Repository: incubator-geode Updated Branches: refs/heads/feature/GEODE-17-2 d7612d1d1 -> 0efc8d843
GEODE-17: integrated security for Pulse. Now different user will have a different cluster updator. Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/0efc8d84 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/0efc8d84 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/0efc8d84 Branch: refs/heads/feature/GEODE-17-2 Commit: 0efc8d843767f2b1feaaf1ee5f6afdb255a2664f Parents: d7612d1 Author: Jinmei Liao <[email protected]> Authored: Tue Mar 29 12:51:39 2016 -0700 Committer: Jinmei Liao <[email protected]> Committed: Tue Mar 29 12:51:39 2016 -0700 ---------------------------------------------------------------------- .../tools/pulse/internal/PulseAppListener.java | 2 +- .../tools/pulse/internal/data/Cluster.java | 7 ++-- .../pulse/internal/data/JMXDataUpdater.java | 8 ++--- .../tools/pulse/internal/data/Repository.java | 35 ++++++++++++++++---- .../security/GemFireAuthenticationProvider.java | 2 +- .../tools/pulse/tests/PulseAbstractTest.java | 10 ++---- .../tools/pulse/tests/PulseAuthTest.java | 2 +- .../tools/pulse/tests/PulseAutomatedTest.java | 2 +- .../tools/pulse/tests/PulseNoAuthTest.java | 2 +- .../gemfire/tools/pulse/tests/Server.java | 3 +- geode-pulse/src/test/resources/pulse-auth.json | 5 +-- 11 files changed, 47 insertions(+), 31 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java index 1732005..82e0cb8 100644 --- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java +++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/PulseAppListener.java @@ -198,7 +198,7 @@ public class PulseAppListener implements ServletContextListener { useGemFireCredentials = areWeUsingGemFireSecurityProfile(event); } - + // Set user details in repository repository.setJmxUserName(jmxUserName); repository.setJmxUserPassword(jmxUserPassword); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java index 49ec7b3..905010d 100644 --- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java +++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Cluster.java @@ -27,6 +27,7 @@ import com.vmware.gemfire.tools.pulse.internal.log.PulseLogWriter; import com.vmware.gemfire.tools.pulse.internal.util.StringUtils; import org.apache.commons.collections.buffer.CircularFifoBuffer; +import javax.management.remote.JMXConnector; import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -53,8 +54,6 @@ import java.util.Set; import java.util.TimeZone; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.atomic.AtomicInteger; - -import javax.management.remote.JMXConnector; /** * Class Cluster This class is the Data Model for the data used for the Pulse * Web UI. @@ -2901,9 +2900,9 @@ public class Cluster extends Thread { return this.getDataBrowser().deleteQueryById(userId, queryId); } - public JMXConnector connectToGemFire(String user, String password) { + public JMXConnector connectToGemFire() { if(this.updater instanceof JMXDataUpdater) { - return ((JMXDataUpdater) this.updater).getJMXConnection(user, password, false); + return ((JMXDataUpdater) this.updater).getJMXConnection(false); } else { return null; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java index 87b6e9c..d49a193 100644 --- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java +++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/JMXDataUpdater.java @@ -204,18 +204,16 @@ public class JMXDataUpdater implements IClusterUpdater, NotificationListener { * @return */ public JMXConnector getJMXConnection() { - return getJMXConnection(this.userName, this.userPassword, true); + return getJMXConnection(true); } /** * Get connection for given userName and password. This is used for DataBrowser * queries which has to be fired using credentials provided at pulse login page * - * @param user jmxUser name - * @param password password * @return */ - public JMXConnector getJMXConnection(String user, String password, final boolean registerURL) { + public JMXConnector getJMXConnection(final boolean registerURL) { JMXConnector connection = null; // Reference to repository Repository repository = Repository.get(); @@ -267,7 +265,7 @@ public class JMXDataUpdater implements IClusterUpdater, NotificationListener { if (StringUtils.isNotNullNotEmptyNotWhiteSpace(jmxSerURL)) { JMXServiceURL url = new JMXServiceURL(jmxSerURL); - String[] creds = { user, password }; + String[] creds = { this.userName, this.userPassword }; Map<String, Object> env = new HashMap<String, Object>(); env.put(JMXConnector.CREDENTIALS, creds); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java index a11167e..0473ad3 100644 --- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java +++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/data/Repository.java @@ -20,6 +20,8 @@ package com.vmware.gemfire.tools.pulse.internal.data; import com.vmware.gemfire.tools.pulse.internal.log.PulseLogWriter; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import java.net.ConnectException; import java.util.HashMap; @@ -149,16 +151,35 @@ public class Repository { } /** - * Convenience method for now, seeing that we're maintaining a 1:1 mapping - * between webapp and cluster + * we're maintaining a 1:1 mapping between webapp and cluster, there is no need for a map of clusters based on the host and port + * We are using this clusterMap to maintain cluster for different users now. + * For a single-user connection to gemfire JMX, we will use the default username/password in the pulse.properties + * (# JMX User Properties ) + * pulse.jmxUserName=admin + * pulse.jmxUserPassword=admin + * + * But for multi-user connections to gemfireJMX, i.e pulse that uses gemfire integrated security, we will need to get the username form the context */ public Cluster getCluster() { - return this.getCluster(getJmxHost(), getJmxPort()); + String username = null; + String password = null; + if(useGemFireCredentials) { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + if(auth!