GEODE-1673: fail start if security.json cannot be found * collapse JSONAuthorization into SampleSecurityManager * update SampleSecurityManager to support file, resource and string json * cleanup security tests * add SecurityTest category to security tests
This closes #212 Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/17ede315 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/17ede315 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/17ede315 Branch: refs/heads/master Commit: 17ede3150f726d0c2ab78d11cde94557ce562953 Parents: 7ca571c Author: Grace Meilen <[email protected]> Authored: Mon Jul 25 11:04:12 2016 -0700 Committer: Kirk Lund <[email protected]> Committed: Mon Jul 25 11:06:23 2016 -0700 ---------------------------------------------------------------------- .../internal/InternalDistributedSystem.java | 2 +- .../gms/mgr/GMSMembershipManager.java | 1 - .../internal/security/GeodeSecurityUtil.java | 58 ++--- .../security/shiro/CustomAuthRealm.java | 17 +- .../apache/geode/security/GeodePermission.java | 58 ++--- .../apache/geode/security/SecurityManager.java | 4 +- .../security/templates/SamplePostProcessor.java | 5 +- .../templates/SampleSecurityManager.java | 261 +++++++++++-------- .../internal/DistributionConfigJUnitTest.java | 7 +- .../security/GeodeSecurityUtilTest.java | 23 +- .../cli/commands/CliCommandTestBase.java | 26 +- .../security/AccessControlMBeanJUnitTest.java | 14 +- ...CacheServerMBeanAuthenticationJUnitTest.java | 7 +- .../CacheServerMBeanAuthorizationJUnitTest.java | 14 +- .../CacheServerMBeanShiroJUnitTest.java | 12 +- .../security/CliCommandsSecurityTest.java | 7 +- .../security/DataCommandsSecurityTest.java | 17 +- .../DiskStoreMXBeanSecurityJUnitTest.java | 14 +- .../GatewayReceiverMBeanSecurityTest.java | 20 +- .../GatewaySenderMBeanSecurityTest.java | 21 +- .../security/GeodePermissionJUnitTest.java | 8 +- .../GeodeSecurityUtilCustomRealmJUnitTest.java | 22 +- .../GeodeSecurityUtilWithIniFileJUnitTest.java | 12 +- .../security/GfshCommandsPostProcessorTest.java | 18 +- .../security/GfshCommandsSecurityTest.java | 18 +- .../JsonAuthorizationCacheStartRule.java | 13 +- .../LockServiceMBeanAuthorizationJUnitTest.java | 20 +- .../security/MBeanSecurityJUnitTest.java | 50 ++-- .../security/MBeanServerConnectionRule.java | 6 +- .../ManagerMBeanAuthorizationJUnitTest.java | 17 +- .../security/MemberMBeanSecurityJUnitTest.java | 14 +- .../internal/security/MultiUserDUnitTest.java | 8 +- .../internal/security/ShiroCacheStartRule.java | 10 +- .../internal/security/TestCommand.java | 5 +- ...ractIntegratedClientAuthDistributedTest.java | 17 +- ...gratedClientGetEntryAuthDistributedTest.java | 1 - ...IntegratedClientSizeAuthDistributedTest.java | 1 - ...edSecurityCacheLifecycleDistributedTest.java | 6 +- ...edSecurityCacheLifecycleIntegrationTest.java | 1 - ...urityNoShowValue1PostProcessorDUnitTest.java | 2 - ...tegratedSecurityPeerAuthDistributedTest.java | 28 +- ...ntegratedSecurityPostProcessorDUnitTest.java | 2 - .../gemfire/security/JSONAuthorization.java | 54 ---- .../security/NoShowValue1PostProcessor.java | 6 +- .../gemfire/security/SecurityTestUtils.java | 2 +- .../templates/SampleSecurityManagerTest.java | 123 +++++++++ .../geode/security/templates/security.json | 30 +++ .../gemfire/tools/pulse/tests/Server.java | 10 +- 48 files changed, 618 insertions(+), 474 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java index 32f1bff..013a72d 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java @@ -2085,7 +2085,7 @@ public class InternalDistributedSystem listener.handleEvent(event, resource); } catch(CancelException e) { //ignore - } catch (ManagementException ex) { + } catch (GemFireSecurityException|ManagementException ex) { if (event == ResourceEvent.CACHE_CREATE) { throw ex; } else { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java index cfd11ed..4ed30a4 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java @@ -2070,7 +2070,6 @@ public class GMSMembershipManager implements MembershipManager, Manager * * Concurrency: protected by {@link #latestViewLock} ReentrantReadWriteLock * - * guarded.By latestViewLock * @return true if the given member is a zombie */ public boolean isShunned(DistributedMember m) { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java index 0d5e701..19f3325 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.internal.security; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; @@ -58,10 +57,17 @@ public class GeodeSecurityUtil { private static Logger logger = LogService.getLogger(); + private static PostProcessor postProcessor; + private static SecurityManager securityManager; + private static boolean isIntegratedSecurity; + private static boolean isClientAuthenticator; + private static boolean isPeerAuthenticator; /** - * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to process operations from the same client. - * then it looks into Shiro's thead context. + * It first looks the shiro subject in AccessControlContext since JMX will + * use multiple threads to process operations from the same client, then it + * looks into Shiro's thead context. + * * @return the shiro subject, null if security is not enabled */ public static Subject getSubject() { @@ -97,8 +103,6 @@ public class GeodeSecurityUtil { } /** - * @param username - * @param password * @return null if security is not enabled, otherwise return a shiro subject */ public static Subject login(String username, String password) { @@ -153,7 +157,9 @@ public class GeodeSecurityUtil { } /** - * this