode-core/src/test/java/security/LdapUserCredentialGenerator.java +++ b/geode-core/src/test/java/security/LdapUserCredentialGenerator.java @@ -31,42 +31,42 @@ import java.util.Random; public class LdapUserCredentialGenerator extends CredentialGenerator { private static final String USER_PREFIX = "gemfire"; + private static final Random RANDOM = new Random(); + private static final String[] CIPHERS = new String[] { "", "DESede", "AES:128", "Blowfish:128" }; private static boolean enableServerAuthentication = false; private boolean serverAuthEnabled = false; - private static final Random prng = new Random(); - - private static final String[] algos = new String[] { "", "DESede", "AES:128", - "Blowfish:128" }; - public LdapUserCredentialGenerator() { // Toggle server authentication enabled for each test // This is done instead of running all the tests with both // server auth enabled/disabled to reduce test run time. enableServerAuthentication = !enableServerAuthentication; - serverAuthEnabled = enableServerAuthentication; + this.serverAuthEnabled = enableServerAuthentication; } @Override protected Properties initialize() throws IllegalArgumentException { + final String ldapServer = System.getProperty("gf.ldap.server", "ldap"); + final String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com"); + final String ldapUseSSL = System.getProperty("gf.ldap.usessl"); - Properties extraProps = new Properties(); - String ldapServer = System.getProperty("gf.ldap.server", "ldap"); - String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com"); - String ldapUseSSL = System.getProperty("gf.ldap.usessl"); + final Properties extraProps = new Properties(); extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer); extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN); + if (ldapUseSSL != null && ldapUseSSL.length() > 0) { extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL); } + if (serverAuthEnabled) { String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore"); extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile); extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, "gemfire1"); extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire"); } + return extraProps; } @@ -86,71 +86,71 @@ public class LdapUserCredentialGenerator extends CredentialGenerator { } @Override - public Properties getValidCredentials(int index) { - - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX - + ((index % 10) + 1)); - props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX - + ((index % 10) + 1)); - props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, - algos[prng.nextInt(algos.length)]); + public Properties getValidCredentials(final int index) { + final Properties props = new Properties(); + props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX + ((index % 10) + 1)); + props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX + ((index % 10) + 1)); + props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]); + if (serverAuthEnabled) { - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); + final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); } + return props; } @Override - public Properties getValidCredentials(Principal principal) { - + public Properties getValidCredentials(final Principal principal) { Properties props = null; - String userName = principal.getName(); + final String userName = principal.getName(); + if (userName != null && userName.startsWith(USER_PREFIX)) { boolean isValid; + try { - int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length())); + final int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length())); isValid = (suffix >= 1 && suffix <= 10); - } - catch (Exception ex) { + } catch (Exception ex) { isValid = false; } + if (isValid) { props = new Properties(); props.setProperty(UserPasswordAuthInit.USER_NAME, userName); props.setProperty(UserPasswordAuthInit.PASSWORD, userName); } } + if (props == null) { - throw new IllegalArgumentException("LDAP: [" + userName - + "] not a valid user"); + throw new IllegalArgumentException("LDAP: [" + userName + "] not a valid user"); } - props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, - algos[prng.nextInt(algos.length)]); + + props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]); + if (serverAuthEnabled) { - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); + final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); } + return props; } @Override - public Properties getInvalidCredentials(int index) { - - Properties props = new Properties(); + public Properties getInvalidCredentials(final int index) { + final Properties