Repository: incubator-geode Updated Branches: refs/heads/feature/GEODE-17-2 ce4dd4ef7 -> 2f709ffea
GEODE-17: All JMX Bean access needs JMX:GET permission * added the ResourceOperation annotation to all JMXBean classes * fix the tests Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/2f709ffe Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/2f709ffe Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/2f709ffe Branch: refs/heads/feature/GEODE-17-2 Commit: 2f709ffea12ee7f0a9c662f99c8686b7d4ed0293 Parents: ce4dd4e Author: Jinmei Liao <[email protected]> Authored: Wed Mar 16 10:24:27 2016 -0700 Committer: Jinmei Liao <[email protected]> Committed: Wed Mar 16 10:24:27 2016 -0700 ---------------------------------------------------------------------- .../management/AsyncEventQueueMXBean.java | 4 ++ .../gemfire/management/CacheServerMXBean.java | 2 +- .../gemfire/management/DiskStoreMXBean.java | 1 + .../DistributedLockServiceMXBean.java | 8 +++- .../management/DistributedRegionMXBean.java | 4 ++ .../management/DistributedSystemMXBean.java | 1 + .../management/GatewayReceiverMXBean.java | 2 +- .../gemfire/management/GatewaySenderMXBean.java | 2 +- .../gemfire/management/LocatorMXBean.java | 4 ++ .../gemfire/management/LockServiceMXBean.java | 4 +- .../gemfire/management/ManagerMXBean.java | 1 + .../gemfire/management/MemberMXBean.java | 5 +-- .../gemfire/management/RegionMXBean.java | 4 ++ .../management/internal/security/Resource.java | 1 + .../security/AccessControlMBeanJUnitTest.java | 2 +- .../CacheServerMBeanAuthorizationJUnitTest.java | 32 ++++++++-------- .../GatewaySenderMBeanSecurityTest.java | 14 +++---- .../LockServiceMBeanAuthorizationJUnitTest.java | 15 +++++--- .../security/MemberMBeanSecurityJUnitTest.java | 39 +++++++++++++------- .../internal/security/cacheServer.json | 4 +- 20 files changed, 94 insertions(+), 55 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java index b4445ac..b69206b 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java @@ -17,6 +17,9 @@ package com.gemstone.gemfire.management; import com.gemstone.gemfire.cache.asyncqueue.AsyncEventQueue; +import com.gemstone.gemfire.cache.operations.OperationContext; +import com.gemstone.gemfire.management.internal.security.Resource; +import com.gemstone.gemfire.management.internal.security.ResourceOperation; /** * MBean that provides access to an {@link AsyncEventQueue}. @@ -25,6 +28,7 @@ import com.gemstone.gemfire.cache.asyncqueue.AsyncEventQueue; * @since 7.0 * */ +@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET) public interface AsyncEventQueueMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java index 48148f1..4f4f02c 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java @@ -57,7 +57,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo * @since 7.0 * */ -@ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=OperationCode.LIST_DS) +@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET) public interface CacheServerMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java index f30a613..e23bc12 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java @@ -31,6 +31,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo * @since 7.0 * */ +@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET) public interface DiskStoreMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java index 8efa646..65d8f95 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java @@ -16,9 +16,12 @@ */ package com.gemstone.gemfire.management; -import java.util.Map; - +import com.gemstone.gemfire.cache.operations.OperationContext; import com.gemstone.gemfire.distributed.DistributedLockService; +import com.gemstone.gemfire.management.internal.security.Resource; +import com.gemstone.gemfire.management.internal.security.ResourceOperation; + +import java.util.Map; /** * MBean that provides access to information for a named instance of {@link DistributedLockService}. @@ -29,6 +32,7 @@ import com.gemstone.gemfire.distributed.DistributedLockService; * @since 7.0 * */ +@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET) public interface DistributedLockServiceMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java index 1de4712..9d1e739 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java @@ -20,7 +20,10 @@ import com.gemstone.gemfire.cache.CacheListener; import com.gemstone.gemfire.cache.CacheWriter; import com.gemstone.gemfire.cache.EvictionAlgorithm; import com.gemstone.gemfire.cache.Region; +import com.gemstone.gemfire.cache.operations.OperationContext; import com.gemstone.gemfire.cache.wan.GatewaySender; +import com.gemstone.gemfire.management.internal.security.Resource; +import com.gemstone.gemfire.management.internal.security.ResourceOperation; /** * MBean that provides access to information and management functionality for a @@ -30,6 +33,7 @@ import com.gemstone.gemfire.cache.wan.GatewaySender; * @since 7.0 * */ +@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET) public interface DistributedRegionMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java index 8af5df7..a53b3fb 