Repository: incubator-geode Updated Branches: refs/heads/feature/GEODE-949-2 6e0c09f3f -> 8e0693a8b
GEODE-949: fix serialization of GemFireSecurityExceptions to improve debugging * add workarounds to security exceptions for unserializable fields * add cause for security exceptions in test code instead of eating exceptions * cleanup javadocs of security exceptions * introduce unit tests * replace hardcoded class strings with class getName in security test code to help facilitate repackaging Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/d1ca32d6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/d1ca32d6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/d1ca32d6 Branch: refs/heads/feature/GEODE-949-2 Commit: d1ca32d60fbf699a4ab0913abd93e2e365e8ee22 Parents: 4c7fd99 Author: Kirk Lund <[email protected]> Authored: Mon Mar 7 13:20:21 2016 -0800 Committer: Kirk Lund <[email protected]> Committed: Mon Mar 7 13:20:21 2016 -0800 ---------------------------------------------------------------------- .../security/GemFireSecurityException.java | 112 +++++++++-- .../security/NotAuthorizedException.java | 118 ++++++++--- .../security/GemFireSecurityExceptionTest.java | 167 ++++++++++++++++ .../security/NotAuthorizedExceptionTest.java | 198 +++++++++++++++++++ .../java/security/AuthzCredentialGenerator.java | 20 +- .../test/java/security/CredentialGenerator.java | 19 +- .../security/DummyAuthzCredentialGenerator.java | 12 +- .../java/security/DummyCredentialGenerator.java | 14 +- .../security/LdapUserCredentialGenerator.java | 18 +- .../java/security/PKCSCredentialGenerator.java | 19 +- .../java/security/SSLCredentialGenerator.java | 19 +- .../UserPasswordWithExtraPropsAuthInit.java | 15 +- .../security/XmlAuthzCredentialGenerator.java | 19 +- .../templates/security/DummyAuthenticator.java | 9 +- .../templates/security/DummyAuthorization.java | 9 +- .../security/FunctionSecurityPrmsHolder.java | 1 - .../security/LdapUserAuthenticator.java | 9 +- .../java/templates/security/PKCSAuthInit.java | 7 +- .../templates/security/PKCSAuthenticator.java | 9 +- .../java/templates/security/PKCSPrincipal.java | 3 +- .../templates/security/PKCSPrincipalTest.java | 48 +++++ .../security/UserPasswordAuthInit.java | 5 +- .../templates/security/UsernamePrincipal.java | 1 - .../security/UsernamePrincipalTest.java | 48 +++++ .../templates/security/XmlAuthorization.java | 41 ++-- .../templates/security/XmlErrorHandler.java | 25 ++- .../codeAnalysis/sanctionedSerializables.txt | 10 +- 27 files changed, 771 insertions(+), 204 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java index 1f97420..1c4ab6c 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java @@ -14,9 +14,13 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.security; +import java.io.IOException; +import java.io.ObjectOutputStream; +import java.io.Serializable; +import javax.naming.NamingException; + import com.gemstone.gemfire.GemFireException; /** @@ -27,29 +31,103 @@ import com.gemstone.gemfire.GemFireException; * @since 5.5 */ public class GemFireSecurityException extends GemFireException { -private static final long serialVersionUID = 3814254578203076926L; + + private static final long serialVersionUID = 3814254578203076926L; + + private Throwable cause; + + /** + * Constructs a new exception with the specified detail message. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + */ + public GemFireSecurityException(final String message) { + this(message, null); + } /** - * Constructs instance of <code>SecurityException</code> with error message. - * - * @param message - * the error message + * Constructs a new exception with the specified cause. + * + * <p>Note that the detail message associated with {@code cause} <i>is</i> + * automatically used as this exception's detail message. + * + * @param cause the cause (which is saved for later retrieval by the + * {@link #getCause()} method). (A <tt>null</tt> value is + * permitted, and indicates that the cause is nonexistent or + * unknown.) */ - public GemFireSecurityException(String message) { - super(message); + public GemFireSecurityException(final Throwable cause) { + this(cause != null ? cause.getMessage() : null, cause); } /** - * Constructs instance of <code>SecurityException</code> with error message - * and cause. - * - * @param message - * the error message - * @param cause - * a <code>Throwable</code> that is a cause of this exception + * Constructs a new exception with the specified detail message and cause. + * + * <p>If {@code message} is null, then the detail message associated with + * {@code cause} <i>is</i> automatically used as this exception's detail + * message. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + * @param cause the cause (which is saved for later retrieval by the + * {@link #getCause()} method). (A <tt>null</tt> value is + * permitted, and indicates that the cause is nonexistent or + * unknown.) */ - public GemFireSecurityException(String message, Throwable cause) { - super(message, cause); + public GemFireSecurityException(final String message, final Throwable cause) { + super(message != null ? message : (cause != null ? cause.getMessage() : null)); + this.cause = cause; + } + + @Override + public final synchronized Throwable getCause() { + return (this.cause == this ? null : this.cause); } + /** + * Returns true if the provided {@code object} implements {@code Serializable}. + * + * @param object the {@code object} to test for implementing {@code Serializable}. + * @return true if the provided {@code object} implements {@code Serializable}. + */ + protected final boolean isSerializable(final Object object) { + if (object == null) { + return true; + } + return Serializable.class.isInstance(object); + } + + /** + * Returns {@link NamingException#getResolvedObj()} if the {@code cause} + * is a {@code NamingException}. Returns <tt>null</tt> for any other type + * of {@code cause}. + * + * @return {@code NamingException#getResolvedObj()} if the {@code cause} + * is a {@code NamingException}. + */ + protected final Object getResolvedObj() { + final Throwable thisCause = this.cause; + if (thisCause != null && NamingException.class.isInstance(thisCause)) { + return ((NamingException) thisCause).getResolvedObj(); + } + return null; + } + + private synchronized void writeObject(final ObjectOutputStream out) throws IOException { + final Object resolvedObj = getResolvedObj(); + if (isSerializable(resolvedObj)) { + out.defaultWriteObject(); + } else { + final NamingException namingException = (NamingException) getCause(); + namingException.setResolvedObj(null); + try { + out.defaultWriteObject(); + } finally { + namingException.setResolvedObj(resolvedObj); + } + } + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java index c6165a6..0aecbad 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java @@ -14,10 +14,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.security; +import java.io.IOException; +import java.io.ObjectOutputStream; import java.security.Principal; +import javax.naming.NamingException; /** * Thrown when a client/peer is unauthorized to perform a requested operation. @@ -26,38 +28,108 @@ import java.security.Principal; * @since 5.5 */ public class NotAuthorizedException extends GemFireSecurityException { -private static final long serialVersionUID = 419215768216387745L; + + private static final long serialVersionUID = 419215768216387745L; + private Principal principal = null; + /** - * Constructs instance of <code>NotAuthorizedException</code> with error - * message. - * - * @param message - * the error message + * Constructs a new exception with the specified detail message and + * principal. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) */ - public NotAuthorizedException(String message) { - super(message); + public NotAuthorizedException(final String message) { + this(message, null, null); } - public NotAuthorizedException(String message, Principal ppl) { - super(message); - this.principal = ppl; + /** + * Constructs a new exception with the specified detail message and cause. + * + * <p>If {@code message} is null, then the detail message associated with + * {@code cause} <i>is</i> automatically used as this exception's detail + * message. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + * @param cause the cause (which is saved for later retrieval by the + * {@link #getCause()} method). (A <tt>null</tt> value is + * permitted, and indicates that the cause is nonexistent or + * unknown.) + */ + public NotAuthorizedException(final String message, final Throwable cause) { + this(message, cause, null); } - - public Principal getPrincipal() { - return this.principal; + + /** + * Constructs a new exception with the specified detail message and + * principal. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + * @param principal the principal for which authorization failed. + * (A <tt>null</tt> value is permitted.) + */ + public NotAuthorizedException(final String message, final Principal principal) { + this(message, null, principal); } + /** - * Constructs instance of <code>NotAuthorizedException</code> with error - * message and cause. - * - * @param message - * the error message - * @param cause - * a <code>Throwable</code> that is a cause of this exception + * Constructs a new exception with the specified detail message, cause and + * principal. + * + * <p>If {@code message} is null, then the detail message associated with + * {@code cause} <i>is</i> automatically used as this exception's detail + * message. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + * @param cause the cause (which is saved for later retrieval by the + * {@link #getCause()} method). (A <tt>null</tt> value is + * permitted, and indicates that the cause is nonexistent or + * unknown.) + * @param principal the principal for which authorization failed. + * (A <tt>null</tt> value is permitted.) */ - public NotAuthorizedException(String message, Throwable cause) { + public NotAuthorizedException(final String message, final Throwable cause, final Principal principal) { super(message, cause); + this.principal = principal; } + /** + * Returns the {@code principal} for which authorization failed. + * + * @return the {@code principal} for which authorization failed. + */ + public synchronized Principal getPrincipal() { + return this.principal; + } + + private synchronized void writeObject(final ObjectOutputStream out) throws IOException { + final Principal thisPrincipal = this.principal; + if (!isSerializable(thisPrincipal)) { + this.principal = null; + } + + final Object resolvedObj = getResolvedObj(); + NamingException namingException = null; + if (!isSerializable(resolvedObj)) { + namingException = (NamingException) getCause(); + namingException.setResolvedObj(null); + } + + try { + out.defaultWriteObject(); + } finally { + this.principal = thisPrincipal; + if (namingException != null) { + namingException.setResolvedObj(resolvedObj); + } + } + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/com/gemstone/gemfire/security/GemFireSecurityExceptionTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/GemFireSecurityExceptionTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/GemFireSecurityExceptionTest.java new file mode 100644 index 0000000..0c048d3 --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/GemFireSecurityExceptionTest.java @@ -0,0 +1,167 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import static com.googlecode.catchexception.CatchException.*; +import static org.assertj.core.api.Assertions.*; + +import java.io.NotSerializableException; +import java.io.Serializable; +import javax.naming.NamingException; + +import com.gemstone.gemfire.test.junit.categories.UnitTest; +import org.apache.commons.lang.SerializationUtils; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.rules.TestName; + +/** + * Unit tests for {@link GemFireSecurityException}. + */ +@Category(UnitTest.class) +public class GemFireSecurityExceptionTest { + + private String message; + private String causeMessage; + private Object nonSerializableResolvedObj; + private NamingException nonSerializableNamingException; + private SerializableObject serializableResolvedObj; + private NamingException serializableNamingException; + + @Rule + public TestName testName = new TestName(); + + @Before + public void setUp() throws Exception { + this.message = testName.getMethodName() + " message"; + this.causeMessage = testName.getMethodName() + " cause message"; + + this.nonSerializableResolvedObj = new Object(); + this.nonSerializableNamingException = new NamingException(this.causeMessage); + this.nonSerializableNamingException.setResolvedObj(this.nonSerializableResolvedObj); + + this.serializableResolvedObj = new SerializableObject(this.testName.getMethodName()); + this.serializableNamingException = new NamingException(this.causeMessage); + this.serializableNamingException.setResolvedObj(this.serializableResolvedObj); + + assertPreConditions(); + } + + private void assertPreConditions() { + catchException(this).clone(this.nonSerializableNamingException); + assertThat((Throwable)caughtException()).isNotNull(); + assertThat((Throwable)caughtException().getCause()).isInstanceOf(NotSerializableException.class); + + catchException(this).clone(this.serializableNamingException); + assertThat((Throwable)caughtException()).isNull(); + + assertThat(this.nonSerializableResolvedObj).isNotInstanceOf(Serializable.class); + + catchException(this).clone(this.serializableResolvedObj); + assertThat((Throwable)caughtException()).isNull(); + } + + @Test + public void isSerializable() throws Exception { + assertThat(GemFireSecurityException.class).isInstanceOf(Serializable.class); + } + + @Test + public void serializes() throws Exception { + GemFireSecurityException instance = new GemFireSecurityException(this.message); + + GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance); + + assertThat(cloned).hasMessage(this.message); + } + + @Test + public void serializesWithThrowable() throws Exception { + Throwable cause = new Exception(this.causeMessage); + GemFireSecurityException instance = new GemFireSecurityException(this.message, cause); + + GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance); + + assertThat(cloned).hasMessage(this.message).hasCause(cause); + assertThat(cloned.getCause()).hasMessage(this.causeMessage); + } + + @Test + public void serializesWithNonSerializableNamingException() throws Exception { + GemFireSecurityException instance = new GemFireSecurityException(this.message, this.nonSerializableNamingException); + + GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance); + + assertThat(cloned).hasMessage(this.message).hasCause(this.nonSerializableNamingException); + NamingException cause = (NamingException) cloned.getCause(); + assertThat(cause).hasMessage(this.causeMessage); + assertThat(cause.getResolvedObj()).isNull(); + } + + @Test + public void serializesWithSerializableNamingException() throws Exception { + GemFireSecurityException instance = new GemFireSecurityException(this.message, this.serializableNamingException); + + GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance); + + assertThat(cloned).hasMessage(this.message).hasCause(this.serializableNamingException); + NamingException cause = (NamingException) cloned.getCause(); + assertThat(cause).hasMessage(this.causeMessage); + assertThat(cause.getResolvedObj()).isNotNull().isEqualTo(this.serializableResolvedObj); + } + + @Test + public void isSerializableReturnsTrueForSerializableClass() throws Exception { + assertThat(new GemFireSecurityException("").isSerializable(this.serializableResolvedObj)).isTrue(); + } + + @Test + public void isSerializableReturnsFalseForNonSerializableClass() throws Exception { + assertThat(new GemFireSecurityException("").isSerializable(this.nonSerializableResolvedObj)).isFalse(); + } + + public Object clone(final Serializable object) { + return SerializationUtils.clone(object); + } + + public static class SerializableObject implements Serializable { + + private String name; + + SerializableObject(String name) { + this.name = name; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + + SerializableObject that = (SerializableObject) o; + + return name != null ? name.equals(that.name) : that.name == null; + + } + + @Override + public int hashCode() { + return name != null ? name.hashCode() : 0; + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/com/gemstone/gemfire/security/NotAuthorizedExceptionTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/NotAuthorizedExceptionTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/NotAuthorizedExceptionTest.java new file mode 100644 index 0000000..c5e0ba5 --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/NotAuthorizedExceptionTest.java @@ -0,0 +1,198 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import static com.googlecode.catchexception.CatchException.*; +import static org.assertj.core.api.Assertions.*; +import static org.mockito.Mockito.*; + +import java.io.NotSerializableException; +import java.io.Serializable; +import java.security.Principal; +import javax.naming.NamingException; + +import com.gemstone.gemfire.test.junit.categories.UnitTest; +import org.apache.commons.lang.SerializationUtils; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.rules.TestName; + +/** + * Unit tests for {@link NotAuthorizedException}. + */ +@Category(UnitTest.class) +public class NotAuthorizedExceptionTest { + + private String message; + private String causeMessage; + private Object nonSerializableResolvedObj; + private NamingException nonSerializableNamingException; + private SerializableObject serializableResolvedObj; + private NamingException serializableNamingException; + private String principalName; + private Principal nonSerializablePrincipal; + private SerializablePrincipal serializablePrincipal; + + @Rule + public TestName testName = new TestName(); + + @Before + public void setUp() throws Exception { + this.message = testName.getMethodName() + " message"; + this.causeMessage = testName.getMethodName() + " cause message"; + + this.nonSerializableResolvedObj = new Object(); + this.nonSerializableNamingException = new NamingException(this.causeMessage); + this.nonSerializableNamingException.setResolvedObj(this.nonSerializableResolvedObj); + + this.serializableResolvedObj = new SerializableObject(this.testName.getMethodName()); + this.serializableNamingException = new NamingException(this.causeMessage); + this.serializableNamingException.setResolvedObj(this.serializableResolvedObj); + + this.principalName = "jsmith"; + this.nonSerializablePrincipal = mock(Principal.class); + this.serializablePrincipal = new SerializablePrincipal(this.principalName); + + assertPreConditions(); + } + + private void assertPreConditions() { + catchException(this).clone(this.nonSerializableNamingException); + assertThat((Throwable)caughtException()).isNotNull(); + assertThat((Throwable)caughtException().getCause()).isInstanceOf(NotSerializableException.class); + + catchException(this).clone(this.serializableNamingException); + assertThat((Throwable)caughtException()).isNull(); + + assertThat(this.nonSerializableResolvedObj).isNotInstanceOf(Serializable.class); + + catchException(this).clone(this.serializableResolvedObj); + assertThat((Throwable)caughtException()).isNull(); + + assertThat(this.nonSerializablePrincipal).isNotInstanceOf(Serializable.class); + + catchException(this).clone(this.serializablePrincipal); + assertThat((Throwable)caughtException()).isNull(); + } + + @Test + public void isSerializable() throws Exception { + assertThat(NotAuthorizedException.class).isInstanceOf(Serializable.class); + } + + @Test + public void serializes() throws Exception { + NotAuthorizedException instance = new NotAuthorizedException(this.message); + + NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance); + + assertThat(cloned).hasMessage(this.message); + } + + @Test + public void serializesWithThrowable() throws Exception { + Throwable cause = new Exception(this.causeMessage); + NotAuthorizedException instance = new NotAuthorizedException(this.message, cause); + + NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance); + + assertThat(cloned).hasMessage(this.message); + assertThat(cloned).hasCause(cause); + } + + @Test + public void serializesWithNonSerializablePrincipal() throws Exception { + NotAuthorizedException instance = new NotAuthorizedException(this.message, this.nonSerializablePrincipal); + assertThat(instance.getPrincipal()).isNotNull(); + + NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance); + + assertThat(cloned).hasMessage(this.message); + assertThat(cloned.getPrincipal()).isNull(); + } + + @Test + public void serializesWithSerializablePrincipal() throws Exception { + NotAuthorizedException instance = new NotAuthorizedException(this.message, this.serializablePrincipal); + + NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance); + + assertThat(cloned).hasMessage(this.message); + assertThat(cloned.getPrincipal()).isNotNull().isEqualTo(this.serializablePrincipal); + } + + public Object clone(final Serializable object) { + return SerializationUtils.clone(object); + } + + public static class SerializableObject implements Serializable { + + private String name; + + SerializableObject(String name) { + this.name = name; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + + SerializableObject that = (SerializableObject) o; + + return name != null ? name.equals(that.name) : that.name == null; + + } + + @Override + public int hashCode() { + return name != null ? name.hashCode() : 0; + } + } + + public static class SerializablePrincipal implements Principal, Serializable { + + private String name; + + SerializablePrincipal(String name) { + this.name = name; + } + + @Override + public String getName() { + return this.name; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + + SerializablePrincipal that = (SerializablePrincipal) o; + + return name != null ? name.equals(that.name) : that.name == null; + + } + + @Override + public int hashCode() { + return name != null ? name.hashCode() : 0; + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/security/AuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/AuthzCredentialGenerator.java b/geode-core/src/test/java/security/AuthzCredentialGenerator.java old mode 100644 new mode 100755 index e15a60a..fdd10b0 --- a/geode-core/src/test/java/security/AuthzCredentialGenerator.java +++ b/geode-core/src/test/java/security/AuthzCredentialGenerator.java @@ -1,6 +1,3 @@ - -package security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,7 +16,12 @@ package security; * specific language governing permissions and limitations * under the License. */ +package security; +import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; +import com.gemstone.gemfire.internal.logging.LogService; +import com.gemstone.gemfire.security.AccessControl; +import org.apache.logging.log4j.Logger; import java.security.Principal; import java.util.ArrayList; @@ -29,9 +31,6 @@ import java.util.List; import java.util.Map; import java.util.Properties; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.security.AccessControl; - /** * Encapsulates obtaining authorized and unauthorized credentials for a given * operation in a region. Implementations will be for different kinds of @@ -41,6 +40,7 @@ import com.gemstone.gemfire.security.AccessControl; * @since 5.5 */ public abstract class AuthzCredentialGenerator { + private static final Logger logger = LogService.getLogger(); /** * Enumeration for various {@link AuthzCredentialGenerator} implementations. @@ -90,10 +90,10 @@ public abstract class AuthzCredentialGenerator { private static final Map CodeNameMap = new HashMap(); public static final ClassCode DUMMY = new ClassCode( - "templates.security.DummyAuthorization.create", ID_DUMMY); + templates.security.DummyAuthorization.class.getName() + ".create", ID_DUMMY); public static final ClassCode XML = new ClassCode( - "templates.security.XmlAuthorization.create", ID_XML); + templates.security.XmlAuthorization.class.getName() + ".create", ID_XML); /** The name of this class. */ private final String name; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/security/CredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/CredentialGenerator.java b/geode-core/src/test/java/security/CredentialGenerator.java old mode 100644 new mode 100755 index 7a430f1..475cefa --- a/geode-core/src/test/java/security/CredentialGenerator.java +++ b/geode-core/src/test/java/security/CredentialGenerator.java @@ -1,6 +1,3 @@ - -package security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,7 +16,10 @@ package security; * specific language governing permissions and limitations * under the License. */ +package security; +import com.gemstone.gemfire.security.AuthInitialize; +import com.gemstone.gemfire.security.Authenticator; import java.security.Principal; import java.util.ArrayList; @@ -29,9 +29,6 @@ import java.util.List; import java.util.Map; import java.util.Properties; -import com.gemstone.gemfire.security.AuthInitialize; -import com.gemstone.gemfire.security.Authenticator; - /** * Encapsulates obtaining valid and invalid credentials. Implementations will be * for different kinds of authentication schemes. @@ -85,13 +82,13 @@ public abstract class CredentialGenerator { private static final Map CodeNameMap = new HashMap(); public static final ClassCode DUMMY = new ClassCode( - "templates.security.DummyAuthenticator.create", ID_DUMMY); + templates.security.DummyAuthenticator.class.getName() + ".create", ID_DUMMY); public static final ClassCode LDAP = new ClassCode( - "templates.security.LdapUserAuthenticator.create", ID_LDAP); + templates.security.LdapUserAuthenticator.class.getName() + ".create", ID_LDAP); public static final ClassCode PKCS = new ClassCode( - "templates.security.PKCSAuthenticator.create", ID_PKCS); + templates.security.PKCSAuthenticator.class.getName() + ".create", ID_PKCS); public static final ClassCode SSL = new ClassCode("SSL", ID_SSL); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java b/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java old mode 100644 new mode 100755 index 7e40d13..8496be3 --- a/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java +++ b/geode-core/src/test/java/security/DummyAuthzCredentialGenerator.java @@ -1,6 +1,3 @@ - -package security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,7 +16,7 @@ package security; * specific language governing permissions and limitations * under the License. */ - +package security; import java.security.Principal; import java.util.HashSet; @@ -27,7 +24,6 @@ import java.util.Properties; import java.util.Set; import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import security.AuthzCredentialGenerator; import templates.security.DummyAuthorization; import templates.security.UsernamePrincipal; @@ -72,7 +68,7 @@ public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator { } public String getAuthorizationCallback() { - return "templates.security.DummyAuthorization.create"; + return templates.security.DummyAuthorization.class.getName() + ".create"; } public static byte getRequiredRole(OperationCode[] opCodes) { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/security/DummyCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/DummyCredentialGenerator.java b/geode-core/src/test/java/security/DummyCredentialGenerator.java old mode 100644 new mode 100755 index 86b26a7..5419587 --- a/geode-core/src/test/java/security/DummyCredentialGenerator.java +++ b/geode-core/src/test/java/security/DummyCredentialGenerator.java @@ -1,6 +1,3 @@ - -package security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,9 +16,8 @@ package security; * specific language governing permissions and limitations * under the License. */ +package security; - -import security.CredentialGenerator; import templates.security.DummyAuthenticator; import templates.security.UserPasswordAuthInit; @@ -42,11 +38,11 @@ public class DummyCredentialGenerator extends CredentialGenerator { } public String getAuthInit() { - return "templates.security.UserPasswordAuthInit.create"; + return templates.security.UserPasswordAuthInit.class.getName() + ".create"; } public String getAuthenticator() { - return "templates.security.DummyAuthenticator.create"; + return templates.security.DummyAuthenticator.class.getName() + ".create"; } public Properties getValidCredentials(int index) { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/security/LdapUserCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/LdapUserCredentialGenerator.java b/geode-core/src/test/java/security/LdapUserCredentialGenerator.java old mode 100644 new mode 100755 index 12bcb62..2b95616 --- a/geode-core/src/test/java/security/LdapUserCredentialGenerator.java +++ b/geode-core/src/test/java/security/LdapUserCredentialGenerator.java @@ -1,6 +1,3 @@ - -package security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,10 +16,7 @@ package security; * specific language governing permissions and limitations * under the License. */ - - -import java.security.Principal; -import java.util.Properties; +package security; import com.gemstone.gemfire.distributed.internal.DistributionConfig; import com.gemstone.gemfire.internal.cache.tier.sockets.HandShake; @@ -30,6 +24,8 @@ import com.gemstone.gemfire.util.test.TestUtil; import templates.security.LdapUserAuthenticator; import templates.security.UserPasswordAuthInit; +import java.security.Principal; +import java.util.Properties; import java.util.Random; public class LdapUserCredentialGenerator extends CredentialGenerator { @@ -81,12 +77,12 @@ public class LdapUserCredentialGenerator extends CredentialGenerator { @Override public String getAuthInit() { - return "templates.security.UserPasswordAuthInit.create"; + return templates.security.UserPasswordAuthInit.class.getName() + ".create"; } @Override public String getAuthenticator() { - return "templates.security.LdapUserAuthenticator.create"; + return templates.security.LdapUserAuthenticator.class.getName() + ".create"; } @Override http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/security/PKCSCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/PKCSCredentialGenerator.java b/geode-core/src/test/java/security/PKCSCredentialGenerator.java old mode 100644 new mode 100755 index 24c0100..5b6d5fa --- a/geode-core/src/test/java/security/PKCSCredentialGenerator.java +++ b/geode-core/src/test/java/security/PKCSCredentialGenerator.java @@ -1,6 +1,3 @@ - -package security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,17 +16,17 @@ package security; * specific language governing permissions and limitations * under the License. */ +package security; +import com.gemstone.gemfire.util.test.TestUtil; +import templates.security.PKCSAuthInit; +import templates.security.PKCSAuthenticator; import java.security.Principal; import java.security.Provider; import java.security.Security; import java.util.Properties; -import com.gemstone.gemfire.util.test.TestUtil; -import templates.security.PKCSAuthInit; -import templates.security.PKCSAuthenticator; - /** * @author kneeraj * @@ -66,11 +63,11 @@ public class PKCSCredentialGenerator extends CredentialGenerator { } public String getAuthInit() { - return "templates.security.PKCSAuthInit.create"; + return templates.security.PKCSAuthInit.class.getName() + ".create"; } public String getAuthenticator() { - return "templates.security.PKCSAuthenticator.create"; + return templates.security.PKCSAuthenticator.class.getName() + ".create"; } public Properties getInvalidCredentials(int index) { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/security/SSLCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/SSLCredentialGenerator.java b/geode-core/src/test/java/security/SSLCredentialGenerator.java old mode 100644 new mode 100755 index 29a1a30..e547630 --- a/geode-core/src/test/java/security/SSLCredentialGenerator.java +++ b/geode-core/src/test/java/security/SSLCredentialGenerator.java @@ -1,6 +1,3 @@ - -package security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,17 +16,19 @@ package security; * specific language governing permissions and limitations * under the License. */ +package security; +import com.gemstone.gemfire.internal.logging.LogService; +import com.gemstone.gemfire.security.AuthenticationFailedException; +import org.apache.logging.log4j.Logger; import java.io.File; import java.io.IOException; import java.security.Principal; import java.util.Properties; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import security.CredentialGenerator; - public class SSLCredentialGenerator extends CredentialGenerator { + private static final Logger logger = LogService.getLogger(); private File findTrustedJKS() { File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); @@ -53,7 +52,7 @@ public class SSLCredentialGenerator extends CredentialGenerator { } catch (IOException ex) { throw new AuthenticationFailedException( - "SSL: Exception while opening the key store: " + ex); + "SSL: Exception while opening the key store: " + ex.getMessage(), ex); } } @@ -69,7 +68,7 @@ public class SSLCredentialGenerator extends CredentialGenerator { } catch (IOException ex) { throw new AuthenticationFailedException( - "SSL: Exception while opening the key store: " + ex); + "SSL: Exception while opening the key store: " + ex.getMessage(), ex); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java b/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java old mode 100644 new mode 100755 index a41f73a..cc585cd --- a/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java +++ b/geode-core/src/test/java/security/UserPasswordWithExtraPropsAuthInit.java @@ -1,6 +1,3 @@ - -package security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,16 +16,16 @@ package security; * specific language governing permissions and limitations * under the License. */ - - -import java.util.Properties; -import java.util.Iterator; +package security; import com.gemstone.gemfire.distributed.DistributedMember; import com.gemstone.gemfire.security.AuthInitialize; import com.gemstone.gemfire.security.AuthenticationFailedException; import templates.security.UserPasswordAuthInit; +import java.util.Iterator; +import java.util.Properties; + /** * An {@link AuthInitialize} implementation that obtains the user name and * password as the credentials from the given set of properties. If http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java b/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java old mode 100644 new mode 100755 index 929eafb..118e86f --- a/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java +++ b/geode-core/src/test/java/security/XmlAuthzCredentialGenerator.java @@ -1,6 +1,3 @@ - -package security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,18 +16,18 @@ package security; * specific language governing permissions and limitations * under the License. */ +package security; +import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; +import com.gemstone.gemfire.util.test.TestUtil; +import templates.security.UsernamePrincipal; +import templates.security.XmlAuthorization; import java.security.Principal; import java.util.HashSet; import java.util.Properties; import java.util.Set; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.util.test.TestUtil; -import templates.security.UsernamePrincipal; -import templates.security.XmlAuthorization; - public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { private static final String dummyXml = "authz-dummy.xml"; @@ -126,7 +123,7 @@ public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { } public String