props = new Properties(); props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index); props.setProperty(UserPasswordAuthInit.PASSWORD, "none"); - props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, - algos[prng.nextInt(algos.length)]); + props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]); + if (serverAuthEnabled) { - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); + final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); } + return props; } - } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/PKCSCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/PKCSCredentialGenerator.java b/geode-core/src/test/java/security/PKCSCredentialGenerator.java index 5b6d5fa..8239697 100755 --- a/geode-core/src/test/java/security/PKCSCredentialGenerator.java +++ b/geode-core/src/test/java/security/PKCSCredentialGenerator.java @@ -27,19 +27,14 @@ import java.security.Provider; import java.security.Security; import java.util.Properties; -/** - * @author kneeraj - * - */ public class PKCSCredentialGenerator extends CredentialGenerator { public static String keyStoreDir = getKeyStoreDir(); - public static boolean usesIBMJSSE; // Checks if the current JVM uses only IBM JSSE providers. private static boolean usesIBMProviders() { - Provider[] providers = Security.getProviders(); + final Provider[] providers = Security.getProviders(); for (int index = 0; index < providers.length; ++index) { if (!providers[index].getName().toLowerCase().startsWith("ibm")) { return false; @@ -52,58 +47,71 @@ public class PKCSCredentialGenerator extends CredentialGenerator { usesIBMJSSE = usesIBMProviders(); if (usesIBMJSSE) { return "/lib/keys/ibm"; - } - else { + } else { return "/lib/keys"; } } + @Override + protected Properties initialize() throws IllegalArgumentException { + final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile"); + + final Properties props = new Properties(); + props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile); + props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire"); + + return props; + } + + @Override public ClassCode classCode() { return ClassCode.PKCS; } + @Override public String getAuthInit() { return templates.security.PKCSAuthInit.class.getName() + ".create"; } + @Override public String getAuthenticator() { return templates.security.PKCSAuthenticator.class.getName() + ".create"; } + @Override public Properties getInvalidCredentials(int index) { - Properties props = new Properties(); - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore"); + final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore"); + + final Properties props = new Properties(); props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11"); props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); + return props; } + @Override public Properties getValidCredentials(int index) { - Properties props = new Properties(); - int aliasnum = (index % 10) + 1; - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore"); + final int aliasnum = (index % 10) + 1; + final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore"); + + final Properties props = new Properties(); props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum); props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); + return props; } + @Override public Properties getValidCredentials(Principal principal) { - Properties props = new Properties(); - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore"); + final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore"); + + final Properties props = new Properties(); props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName()); props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); - return props; - } - protected Properties initialize() throws IllegalArgumentException { - Properties props = new Properties(); - String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile"); - props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile); - props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire"); return props; } - } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/SSLCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/SSLCredentialGenerator.java b/geode-core/src/test/java/security/SSLCredentialGenerator.java index e547630..fb4dfc8 100755 --- a/geode-core/src/test/java/security/SSLCredentialGenerator.java +++ b/geode-core/src/test/java/security/SSLCredentialGenerator.java @@ -28,47 +28,87 @@ import java.security.Principal; import java.util.Properties; public class SSLCredentialGenerator extends CredentialGenerator { + private static final Logger logger = LogService.getLogger(); + @Override + protected Properties initialize() throws IllegalArgumentException { + this.javaProperties = getValidJavaSSLProperties(); + return getSSLProperties(); + } + + @Override + public ClassCode classCode() { + return ClassCode.SSL; + } + + @Override + public String getAuthInit() { + return null; + } + + @Override + public String getAuthenticator() { + return null; + } + + @Override + public Properties getValidCredentials(int index) { + this.javaProperties = getValidJavaSSLProperties(); + return getSSLProperties(); + } + + @Override + public Properties getValidCredentials(final Principal principal) { + this.javaProperties = getValidJavaSSLProperties(); + return getSSLProperties(); + } + + @Override + public Properties getInvalidCredentials(final int index) { + this.javaProperties = getInvalidJavaSSLProperties(); + return getSSLProperties(); + } + private File findTrustedJKS() { - File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); + final File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); return new File(ssldir, "trusted.keystore"); } private File findUntrustedJKS() { - File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); + final File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); return new File(ssldir, "untrusted.keystore"); } private Properties getValidJavaSSLProperties() { - File jks = findTrustedJKS(); + final File jks = findTrustedJKS(); + try { - Properties props = new Properties(); + final Properties props = new Properties(); props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath()); props.setProperty("javax.net.ssl.trustStorePassword", "password"); props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath()); props.setProperty("javax.net.ssl.keyStorePassword", "password"); return props; - } - catch (IOException ex) { - throw new AuthenticationFailedException( - "SSL: Exception while opening the key store: " + ex.getMessage(), ex); + + } catch (IOException ex) { + throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex); } } private Properties getInvalidJavaSSLProperties() { - File jks = findUntrustedJKS(); + final File jks = findUntrustedJKS(); + try { - Properties props = new Properties(); + final Properties props = new Properties(); props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath()); props.setProperty("javax.net.ssl.trustStorePassword", "password"); props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath()); props.setProperty("javax.net.ssl.keyStorePassword", "password"); return props; - } - catch (IOException ex) { - throw new AuthenticationFailedException( - "SSL: Exception while opening the key store: " + ex.getMessage(), ex); + + } catch (IOException ex) { + throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex); } } @@ -80,37 +120,4 @@ public class SSLCredentialGenerator extends CredentialGenerator { props.setProperty("ssl-protocols", "TLSv1"); return props; } - - protected Properties initialize() throws IllegalArgumentException { - this.javaProps = getValidJavaSSLProperties(); - return getSSLProperties(); - } - - public ClassCode classCode() { - return ClassCode.SSL; - } - - public String getAuthInit() { - return null; - } - - public String getAuthenticator() { - return null; - } - - public Properties getValidCredentials(int index) { - this.javaProps = getValidJavaSSLProperties(); - return getSSLProperties(); - } - - public Properties getValidCredentials(Principal principal) { - this.javaProps = getValidJavaSSLProperties(); - return getSSLProperties(); - } - - public Properties getInvalidCredentials(int index) { - this.javaProps = getInvalidJavaSSLProperties(); - return getSSLProperties(); - } - } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java b/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java index cc585cd..5965e5c 100755 --- a/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java +++ b/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java @@ -33,15 +33,13 @@ import java.util.Properties; * properties provided in getCredential props argument will also be * copied as new credentials. * - * @author Soubhik * @since 5.5 */ public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit { + public static final String SECURITY_PREFIX = "security-"; public static final String EXTRA_PROPS = "security-keep-extra-props"; - public static final String SECURITY_PREFIX = "security-"; - public static AuthInitialize create() { return new UserPasswordWithExtraPropsAuthInit(); } @@ -50,25 +48,23 @@ public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit { super(); } - public Properties getCredentials(Properties props, DistributedMember