binds the passed-in subject to the executing thread, normally, you would do this: + * this binds the passed-in subject to the executing thread, normally, you + * would do this: + * * ThreadState state = null; * try{ * state = GeodeSecurityUtil.bindSubject(subject); @@ -269,15 +275,8 @@ public class GeodeSecurityUtil { } } - private static PostProcessor postProcessor; - private static SecurityManager securityManager; - private static boolean isIntegratedSecurity; - private static boolean isClientAuthenticator; - private static boolean isPeerAuthenticator; - /** * initialize Shiro's Security Manager and Security Utilities - * @param securityProps */ public static void initSecurity(Properties securityProps) { if (securityProps == null) { @@ -352,8 +351,10 @@ public class GeodeSecurityUtil { } /** - * postProcess call already has this logic built in, you don't need to call this everytime you call postProcess. - * But if your postProcess is pretty involved with preparations and you need to bypass it entirely, call this first. + * postProcess call already has this logic built in, you don't need to call + * this everytime you call postProcess. But if your postProcess is pretty + * involved with preparations and you need to bypass it entirely, call this + * first. */ public static boolean needPostProcess(){ return (isIntegratedSecurity && postProcessor != null); @@ -372,13 +373,9 @@ public class GeodeSecurityUtil { return postProcessor.processRegionValue((Principal)subject.getPrincipal(), regionName, key, result); } - /** - * this method would never return null, it either throws an exception or returns an object - * @param className - * @param expectedClazz - * @param <T> - * @return the expected object loadded by using the className + * this method would never return null, it either throws an exception or + * returns an object */ public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) { Class actualClass = null; @@ -403,11 +400,8 @@ public class GeodeSecurityUtil { } /** - * this method would never return null, it either throws an exception or returns an object - * @param factoryMethodName - * @param expectedClazz - * @param <T> - * @return the expected object loaded by the factory method + * this method would never return null, it either throws an exception or + * returns an object */ public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz){ T actualObject = null; @@ -426,12 +420,11 @@ public class GeodeSecurityUtil { } /** - * this method would never return null, it either throws an exception or returns an object - * @param classOrMethod - * @param expectedClazz - * @param <T> - * @return an object of type expectedClazz. This method would never return null. It either returns an non-null - * object or throws exception. + * this method would never return null, it either throws an exception or + * returns an object + * + * @return an object of type expectedClazz. This method would never return + * null. It either returns an non-null object or throws exception. */ public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) { T object = null; @@ -448,7 +441,6 @@ public class GeodeSecurityUtil { return securityManager; } - public static boolean isClientSecurityRequired() { return isClientAuthenticator || isIntegratedSecurity; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java index db07fe0..c890dc9 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java @@ -34,18 +34,31 @@ import org.apache.shiro.subject.PrincipalCollection; import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import com.gemstone.gemfire.management.internal.security.ResourceConstants; -public class CustomAuthRealm extends AuthorizingRealm{ +public class CustomAuthRealm extends AuthorizingRealm { private static final String REALM_NAME = "CUSTOMAUTHREALM"; private SecurityManager securityManager = null; + /** + * The caller must invoke {@link org.apache.geode.security.SecurityManager#init(Properties)} + * prior to instantiating CustomAuthRealm. + * + * @param securityManager instance of SecurityManager which has already been initialized + */ public CustomAuthRealm(SecurityManager securityManager) { this.securityManager = securityManager; } - public CustomAuthRealm (String authenticatorFactory) { + /** + * SecurityManager will be constructed and initialized with the provided security properties. + * + * @param authenticatorFactory name of the SecurityManager implementation to construct + * @param securityProperties the security properties to initialize SecurityManager with + */ + public CustomAuthRealm(String authenticatorFactory, Properties securityProperties) { this.securityManager = GeodeSecurityUtil.getObjectOfTypeFromClassName(authenticatorFactory, SecurityManager.class); + this.securityManager.init(securityProperties); } @Override http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java index 9f0ce2d..21cec6b 100644 --- a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java +++ b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.apache.geode.security; import org.apache.shiro.authz.permission.WildcardPermission; @@ -42,35 +41,6 @@ public class GeodePermission extends WildcardPermission { READ } - /** - * Returns - * @return the resource, could be either DATA or CLUSTER - */ - public Resource getResource() { - return resource; - } - - /** - * @return the operation, could be either MANAGE, WRITE or READ - */ - public Operation getOperation() { - return operation; - } - - /** - * @return the regionName, could be "*", meaning all regions - */ - public String getRegionName() { - return regionName; - } - - /** - * @return the key, could be "*" meaning all keys. - */ - public String getKey() { - return key; - } - // these default values are used when creating a lock around an operation private Resource resource = Resource.NULL; private Operation operation = Operation.NULL; @@ -113,6 +83,34 @@ public class GeodePermission extends WildcardPermission { setParts(this.resource+":"+this.operation+":"+this.regionName+":"+this.key, true); } + /** + * Returns the resource, could be either DATA or CLUSTER + */ + public Resource getResource() { + return resource; + } + + /** + * Returns the operation, could be either MANAGE, WRITE or READ + */ + public Operation getOperation() { + return operation; + } + + /** + * returns the regionName, could be "*", meaning all regions + */ + public String getRegionName() { + return regionName; + } + + /** + * returns the key, could be "*" meaning all keys. + */ + public String getKey() { + return key; + } + @Override public String toString() { if (ALL_REGIONS.equals(regionName)) { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java index 269ed43..51a6879 100644 --- a/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java +++ b/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java @@ -43,13 +43,13 @@ public interface SecurityManager { /** * Verify the credentials provided in the properties - * @param props + * @param credentials * it contains the security-username and security-password as keys of the properties * @return * the authenticated Principal object * @throws AuthenticationFailedException */ - Principal authenticate(Properties props) throws AuthenticationFailedException; + Principal authenticate(Properties credentials) throws AuthenticationFailedException; /** * Authorize the GeodePermission for a given Principal http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java index 5eca744..ce87bf8 100644 --- a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java +++ b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.apache.geode.security.templates; import java.security.Principal; @@ -29,11 +28,11 @@ public class SamplePostProcessor implements PostProcessor{ @Override public void init(final Properties securityProps) { - } /** - * this simply modifies the value with all the parameter values + * This simply modifies the value with all the parameter values + * * @param principal * The principal that's accessing the value * @param regionName http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java index dd49f11..97ebe4f 100644 --- a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java +++ b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java @@ -16,6 +16,8 @@ */ package org.apache.geode.security.templates; +import java.io.File; +import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; @@ -45,19 +47,24 @@ import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.NotAuthorizedException; /** - * This class provides a sample implementation for authentication and authorization via the {@link SecurityManager} + * This class provides a sample implementation of {@link SecurityManager} for + * authentication and authorization initialized from data provided as JSON. * - * In order to use it, a Geode member must be started with the following properties: - * <p/> - * <code> - * security-manager = com.gemstone.gemfire.security.examples.SampleSecurityManager - * </code> - * <p/> - * The class is initialized with a JSON file called {@code security.json}. This file must exist on the classpath, + * <p>A Geode member must be configured with the following: + * + * <p>{@code security-manager = com.gemstone.gemfire.security.examples.SampleSecurityManager} + * + * <p>The class can be initialized with from either a JSON string or a JSON + * file + * + * <p>TODO: example of configuring from in-memory JSON string specified in securityProperties + * + * <p>TODO: example of configuring from a JSON file specified in securityProperties<br/> + * ...called {@code security.json}. This file must exist on the classpath, * so members should be started with an appropriate {@code --classpath} option. - * <p/> - * The format of the file is as follows: - * <pre> + * + * <p>The format of the JSON for configuration is as follows: + * <pre><code> * { * "roles": [ * { @@ -74,11 +81,11 @@ import com.gemstone.gemfire.security.NotAuthorizedException; * ], * "regions": ["RegionA", "RegionB"] * } - * ] + * ], * "users": [ * { * "name": "admin", - * "password": "secret". + * "password": "secret", * "roles": ["admin"] * }, * { @@ -88,105 +95,177 @@ import com.gemstone.gemfire.security.NotAuthorizedException; * } * ] * } - * </pre> + * </code></pre> */ public class SampleSecurityManager implements SecurityManager { - public SampleSecurityManager() { - try { - setUpWithJsonFile("security.json"); + public static final String SECURITY_JSON = "security-json"; + + protected static final String DEFAULT_JSON_FILE_NAME = "security.json"; + + private Map<String, User> userNameToUser; + + @Override + public boolean authorize(final Principal principal, final GeodePermission context) { + if (principal == null) return false; + + User user = this.userNameToUser.get(principal.getName()); + if (user == null) return false; // this user is not authorized to do anything + + // check if the user has this permission defined in the context + for (Role role : this.userNameToUser.get(user.name).roles) { + for (Permission permitted : role.permissions) { + if (permitted.implies(context)) { + return