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java @@ -74,6 +74,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo * @since 7.0 * */ +@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET) public interface DistributedSystemMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java index 7e16123..68ab2fd 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java @@ -30,7 +30,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo * @since 7.0 * */ - +@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET) public interface GatewayReceiverMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java index 88f9fac..80d4ea8 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java @@ -28,7 +28,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo * @since 7.0 * */ -@ResourceOperation(resource = Resource.GATEWAY_SENDER, operation = OperationCode.GET) +@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET) public interface GatewaySenderMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java index 96ffe0f..4412f0b 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java @@ -16,7 +16,10 @@ */ package com.gemstone.gemfire.management; +import com.gemstone.gemfire.cache.operations.OperationContext; import com.gemstone.gemfire.distributed.Locator; +import com.gemstone.gemfire.management.internal.security.Resource; +import com.gemstone.gemfire.management.internal.security.ResourceOperation; /** * MBean that provides access to information and management functionality for a @@ -25,6 +28,7 @@ import com.gemstone.gemfire.distributed.Locator; * @author rishim * @since 7.0 */ +@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET) public interface LocatorMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java index f6a10a7..e733567 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java @@ -28,11 +28,11 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo * MBean that provides access to information and management functionality for a * {@link DLockService}. Since any number of DLockService objects can be created * by a member there may be 0 or more instances of this MBean available. - * - * @author rishim + * * @since 7.0 * */ +@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET) public interface LockServiceMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java index 8ae28c3..c65dc3e 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java @@ -32,6 +32,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo * @since 7.0 * */ +@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET) public interface ManagerMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java index 4e95664..f36cc7c 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java @@ -136,10 +136,10 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo * <td>Locator is Started in the VM</td> * </tr> * </table> - * - * @author rishim + * @since 7.0 */ +@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET) public interface MemberMXBean { /** @@ -283,7 +283,6 @@ public interface MemberMXBean { /** * Returns the status. */ - @ResourceOperation(resource = Resource.MEMBER, operation = OperationCode.STATUS) public String status(); /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java index dbeb148..0b17f0f 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java @@ -20,6 +20,9 @@ import com.gemstone.gemfire.cache.CacheListener; import com.gemstone.gemfire.cache.CacheWriter; import com.gemstone.gemfire.cache.EvictionAlgorithm; import com.gemstone.gemfire.cache.Region; +import com.gemstone.gemfire.cache.operations.OperationContext; +import com.gemstone.gemfire.management.internal.security.Resource; +import com.gemstone.gemfire.management.internal.security.ResourceOperation; /** * MBean that provides access to information and management functionality for a @@ -31,6 +34,7 @@ import com.gemstone.gemfire.cache.Region; * @since 7.0 * */ +@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET) public interface RegionMXBean { /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java index 4570501..51018cd 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java @@ -29,6 +29,7 @@ public enum Resource { GATEWAY_RECEIVER, GATEWAY_SENDER, INDEX, + JMX, LOCATOR, LOCK_SERVICE, MANAGER, http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java index fef306a..6f8cfbf 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java @@ -51,7 +51,7 @@ public class AccessControlMBeanJUnitTest { @Test @JMXConnectionConfiguration(user = "user", password = "1234567") public void testAnyAccess() throws Exception { - assertThat(bean.authorize("DISTRIBUTED_SYSTEM", "LIST_DS")).isEqualTo(true); + assertThat(bean.authorize("JMX", "GET")).isEqualTo(true); assertThat(bean.authorize("INDEX", "DESTROY")).isEqualTo(false); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java index 60a49ad..7fa36a3 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java @@ -48,14 +48,14 @@ public class CacheServerMBeanAuthorizationJUnitTest { @Test @JMXConnectionConfiguration(user = "superuser", password = "1234567") public void testAllAccess() throws