Merge branch 'develop' into feature/GEODE-17-2
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/da7a76de Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/da7a76de Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/da7a76de Branch: refs/heads/feature/GEODE-17-2 Commit: da7a76defd44b172ed8d7987c93e2d39576289bf Parents: 386ace7 ff55590 Author: Jens Deppe <[email protected]> Authored: Fri Mar 18 07:20:59 2016 -0700 Committer: Jens Deppe <[email protected]> Committed: Fri Mar 18 07:20:59 2016 -0700 ---------------------------------------------------------------------- .travis.yml | 7 +- README.md | 16 +- extensions/geode-modules-assembly/build.gradle | 10 +- extensions/geode-modules/build.gradle | 3 +- geode-assembly/build.gradle | 27 +- .../LauncherLifecycleCommandsDUnitTest.java | 10 +- .../rest/internal/web/RestFunctionTemplate.java | 23 + ...stAPIOnRegionFunctionExecutionDUnitTest.java | 479 +- .../web/controllers/RestAPITestBase.java | 209 +- ...tAPIsOnGroupsFunctionExecutionDUnitTest.java | 310 +- ...APIsOnMembersFunctionExecutionDUnitTest.java | 299 +- geode-core/build.gradle | 13 +- .../com/gemstone/gemfire/DataSerializable.java | 2 +- .../internal/doc-files/config-hierarchy.fig | 156 - .../admin/internal/doc-files/health-classes.fig | 233 - .../admin/internal/doc-files/health-classes.gif | Bin 8973 -> 0 bytes .../gemfire/admin/internal/package.html | 4 +- .../client/doc-files/example-client-cache.xml | 46 - .../gemfire/cache/client/internal/Endpoint.java | 2 +- .../internal/PdxRegistryRecoveryListener.java | 6 +- .../gemfire/cache/client/internal/PoolImpl.java | 5 +- .../gemfire/cache/client/internal/PutAllOp.java | 8 +- .../gemfire/cache/client/internal/PutOp.java | 15 +- .../doc-files/ConnectionManagerImpl.dia | Bin 2034 -> 0 bytes .../doc-files/ConnectionManagerImpl.png | Bin 11825 -> 0 bytes .../client/internal/doc-files/PoolImpl.dia | Bin 3083 -> 0 bytes .../internal/doc-files/QueueManagerImpl.dia | Bin 2180 -> 0 bytes .../internal/doc-files/QueueManagerImpl.png | Bin 15075 -> 0 bytes .../doc-files/client_static_diagram.png | Bin 29430 -> 0 bytes .../gemfire/cache/client/internal/package.html | 6 +- .../gemstone/gemfire/cache/client/package.html | 2 +- .../gemfire/cache/doc-files/architecture.fig | 170 - .../gemfire/cache/doc-files/architecture.gif | Bin 9983 -> 0 bytes .../cache/doc-files/entry-life-cycle.fig | 64 - .../cache/doc-files/entry-life-cycle.gif | Bin 3357 -> 0 bytes .../gemfire/cache/doc-files/example-cache.xml | 98 - .../gemfire/cache/doc-files/example2-cache.xml | 63 - .../gemfire/cache/doc-files/example3-cache.xml | 60 - .../cache/doc-files/partitioned-regions.fig | 267 - .../cache/doc-files/partitioned-regions.gif | Bin 9494 -> 0 bytes .../operations/PutAllOperationContext.java | 275 +- .../internal/GetOperationContextImpl.java | 24 +- .../operations/internal/UpdateOnlyMap.java | 304 + .../com/gemstone/gemfire/cache/package.html | 8 +- .../query/internal/index/AbstractIndex.java | 8 +- .../query/internal/index/DummyQRegion.java | 14 +- .../cache/query/internal/index/HashIndex.java | 6 +- .../query/internal/index/IndexElemArray.java | 34 +- .../query/internal/index/IndexManager.java | 10 +- .../gemfire/distributed/ServerLauncher.java | 56 +- .../ServerLauncherCacheProvider.java | 34 + .../DefaultServerLauncherCacheProvider.java | 57 + .../internal/DistributionConfigImpl.java | 33 +- .../internal/InternalDistributedSystem.java | 22 +- .../internal/LonerDistributionManager.java | 4 +- .../internal/direct/DirectChannel.java | 31 +- .../internal/doc-files/config-classes.fig | 138 - .../internal/doc-files/config-classes.gif | Bin 4205 -> 0 bytes .../doc-files/distribution-managers.fig | 76 - .../doc-files/distribution-managers.gif | Bin 3267 -> 0 bytes .../internal/locks/doc-files/elder.fig | 84 - .../internal/locks/doc-files/elder.jpg | Bin 55182 -> 0 bytes .../internal/locks/doc-files/turks.fig | 128 - .../internal/locks/doc-files/turks.jpg | Bin 79859 -> 0 bytes .../distributed/internal/locks/package.html | 4 +- .../membership/gms/auth/GMSAuthenticator.java | 98 +- .../membership/gms/fd/GMSHealthMonitor.java | 2 +- .../membership/gms/membership/GMSJoinLeave.java | 29 +- .../gms/messages/JoinResponseMessage.java | 15 - .../gms/messenger/JGroupsMessenger.java | 5 + .../gemfire/distributed/internal/package.html | 2 +- .../internal/tcpserver/TcpClient.java | 16 +- .../internal/tcpserver/TcpServer.java | 0 .../doc-files/data-serialization-exceptions.fig | 135 - .../doc-files/data-serialization-exceptions.gif | Bin 3666 -> 0 bytes .../gemfire/internal/AbstractConfig.java | 2 + .../gemfire/internal/SocketCreator.java | 2 +- .../admin/doc-files/class-hierarchy.fig | 224 - .../admin/doc-files/class-hierarchy.gif | Bin 11971 -> 0 bytes .../internal/cache/AbstractRegionEntry.java | 107 +- .../internal/cache/AbstractRegionMap.java | 81 +- .../gemfire/internal/cache/BucketRegion.java | 36 +- .../cache/BytesAndBitsForCompactor.java | 18 +- .../internal/cache/CachedDeserializable.java | 8 + .../cache/CachedDeserializableFactory.java | 4 +- .../gemfire/internal/cache/DiskEntry.java | 113 +- .../gemfire/internal/cache/DiskStoreImpl.java | 4 - .../internal/cache/DistributedRegion.java | 12 +- .../gemfire/internal/cache/EntryEventImpl.java | 161 +- .../gemfire/internal/cache/LocalRegion.java | 18 +- .../gemstone/gemfire/internal/cache/Oplog.java | 12 +- .../internal/cache/PartitionedRegion.java | 1 - .../cache/PartitionedRegionQueryEvaluator.java | 391 +- .../cache/PreferBytesCachedDeserializable.java | 11 +- .../gemfire/internal/cache/RegionEntry.java | 9 +- .../internal/cache/RemoteDestroyMessage.java | 4 +- .../cache/SearchLoadAndWriteProcessor.java | 8 +- .../cache/StoreAllCachedDeserializable.java | 11 +- .../gemfire/internal/cache/TXManagerImpl.java | 3 +- .../gemfire/internal/cache/UpdateOperation.java | 2 +- .../internal/cache/VMCachedDeserializable.java | 9 +- .../SnappyCompressedCachedDeserializable.java | 10 + .../cache/control/HeapMemoryMonitor.java | 14 +- .../cache/control/OffHeapMemoryMonitor.java | 45 +- .../cache/doc-files/BucketAdvisor-state.png | Bin 39148 -> 0 bytes .../internal/cache/doc-files/eventmatrix.xls | Bin 24576 -> 0 bytes .../cache/doc-files/extensible-hashing.fig | 159 - .../cache/doc-files/extensible-hashing.gif | Bin 6605 -> 0 bytes .../cache/doc-files/jcache-get-flow.fig | 349 -- .../cache/doc-files/jcache-get-flow.pdf | Bin 7519 -> 0 bytes .../cache/doc-files/jcache-put-flow.fig | 359 -- .../cache/doc-files/jcache-put-flow.pdf | Bin 7667 -> 0 bytes .../doc-files/jcache-update-message-flow.fig | 334 - .../doc-files/jcache-update-message-flow.pdf | Bin 5937 -> 0 bytes .../cache/doc-files/partitioned-regions.fig | 255 - .../cache/doc-files/partitioned-regions.gif | Bin 9273 -> 0 bytes .../internal/cache/doc-files/properties.html | 3937 ------------ .../cache/doc-files/region-implementation.fig | 262 - .../gemfire/internal/cache/package.html | 8 +- .../cache/partitioned/FetchEntriesMessage.java | 10 +- .../internal/cache/partitioned/PutMessage.java | 8 +- .../gemfire/internal/cache/properties.html | 3937 ++++++++++++ .../cache/tier/sockets/AcceptorImpl.java | 9 +- .../cache/tier/sockets/CacheClientProxy.java | 8 +- .../tier/sockets/ClientUpdateMessageImpl.java | 2 +- .../internal/cache/tier/sockets/HandShake.java | 3 +- .../internal/cache/tier/sockets/Message.java | 2 +- .../internal/cache/tier/sockets/Part.java | 51 +- .../cache/tier/sockets/command/Get70.java | 19 +- .../cache/tier/sockets/command/PutAll.java | 4 + .../cache/tier/sockets/command/PutAll70.java | 4 + .../cache/tier/sockets/command/PutAll80.java | 4 + .../cache/tier/sockets/command/Request.java | 8 +- .../doc-files/communication-architecture.fig | 158 - .../doc-files/communication-architecture.gif | Bin 5485 -> 0 bytes .../AbstractGatewaySenderEventProcessor.java | 48 +- .../cache/wan/GatewaySenderEventImpl.java | 81 +- .../parallel/ParallelGatewaySenderQueue.java | 74 +- .../gemfire/internal/doc-files/cs-maps.fig | 150 - .../gemfire/internal/doc-files/cs-maps.gif | Bin 5951 -> 0 bytes .../gemfire/internal/doc-files/ds-map.fig | 105 - .../gemfire/internal/doc-files/ds-map.gif | Bin 4867 -> 0 bytes .../internal/doc-files/merge-log-files.fig | 153 - .../internal/doc-files/merge-log-files.gif | Bin 2646 -> 0 bytes .../gemfire/internal/i18n/LocalizedStrings.java | 6 +- .../gemfire/internal/logging/MergeLogFiles.java | 2 +- .../internal/offheap/AbstractStoredObject.java | 24 + .../offheap/AddressableMemoryChunk.java | 29 - .../offheap/AddressableMemoryChunkFactory.java | 27 - .../offheap/AddressableMemoryManager.java | 261 + .../internal/offheap/ByteArrayMemoryChunk.java | 77 - .../internal/offheap/ByteBufferMemoryChunk.java | 90 - .../gemfire/internal/offheap/DataAsAddress.java | 131 - .../gemfire/internal/offheap/Fragment.java | 14 +- .../internal/offheap/FreeListManager.java | 281 +- .../internal/offheap/LifecycleListener.java | 20 +- .../internal/offheap/MemoryAllocator.java | 18 +- .../internal/offheap/MemoryAllocatorImpl.java | 507 ++ .../gemfire/internal/offheap/MemoryBlock.java | 2 +- .../internal/offheap/MemoryBlockNode.java | 26 +- .../gemfire/internal/offheap/MemoryChunk.java | 47 - .../offheap/MemoryChunkWithRefCount.java | 34 - .../gemfire/internal/offheap/ObjectChunk.java | 737 --- .../internal/offheap/ObjectChunkSlice.java | 44 - .../offheap/ObjectChunkWithHeapForm.java | 40 - .../offheap/OffHeapCachedDeserializable.java | 142 - .../gemfire/internal/offheap/OffHeapHelper.java | 24 +- .../internal/offheap/OffHeapMemoryStats.java | 8 +- .../offheap/OffHeapRegionEntryHelper.java | 28 +- .../internal/offheap/OffHeapStorage.java | 67 +- .../internal/offheap/OffHeapStoredObject.java | 718 +++ .../OffHeapStoredObjectAddressStack.java | 141 + .../offheap/OffHeapStoredObjectSlice.java | 44 + .../OffHeapStoredObjectWithHeapForm.java | 41 + .../internal/offheap/RefCountChangeInfo.java | 2 +- .../internal/offheap/ReferenceCountHelper.java | 4 +- .../offheap/SimpleMemoryAllocatorImpl.java | 511 -- .../gemstone/gemfire/internal/offheap/Slab.java | 39 + .../gemfire/internal/offheap/SlabFactory.java | 27 + .../gemfire/internal/offheap/SlabImpl.java | 61 + .../gemfire/internal/offheap/StoredObject.java | 117 +- .../internal/offheap/SyncChunkStack.java | 141 - .../internal/offheap/TinyStoredObject.java | 229 + .../internal/offheap/UnsafeMemoryChunk.java | 217 - .../internal/tcp/ByteBufferInputStream.java | 74 +- .../tcp/ImmutableByteBufferInputStream.java | 4 +- .../gemfire/internal/util/BlobHelper.java | 4 +- .../internal/util/doc-files/call-stack.fig | 34 - .../internal/util/doc-files/class-loaders.fig | 49 - .../internal/beans/MemberMBeanBridge.java | 2 +- .../management/internal/cli/shell/Gfsh.java | 2 +- .../gemfire/pdx/internal/PdxInputStream.java | 4 +- .../gemstone/gemfire/pdx/internal/PdxType.java | 2 +- .../security/GemFireSecurityException.java | 112 +- .../security/NotAuthorizedException.java | 118 +- .../javadoc-images/BucketAdvisor-state.png | Bin 0 -> 39148 bytes .../javadoc-images/ConnectionManagerImpl.dia | Bin 0 -> 2034 bytes .../javadoc-images/ConnectionManagerImpl.png | Bin 0 -> 11825 bytes .../javadoc-images/QueueManagerImpl.dia | Bin 0 -> 2180 bytes .../javadoc-images/QueueManagerImpl.png | Bin 0 -> 15075 bytes .../javadoc-images/class-hierarchy.fig | 224 + .../javadoc-images/class-hierarchy.gif | Bin 0 -> 11971 bytes .../javadoc-images/client_static_diagram.png | Bin 0 -> 29430 bytes .../data-serialization-exceptions.fig | 135 + .../data-serialization-exceptions.gif | Bin 0 -> 3666 bytes .../javadoc-images/distribution-managers.fig | 76 + .../javadoc-images/distribution-managers.gif | Bin 0 -> 3267 bytes .../src/main/resources/javadoc-images/elder.fig | 84 + .../src/main/resources/javadoc-images/elder.jpg | Bin 0 -> 55182 bytes .../javadoc-images/entry-life-cycle.fig | 64 + .../javadoc-images/entry-life-cycle.gif | Bin 0 -> 3357 bytes .../resources/javadoc-images/eventmatrix.xls | Bin 0 -> 24576 bytes .../resources/javadoc-images/example-cache.xml | 98 + .../javadoc-images/example-client-cache.xml | 46 + .../resources/javadoc-images/example2-cache.xml | 63 + .../resources/javadoc-images/example3-cache.xml | 60 + .../javadoc-images/extensible-hashing.fig | 159 + .../javadoc-images/extensible-hashing.gif | Bin 0 -> 6605 bytes .../resources/javadoc-images/health-classes.gif | Bin 0 -> 8973 bytes .../javadoc-images/jcache-get-flow.fig | 349 ++ .../javadoc-images/jcache-get-flow.pdf | Bin 0 -> 7519 bytes .../javadoc-images/jcache-put-flow.fig | 359 ++ .../javadoc-images/jcache-put-flow.pdf | Bin 0 -> 7667 bytes .../jcache-update-message-flow.fig | 334 + .../jcache-update-message-flow.pdf | Bin 0 -> 5937 bytes .../javadoc-images/merge-log-files.fig | 153 + .../javadoc-images/merge-log-files.gif | Bin 0 -> 2646 bytes .../javadoc-images/partitioned-regions.fig | 255 + .../javadoc-images/partitioned-regions.gif | Bin 0 -> 9273 bytes .../src/main/resources/javadoc-images/turks.fig | 128 + .../src/main/resources/javadoc-images/turks.jpg | Bin 0 -> 79859 bytes .../gemfire/SystemFailureJUnitTest.java | 5 +- .../cache/ConnectionPoolAutoDUnitTest.java | 54 + .../gemfire/cache/ConnectionPoolDUnitTest.java | 5880 ++++++++++++++++++ .../CacheServerSSLConnectionDUnitTest.java | 124 +- .../internal/index/IndexElemArrayJUnitTest.java | 66 +- .../gemfire/cache30/CacheXml80DUnitTest.java | 2 + .../cache30/ClientMembershipDUnitTest.java | 213 +- .../gemfire/cache30/ClientServerTestCase.java | 12 +- .../DistributedMulticastRegionDUnitTest.java | 12 +- .../gemfire/cache30/MultiVMRegionTestCase.java | 36 +- .../gemfire/distributed/LauncherTestSuite.java | 2 +- .../MockServerLauncherCacheProvider.java | 42 + .../ServerLauncherWithProviderJUnitTest.java | 92 + .../ServerLauncherWithSpringJUnitTest.java | 99 - .../internal/DistributionAdvisorDUnitTest.java | 3 +- .../gms/fd/GMSHealthMonitorJUnitTest.java | 20 +- .../gms/membership/GMSJoinLeaveJUnitTest.java | 14 +- .../gms/membership/GMSJoinLeaveTestHelper.java | 24 + .../TcpServerBackwardCompatDUnitTest.java | 97 +- .../disttx/DistTXManagerImplJUnitTest.java | 6 + .../internal/SSLConfigIntegrationJUnitTest.java | 2 +- .../gemfire/internal/SSLConfigJUnitTest.java | 73 +- .../AbstractDistributedRegionJUnitTest.java | 166 + .../internal/cache/BucketRegionJUnitTest.java | 186 +- .../cache/ChunkValueWrapperJUnitTest.java | 188 - .../cache/ClientServerGetAllDUnitTest.java | 4 +- .../cache/ClientServerTransactionDUnitTest.java | 58 +- .../cache/DistributedRegionJUnitTest.java | 101 + .../gemfire/internal/cache/OffHeapTestUtil.java | 8 +- .../cache/OffHeapValueWrapperJUnitTest.java | 188 + .../cache/OldValueImporterTestBase.java | 40 +- .../internal/cache/TXManagerImplJUnitTest.java | 11 + .../FetchEntriesMessageJUnitTest.java | 93 + .../sockets/DurableClientBug39997DUnitTest.java | 6 + .../cache/tier/sockets/MessageJUnitTest.java | 1 - .../cache/wan/AsyncEventQueueTestBase.java | 86 +- .../asyncqueue/AsyncEventListenerDUnitTest.java | 21 +- .../offheap/ByteArrayMemoryChunkJUnitTest.java | 30 - .../offheap/DataAsAddressJUnitTest.java | 368 -- .../DirectByteBufferMemoryChunkJUnitTest.java | 33 - .../internal/offheap/FragmentJUnitTest.java | 22 +- .../internal/offheap/FreeListManagerTest.java | 448 +- .../offheap/FreeListOffHeapRegionJUnitTest.java | 2 +- .../HeapByteBufferMemoryChunkJUnitTest.java | 33 - .../offheap/LifecycleListenerJUnitTest.java | 50 +- ...moryAllocatorFillPatternIntegrationTest.java | 246 + .../MemoryAllocatorFillPatternJUnitTest.java | 183 + .../offheap/MemoryAllocatorJUnitTest.java | 594 ++ .../offheap/MemoryBlockNodeJUnitTest.java | 54 +- .../offheap/MemoryChunkJUnitTestBase.java | 290 - .../internal/offheap/MemoryChunkTestSuite.java | 32 - .../offheap/NullOffHeapMemoryStats.java | 8 +- .../internal/offheap/ObjectChunkJUnitTest.java | 902 --- .../offheap/ObjectChunkSliceJUnitTest.java | 72 - .../ObjectChunkWithHeapFormJUnitTest.java | 64 - .../offheap/OffHeapHelperJUnitTest.java | 21 +- .../internal/offheap/OffHeapIndexJUnitTest.java | 2 +- .../internal/offheap/OffHeapRegionBase.java | 22 +- .../OffHeapRegionEntryHelperJUnitTest.java | 94 +- .../offheap/OffHeapStorageJUnitTest.java | 36 +- ...ffHeapStoredObjectAddressStackJUnitTest.java | 290 + .../offheap/OffHeapStoredObjectJUnitTest.java | 867 +++ .../OffHeapStoredObjectSliceJUnitTest.java | 72 + ...ffHeapStoredObjectWithHeapFormJUnitTest.java | 64 + .../offheap/OffHeapValidationJUnitTest.java | 10 +- .../OffHeapWriteObjectAsByteArrayJUnitTest.java | 18 +- .../OldFreeListOffHeapRegionJUnitTest.java | 2 +- .../offheap/OutOfOffHeapMemoryDUnitTest.java | 2 +- ...moryAllocatorFillPatternIntegrationTest.java | 246 - ...mpleMemoryAllocatorFillPatternJUnitTest.java | 183 - .../offheap/SimpleMemoryAllocatorJUnitTest.java | 631 -- .../internal/offheap/StoredObjectTestSuite.java | 8 +- .../offheap/SyncChunkStackJUnitTest.java | 289 - .../offheap/TinyMemoryBlockJUnitTest.java | 244 + .../offheap/TinyStoredObjectJUnitTest.java | 353 ++ .../TxReleasesOffHeapOnCloseJUnitTest.java | 2 +- .../offheap/UnsafeMemoryChunkJUnitTest.java | 87 - .../internal/process/PidFileJUnitTest.java | 4 +- .../management/OffHeapManagementDUnitTest.java | 54 +- ...ersalMembershipListenerAdapterDUnitTest.java | 85 +- .../OffHeapByteBufferByteSourceJUnitTest.java | 10 +- .../gemfire/pdx/OffHeapByteSourceJUnitTest.java | 16 +- .../gemfire/pdx/PdxClientServerDUnitTest.java | 46 +- .../security/ClientAuthenticationDUnitTest.java | 7 +- .../security/ClientAuthorizationDUnitTest.java | 40 +- .../security/ClientAuthorizationTestBase.java | 56 +- .../security/ClientMultiUserAuthzDUnitTest.java | 5 +- .../DeltaClientAuthorizationDUnitTest.java | 5 +- .../DeltaClientPostAuthorizationDUnitTest.java | 5 +- .../security/GemFireSecurityExceptionTest.java | 167 + .../security/NotAuthorizedExceptionTest.java | 198 + .../security/P2PAuthenticationDUnitTest.java | 11 +- .../gemfire/security/SecurityTestUtil.java | 44 + .../generator/AuthzCredentialGenerator.java | 446 ++ .../security/generator/CredentialGenerator.java | 332 + .../DummyAuthzCredentialGenerator.java | 129 + .../generator/DummyCredentialGenerator.java | 89 + .../generator/LdapUserCredentialGenerator.java | 163 + .../generator/PKCSCredentialGenerator.java | 115 + .../generator/SSLCredentialGenerator.java | 121 + .../UserPasswordWithExtraPropsAuthInit.java | 69 + .../generator/XmlAuthzCredentialGenerator.java | 257 + .../security/templates/DummyAuthenticator.java | 75 + .../security/templates/DummyAuthorization.java | 122 + .../templates/FunctionSecurityPrmsHolder.java | 50 + .../templates/LdapUserAuthenticator.java | 106 + .../security/templates/PKCSAuthInit.java | 119 + .../security/templates/PKCSAuthenticator.java | 157 + .../security/templates/PKCSPrincipal.java | 40 + .../security/templates/PKCSPrincipalTest.java | 48 + .../templates/UserPasswordAuthInit.java | 75 + .../security/templates/UsernamePrincipal.java | 44 + .../templates/UsernamePrincipalTest.java | 48 + .../security/templates/XmlAuthorization.java | 614 ++ .../security/templates/XmlErrorHandler.java | 74 + .../gemfire/test/dunit/DistributedTestCase.java | 5 +- .../test/dunit/DistributedTestUtils.java | 1 + .../gemfire/test/dunit/NamedCallable.java | 41 + .../gemfire/test/dunit/NamedRunnable.java | 41 + .../com/gemstone/gemfire/test/dunit/VM.java | 61 + .../dunit/rules/DistributedDisconnectRule.java | 44 +- .../rules/DistributedExternalResource.java | 27 +- .../DistributedRestoreSystemProperties.java | 5 +- .../gemfire/test/dunit/rules/RemoteInvoker.java | 10 +- .../test/dunit/tests/BasicDUnitTest.java | 66 + .../com/gemstone/gemfire/test/fake/Fakes.java | 5 +- .../java/security/AuthzCredentialGenerator.java | 462 -- .../test/java/security/CredentialGenerator.java | 343 - .../security/DummyAuthzCredentialGenerator.java | 145 - .../java/security/DummyCredentialGenerator.java | 94 - .../security/LdapUserCredentialGenerator.java | 160 - .../java/security/PKCSCredentialGenerator.java | 112 - .../java/security/SSLCredentialGenerator.java | 117 - .../UserPasswordWithExtraPropsAuthInit.java | 77 - .../security/XmlAuthzCredentialGenerator.java | 264 - .../templates/security/DummyAuthenticator.java | 87 - .../templates/security/DummyAuthorization.java | 118 - .../security/FunctionSecurityPrmsHolder.java | 55 - .../security/LdapUserAuthenticator.java | 117 - .../java/templates/security/PKCSAuthInit.java | 133 - .../templates/security/PKCSAuthenticator.java | 167 - .../java/templates/security/PKCSPrincipal.java | 42 - .../security/UserPasswordAuthInit.java | 84 - .../templates/security/UsernamePrincipal.java | 46 - .../templates/security/XmlAuthorization.java | 675 -- .../templates/security/XmlErrorHandler.java | 82 - ...fire.distributed.ServerLauncherCacheProvider | 1 + .../gemfire/codeAnalysis/excludedClasses.txt | 1 + .../sanctionedDataSerializables.txt | 6 +- .../codeAnalysis/sanctionedSerializables.txt | 10 +- .../gemfire/security/generator/authz-dummy.xml | 124 + .../gemfire/security/generator/authz-ldap.xml | 83 + .../generator/authz-multiUser-dummy.xml | 104 + .../security/generator/authz-multiUser-ldap.xml | 81 + .../security/generator/keys/gemfire1.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire10.keystore | Bin 0 -> 1546 bytes .../security/generator/keys/gemfire11.keystore | Bin 0 -> 1546 bytes .../security/generator/keys/gemfire2.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire3.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire4.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire5.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire6.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire7.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire8.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire9.keystore | Bin 0 -> 1536 bytes .../generator/keys/ibm/gemfire1.keystore | Bin 0 -> 1426 bytes .../generator/keys/ibm/gemfire10.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire11.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire2.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire3.keystore | Bin 0 -> 1426 bytes .../generator/keys/ibm/gemfire4.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire5.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire6.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire7.keystore | Bin 0 -> 1426 bytes .../generator/keys/ibm/gemfire8.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire9.keystore | Bin 0 -> 1426 bytes .../security/generator/keys/ibm/publickeyfile | Bin 0 -> 4535 bytes .../security/generator/keys/publickeyfile | Bin 0 -> 4535 bytes .../gemfire/security/templates/authz5_5.dtd | 105 + .../gemfire/security/templates/authz6_0.dtd | 110 + .../src/test/resources/lib/authz-dummy.xml | 126 - .../src/test/resources/lib/authz-ldap.xml | 85 - .../resources/lib/authz-multiUser-dummy.xml | 106 - .../test/resources/lib/authz-multiUser-ldap.xml | 83 - .../test/resources/lib/keys/gemfire1.keystore | Bin 1536 -> 0 bytes .../test/resources/lib/keys/gemfire10.keystore | Bin 1546 -> 0 bytes .../test/resources/lib/keys/gemfire11.keystore | Bin 1546 -> 0 bytes .../test/resources/lib/keys/gemfire2.keystore | Bin 1536 -> 0 bytes .../test/resources/lib/keys/gemfire3.keystore | Bin 1536 -> 0 bytes .../test/resources/lib/keys/gemfire4.keystore | Bin 1536 -> 0 bytes .../test/resources/lib/keys/gemfire5.keystore | Bin 1536 -> 0 bytes .../test/resources/lib/keys/gemfire6.keystore | Bin 1536 -> 0 bytes .../test/resources/lib/keys/gemfire7.keystore | Bin 1536 -> 0 bytes .../test/resources/lib/keys/gemfire8.keystore | Bin 1536 -> 0 bytes .../test/resources/lib/keys/gemfire9.keystore | Bin 1536 -> 0 bytes .../resources/lib/keys/ibm/gemfire1.keystore | Bin 1426 -> 0 bytes .../resources/lib/keys/ibm/gemfire10.keystore | Bin 1434 -> 0 bytes .../resources/lib/keys/ibm/gemfire11.keystore | Bin 1434 -> 0 bytes .../resources/lib/keys/ibm/gemfire2.keystore | Bin 1434 -> 0 bytes .../resources/lib/keys/ibm/gemfire3.keystore | Bin 1426 -> 0 bytes .../resources/lib/keys/ibm/gemfire4.keystore | Bin 1434 -> 0 bytes .../resources/lib/keys/ibm/gemfire5.keystore | Bin 1434 -> 0 bytes .../resources/lib/keys/ibm/gemfire6.keystore | Bin 1434 -> 0 bytes .../resources/lib/keys/ibm/gemfire7.keystore | Bin 1426 -> 0 bytes .../resources/lib/keys/ibm/gemfire8.keystore | Bin 1434 -> 0 bytes .../resources/lib/keys/ibm/gemfire9.keystore | Bin 1426 -> 0 bytes .../test/resources/lib/keys/ibm/publickeyfile | Bin 4535 -> 0 bytes .../src/test/resources/lib/keys/publickeyfile | Bin 4535 -> 0 bytes .../resources/spring/spring-gemfire-context.xml | 42 - .../resources/templates/security/authz5_5.dtd | 105 - .../resources/templates/security/authz6_0.dtd | 110 - .../internal/cache/PutAllCSDUnitTest.java | 225 +- .../tier/sockets/DurableClientTestCase.java | 9 +- .../security/ClientAuthzObjectModDUnitTest.java | 16 +- .../ClientCQPostAuthorizationDUnitTest.java | 5 +- .../ClientPostAuthorizationDUnitTest.java | 4 +- .../gemfire/security/MultiuserAPIDUnitTest.java | 6 +- .../MultiuserDurableCQAuthzDUnitTest.java | 7 +- geode-junit/build.gradle | 1 + .../gemfire/test/junit/ConditionalIgnore.java | 1 - .../gemfire/test/junit/IgnoreCondition.java | 1 - .../gemfire/test/junit/IgnoreUntil.java | 1 - .../com/gemstone/gemfire/test/junit/Repeat.java | 3 +- .../com/gemstone/gemfire/test/junit/Retry.java | 4 +- .../test/junit/categories/ContainerTest.java | 3 +- .../test/junit/categories/DistributedTest.java | 3 +- .../categories/DistributedTransactionsTest.java | 3 +- .../test/junit/categories/HydraTest.java | 3 +- .../test/junit/categories/IntegrationTest.java | 3 +- .../test/junit/categories/PerformanceTest.java | 3 +- .../gemfire/test/junit/categories/UITest.java | 3 +- .../gemfire/test/junit/categories/UnitTest.java | 13 +- .../gemfire/test/junit/categories/WanTest.java | 5 +- .../test/junit/rules/ConditionalIgnoreRule.java | 1 - .../test/junit/rules/ExpectedTimeout.java | 180 - .../test/junit/rules/ExpectedTimeoutRule.java | 42 +- .../test/junit/rules/IgnoreUntilRule.java | 1 - .../gemfire/test/junit/rules/RepeatRule.java | 3 +- .../gemfire/test/junit/rules/RetryRule.java | 1 - .../gemfire/test/junit/rules/RuleList.java | 95 + .../rules/SerializableExternalResource.java | 107 - .../test/junit/rules/SerializableRuleChain.java | 119 - .../rules/SerializableTemporaryFolder.java | 70 - .../test/junit/rules/SerializableTestName.java | 54 - .../test/junit/rules/SerializableTestRule.java | 33 - .../junit/rules/SerializableTestWatcher.java | 29 - .../test/junit/rules/SerializableTimeout.java | 119 - .../serializable/FieldSerializationUtils.java | 48 + .../serializable/FieldsOfTemporaryFolder.java | 26 + .../rules/serializable/FieldsOfTestName.java | 24 + .../rules/serializable/FieldsOfTimeout.java | 26 + .../SerializableExternalResource.java | 25 + .../serializable/SerializableRuleList.java | 78 + .../SerializableTemporaryFolder.java | 70 + .../serializable/SerializableTestName.java | 65 + .../serializable/SerializableTestRule.java | 28 + .../serializable/SerializableTestWatcher.java | 26 + .../rules/serializable/SerializableTimeout.java | 104 + .../junit/support/DefaultIgnoreCondition.java | 3 +- .../IgnoreConditionEvaluationException.java | 1 - .../junit/rules/ExpectedTimeoutJUnitTest.java | 204 - .../junit/rules/ExpectedTimeoutRuleTest.java | 246 + .../test/junit/rules/IgnoreUntilRuleTest.java | 145 + .../test/junit/rules/RepeatRuleTest.java | 411 ++ .../rules/RetryRuleGlobalWithErrorTest.java | 326 + .../rules/RetryRuleGlobalWithExceptionTest.java | 332 + .../rules/RetryRuleLocalWithErrorTest.java | 265 + .../rules/RetryRuleLocalWithExceptionTest.java | 276 + .../gemfire/test/junit/rules/RuleListTest.java | 209 + .../gemfire/test/junit/rules/TestRunner.java | 35 + .../examples/RepeatingTestCasesExampleTest.java | 15 +- .../rules/examples/RetryRuleExampleTest.java | 20 +- .../rules/examples/RuleAndClassRuleTest.java | 147 + .../SerializableExternalResourceTest.java | 79 + .../serializable/SerializableRuleListTest.java | 89 + .../SerializableTemporaryFolderTest.java | 90 + .../serializable/SerializableTestNameTest.java | 84 + .../SerializableTestWatcherTest.java | 79 + .../serializable/SerializableTimeoutTest.java | 106 + .../rules/tests/ExpectedTimeoutRuleTest.java | 214 - .../junit/rules/tests/IgnoreUntilRuleTest.java | 121 - .../junit/rules/tests/JUnitRuleTestSuite.java | 33 - .../test/junit/rules/tests/RepeatRuleTest.java | 304 - .../tests/RetryRuleGlobalWithErrorTest.java | 250 - .../tests/RetryRuleGlobalWithExceptionTest.java | 254 - .../tests/RetryRuleLocalWithErrorTest.java | 207 - .../tests/RetryRuleLocalWithExceptionTest.java | 213 - .../junit/rules/tests/RuleAndClassRuleTest.java | 138 - .../test/junit/rules/tests/TestRunner.java | 37 - .../internal/distributed/LuceneFunction.java | 3 +- geode-pulse/build.gradle | 12 + .../pulse/internal/data/JMXDataUpdater.java | 85 +- .../service/ClusterSelectedRegionService.java | 8 +- .../ClusterSelectedRegionsMemberService.java | 8 +- geode-rebalancer/build.gradle | 1 + geode-site/website/README.md | 2 +- geode-site/website/Rules | 3 - geode-site/website/content/community/index.html | 2 +- geode-site/website/content/docs/index.html | 48 + geode-site/website/layouts/default.html | 32 - geode-site/website/layouts/footer.html | 2 +- geode-site/website/layouts/header.html | 2 +- .../wan/GatewaySenderEventRemoteDispatcher.java | 44 +- .../gemfire/internal/cache/wan/WANTestBase.java | 26 +- .../cache/wan/misc/WANSSLDUnitTest.java | 2 + ...arallelGatewaySenderOperationsDUnitTest.java | 35 + geode-web-api/build.gradle | 7 + .../controllers/FunctionAccessController.java | 195 +- .../rest/internal/web/util/ArrayUtils.java | 12 +- geode-web/build.gradle | 7 + gradle/dependency-versions.properties | 4 +- gradle/java.gradle | 9 - gradle/rat.gradle | 1 + gradle/test.gradle | 4 + 545 files changed, 30213 insertions(+), 25049 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java ---------------------------------------------------------------------- diff --cc geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java index 0000000,b8f2e50..d9aa391 mode 000000,100755..100755 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java @@@ -1,0 -1,614 +1,614 @@@ + /* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package com.gemstone.gemfire.security.templates; + + import java.io.IOException; + import java.io.InputStream; + import java.security.Principal; + import java.util.ArrayList; + import java.util.HashMap; + import java.util.HashSet; + import java.util.Map; + import java.util.Set; + import java.util.regex.Matcher; + import java.util.regex.Pattern; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + + import com.gemstone.gemfire.LogWriter; + import com.gemstone.gemfire.cache.Cache; + import com.gemstone.gemfire.cache.operations.ExecuteFunctionOperationContext; + import com.gemstone.gemfire.cache.operations.OperationContext; + import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; + import com.gemstone.gemfire.cache.operations.QueryOperationContext; + import com.gemstone.gemfire.distributed.DistributedMember; + import com.gemstone.gemfire.security.AccessControl; + import com.gemstone.gemfire.security.NotAuthorizedException; + import org.w3c.dom.Attr; + import org.w3c.dom.Document; + import org.w3c.dom.NamedNodeMap; + import org.w3c.dom.Node; + import org.w3c.dom.NodeList; + import org.xml.sax.EntityResolver; + import org.xml.sax.InputSource; + import org.xml.sax.SAXException; + import org.xml.sax.SAXParseException; + + /** + * An implementation of the {@link AccessControl} interface that allows + * authorization using the permissions as specified in the given XML + * file. + * + * The format of the XML file is specified in <a href="authz5_5.dtd"/>. It + * implements a role-based authorization at the operation level for each region. + * Each principal name may be associated with a set of roles. The name of the + * principal is obtained using the {@link Principal#getName()} method and no other + * information of the principal is utilized. Each role can be provided + * permissions to execute operations for each region. + * + * The top-level element in the XML is "acl" tag that contains the "role" and + * "permission" tags. The "role" tag contains the list of users that have been + * given that role. The name of the role is specified in the "role" attribute + * and the users are contained in the "user" tags insided the "role" tag. + * + * The "permissions" tag contains the list of operations allowed for a + * particular region. The role name is specified as the "role" attribute, the + * list of comma separated region names as the optional "regions" attribute and + * the operation names are contained in the "operation" tags inside the + * "permissions" tag. The allowed operation names are: GET, PUT, PUTALL, + * DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST, CONTAINS_KEY, KEY_SET, + * QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR, REGION_CREATE, + * REGION_DESTROY. These correspond to the operations in the + * {@link OperationCode} enumeration with the same name. + * + * When no region name is specified then the operation is allowed for all + * regions in the cache. Any permissions specified for regions using the + * "regions" attribute override these permissions. This allows users to provide + * generic permissions without any region name, and override for specific + * regions specified using the "regions" attribute. A cache-level operation + * (e.g. {@link OperationCode#REGION_DESTROY}) specified for a particular region + * is ignored i.e. the cache-level operations are only applicable when no region + * name is specified. A {@link OperationCode#QUERY} operation is permitted when + * either the {@code QUERY} permission is provided at the cache-level for + * the user or when {@code QUERY} permission is provided for all the + * regions that are part of the query string. + * + * Any roles specified in the "user" tag that do not have a specified permission + * set using the "permission" tags are ignored. When no {@link Principal} is + * associated with the current connection, then empty user name is used to + * search for the roles so an empty user name can be used to specify roles of + * unauthenticated clients (i.e. {@code Everyone}). + * + * This sample implementation is useful only for pre-operation checks and should + * not be used for post-operation authorization since it does nothing useful for + * post-operation case. + * + * @since 5.5 + */ + public class XmlAuthorization implements AccessControl { + + public static final String DOC_URI_PROP_NAME = "security-authz-xml-uri"; + + private static final Object sync = new Object(); + private static final String EMPTY_VALUE = ""; + + private static final String TAG_ROLE = "role"; + private static final String TAG_USER = "user"; + private static final String TAG_PERMS = "permission"; + private static final String TAG_OP = "operation"; + + private static final String ATTR_ROLENAME = "name"; + private static final String ATTR_ROLE = "role"; + private static final String ATTR_REGIONS = "regions"; + private static final String ATTR_FUNCTION_IDS = "functionIds"; + private static final String ATTR_FUNCTION_OPTIMIZE_FOR_WRITE = "optimizeForWrite"; + private static final String ATTR_FUNCTION_KEY_SET = "keySet"; + + private static String currentDocUri = null; + private static Map<String, HashSet<String>> userRoles = null; + private static Map<String, Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>>> rolePermissions = null; + private static NotAuthorizedException xmlLoadFailure = null; + + private final Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> allowedOps; + + protected LogWriter systemLogWriter; + protected LogWriter securityLogWriter; + + /** + * Public static factory method to create an instance of + * {@code XmlAuthorization}. The fully qualified name of the class + * ({@code com.gemstone.gemfire.security.templates.XmlAuthorization.create}) + * should be mentioned as the {@code security-client-accessor} system + * property to enable pre-operation authorization checks as implemented in + * this class. + * + * @return an object of {@code XmlAuthorization} class + */ + public static AccessControl create() { + return new XmlAuthorization(); + } + + /** + * Clear all the statically cached information. + */ + public static void clear() { + XmlAuthorization.currentDocUri = null; + if (XmlAuthorization.userRoles != null) { + XmlAuthorization.userRoles.clear(); + XmlAuthorization.userRoles = null; + } + if (XmlAuthorization.rolePermissions != null) { + XmlAuthorization.rolePermissions.clear(); + XmlAuthorization.rolePermissions = null; + } + XmlAuthorization.xmlLoadFailure = null; + } + + /** + * Change the region name to a standard format having single '/' as separator + * and starting with a '/' as in standard POSIX paths + */ + public static String normalizeRegionName(final String regionName) { + if (regionName == null || regionName.length() == 0) { + return EMPTY_VALUE; + } + + char[] resultName = new char[regionName.length() + 1]; + boolean changed = false; + boolean isPrevCharSlash = false; + int startIndex; + + if (regionName.charAt(0) != '/') { + changed = true; + startIndex = 0; + } else { + isPrevCharSlash = true; + startIndex = 1; + } + + resultName[0] = '/'; + int resultLength = 1; + + // Replace all more than one '/'s with a single '/' + for (int index = startIndex; index < regionName.length(); ++index) { + char currChar = regionName.charAt(index); + if (currChar == '/') { + if (isPrevCharSlash) { + changed = true; + continue; + } + isPrevCharSlash = true; + } else { + isPrevCharSlash = false; + } + resultName[resultLength++] = currChar; + } + + // Remove any trailing slash + if (resultName[resultLength - 1] == '/') { + --resultLength; + changed = true; + } + + if (changed) { + return new String(resultName, 0, resultLength); + } else { + return regionName; + } + } + + private XmlAuthorization() { + this.allowedOps = new HashMap<String, Map<OperationCode, FunctionSecurityPrmsHolder>>(); + this.systemLogWriter = null; + this.securityLogWriter = null; + } + + /** + * Initialize the {@code XmlAuthorization} callback for a client having + * the given principal. + * + * This method caches the full XML authorization file the first time it is + * invoked and caches all the permissions for the provided + * {@code principal} to speed up lookup the + * {@code authorizeOperation} calls. The permissions for the principal + * are maintained as a {@link Map} of region name to the {@link HashSet} of + * operations allowed for that region. A global entry with region name as + * empty string is also made for permissions provided for all the regions. + * + * @param principal + * the principal associated with the authenticated client + * @param cache + * reference to the cache object + * @param remoteMember + * the {@link DistributedMember} object for the remote authenticated + * client + * + * @throws NotAuthorizedException + * if some exception condition happens during the initialization + * while reading the XML; in such a case all subsequent client + * operations will throw {@code NotAuthorizedException} + */ + @Override + public void init(final Principal principal, final DistributedMember remoteMember, final Cache cache) throws NotAuthorizedException { + synchronized (sync) { + XmlAuthorization.init(cache); + } + + this.systemLogWriter = cache.getLogger(); + this.securityLogWriter = cache.getSecurityLogger(); + + String name; + if (principal != null) { + name = principal.getName(); + } else { + name = EMPTY_VALUE; + } + + HashSet<String> roles = XmlAuthorization.userRoles.get(name); + if (roles != null) { + for (String roleName : roles) { + Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionOperationMap = XmlAuthorization.rolePermissions.get(roleName); + if (regionOperationMap != null) { + for (Map.Entry<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionEntry : regionOperationMap.entrySet()) { + String regionName = regionEntry.getKey(); + Map<OperationCode, FunctionSecurityPrmsHolder> regionOperations = this.allowedOps.get(regionName); + if (regionOperations == null) { + regionOperations = new HashMap<OperationCode, FunctionSecurityPrmsHolder>(); + this.allowedOps.put(regionName, regionOperations); + } + regionOperations.putAll(regionEntry.getValue()); + } + } + } + } + } + + /** + * Return true if the given operation is allowed for the cache/region. + * + * This looks up the cached permissions of the principal in the map for the + * provided region name. If none are found then the global permissions with + * empty region name are looked up. The operation is allowed if it is found + * this permission list. + * + * @param regionName + * When null then it indicates a cache-level operation, else the + * name of the region for the operation. + * @param context + * the data required by the operation + * + * @return true if the operation is authorized and false otherwise + */ + @Override + public boolean authorizeOperation(String regionName, final OperationContext context) { + Map<OperationCode, FunctionSecurityPrmsHolder> operationMap; + + // Check GET permissions for updates from server to client + if (context.isClientUpdate()) { + operationMap = this.allowedOps.get(regionName); + if (operationMap == null && regionName.length() > 0) { + operationMap = this.allowedOps.get(EMPTY_VALUE); + } + if (operationMap != null) { + return operationMap.containsKey(OperationCode.GET); + } + return false; + } + + OperationCode opCode = context.getOperationCode(); + if (opCode.isQuery() || opCode.isExecuteCQ() || opCode.isCloseCQ() || opCode.isStopCQ()) { + // First check if cache-level permission has been provided + operationMap = this.allowedOps.get(EMPTY_VALUE); + boolean globalPermission = (operationMap != null && operationMap .containsKey(opCode)); + Set<String> regionNames = ((QueryOperationContext)context) .getRegionNames(); + if (regionNames == null || regionNames.size() == 0) { + return globalPermission; + } + + for (String r : regionNames) { + regionName = normalizeRegionName(r); + operationMap = this.allowedOps.get(regionName); + if (operationMap == null) { + if (!globalPermission) { + return false; + } + } else if (!operationMap.containsKey(opCode)) { + return false; + } + } + return true; + } + + final String normalizedRegionName = normalizeRegionName(regionName); + operationMap = this.allowedOps.get(normalizedRegionName); + if (operationMap == null && normalizedRegionName.length() > 0) { + operationMap = this.allowedOps.get(EMPTY_VALUE); + } + if (operationMap != null) { + if (context.getOperationCode() != OperationCode.EXECUTE_FUNCTION) { + return operationMap.containsKey(context.getOperationCode()); + + } else { + if (!operationMap.containsKey(context.getOperationCode())) { + return false; + + } else { + if (!context.isPostOperation()) { + FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode()); + ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext) context; + // OnRegion execution + if (functionContext.getRegionName() != null) { + if (functionParameter.isOptimizeForWrite() != null && functionParameter.isOptimizeForWrite().booleanValue() != functionContext.isOptimizeForWrite()) { + return false; + } + if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains( functionContext.getFunctionId())) { + return false; + } + if (functionParameter.getKeySet() != null && functionContext.getKeySet() != null) { + if (functionContext.getKeySet().containsAll( functionParameter.getKeySet())) { + return false; + } + } + return true; + + } else {// On Server execution + if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains(functionContext.getFunctionId())) { + return false; + } + return true; + } + + } else { + ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext)context; + FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode()); + if (functionContext.getRegionName() != null) { + if (functionContext.getResult() instanceof ArrayList && functionParameter.getKeySet() != null) { + ArrayList<String> resultList = (ArrayList)functionContext.getResult(); + Set<String> nonAllowedKeys = functionParameter.getKeySet(); + if (resultList.containsAll(nonAllowedKeys)) { + return false; + } + } + return true; + + } else { + ArrayList<String> resultList = (ArrayList)functionContext.getResult(); + final String inSecureItem = "Insecure item"; + if (resultList.contains(inSecureItem)) { + return false; + } + return true; + } + } + } + } + } + return false; + } + + /** + * Clears the cached information for this principal. + */ + @Override + public void close() { + this.allowedOps.clear(); + } + + /** Get the attribute value for a given attribute name of a node. */ + private static String getAttributeValue(final Node node, final String attrName) { + NamedNodeMap attrMap = node.getAttributes(); + Node attrNode; + if (attrMap != null && (attrNode = attrMap.getNamedItem(attrName)) != null) { + return ((Attr)attrNode).getValue(); + } + return EMPTY_VALUE; + } + + /** Get the string contained in the first text child of the node. */ + private static String getNodeValue(final Node node) { + NodeList childNodes = node.getChildNodes(); + for (int index = 0; index < childNodes.getLength(); index++) { + Node childNode = childNodes.item(index); + if (childNode.getNodeType() == Node.TEXT_NODE) { + return childNode.getNodeValue(); + } + } + return EMPTY_VALUE; + } + + /** + * Cache authorization information for all users statically. This method is + * not thread-safe and is should either be invoked only once, or the caller + * should take the appropriate locks. + * + * @param cache reference to the cache object for the distributed system + */ + private static void init(final Cache cache) throws NotAuthorizedException { + final LogWriter systemLogWriter = cache.getLogger(); + final String xmlDocumentUri = (String)cache.getDistributedSystem().getSecurityProperties().get(DOC_URI_PROP_NAME); + + try { + if (xmlDocumentUri == null) { + throw new NotAuthorizedException("No ACL file defined using tag [" + DOC_URI_PROP_NAME + "] in system properties"); + } + if (xmlDocumentUri.equals(XmlAuthorization.currentDocUri)) { + if (XmlAuthorization.xmlLoadFailure != null) { + throw XmlAuthorization.xmlLoadFailure; + } + return; + } + + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setIgnoringComments(true); + factory.setIgnoringElementContentWhitespace(true); + factory.setValidating(true); + + final DocumentBuilder builder = factory.newDocumentBuilder(); + final XmlErrorHandler errorHandler = new XmlErrorHandler(systemLogWriter, xmlDocumentUri); + builder.setErrorHandler(errorHandler); + builder.setEntityResolver(new AuthzDtdResolver()); + + final Document xmlDocument = builder.parse(xmlDocumentUri); + + XmlAuthorization.userRoles = new HashMap<String, HashSet<String>>(); + XmlAuthorization.rolePermissions = new HashMap<String, Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>>>(); + + final NodeList roleUserNodes = xmlDocument.getElementsByTagName(TAG_ROLE); + + for (int roleIndex = 0; roleIndex < roleUserNodes.getLength(); roleIndex++) { + final Node roleUserNode = roleUserNodes.item(roleIndex); + final String roleName = getAttributeValue(roleUserNode, ATTR_ROLENAME); + final NodeList userNodes = roleUserNode.getChildNodes(); + + for (int userIndex = 0; userIndex < userNodes.getLength(); userIndex++) { + final Node userNode = userNodes.item(userIndex); + + if (userNode.getNodeName() == TAG_USER) { + final String userName = getNodeValue(userNode); + HashSet<String> userRoleSet = XmlAuthorization.userRoles.get(userName); + if (userRoleSet == null) { + userRoleSet = new HashSet<String>(); + XmlAuthorization.userRoles.put(userName, userRoleSet); + } + userRoleSet.add(roleName); + + } else { + throw new SAXParseException("Unknown tag [" + userNode.getNodeName() + "] as child of tag [" + TAG_ROLE + ']', null); + } + } + } + + final NodeList rolePermissionNodes = xmlDocument.getElementsByTagName(TAG_PERMS); + + for (int permIndex = 0; permIndex < rolePermissionNodes.getLength(); permIndex++) { + final Node rolePermissionNode = rolePermissionNodes.item(permIndex); + final String roleName = getAttributeValue(rolePermissionNode, ATTR_ROLE); + Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionOperationMap = XmlAuthorization.rolePermissions.get(roleName); + + if (regionOperationMap == null) { + regionOperationMap = new HashMap<String, Map<OperationCode, FunctionSecurityPrmsHolder>>(); + XmlAuthorization.rolePermissions.put(roleName, regionOperationMap); + } + + final NodeList operationNodes = rolePermissionNode.getChildNodes(); + final HashMap<OperationCode, FunctionSecurityPrmsHolder> operationMap = new HashMap<OperationCode, FunctionSecurityPrmsHolder>(); + + for (int opIndex = 0; opIndex < operationNodes.getLength(); opIndex++) { + final Node operationNode = operationNodes.item(opIndex); + + if (operationNode.getNodeName() == TAG_OP) { + final String operationName = getNodeValue(operationNode); - final OperationCode code = OperationCode.parse(operationName); ++ final OperationCode code = OperationCode.valueOf(operationName); + + if (code == null) { + throw new SAXParseException("Unknown operation [" + operationName + ']', null); + } + + if (code != OperationCode.EXECUTE_FUNCTION) { + operationMap.put(code, null); + + } else { + final String optimizeForWrite = getAttributeValue(operationNode, ATTR_FUNCTION_OPTIMIZE_FOR_WRITE); + final String functionAttr = getAttributeValue(operationNode, ATTR_FUNCTION_IDS); + final String keysAttr = getAttributeValue(operationNode, ATTR_FUNCTION_KEY_SET); + + Boolean isOptimizeForWrite; + HashSet<String> functionIds; + HashSet<String> keySet; + + if (optimizeForWrite == null || optimizeForWrite.length() == 0) { + isOptimizeForWrite = null; + } else { + isOptimizeForWrite = Boolean.parseBoolean(optimizeForWrite); + } + + if (functionAttr == null || functionAttr.length() == 0) { + functionIds = null; + } else { + final String[] functionArray = functionAttr.split(","); + functionIds = new HashSet<String>(); + for (int strIndex = 0; strIndex < functionArray.length; ++strIndex) { + functionIds.add((functionArray[strIndex])); + } + } + + if (keysAttr == null || keysAttr.length() == 0) { + keySet = null; + } else { + final String[] keySetArray = keysAttr.split(","); + keySet = new HashSet<String>(); + for (int strIndex = 0; strIndex < keySetArray.length; ++strIndex) { + keySet.add((keySetArray[strIndex])); + } + } + + final FunctionSecurityPrmsHolder functionContext = new FunctionSecurityPrmsHolder(isOptimizeForWrite, functionIds, keySet); + operationMap.put(code, functionContext); + } + + } else { + throw new SAXParseException("Unknown tag [" + operationNode.getNodeName() + "] as child of tag [" + TAG_PERMS + ']', null); + } + } + + final String regionNames = getAttributeValue(rolePermissionNode, ATTR_REGIONS); + if (regionNames == null || regionNames.length() == 0) { + regionOperationMap.put(EMPTY_VALUE, operationMap); + } else { + final String[] regionNamesSplit = regionNames.split(","); + for (int strIndex = 0; strIndex < regionNamesSplit.length; ++strIndex) { + regionOperationMap.put(normalizeRegionName(regionNamesSplit[strIndex]), operationMap); + } + } + } + XmlAuthorization.currentDocUri = xmlDocumentUri; + + } catch (Exception ex) { + String message; + if (ex instanceof NotAuthorizedException) { + message = ex.getMessage(); + } + else { + message = ex.getClass().getName() + ": " + ex.getMessage(); + } + systemLogWriter.warning("XmlAuthorization.init: " + message); + XmlAuthorization.xmlLoadFailure = new NotAuthorizedException(message, ex); + throw XmlAuthorization.xmlLoadFailure; + } + } + + private static class AuthzDtdResolver implements EntityResolver { + final Pattern authzPattern = Pattern.compile("authz.*\\.dtd"); + + @Override + public InputSource resolveEntity(final String publicId, final String systemId) throws SAXException, IOException { + try { + final Matcher matcher = authzPattern.matcher(systemId); + if (matcher.find()) { + final String dtdName = matcher.group(0); + final InputStream stream = XmlAuthorization.class.getResourceAsStream(dtdName); + return new InputSource(stream); + } + + } catch(Exception e) { + //do nothing, use the default resolver + } + + return null; + } + } + } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/da7a76de/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java ----------------------------------------------------------------------