getAuthorizationCallback() { - return "templates.security.XmlAuthorization.create"; + return templates.security.XmlAuthorization.class.getName() + ".create"; } private Principal getDummyPrincipal(byte roleType, int index) { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/DummyAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/DummyAuthenticator.java b/geode-core/src/test/java/templates/security/DummyAuthenticator.java old mode 100644 new mode 100755 index 5d33f22..5070836 --- a/geode-core/src/test/java/templates/security/DummyAuthenticator.java +++ b/geode-core/src/test/java/templates/security/DummyAuthenticator.java @@ -14,18 +14,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; -import java.security.Principal; -import java.util.Properties; - import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.Authenticator; -import templates.security.UserPasswordAuthInit; -import templates.security.UsernamePrincipal; + +import java.security.Principal; +import java.util.Properties; /** * A dummy implementation of the {@link Authenticator} interface that expects a http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/DummyAuthorization.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/DummyAuthorization.java b/geode-core/src/test/java/templates/security/DummyAuthorization.java old mode 100644 new mode 100755 index fe8e908..4c2bfec --- a/geode-core/src/test/java/templates/security/DummyAuthorization.java +++ b/geode-core/src/test/java/templates/security/DummyAuthorization.java @@ -14,13 +14,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; -import java.security.Principal; -import java.util.HashSet; -import java.util.Set; - import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.cache.Cache; import com.gemstone.gemfire.cache.operations.OperationContext; @@ -29,6 +24,10 @@ import com.gemstone.gemfire.distributed.DistributedMember; import com.gemstone.gemfire.security.AccessControl; import com.gemstone.gemfire.security.NotAuthorizedException; +import java.security.Principal; +import java.util.HashSet; +import java.util.Set; + /** * A dummy implementation of the <code>AccessControl</code> interface that * allows authorization depending on the format of the <code>Principal</code> http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/FunctionSecurityPrmsHolder.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/FunctionSecurityPrmsHolder.java b/geode-core/src/test/java/templates/security/FunctionSecurityPrmsHolder.java index 76827bb..5771fd4 100755 --- a/geode-core/src/test/java/templates/security/FunctionSecurityPrmsHolder.java +++ b/geode-core/src/test/java/templates/security/FunctionSecurityPrmsHolder.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; import java.util.HashSet; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/LdapUserAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/LdapUserAuthenticator.java b/geode-core/src/test/java/templates/security/LdapUserAuthenticator.java index db55219..49059c3 100755 --- a/geode-core/src/test/java/templates/security/LdapUserAuthenticator.java +++ b/geode-core/src/test/java/templates/security/LdapUserAuthenticator.java @@ -14,13 +14,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; +import com.gemstone.gemfire.internal.logging.LogService; import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.Authenticator; +import org.apache.logging.log4j.Logger; import java.security.Principal; import java.util.Properties; @@ -33,6 +34,7 @@ import javax.naming.directory.InitialDirContext; * @since 5.5 */ public class LdapUserAuthenticator implements Authenticator { + private static final Logger logger = LogService.getLogger(); private String ldapServer = null; @@ -92,7 +94,7 @@ public class LdapUserAuthenticator implements Authenticator { Properties env = new Properties(); env .put(Context.INITIAL_CONTEXT_FACTORY, - "com.sun.jndi.ldap.LdapCtxFactory"); + com.sun.jndi.ldap.LdapCtxFactory.class.getName()); env.put(Context.PROVIDER_URL, this.ldapUrlScheme + this.ldapServer + '/' + this.basedn); String fullentry = "uid=" + userName + "," + this.basedn; @@ -103,10 +105,9 @@ public class LdapUserAuthenticator implements Authenticator { ctx.close(); } catch (Exception e) { - //TODO:hitesh need to add getCause message throw new AuthenticationFailedException( "LdapUserAuthenticator: Failure with provided username, password " - + "combination for user name: " + userName); + + "combination for user name: " + userName, e); } return new UsernamePrincipal(userName); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/PKCSAuthInit.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/PKCSAuthInit.java b/geode-core/src/test/java/templates/security/PKCSAuthInit.java index d43b78e..f4004f3 100755 --- a/geode-core/src/test/java/templates/security/PKCSAuthInit.java +++ b/geode-core/src/test/java/templates/security/PKCSAuthInit.java @@ -14,14 +14,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; +import com.gemstone.gemfire.internal.logging.LogService; import com.gemstone.gemfire.security.AuthInitialize; import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.GemFireSecurityException; +import org.apache.logging.log4j.Logger; import java.io.FileInputStream; import java.security.Key; @@ -43,6 +44,7 @@ import java.util.Properties; * @since 5.5 */ public class PKCSAuthInit implements AuthInitialize { + private static final Logger logger = LogService.getLogger(); public static final String KEYSTORE_FILE_PATH = "security-keystorepath"; @@ -122,9 +124,6 @@ public class PKCSAuthInit implements AuthInitialize { + "Failed to load private key from the given file: " + keyStorePath); } } - catch (GemFireSecurityException ex) { - throw ex; - } catch (Exception ex) { throw new AuthenticationFailedException( "PKCSAuthInit: Exception while getting credentials: " + ex, ex); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/PKCSAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/PKCSAuthenticator.java b/geode-core/src/test/java/templates/security/PKCSAuthenticator.java index d3610c4..7af7312 100755 --- a/geode-core/src/test/java/templates/security/PKCSAuthenticator.java +++ b/geode-core/src/test/java/templates/security/PKCSAuthenticator.java @@ -14,14 +14,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; +import com.gemstone.gemfire.internal.logging.LogService; import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.Authenticator; import com.gemstone.gemfire.security.GemFireSecurityException; +import org.apache.logging.log4j.Logger; import java.io.FileInputStream; import java.security.KeyStore; @@ -41,6 +42,7 @@ import java.util.Properties; * */ public class PKCSAuthenticator implements Authenticator { + private static final Logger logger = LogService.getLogger(); public static final String PUBLIC_KEY_FILE = "security-publickey-filepath"; @@ -85,7 +87,7 @@ public class PKCSAuthenticator implements Authenticator { } catch (Exception e) { throw new AuthenticationFailedException( - "Exception while getting public keys: " + e.getMessage()); + "Exception while getting public keys: " + e.getMessage(), e); } } @@ -153,9 +155,6 @@ public class PKCSAuthenticator implements Authenticator { } return new PKCSPrincipal(alias); } - catch (GemFireSecurityException ex) { - throw ex; - } catch (Exception ex) { throw getException(ex.toString(), ex); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/PKCSPrincipal.