server, - boolean isPeer) throws AuthenticationFailedException { + public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException { + final Properties securityPropertiesCopy = super.getCredentials(securityProperties, server, isPeer); + final String extraProps = securityProperties.getProperty(EXTRA_PROPS); - Properties newProps = super.getCredentials(props, server, isPeer); - String extraProps = props.getProperty(EXTRA_PROPS); - if(extraProps != null) { - for(Iterator it = props.keySet().iterator(); it.hasNext();) { - String key = (String)it.next(); - if( key.startsWith(SECURITY_PREFIX) && + if (extraProps != null) { + for (Iterator it = securityProperties.keySet().iterator(); it.hasNext();) { + final String key = (String) it.next(); + if (key.startsWith(SECURITY_PREFIX) && key.equalsIgnoreCase(USER_NAME) == false && key.equalsIgnoreCase(PASSWORD) == false && key.equalsIgnoreCase(EXTRA_PROPS) == false) { - newProps.setProperty(key, props.getProperty(key)); + securityPropertiesCopy.setProperty(key, securityProperties.getProperty(key)); } } - this.securitylog.fine("got everything and now have: " - + newProps.keySet().toString()); + this.securityLogWriter.fine("got everything and now have: " + securityPropertiesCopy.keySet().toString()); } - return newProps; - } + return securityPropertiesCopy; + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java b/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java index 118e86f..4eaf01a 100755 --- a/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java +++ b/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java @@ -31,106 +31,104 @@ import java.util.Set; public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { private static final String dummyXml = "authz-dummy.xml"; - private static final String ldapXml = "authz-ldap.xml"; - private static final String pkcsXml = "authz-pkcs.xml"; - private static final String sslXml = "authz-ssl.xml"; - private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", - "/AuthRegion" }; + private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", "/AuthRegion" }; - public static OperationCode[] READER_OPS = { OperationCode.GET, - OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, - OperationCode.KEY_SET, OperationCode.CONTAINS_KEY, OperationCode.EXECUTE_FUNCTION }; + public static OperationCode[] READER_OPS = { + OperationCode.GET, + OperationCode.REGISTER_INTEREST, + OperationCode.UNREGISTER_INTEREST, + OperationCode.KEY_SET, + OperationCode.CONTAINS_KEY, + OperationCode.EXECUTE_FUNCTION }; - public static OperationCode[] WRITER_OPS = { OperationCode.PUT, - OperationCode.DESTROY, OperationCode.INVALIDATE, OperationCode.REGION_CLEAR }; + public static OperationCode[] WRITER_OPS = { + OperationCode.PUT, + OperationCode.DESTROY, + OperationCode.INVALIDATE, + OperationCode.REGION_CLEAR }; - public static OperationCode[] QUERY_OPS = { OperationCode.QUERY, - OperationCode.EXECUTE_CQ, OperationCode.STOP_CQ, OperationCode.CLOSE_CQ }; + public static OperationCode[] QUERY_OPS = { + OperationCode.QUERY, + OperationCode.EXECUTE_CQ, + OperationCode.STOP_CQ, + OperationCode.CLOSE_CQ }; private static final byte READER_ROLE = 1; - private static final byte WRITER_ROLE = 2; - private static final byte QUERY_ROLE = 3; - private static final byte ADMIN_ROLE = 4; private static Set readerOpsSet; - private static Set writerOpsSet; - private static Set queryOpsSet; - private static Set queryRegionSet; static { - readerOpsSet = new HashSet(); for (int index = 0; index < READER_OPS.length; index++) { readerOpsSet.add(READER_OPS[index]); } + writerOpsSet = new HashSet(); for (int index = 0; index < WRITER_OPS.length; index++) { writerOpsSet.add(WRITER_OPS[index]); } + queryOpsSet = new HashSet(); for (int index = 0; index < QUERY_OPS.length; index++) { queryOpsSet.add(QUERY_OPS[index]); } + queryRegionSet = new HashSet(); for (int index = 0; index < QUERY_REGIONS.length; index++) { queryRegionSet.add(QUERY_REGIONS[index]); } } - public XmlAuthzCredentialGenerator() { - } - + @Override protected Properties init() throws IllegalArgumentException { + final Properties sysProps = new Properties(); + final String dirName = "/lib/"; - Properties sysProps = new Properties(); - String dirName = "/lib/"; - if (this.cGen.classCode().isDummy()) { - String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml); + if (this.generator.classCode().isDummy()) { + final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml); sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename); - } - else if (this.cGen.classCode().isLDAP()) { - String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml); + + } else