true; + } + } } - catch (IOException e) { - e.printStackTrace(); + + return false; + } + + @Override + public void init(final Properties securityProperties) throws NotAuthorizedException { + String jsonPropertyValue = securityProperties.getProperty(SECURITY_JSON); + if (jsonPropertyValue == null) { + throw new AuthenticationFailedException("SampleSecurityManager: property [" + SECURITY_JSON + "] must be set."); + } + + // 1st try to load value as a json resource + boolean initialized = initializeFromJsonResource(jsonPropertyValue); + + // 2nd try to load value as a json file + if (!initialized) { + initialized = initializeFromJsonFile(new File(jsonPropertyValue)); + } + + // 3rd try to use value as a json string + if (!initialized) { + initialized = initializeFromJson(jsonPropertyValue); + } + + if (!initialized) { + throw new AuthenticationFailedException("SampleSecurityManager: unable to read json from \"" + jsonPropertyValue + "\" as specified by [" + SECURITY_JSON + "]."); } } - public static class Role { - List<GeodePermission> permissions = new ArrayList<>(); - String name; - String serverGroup; + @Override + public Principal authenticate(final Properties credentials) throws AuthenticationFailedException { + String user = credentials.getProperty(ResourceConstants.USER_NAME); + String password = credentials.getProperty(ResourceConstants.PASSWORD); + + User userObj = this.userNameToUser.get(user); + if (userObj == null) { + throw new AuthenticationFailedException("SampleSecurityManager: wrong username/password"); + } + + if (user != null && !userObj.password.equals(password) && !"".equals(user)) { + throw new AuthenticationFailedException("SampleSecurityManager: wrong username/password"); + } + + return new JMXPrincipal(user); } - public static class User { - String name; - Set<Role> roles = new HashSet<>(); - String pwd; + boolean initializeFromJson(final String json) {//throws IOException { + try { + ObjectMapper mapper = new ObjectMapper(); + JsonNode jsonNode = mapper.readTree(json); + this.userNameToUser = new HashMap<>(); + Map<String, Role> roleMap = readRoles(jsonNode); + readUsers(this.userNameToUser, jsonNode, roleMap); + return true; + } catch (IOException ex) { + return false; + } } - private static Map<String, User> acl = null; + boolean initializeFromJsonFile(final File jsonFile) {//throws IOException { + try { + InputStream input = new FileInputStream(jsonFile); + if (input != null) { + initializeFromJson(readJsonFromInputStream(input)); + return true; + } + } catch (IOException ex) { + } + return false; + } + boolean initializeFromJsonResource(final String jsonResource) {//throws IOException { + try { + InputStream input = ClassLoader.getSystemResourceAsStream(jsonResource); + if (input != null) { + initializeFromJson(readJsonFromInputStream(input)); + return true; + } + } catch (IOException ex) { + } + return false; + } - public static void setUpWithJsonFile(String jsonFileName) throws IOException { - InputStream input = ClassLoader.getSystemResourceAsStream(jsonFileName); - if (input == null) - return; + User getUser(final String user) { + return this.userNameToUser.get(user); + } + private String readJsonFromInputStream(final InputStream input) throws IOException { StringWriter writer = new StringWriter(); IOUtils.copy(input, writer, "UTF-8"); - String json = writer.toString(); - readSecurityDescriptor(json); + return writer.toString(); } - protected static void readSecurityDescriptor(String json) throws IOException { - ObjectMapper mapper = new ObjectMapper(); - JsonNode jsonNode = mapper.readTree(json); - acl = new HashMap<>(); - Map<String, Role> roleMap = readRoles(jsonNode); - readUsers(acl, jsonNode, roleMap); - } - - private static void readUsers(Map<String, User> acl, JsonNode node, Map<String, Role> roleMap) { - for (JsonNode u : node.get("users")) { + private void readUsers(final Map<String, User> rolesToUsers, final JsonNode node, final Map<String, Role> roleMap) { + for (JsonNode usersNode : node.get("users")) { User user = new User(); - user.name = u.get("name").asText(); + user.name = usersNode.get("name").asText(); - if (u.has("password")) { - user.pwd = u.get("password").asText(); + if (usersNode.has("password")) { + user.password = usersNode.get("password").asText(); } else { - user.pwd = user.name; + user.password = user.name; } - for (JsonNode r : u.get("roles")) { - user.roles.add(roleMap.get(r.asText())); + for (JsonNode rolesNode : usersNode.get("roles")) { + user.roles.add(roleMap.get(rolesNode.asText())); } - acl.put(user.name, user); + rolesToUsers.put(user.name, user); } } - private static Map<String, Role> readRoles(JsonNode jsonNode) { + private Map<String, Role> readRoles(final JsonNode jsonNode) { if (jsonNode.get("roles") == null) { return Collections.EMPTY_MAP; } - Map<String, Role> roleMap = new HashMap<>(); - for (JsonNode r : jsonNode.get("roles")) { + for (JsonNode rolesNode : jsonNode.get("roles")) { Role role = new Role(); - role.name = r.get("name").asText(); + role.name = rolesNode.get("name").asText(); String regionNames = null; String keys = null; - JsonNode regions = r.get("regions"); - if (regions != null) { - if (regions.isArray()) { - regionNames = StreamSupport.stream(regions.spliterator(), false) - .map(JsonNode::asText) - .collect(Collectors.joining(",")); + JsonNode regionsNode = rolesNode.get("regions"); + if (regionsNode != null) { + if (regionsNode.isArray()) { + regionNames = StreamSupport.stream(regionsNode.spliterator(), false) + .map(JsonNode::asText) + .collect(Collectors.joining(",")); } else { - regionNames = regions.asText(); + regionNames = regionsNode.asText(); } } - for (JsonNode op : r.get("operationsAllowed")) { - String[] parts = op.asText().split(":"); + for (JsonNode operationsAllowedNode : rolesNode.get("operationsAllowed")) { + String[] parts = operationsAllowedNode.asText().split(":"); String resourcePart = (parts.length > 0) ? parts[0] : null; String operationPart = (parts.length > 1) ? parts[1] : null; - if(parts.length>2){ + + if (parts.length>2){ regionNames = parts[2]; } - if(parts.length>3){ + if (parts.length>3){ keys = parts[3]; } + String regionPart = (regionNames != null) ? regionNames : "*"; String keyPart = (keys !