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/PKCSPrincipal.java b/geode-core/src/test/java/templates/security/PKCSPrincipal.java index 563689b..bc3049f 100755 --- a/geode-core/src/test/java/templates/security/PKCSPrincipal.java +++ b/geode-core/src/test/java/templates/security/PKCSPrincipal.java @@ -17,13 +17,14 @@ package templates.security; +import java.io.Serializable; import java.security.Principal; /** * @author kneeraj * */ -public class PKCSPrincipal implements Principal { +public class PKCSPrincipal implements Principal, Serializable { private String alias; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/PKCSPrincipalTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/PKCSPrincipalTest.java b/geode-core/src/test/java/templates/security/PKCSPrincipalTest.java new file mode 100644 index 0000000..fc8454c --- /dev/null +++ b/geode-core/src/test/java/templates/security/PKCSPrincipalTest.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package templates.security; + +import com.gemstone.gemfire.test.junit.categories.UnitTest; +import org.apache.commons.lang.SerializationUtils; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import java.io.Serializable; + +import static org.assertj.core.api.Assertions.assertThat; + +/** + * Unit tests for {@link PKCSPrincipal} + */ +@Category(UnitTest.class) +public class PKCSPrincipalTest { + + @Test + public void isSerializable() throws Exception { + assertThat(PKCSPrincipal.class).isInstanceOf(Serializable.class); + } + + @Test + public void canBeSerialized() throws Exception { + String name = "jsmith"; + PKCSPrincipal instance = new PKCSPrincipal(name); + + PKCSPrincipal cloned = (PKCSPrincipal) SerializationUtils.clone(instance); + + assertThat(cloned.getName()).isEqualTo(name); + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/UserPasswordAuthInit.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/UserPasswordAuthInit.java b/geode-core/src/test/java/templates/security/UserPasswordAuthInit.java old mode 100644 new mode 100755 index f4b6eec..1c48773 --- a/geode-core/src/test/java/templates/security/UserPasswordAuthInit.java +++ b/geode-core/src/test/java/templates/security/UserPasswordAuthInit.java @@ -14,16 +14,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; -import java.util.Properties; - import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; import com.gemstone.gemfire.security.AuthInitialize; import com.gemstone.gemfire.security.AuthenticationFailedException; +import java.util.Properties; + /** * An {@link AuthInitialize} implementation that obtains the user name and * password as the credentials from the given set of properties. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/UsernamePrincipal.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/UsernamePrincipal.java b/geode-core/src/test/java/templates/security/UsernamePrincipal.java old mode 100644 new mode 100755 index 739dd52..781dd5a --- a/geode-core/src/test/java/templates/security/UsernamePrincipal.java +++ b/geode-core/src/test/java/templates/security/UsernamePrincipal.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; import java.io.Serializable; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/UsernamePrincipalTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/UsernamePrincipalTest.java b/geode-core/src/test/java/templates/security/UsernamePrincipalTest.java new file mode 100644 index 0000000..023c214 --- /dev/null +++ b/geode-core/src/test/java/templates/security/UsernamePrincipalTest.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package templates.security; + +import com.gemstone.gemfire.test.junit.categories.UnitTest; +import org.apache.commons.lang.SerializationUtils; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import java.io.Serializable; + +import static org.assertj.core.api.Assertions.assertThat; + +/** + * Unit tests for {@link UsernamePrincipal} + */ +@Category(UnitTest.class) +public class UsernamePrincipalTest { + + @Test + public void isSerializable() throws Exception { + assertThat(UsernamePrincipal.class).isInstanceOf(Serializable.class); + } + + @Test + public void canBeSerialized() throws Exception { + String name = "jsmith"; + UsernamePrincipal instance = new UsernamePrincipal(name); + + UsernamePrincipal cloned = (UsernamePrincipal) SerializationUtils.clone(instance); + + assertThat(cloned.getName()).isEqualTo(name); + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/XmlAuthorization.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/XmlAuthorization.java b/geode-core/src/test/java/templates/security/XmlAuthorization.java old mode 100644 new mode 100755 index 1ed0142..29d94de --- a/geode-core/src/test/java/templates/security/XmlAuthorization.java +++ b/geode-core/src/test/java/templates/security/XmlAuthorization.java @@ -14,9 +14,27 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; +import com.gemstone.gemfire.LogWriter; +import com.gemstone.gemfire.cache.Cache; +import com.gemstone.gemfire.cache.operations.ExecuteFunctionOperationContext; +import com.gemstone.gemfire.cache.operations.OperationContext; +import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; +import com.gemstone.gemfire.cache.operations.QueryOperationContext; +import com.gemstone.gemfire.distributed.DistributedMember; +import com.gemstone.gemfire.security.AccessControl; +import com.gemstone.gemfire.security.NotAuthorizedException; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.EntityResolver; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; +import org.xml.sax.SAXParseException; + import java.io.IOException; import java.io.InputStream; import java.security.Principal; @@ -27,30 +45,9 @@ import java.util.Map; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; - import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import org.w3c.dom.Attr; -import org.w3c.dom.Document; -import org.w3c.dom.NamedNodeMap; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.xml.sax.EntityResolver; -import org.xml.sax.InputSource; -import org.xml.sax.SAXException; -import org.xml.sax.SAXParseException; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.cache.Cache; -import com.gemstone.gemfire.cache.operations.ExecuteFunctionOperationContext; -import com.gemstone.gemfire.cache.operations.OperationContext; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.cache.operations.QueryOperationContext; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AccessControl; -import com.gemstone.gemfire.security.NotAuthorizedException; - /** * An implementation of the <code>{@link AccessControl}</code> interface that * allows authorization using the permissions as specified in the given XML http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/java/templates/security/XmlErrorHandler.