[19/50] [abbrv] incubator-geode git commit: GEODE-1571: simplify security check

Mon, 22 Aug 2016 09:40:19 -0700 

GEODE-1571: simplify security check


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/e72831ec
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/e72831ec
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/e72831ec

Branch: refs/heads/master
Commit: e72831ecb25259ed6ec3879f555c1dc8b872264f
Parents: d200d70
Author: Jinmei Liao <[email protected]>
Authored: Thu Jul 14 22:41:58 2016 -0700
Committer: Jinmei Liao <[email protected]>
Committed: Mon Jul 18 10:04:44 2016 -0700

----------------------------------------------------------------------
 .../cache/tier/sockets/AcceptorImpl.java        |  4 +-
 .../internal/cache/tier/sockets/HandShake.java  |  6 +--
 .../internal/security/GeodeSecurityUtil.java    | 45 ++++++++++----------
 3 files changed, 27 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/e72831ec/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
 
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
index e93faf8..43f90d5 100644
--- 
a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
+++ 
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
@@ -638,9 +638,9 @@ public class AcceptorImpl extends Acceptor implements 
Runnable
       this.hsPool = tmp_hsPool;
     }
 
-    isAuthenticationRequired = 
GeodeSecurityUtil.isSecurityRequired(this.cache.getDistributedSystem().getSecurityProperties());
+    isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired();
 
-    isIntegratedSecurity = 
GeodeSecurityUtil.isIntegratedSecurity(this.cache.getDistributedSystem().getSecurityProperties());
+    isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity();
 
     String postAuthzFactoryName = this.cache.getDistributedSystem()
         .getProperties().getProperty(SECURITY_CLIENT_ACCESSOR_PP);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/e72831ec/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
 
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
index c8aeacc..2dcf8e7 100755
--- 
a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
+++ 
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
@@ -899,7 +899,7 @@ public class HandShake implements ClientHandShake
       throws GemFireSecurityException, IOException {
 
     Properties credentials = null;
-    boolean requireAuthentication = 
GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties());
+    boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired();
     try {
       byte secureMode = dis.readByte();
       if (secureMode == CREDENTIALS_NONE) {
@@ -1161,7 +1161,7 @@ public class HandShake implements ClientHandShake
     // non-blank setting for DH symmetric algo, or this is a server
     // that has authenticator defined.
     if ((dhSKAlgo != null && dhSKAlgo.length() > 0)
-        || GeodeSecurityUtil.isSecurityRequired(config.getSecurityProps())) {
+        || GeodeSecurityUtil.isSecurityRequired()) {
       KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
       DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL);
       keyGen.initialize(dhSpec);
@@ -1632,7 +1632,7 @@ public class HandShake implements ClientHandShake
       DataOutputStream dos, DistributedSystem system)
       throws GemFireSecurityException, IOException {
 
-    boolean requireAuthentication = 
GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties());
+    boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired();
     Properties credentials = null;
     try {
       byte secureMode = dis.readByte();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/e72831ec/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git 
a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
 
b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 2962240..9455166 100644
--- 
a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ 
b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -36,7 +36,6 @@ import org.apache.geode.security.SecurityManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.ShiroException;
-import org.apache.shiro.UnavailableSecurityManagerException;
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.config.Ini.Section;
 import org.apache.shiro.config.IniSecurityManagerFactory;
@@ -67,7 +66,7 @@ public class GeodeSecurityUtil {
    * @return the shiro subject, null if security is not enabled
    */
   public static Subject getSubject() {
-    if (!isSecured()) {
+    if (!isIntegratedSecure) {
       return null;
     }
 
@@ -104,7 +103,7 @@ public class GeodeSecurityUtil {
    * @return null if security is not enabled, otherwise return a shiro subject
    */
   public static Subject login(String username, String password) {
-    if (!isSecured()) {
+    if (!isIntegratedSecure) {
       return null;
     }
 
@@ -271,18 +270,10 @@ public class GeodeSecurityUtil {
     }
   }
 
-  private static boolean isSecured() {
-    try {
-      SecurityUtils.getSecurityManager();
-    }
-    catch (UnavailableSecurityManagerException e) {
-      return false;
-    }
-    return true;
-  }
-
   private static PostProcessor postProcessor;
   private static SecurityManager securityManager;
+  private static boolean isSecure;
+  private static boolean isIntegratedSecure;
 
   /**
    * initialize Shiro's Security Manager and Security Utilities
@@ -295,6 +286,7 @@ public class GeodeSecurityUtil {
 
     String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
     String securityConfig = securityProps.getProperty(SECURITY_MANAGER);
+    String clientAuthenticatorConfig = 
securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
 
     if (!StringUtils.isBlank(shiroConfig)) {
       IniSecurityManagerFactory factory = new 
IniSecurityManagerFactory("classpath:" + shiroConfig);
@@ -308,8 +300,9 @@ public class GeodeSecurityUtil {
 
       org.apache.shiro.mgt.SecurityManager securityManager = 
factory.getInstance();
       SecurityUtils.setSecurityManager(securityManager);
+      isSecure = true;
+      isIntegratedSecure = true;
     }
-
     // only set up shiro realm if user has implemented SecurityManager
     else if (!StringUtils.isBlank(securityConfig)) {
       securityManager = getObjectOfTypeFromClassName(securityConfig, 
SecurityManager.class);
@@ -317,9 +310,17 @@ public class GeodeSecurityUtil {
       Realm realm = new CustomAuthRealm(securityManager);
       org.apache.shiro.mgt.SecurityManager shiroManager = new 
DefaultSecurityManager(realm);
       SecurityUtils.setSecurityManager(shiroManager);
+      isSecure = true;
+      isIntegratedSecure = true;
+    }
+    else if( !StringUtils.isBlank(clientAuthenticatorConfig)) {
+      isSecure = true;
+      isIntegratedSecure = false;
     }
     else {
       SecurityUtils.setSecurityManager(null);
+      isSecure = false;
+      isIntegratedSecure = false;
     }
 
     // this initializes the post processor
@@ -344,6 +345,8 @@ public class GeodeSecurityUtil {
       postProcessor = null;
     }
     ThreadContext.remove();
+    isSecure = false;
+    isIntegratedSecure = false;
   }
 
   /**
@@ -351,8 +354,7 @@ public class GeodeSecurityUtil {
    * But if your postProcess is pretty involved with preparations and you need 
to bypass it entirely, call this first.
    */
   public static boolean needPostProcess(){
-    Subject subject = getSubject();
-    return (subject != null && postProcessor != null);
+    return (isIntegratedSecure && postProcessor != null);
   }
 
   public static Object postProcess(String regionPath, Object key, Object 
result){
@@ -444,15 +446,12 @@ public class GeodeSecurityUtil {
   }
 
 
-  public static boolean isSecurityRequired(Properties securityProps){
-    String authenticator = 
securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
-    String securityManager = securityProps.getProperty(SECURITY_MANAGER);
-    return !StringUtils.isEmpty(authenticator) || 
!StringUtils.isEmpty(securityManager);
+  public static boolean isSecurityRequired(){
+    return isSecure;
   }
 
-  public static boolean isIntegratedSecurity(Properties securityProps){
-    String securityManager = securityProps.getProperty(SECURITY_MANAGER);
-    return !StringUtils.isEmpty(securityManager);
+  public static boolean isIntegratedSecurity(){
+    return isIntegratedSecure;
   }
 
 }

Reply via email to