=null) ? keys : "*"; @@ -195,54 +274,24 @@ public class SampleSecurityManager implements SecurityManager { roleMap.put(role.name, role); - if (r.has("serverGroup")) { - role.serverGroup = r.get("serverGroup").asText(); + if (rolesNode.has("serverGroup")) { + role.serverGroup = rolesNode.get("serverGroup").asText(); } } return roleMap; } - public static Map<String, User> getAcl() { - return acl; - } - @Override - public boolean authorize(Principal principal, GeodePermission context) { - if (principal == null) return false; - - User user = acl.get(principal.getName()); - if (user == null) return false; // this user is not authorized to do anything - - // check if the user has this permission defined in the context - for (Role role : acl.get(user.name).roles) { - for (Permission permitted : role.permissions) { - if (permitted.implies(context)) { - return true; - } - } - } - - return false; + static class Role { + List<GeodePermission> permissions = new ArrayList<>(); + String name; + String serverGroup; } - @Override - public void init(Properties props) throws NotAuthorizedException { + static class User { + String name; + Set<Role> roles = new HashSet<>(); + String password; } - @Override - public Principal authenticate(Properties props) throws AuthenticationFailedException { - String user = props.getProperty(ResourceConstants.USER_NAME); - String pwd = props.getProperty(ResourceConstants.PASSWORD); - - User userObj = acl.get(user); - if (userObj == null) { - throw new AuthenticationFailedException("Wrong username/password"); - } - - if (user != null && !userObj.pwd.equals(pwd) && !"".equals(user)) { - throw new AuthenticationFailedException("Wrong username/password"); - } - - return new JMXPrincipal(user); - } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java index c4b3a4d..36783ed 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java @@ -31,6 +31,7 @@ import java.util.Map; import java.util.Properties; import org.apache.geode.security.templates.SamplePostProcessor; +import org.apache.geode.security.templates.SampleSecurityManager; import org.junit.Before; import org.junit.Test; import org.junit.experimental.categories.Category; @@ -38,7 +39,6 @@ import org.junit.experimental.categories.Category; import com.gemstone.gemfire.InternalGemFireException; import com.gemstone.gemfire.UnmodifiableException; import com.gemstone.gemfire.internal.ConfigSource; -import com.gemstone.gemfire.security.JSONAuthorization; import com.gemstone.gemfire.test.junit.categories.UnitTest; @Category(UnitTest.class) @@ -326,11 +326,10 @@ public class DistributionConfigJUnitTest { assertTrue(config.isAttributeModifiable(JMX_MANAGER_HTTP_PORT)); } - @Test public void testSecurityProps(){ Properties props = new Properties(); - props.put(SECURITY_MANAGER, JSONAuthorization.class.getName()); + props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName()); props.put(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName()); props.put(SECURITY_LOG_LEVEL, "config"); // add another non-security property to verify it won't get put in the security properties @@ -343,7 +342,7 @@ public class DistributionConfigJUnitTest { @Test public void testSecurityPropsWithNoSetter(){ Properties props = new Properties(); - props.put(SECURITY_MANAGER, JSONAuthorization.class.getName()); + props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName()); props.put(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName()); props.put(SECURITY_LOG_LEVEL, "config"); // add another non-security property to verify it won't get put in the security properties http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java index 272b04f..bdd1ec6 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java @@ -16,13 +16,13 @@ */ package com.gemstone.gemfire.internal.security; - import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; import static org.assertj.core.api.Java6Assertions.*; import static org.junit.Assert.*; import java.util.Properties; +import org.apache.geode.security.templates.SampleSecurityManager; import org.junit.Before; import org.junit.Test; import org.junit.experimental.categories.Category; @@ -32,15 +32,17 @@ import com.gemstone.gemfire.test.junit.categories.UnitTest; @Category(UnitTest.class) public class GeodeSecurityUtilTest { - Properties properties; + + private Properties properties; + @Before - public void before(){ + public void before() { properties = new Properties(); GeodeSecurityUtil.initSecurity(properties); } @Test - public void testGetObjectFromConstructor(){ + public void testGetObjectFromConstructor() { String string = GeodeSecurityUtil.getObjectOfType(String.class.getName(), String.class); assertNotNull(string); CharSequence charSequence = GeodeSecurityUtil.getObjectOfType(String.class.getName(), CharSequence.class); @@ -58,7 +60,7 @@ public class GeodeSecurityUtilTest { } @Test - public void testGetObjectFromFactoryMethod(){ + public void testGetObjectFromFactoryMethod() { String string = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class); assertNotNull(string); CharSequence charSequence = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class); @@ -82,6 +84,7 @@ public class GeodeSecurityUtilTest { @Test public void testInitWithSecurityManager() { properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager"); + properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json"); GeodeSecurityUtil.initSecurity(properties); assertTrue(GeodeSecurityUtil.isClientSecurityRequired()); assertTrue(GeodeSecurityUtil.isIntegratedSecurity()); @@ -89,8 +92,7 @@ public class GeodeSecurityUtilTest { } @Test - public void testInitWithClientAuthenticator() - { + public void testInitWithClientAuthenticator() { properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test"); GeodeSecurityUtil.initSecurity(properties); assertTrue(GeodeSecurityUtil.isClientSecurityRequired()); @@ -99,8 +101,7 @@ public class GeodeSecurityUtilTest { } @Test - public void testInitWithPeerAuthenticator() - { + public void testInitWithPeerAuthenticator() { properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test"); GeodeSecurityUtil.initSecurity(properties); assertFalse(GeodeSecurityUtil.isClientSecurityRequired()); @@ -109,8 +110,7 @@ public class GeodeSecurityUtilTest { } @Test - public void testInitWithShiroAuthenticator() - { + public void testInitWithShiroAuthenticator() { properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); GeodeSecurityUtil.initSecurity(properties); assertTrue(GeodeSecurityUtil.isClientSecurityRequired()); @@ -119,6 +119,7 @@ public class GeodeSecurityUtilTest { } private static class Factories{ + public static String getString(){ return new String(); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java index 163f9b5..a6627d5 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java @@ -29,6 +29,7 @@ import java.util.Properties; import java.util.regex.Matcher; import java.util.regex.Pattern; +import org.apache.geode.security.templates.SampleSecurityManager; import org.junit.Rule; import org.junit.rules.TemporaryFolder; @@ -42,31 +43,33 @@ import com.gemstone.gemfire.management.internal.cli.parser.CommandTarget; import com.gemstone.gemfire.management.internal.cli.result.CommandResult; import com.gemstone.gemfire.management.internal.cli.shell.Gfsh; import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder; -import com.gemstone.gemfire.security.JSONAuthorization; import com.gemstone.gemfire.test.dunit.Host; import com.gemstone.gemfire.test.dunit.IgnoredException; import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase; +import com.gemstone.gemfire.test.dunit.rules.DistributedRestoreSystemProperties; /** * Base class for all the CLI/gfsh command dunit tests. */ public abstract class CliCommandTestBase extends JUnit4CacheTestCase { - private static final long serialVersionUID = 1L; + public static final String USE_HTTP_SYSTEM_PROPERTY = "useHTTP"; + + private boolean useHttpOnConnect = Boolean.getBoolean(USE_HTTP_SYSTEM_PROPERTY); private ManagementService managementService; private transient HeadlessGfsh shell; - public static final String USE_HTTP_SYSTEM_PROPERTY = "useHTTP"; - private boolean useHttpOnConnect = Boolean.getBoolean(USE_HTTP_SYSTEM_PROPERTY); - protected transient int httpPort; protected transient int jmxPort; protected transient String jmxHost; protected transient String gfshDir; @Rule + public transient DistributedRestoreSystemProperties restoreSystemProperties = new DistributedRestoreSystemProperties(); + + @Rule public transient TemporaryFolder temporaryFolder = new TemporaryFolder(); @Override @@ -97,7 +100,6 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase { * cache). When adding regions, functions, keys, whatever to your cache for tests, you'll need to use * Host.getHost(0).getVM(0).invoke(new SerializableRunnable() { public void run() { ... } } in order to have this * setup run in the same VM as the manager. - * <p> * * @param props the Properties used when creating the cache for this default setup. * @return the default testable GemFire shell. @@ -117,10 +119,6 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase { } /** - * - * @param vm - * @param props - * @param jsonFile * @return an object array, result[0] is jmxHost(String), result[1] is jmxPort, result[2] is httpPort */ protected Object[] setUpJMXManagerOnVM(int vm, final Properties props, String jsonFile) { @@ -139,6 +137,10 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase { localProps.setProperty(NAME, "Manager"); } + if (jsonFile!=null) { + localProps.setProperty(SampleSecurityManager.SECURITY_JSON, jsonFile); + } + final int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2); jmxPort = ports[0]; @@ -153,10 +155,6 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase { getSystem(localProps); verifyManagementServiceStarted(getCache()); - if(jsonFile!=null){ - JSONAuthorization.setUpWithJsonFile(jsonFile); - } - IgnoredException.addIgnoredException("org.eclipse.jetty.io.EofException"); IgnoredException.addIgnoredException("java.nio.channels.ClosedChannelException"); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java index 6c626fc..6124e31 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java @@ -16,27 +16,28 @@ */ package com.gemstone.gemfire.management.internal.security; -import static com.gemstone.gemfire.security.JSONAuthorization.