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/templates/security/XmlErrorHandler.java b/geode-core/src/test/java/templates/security/XmlErrorHandler.java old mode 100644 new mode 100755 index 5da8e09..1326548 --- a/geode-core/src/test/java/templates/security/XmlErrorHandler.java +++ b/geode-core/src/test/java/templates/security/XmlErrorHandler.java @@ -14,15 +14,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package templates.security; +import com.gemstone.gemfire.LogWriter; +import com.gemstone.gemfire.internal.logging.LogService; +import org.apache.logging.log4j.Logger; import org.xml.sax.ErrorHandler; import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; -import com.gemstone.gemfire.LogWriter; - /** * Implementation of {@link ErrorHandler} interface to handle validation errors * while XML parsing. @@ -35,14 +35,15 @@ import com.gemstone.gemfire.LogWriter; * @since 5.5 */ public class XmlErrorHandler implements ErrorHandler { + private static final Logger logger = LogService.getLogger(); - private LogWriter logger; + private LogWriter logWriter; private String xmlFileName; - public XmlErrorHandler(LogWriter logger, String xmlFileName) { + public XmlErrorHandler(LogWriter logWriter, String xmlFileName) { - this.logger = logger; + this.logWriter = logWriter; this.xmlFileName = xmlFileName; } @@ -51,10 +52,9 @@ public class XmlErrorHandler implements ErrorHandler { * where the exception occurred. */ public void error(SAXParseException exception) throws SAXException { - throw new SAXParseException("Error while parsing XML at line " + exception.getLineNumber() + " column " + exception.getColumnNumber() - + ": " + exception.getMessage(), null); + + ": " + exception.getMessage(), null, exception); } /** @@ -62,10 +62,9 @@ public class XmlErrorHandler implements ErrorHandler { * where the exception occurred. */ public void fatalError(SAXParseException exception) throws SAXException { - throw new SAXParseException("Fatal error while parsing XML at line " + exception.getLineNumber() + " column " + exception.getColumnNumber() - + ": " + exception.getMessage(), null); + + ": " + exception.getMessage(), null, exception); } /** @@ -73,10 +72,10 @@ public class XmlErrorHandler implements ErrorHandler { * filename and the position of exception in the file. */ public void warning(SAXParseException exception) throws SAXException { - - this.logger.warning("Warning while parsing XML [" + this.xmlFileName + this.logWriter.warning("Warning while parsing XML [" + this.xmlFileName + "] at line " + exception.getLineNumber() + " column " - + exception.getColumnNumber() + ": " + exception.getMessage()); + + exception.getColumnNumber() + ": " + exception.getMessage(), exception); } + } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d1ca32d6/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt ---------------------------------------------------------------------- diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt b/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt index f3c1c5d..a8f6514 100644 --- a/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt +++ b/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/sanctionedSerializables.txt @@ -140,7 +140,6 @@ com/gemstone/gemfire/cache/hdfs/internal/hoplog/HdfsSortedOplogOrganizer$HoplogR com/gemstone/gemfire/cache/hdfs/internal/hoplog/Hoplog$HoplogVersion,false com/gemstone/gemfire/cache/hdfs/internal/hoplog/Hoplog$Meta,false com/gemstone/gemfire/cache/hdfs/internal/org/apache/hadoop/io/SequenceFile$CompressionType,false -com/gemstone/gemfire/cache/operations/PutAllOperationContext$UpdateOnlyMap,true,-1034234728574286014,m:java/util/Map com/gemstone/gemfire/cache/partition/PartitionNotAvailableException,true,1 com/gemstone/gemfire/cache/persistence/ConflictingPersistentDataException,true,-2629287782021455875 com/gemstone/gemfire/cache/persistence/PartitionOfflineException,true,-6471045959318795870,offlineMembers:java/util/Set @@ -342,8 +341,6 @@ com/gemstone/gemfire/internal/cache/execute/util/NestedTransactionFunction,true, com/gemstone/gemfire/internal/cache/execute/util/RollbackFunction,true,1377183180063184795 com/gemstone/gemfire/internal/cache/ha/ThreadIdentifier$Bits,false,position:int,width:int com/gemstone/gemfire/internal/cache/ha/ThreadIdentifier$WanType,false -com/gemstone/gemfire/internal/cache/locks/GFEAbstractQueuedSynchronizer,true,7373984972572414691,state:int -com/gemstone/gemfire/internal/cache/locks/ReentrantReadWriteWriteShareLock$CASSync,false,allowUpgradeOfWriteShare:boolean,ownerId:java/lang/Object com/gemstone/gemfire/internal/cache/lru/HeapLRUCapacityController,true,4970685814429530675,perEntryOverhead:int,sizer:com/gemstone/gemfire/cache/util/ObjectSizer com/gemstone/gemfire/internal/cache/lru/LRUAlgorithm,false,bucketRegion:com/gemstone/gemfire/internal/cache/BucketRegion,evictionAction:com/gemstone/gemfire/cache/EvictionAction com/gemstone/gemfire/internal/cache/lru/LRUCapacityController,true,-4383074909189355938,maximumEntries:int @@ -357,12 +354,7 @@ com/gemstone/gemfire/internal/cache/partitioned/RedundancyAlreadyMetException,fa com/gemstone/gemfire/internal/cache/partitioned/rebalance/PartitionedRegionLoadModel$RefusalReason,false com/gemstone/gemfire/internal/cache/persistence/OplogType,false,prefix:java/lang/String com/gemstone/gemfire/internal/cache/persistence/PersistentMemberState,false -com/gemstone/gemfire/internal/cache/persistence/soplog/SoplogToken,false,val:byte -com/gemstone/gemfire/internal/cache/persistence/soplog/SortedOplogFactory$SortedOplogConfiguration$Checksum,false -com/gemstone/gemfire/internal/cache/persistence/soplog/SortedOplogFactory$SortedOplogConfiguration$Compression,false -com/gemstone/gemfire/internal/cache/persistence/soplog/SortedOplogFactory$SortedOplogConfiguration$KeyEncoding,false com/gemstone/gemfire/internal/cache/persistence/soplog/SortedReader$Metadata,false -com/gemstone/gemfire/internal/cache/persistence/soplog/hfile/HFileSortedOplog$InternalMetadata,false com/gemstone/gemfire/internal/cache/snapshot/ClientExporter$ClientArgs,true,1,options:com/gemstone/gemfire/cache/snapshot/SnapshotOptions,prSingleHop:boolean,region:java/lang/String com/gemstone/gemfire/internal/cache/snapshot/ClientExporter$ProxyExportFunction,true,1 com/gemstone/gemfire/internal/cache/snapshot/RegionSnapshotServiceImpl$1,true,1 @@ -821,7 +813,7 @@ com/gemstone/gemfire/pdx/internal/PdxReaderImpl,true,-6094553093860427759,blobTy com/gemstone/gemfire/pdx/internal/WritablePdxInstanceImpl,true,7398999150097596214,dirtyFields:java/lang/Object[] com/gemstone/gemfire/security/AuthenticationFailedException,true,-8202866472279088879 com/gemstone/gemfire/security/AuthenticationRequiredException,true,4675976651103154919 -com/gemstone/gemfire/security/GemFireSecurityException,true,3814254578203076926 +com/gemstone/gemfire/security/GemFireSecurityException,true,3814254578203076926,cause:java/lang/Throwable com/gemstone/gemfire/security/NotAuthorizedException,true,419215768216387745,principal:java/security/Principal com/gemstone/org/apache/logging/log4j/message/GemFireParameterizedMessage,true,-665975803997290697,messagePattern:java/lang/String,stringArgs:java/lang/String[] com/gemstone/org/apache/logging/log4j/message/GemFireParameterizedMessageFactory,true,1