Exception { - cacheServerMXBean.removeIndex("foo"); // "INDEX:DESTROY", - cacheServerMXBean.executeContinuousQuery("bar"); // CONTNUOUS_QUERY:EXECUTE - cacheServerMXBean.fetchLoadProbe(); // DISTRIBUTED_SYSTEM:LIST_DS - cacheServerMXBean.getActiveCQCount(); // DISTRIBUTED_SYSTEM:LIST_DS - cacheServerMXBean.stopContinuousQuery("bar"); // CONTINUOUS_QUERY:STOP - cacheServerMXBean.closeAllContinuousQuery("bar"); // CONTINUOUS_QUERY:STOP - cacheServerMXBean.isRunning(); // DISTRIBUTED_SYSTEM:LIST_DS - cacheServerMXBean.showClientQueueDetails("foo"); // DISTRIBUTED_SYSTEM:LIST_DS + cacheServerMXBean.removeIndex("foo"); + cacheServerMXBean.executeContinuousQuery("bar"); + cacheServerMXBean.fetchLoadProbe(); + cacheServerMXBean.getActiveCQCount(); + cacheServerMXBean.stopContinuousQuery("bar"); + cacheServerMXBean.closeAllContinuousQuery("bar"); + cacheServerMXBean.isRunning(); + cacheServerMXBean.showClientQueueDetails("foo"); } @Test @@ -69,13 +69,13 @@ public class CacheServerMBeanAuthorizationJUnitTest { @Test @JMXConnectionConfiguration(user = "stranger", password = "1234567") public void testNoAccess() throws Exception { - assertThatThrownBy(() -> cacheServerMXBean.removeIndex("foo")).isInstanceOf(SecurityException.class); - assertThatThrownBy(() -> cacheServerMXBean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class); - assertThatThrownBy(() -> cacheServerMXBean.fetchLoadProbe()).isInstanceOf(SecurityException.class); - assertThatThrownBy(() -> cacheServerMXBean.getActiveCQCount()).isInstanceOf(SecurityException.class); - assertThatThrownBy(() -> cacheServerMXBean.stopContinuousQuery("bar")).isInstanceOf(SecurityException.class); - assertThatThrownBy(() -> cacheServerMXBean.closeAllContinuousQuery("bar")).isInstanceOf(SecurityException.class); - assertThatThrownBy(() -> cacheServerMXBean.isRunning()).isInstanceOf(SecurityException.class); - assertThatThrownBy(() -> cacheServerMXBean.showClientQueueDetails("bar")).isInstanceOf(SecurityException.class); + assertThatThrownBy(() -> cacheServerMXBean.removeIndex("foo")).isInstanceOf(SecurityException.class).hasMessageContaining("INDEX:DESTROY"); + assertThatThrownBy(() -> cacheServerMXBean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("CONTINUOUS_QUERY:EXECUTE"); + assertThatThrownBy(() -> cacheServerMXBean.fetchLoadProbe()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> cacheServerMXBean.getActiveCQCount()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> cacheServerMXBean.stopContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("ONTINUOUS_QUERY:STOP"); + assertThatThrownBy(() -> cacheServerMXBean.closeAllContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("ONTINUOUS_QUERY:STOP"); + assertThatThrownBy(() -> cacheServerMXBean.isRunning()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> cacheServerMXBean.showClientQueueDetails("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET"); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java index b553898..a934a09 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java @@ -88,13 +88,13 @@ public class GatewaySenderMBeanSecurityTest { @Test @JMXConnectionConfiguration(user = "stranger", password = "1234567") public void testNoAccess() throws Exception { - assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET"); - assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET"); - assertThatThrownBy(() -> bean.getBatchSize()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET"); - assertThatThrownBy(() -> bean.getMaximumQueueMemory()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET"); - assertThatThrownBy(() -> bean.getOrderPolicy()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET"); - assertThatThrownBy(() -> bean.isBatchConflationEnabled()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET"); - assertThatThrownBy(() -> bean.isManualStart()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET"); + assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET"); + assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET"); + assertThatThrownBy(() -> bean.getBatchSize()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET"); + assertThatThrownBy(() -> bean.getMaximumQueueMemory()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET"); + assertThatThrownBy(() -> bean.getOrderPolicy()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET"); + assertThatThrownBy(() -> bean.isBatchConflationEnabled()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET"); + assertThatThrownBy(() -> bean.isManualStart()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET"); assertThatThrownBy(() -> bean.pause()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:PAUSE"); assertThatThrownBy(() -> bean.rebalance()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:REBALANCE"); assertThatThrownBy(() -> bean.resume()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:RESUME"); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java index 9803083..c0e1a8b 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java @@ -18,13 +18,10 @@ package com.gemstone.gemfire.management.internal.security; import com.gemstone.gemfire.cache.Cache; import com.gemstone.gemfire.cache.CacheFactory; -import com.gemstone.gemfire.distributed.DistributedLockService; import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem; import com.gemstone.gemfire.distributed.internal.locks.DLockService; import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.CacheServerMXBean; import com.gemstone.gemfire.management.LockServiceMXBean; -import com.gemstone.gemfire.test.dunit.Host; import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import org.junit.AfterClass; import org.junit.Before; @@ -68,7 +65,11 @@ public class LockServiceMBeanAuthorizationJUnitTest { @Test @JMXConnectionConfiguration(user = "superuser", password = "1234567") public void testAllAccess() throws Exception { - lockServiceMBean.becomeLockGrantor(); // "INDEX:DESTROY", + lockServiceMBean.becomeLockGrantor(); + lockServiceMBean.fetchGrantorMember(); + lockServiceMBean.getMemberCount(); + lockServiceMBean.isDistributed(); + lockServiceMBean.listThreadsHoldingLock(); } @Test @@ -81,6 +82,10 @@ public class LockServiceMBeanAuthorizationJUnitTest { @Test @JMXConnectionConfiguration(user = "stranger", password = "1234567") public void testNoAccess() throws Exception { - assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class); + assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class).hasMessageContaining("LOCK_SERVICE:BECOME_LOCK_GRANTOR"); + assertThatThrownBy(() -> lockServiceMBean.fetchGrantorMember()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> lockServiceMBean.getMemberCount()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> lockServiceMBean.isDistributed()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> lockServiceMBean.listThreadsHoldingLock()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET"); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java index b310d2d..33136f3 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java @@ -48,24 +48,35 @@ public class MemberMBeanSecurityJUnitTest { @Test @JMXConnectionConfiguration(user = "superuser", password = "1234567") public void testAllAccess() throws Exception { - bean.shutDownMember(); // MEMBER:SHUTDOWN - bean.compactAllDiskStores(); // DISKSTORE:COMPACT - bean.createManager(); // MANAGER:CREATE - bean.fetchJvmThreads(); // DEFAULT:LIST_DS - bean.getName(); // DEFAULT:LIST_DS - bean.getDiskStores(); // DEFAULT:LIST_DS - bean.hasGatewayReceiver(); // DEFAULT:LIST_DS - bean.isCacheServer(); // DEFAULT:LIST_DS - bean.isServer(); // DEFAULT:LIST_DS - bean.listConnectedGatewayReceivers(); // DEFAULT:LIST_DS - bean.processCommand("create region --name=Region_A"); // REGION:CREATE - bean.showJVMMetrics(); // DEFAULT:LIST_DS - bean.status(); // DEFAULT:LIST_DS + bean.shutDownMember(); + bean.compactAllDiskStores(); + bean.createManager(); + bean.fetchJvmThreads(); + bean.getName(); + bean.getDiskStores(); + bean.hasGatewayReceiver(); + bean.isCacheServer(); + bean.isServer(); + bean.listConnectedGatewayReceivers(); + bean.processCommand("create region --name=Region_A"); + bean.showJVMMetrics(); + bean.status(); } @Test @JMXConnectionConfiguration(user = "stranger", password = "1234567") public void testNoAccess() throws Exception { - assertThatThrownBy(() -> bean.shutDownMember()).isInstanceOf(SecurityException.class); + assertThatThrownBy(() -> bean.shutDownMember()).isInstanceOf(SecurityException.class).hasMessageContaining("MEMBER:SHUTDOWN"); + assertThatThrownBy(() -> bean.createManager()).hasMessageContaining("MANAGER:CREATE"); + assertThatThrownBy(() -> bean.fetchJvmThreads()).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> bean.getName()).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> bean.getDiskStores()).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> bean.hasGatewayReceiver()).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> bean.isCacheServer()).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> bean.isServer()).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> bean.listConnectedGatewayReceivers()).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> bean.processCommand("create region --name=Region_A")).hasMessageContaining("REGION:CREATE"); + assertThatThrownBy(() -> bean.showJVMMetrics()).hasMessageContaining("JMX:GET"); + assertThatThrownBy(() -> bean.status()).hasMessageContaining("JMX:GET"); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json ---------------------------------------------------------------------- diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json index c1e552d..99a0ba3 100644 --- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json +++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json @@ -20,7 +20,7 @@ "REGION:GET", "REGION:DELETE", "LOCK_SERVICE:BECOME_LOCK_GRANTOR", - "GATEWAY_SENDER:GET", + "JMX:GET", "GATEWAY_SENDER:PAUSE", "GATEWAY_SENDER:REBALANCE", "GATEWAY_SENDER:RESUME", @@ -36,7 +36,7 @@ { "name": "something", "operationsAllowed": [ - "DISTRIBUTED_SYSTEM:LIST_DS" + "JMX:GET" ] }, {