if (this.generator.classCode().isLDAP()) { + final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml); sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename); - } - // else if (this.cGen.classCode().isPKCS()) { - // sysProps - // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml); - // } - // else if (this.cGen.classCode().isSSL()) { - // sysProps - // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml); - // } - else { - throw new IllegalArgumentException( - "No XML defined for XmlAuthorization module to work with " - + this.cGen.getAuthenticator()); + + // } else if (this.generator.classCode().isPKCS()) { + // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml); + // } + // } else if (this.generator.classCode().isSSL()) { + // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml); + // } + + } else { + throw new IllegalArgumentException("No XML defined for XmlAuthorization module to work with " + this.generator.getAuthenticator()); } return sysProps; } + @Override public ClassCode classCode() { return ClassCode.XML; } + @Override public String getAuthorizationCallback() { return templates.security.XmlAuthorization.class.getName() + ".create"; } - private Principal getDummyPrincipal(byte roleType, int index) { - - String[] admins = new String[] { "root", "admin", "administrator" }; - int numReaders = 3; - int numWriters = 3; + private Principal getDummyPrincipal(final byte roleType, final int index) { + final String[] admins = new String[] { "root", "admin", "administrator" }; + final int numReaders = 3; + final int numWriters = 3; switch (roleType) { case READER_ROLE: @@ -144,8 +142,56 @@ public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { } } - private Principal getLdapPrincipal(byte roleType, int index) { + @Override + protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) { + if (this.generator.classCode().isDummy()) { + final byte roleType = getRequiredRole(opCodes, regionNames); + return getDummyPrincipal(roleType, index); + + } else if (this.generator.classCode().isLDAP()) { + final byte roleType = getRequiredRole(opCodes, regionNames); + return getLdapPrincipal(roleType, index); + } + + return null; + } + + @Override + protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) { + final byte roleType = getRequiredRole(opCodes, regionNames); + + byte disallowedRoleType = READER_ROLE; + switch (roleType) { + case READER_ROLE: + disallowedRoleType = WRITER_ROLE; + break; + case WRITER_ROLE: + disallowedRoleType = READER_ROLE; + break; + case QUERY_ROLE: + disallowedRoleType = READER_ROLE; + break; + case ADMIN_ROLE: + disallowedRoleType = READER_ROLE; + break; + } + + if (this.generator.classCode().isDummy()) { + return getDummyPrincipal(disallowedRoleType, index); + + } else if (this.generator.classCode().isLDAP()) { + return getLdapPrincipal(disallowedRoleType, index); + } + + return null; + } + + @Override + protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) { + return 5; + } + private Principal getLdapPrincipal(final byte roleType, final int index) { final String userPrefix = "gemfire"; final int[] readerIndices = { 3, 4, 5 }; final int[] writerIndices = { 6, 7, 8 }; @@ -168,15 +214,14 @@ public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { } } - private byte getRequiredRole(OperationCode[] opCodes, String[] regionNames) { - + private byte getRequiredRole(final OperationCode[] opCodes, final String[] regionNames) { byte roleType = ADMIN_ROLE; boolean requiresReader = true; boolean requiresWriter = true; boolean requiresQuery = true; for (int opNum = 0; opNum < opCodes.length; opNum++) { - OperationCode opCode = opCodes[opNum]; + final OperationCode opCode = opCodes[opNum]; if (requiresReader && !readerOpsSet.contains(opCode)) { requiresReader = false; } @@ -187,17 +232,17 @@ public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { requiresQuery = false; } } + if (requiresReader) { roleType = READER_ROLE; - } - else if (requiresWriter) { + + } else if (requiresWriter) { roleType = WRITER_ROLE; - } - else if (requiresQuery) { + + } else if (requiresQuery) { if (regionNames != null && regionNames.length > 0) { for (int index = 0; index < regionNames.length; index++) { - String regionName = XmlAuthorization - .normalizeRegionName(regionNames[index]); + final String regionName = XmlAuthorization.normalizeRegionName(regionNames[index]); if (requiresQuery && !queryRegionSet.contains(regionName)) { requiresQuery = false; break; @@ -208,54 +253,7 @@ public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { } } } - return roleType; - } - - protected Principal getAllowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index) { - - if (this.cGen.classCode().isDummy()) { - byte roleType = getRequiredRole(opCodes, regionNames); - return getDummyPrincipal(roleType, index); - } - else if (this.cGen.classCode().isLDAP()) { - byte roleType = getRequiredRole(opCodes, regionNames); - return getLdapPrincipal(roleType, index); - } - return null; - } - - protected Principal getDisallowedPrincipal(OperationCode[] opCodes, - String[] regionNames, int index) { - byte roleType = getRequiredRole(opCodes, regionNames); - byte disallowedRoleType = READER_ROLE; - switch (roleType) { - case READER_ROLE: - disallowedRoleType = WRITER_ROLE; - break; - case WRITER_ROLE: - disallowedRoleType = READER_ROLE; - break; - case QUERY_ROLE: - disallowedRoleType = READER_ROLE; - break; - case ADMIN_ROLE: - disallowedRoleType = READER_ROLE; - break; - } - if (this.cGen.classCode().isDummy()) { - return getDummyPrincipal(disallowedRoleType, index); - } - else if (this.cGen.classCode().isLDAP()) { - return getLdapPrincipal(disallowedRoleType, index); - } - return null; - } - - protected int getNumPrincipalTries(OperationCode[] opCodes, - String[] regionNames) { - return 5; + return roleType; } - } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a6388000/geode-core/src/test/java/templates/security/DummyAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/DummyAuthenticator.java b/geode-core/src/test/java/templates/security/DummyAuthenticator.java index 5070836..c7fd39e 100755 --- a/geode-core/src/test/java/templates/security/DummyAuthenticator.java +++ b/geode-core/src/test/java/templates/security/DummyAuthenticator.java @@ -16,20 +16,19 @@ */ package templates.security; +import java.security.Principal; +import java.util.Properties; + import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.Authenticator; -import java.security.Principal; -import java.util.Properties; - /** * A dummy implementation of the {@link Authenticator} interface that expects a * user name and password allowing authentication depending on the format of the * user name. - * - * @author Sumedh Wale + * * @since 5.5 */ public class DummyAuthenticator implements Authenticator { @@ -38,47 +37,39 @@ public class DummyAuthenticator implements Authenticator { return new DummyAuthenticator(); } - public DummyAuthenticator() { + public static boolean checkValidName(final String userName) { + return userName.startsWith("user") || + userName.startsWith("reader") || + userName.startsWith("writer") || + userName.equals("admin") || + userName.equals("root") || + userName.equals("administrator"); } - public void init(Properties systemProps, LogWriter systemLogger, - LogWriter securityLogger) throws AuthenticationFailedException { + @Override + public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException { } - public static boolean testValidName(String userName) { - - return (userName.startsWith("user") || userName.startsWith("reader") - || userName.startsWith("writer") || userName.equals("admin") - || userName.equals("root") || userName.equals("administrator")); - } - - public Principal authenticate(Properties props, DistributedMember member) - throws AuthenticationFailedException { - - String userName = props.getProperty(UserPasswordAuthInit.USER_NAME); + @Override + public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException { + final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME); if (userName == null) { - throw new AuthenticationFailedException( - "DummyAuthenticator: user name property [" - + UserPasswordAuthInit.USER_NAME + "] not provided"); + throw new AuthenticationFailedException("DummyAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided"); } - String password = props.getProperty(UserPasswordAuthInit.PASSWORD); + + final String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD); if (password == null) { - throw new AuthenticationFailedException( - "DummyAuthenticator: password property [" - + UserPasswordAuthInit.PASSWORD + "] not provided"); + throw new AuthenticationFailedException( "DummyAuthenticator: password property [" + UserPasswordAuthInit.PASSWORD + "] not provided"); } - if (userName.equals(password) && testValidName(userName)) { + if (userName.equals(password) && checkValidName(userName)) { return new UsernamePrincipal(userName); - } - else { - throw new AuthenticationFailedException( - "DummyAuthenticator: Invalid user name [" + userName - + "], password supplied."); + } else { + throw new AuthenticationFailedException("DummyAuthenticator: Invalid user name [" + userName + "], password supplied."); } } + @Override public void close() { } - }