=null) { + username = auth.getName(); + password = (String) auth.getCredentials(); + } + } + else{ + username = this.jmxUserName; + password = this.jmxUserPassword; + } + return this.getCluster(username, password); } - public Cluster getCluster(String host, String port) { + public Cluster getCluster(String username, String password) { synchronized (this.clusterMap) { - String key = this.getClusterKey(host, port); + String key = username; Cluster data = this.clusterMap.get(key); LOGGER = PulseLogWriter.getLogger(); @@ -169,9 +190,9 @@ public class Repository { LOGGER.info(resourceBundle.getString("LOG_MSG_CREATE_NEW_THREAD") + " : " + key); } - data = new Cluster(host, port, this.getJmxUserName(), this.getJmxUserPassword()); + data = new Cluster(this.jmxHost, this.jmxPort, username, password); // Assign name to thread created - data.setName(PulseConstants.APP_NAME + "-" + host + ":" + port); + data.setName(PulseConstants.APP_NAME + "-" + this.jmxHost + ":" + this.jmxPort + ":" + username); // Start Thread data.start(); this.clusterMap.put(key, data); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java index 723f093..548c3a5 100644 --- a/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java +++ b/geode-pulse/src/main/java/com/vmware/gemfire/tools/pulse/internal/security/GemFireAuthenticationProvider.java @@ -58,7 +58,7 @@ public class GemFireAuthenticationProvider implements AuthenticationProvider { try { LOGGER.fine("Connecting to GemFire with user=" + name); - JMXConnector jmxc = Repository.get().getCluster().connectToGemFire(name, password); + JMXConnector jmxc = Repository.get().getCluster(name, password).connectToGemFire(); if (jmxc != null) { Collection<GrantedAuthority> list = GemFireAuthentication.populateAuthorities(jmxc); GemFireAuthentication auth = new GemFireAuthentication(authentication.getPrincipal(), http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java index aa151dd..9a84e87 100644 --- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java +++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java @@ -51,8 +51,6 @@ public abstract class PulseAbstractTest extends PulseBaseTest { private static Server server = null; private static String pulseURL = null; public static WebDriver driver; - private static final String userName = "admin"; - private static final String pasword = "admin"; /* Constants for executing Data Browser queries */ public static final String QUERY_TYPE_ONE = "query1"; @@ -129,9 +127,7 @@ public abstract class PulseAbstractTest extends PulseBaseTest { private static final String MEMBER_DROPDOWN_ID = "Members"; private static final String DATA_DROPDOWN_ID = "Data"; - public static void setUpServer(String jsonAuthFile) throws Exception { - System.setProperty("spring.profiles.active", "pulse.authentication.gemfire"); - + public static void setUpServer(String username, String password, String jsonAuthFile) throws Exception { ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); jmxPropertiesFile = classLoader.getResource("test.properties").getPath(); path = getPulseWarPath(); @@ -155,8 +151,8 @@ public abstract class PulseAbstractTest extends PulseBaseTest { driver.get(pulseURL); WebElement userNameElement = driver.findElement(By.id("user_name")); WebElement passwordElement = driver.findElement(By.id("user_password")); - userNameElement.sendKeys(userName); - passwordElement.sendKeys(pasword); + userNameElement.sendKeys(username); + passwordElement.sendKeys(password); passwordElement.submit(); Thread.sleep(3000); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java index e6bfc1c..65cd47f 100644 --- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java +++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAuthTest.java @@ -28,6 +28,6 @@ public class PulseAuthTest extends PulseAbstractTest { @BeforeClass public static void beforeClassSetup() throws Exception { - setUpServer("/pulse-auth.json"); + setUpServer("pulseUser", "12345", "/pulse-auth.json"); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java index 4e82e6f..e3029dd 100644 --- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java +++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAutomatedTest.java @@ -48,7 +48,7 @@ public class PulseAutomatedTest extends PulseAbstractTest { @BeforeClass public static void beforeClassSetup() throws Exception { - setUpServer("/pulse-auth.json"); + setUpServer("pulseUser", "12345", "/pulse-auth.json"); } @Test http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java index cf08fd7..6ea4655 100644 --- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java +++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseNoAuthTest.java @@ -28,6 +28,6 @@ public class PulseNoAuthTest extends PulseAbstractTest { @BeforeClass public static void beforeClassSetup() throws Exception { - setUpServer(null); + setUpServer("admin", "admin", null); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java index 86504b0..970eb34 100644 --- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java +++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java @@ -43,7 +43,6 @@ import java.net.UnknownHostException; import java.util.HashMap; import java.util.Map; import java.util.Properties; -import java.util.Set; public class Server { private static final String DEFAULT_HOST = "127.0.0.1"; //"localhost" @@ -62,6 +61,7 @@ public class Server { loadMBeans(); if (jsonAuthFile != null) { + System.setProperty("spring.profiles.active", "pulse.authentication.gemfire"); Properties props = new Properties(); props.put(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, JSONAuthorization.class.getName() + ".create"); props.put(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME, JSONAuthorization.class.getName() + ".create"); @@ -73,6 +73,7 @@ public class Server { cs = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs); cs.setMBeanServerForwarder(new MBeanServerWrapper(interceptor)); } else { + System.setProperty("spring.profiles.active", "pulse.authentication.default"); cs = JMXConnectorServerFactory.newJMXConnectorServer(url, null, mbs); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0efc8d84/geode-pulse/src/test/resources/pulse-auth.json ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/resources/pulse-auth.json b/geode-pulse/src/test/resources/pulse-auth.json index 248016f..ab3c342 100644 --- a/geode-pulse/src/test/resources/pulse-auth.json +++ b/geode-pulse/src/test/resources/pulse-auth.json @@ -11,11 +11,12 @@ ], "users": [ { - "name": "admin", - "password": "admin", + "name": "pulseUser", + "password": "12345", "roles": [ "pulse" ] } ] + }