*; import static org.assertj.core.api.Assertions.*; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; - import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category(IntegrationTest.class) +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +@Category({ IntegrationTest.class, SecurityTest.class }) public class AccessControlMBeanJUnitTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); private AccessControlMXBean bean; @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); @@ -48,7 +49,6 @@ public class AccessControlMBeanJUnitTest { /** * Test that any authenticated user can access this method - * @throws Exception */ @Test @JMXConnectionConfiguration(user = "stranger", password = "1234567") http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java index 6857e18..53fce5f 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java @@ -16,8 +16,6 @@ */ package com.gemstone.gemfire.management.internal.security; -import static com.gemstone.gemfire.security.JSONAuthorization.*; - import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; @@ -30,13 +28,14 @@ import com.gemstone.gemfire.test.junit.categories.IntegrationTest; @Category(IntegrationTest.class) public class CacheServerMBeanAuthenticationJUnitTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); private CacheServerMXBean bean; @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); @@ -46,7 +45,7 @@ public class CacheServerMBeanAuthenticationJUnitTest { bean = connectionRule.getProxyMBean(CacheServerMXBean.class, "GemFire:service=CacheServer,*"); } - @Test() + @Test @JMXConnectionConfiguration(user = "data-admin", password = "1234567") public void testAllAccess() throws Exception { bean.removeIndex("foo"); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java index 39094fb..aba0b58 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java @@ -16,27 +16,29 @@ */ package com.gemstone.gemfire.management.internal.security; -import static com.gemstone.gemfire.security.JSONAuthorization.*; import static org.assertj.core.api.Assertions.*; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.CacheServerMXBean; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category(IntegrationTest.class) +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.CacheServerMXBean; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +@Category({ IntegrationTest.class, SecurityTest.class }) public class CacheServerMBeanAuthorizationJUnitTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); private CacheServerMXBean bean; @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java index 85a55a7..d53dc0e 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java @@ -18,17 +18,20 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.CacheServerMXBean; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category(IntegrationTest.class) +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.CacheServerMXBean; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +@Category({ IntegrationTest.class, SecurityTest.class }) public class CacheServerMBeanShiroJUnitTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); private CacheServerMXBean bean; @@ -57,7 +60,6 @@ public class CacheServerMBeanShiroJUnitTest { bean.showClientQueueDetails("foo"); } - @Test @JMXConnectionConfiguration(user = "guest", password = "guest") public void testNoAccess() throws Exception { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java index af26147..56078e1 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java @@ -16,8 +16,6 @@ */ package com.gemstone.gemfire.management.internal.security; -import static com.gemstone.gemfire.security.JSONAuthorization.*; -import static org.assertj.core.api.AssertionsForClassTypes.fail; import static org.junit.Assert.*; import java.util.List; @@ -35,8 +33,9 @@ import com.gemstone.gemfire.security.NotAuthorizedException; import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import com.gemstone.gemfire.test.junit.categories.SecurityTest; -@Category({IntegrationTest.class, SecurityTest.class}) +@Category({ IntegrationTest.class, SecurityTest.class }) public class CliCommandsSecurityTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); private MemberMXBean bean; @@ -45,7 +44,7 @@ public class CliCommandsSecurityTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java index 73da024..eea9f06 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java @@ -17,28 +17,29 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; -import static com.gemstone.gemfire.security.JSONAuthorization.*; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.MemberMXBean; -import com.gemstone.gemfire.security.GemFireSecurityException; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; -import com.gemstone.gemfire.test.junit.categories.SecurityTest; import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category({IntegrationTest.class, SecurityTest.class}) +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.MemberMXBean; +import com.gemstone.gemfire.security.GemFireSecurityException; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +@Category({ IntegrationTest.class, SecurityTest.class }) public class DataCommandsSecurityTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); private MemberMXBean bean; @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java index 2d8099d..185c984 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java @@ -17,11 +17,7 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; -import static com.gemstone.gemfire.security.JSONAuthorization.*; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.DiskStoreMXBean; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import org.junit.Before; import org.junit.BeforeClass; import org.junit.ClassRule; @@ -29,15 +25,21 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category(IntegrationTest.class) +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.DiskStoreMXBean; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +@Category({ IntegrationTest.class, SecurityTest.class }) public class DiskStoreMXBeanSecurityJUnitTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); private DiskStoreMXBean bean; @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java index 8bc55f0..b339094 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java @@ -18,15 +18,9 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; import static org.mockito.Mockito.*; -import static com.gemstone.gemfire.security.JSONAuthorization.*; import javax.management.ObjectName; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.GatewayReceiverMXBean; -import com.gemstone.gemfire.management.ManagementService; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; - import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; @@ -35,18 +29,26 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category(IntegrationTest.class) +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.GatewayReceiverMXBean; +import com.gemstone.gemfire.management.ManagementService; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +@Category({ IntegrationTest.class, SecurityTest.class }) public class GatewayReceiverMBeanSecurityTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); - private GatewayReceiverMXBean bean; private static GatewayReceiverMXBean mock = mock(GatewayReceiverMXBean.class); private static ObjectName mockBeanName = null; private static ManagementService service = null; + private GatewayReceiverMXBean bean; + @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java index fe4f624..e65adfb 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java @@ -18,15 +18,9 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; import static org.mockito.Mockito.*; -import static com.gemstone.gemfire.security.JSONAuthorization.*; import javax.management.ObjectName; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.GatewaySenderMXBean; -import com.gemstone.gemfire.management.ManagementService; -import com.gemstone.gemfire.management.internal.beans.GatewaySenderMBean; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; @@ -35,18 +29,27 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category(IntegrationTest.class) +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.GatewaySenderMXBean; +import com.gemstone.gemfire.management.ManagementService; +import com.gemstone.gemfire.management.internal.beans.GatewaySenderMBean; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +@Category({ IntegrationTest.class, SecurityTest.class }) public class GatewaySenderMBeanSecurityTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); - private GatewaySenderMXBean bean; private static GatewaySenderMBean mock = mock(GatewaySenderMBean.class); private static ObjectName mockBeanName = null; private static ManagementService service = null; + private GatewaySenderMXBean bean; + @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java index a955dae..104ea5e 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.management.internal.security; import static org.junit.Assert.*; @@ -22,13 +21,14 @@ import static org.junit.Assert.*; import org.apache.geode.security.GeodePermission; import org.apache.geode.security.GeodePermission.Operation; import org.apache.geode.security.GeodePermission.Resource; -import com.gemstone.gemfire.test.junit.categories.UnitTest; - import org.apache.shiro.authz.permission.WildcardPermission; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category(UnitTest.class) +import com.gemstone.gemfire.test.junit.categories.SecurityTest; +import com.gemstone.gemfire.test.junit.categories.UnitTest; + +@Category({ UnitTest.class, SecurityTest.class }) public class GeodePermissionJUnitTest { private GeodePermission context; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java index dd9961d..78168bf 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java @@ -14,30 +14,30 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.management.internal.security; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; -import static com.gemstone.gemfire.security.JSONAuthorization.*; +import org.apache.geode.security.templates.SampleSecurityManager; import org.junit.BeforeClass; import org.junit.experimental.categories.Category; import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; -import com.gemstone.gemfire.security.JSONAuthorization; -import com.gemstone.gemfire.test.junit.categories.UnitTest; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; /** - * this test and ShiroUtilWithIniFileJunitTest uses the same test body, but initialize the SecurityUtils differently. - * If you change shiro-ini.json, remmber to change the shiro.ini to match the changes as well. + * Integration tests for {@link GeodeSecurityUtil} using shiro-ini.json. + * + * @see GeodeSecurityUtilWithIniFileJUnitTest */ - -@Category(UnitTest.class) +@Category({ IntegrationTest.class, SecurityTest.class }) public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWithIniFileJUnitTest { + @BeforeClass - public static void beforeClass() throws Exception{ - props.put(SECURITY_MANAGER, JSONAuthorization.class.getName()); - JSONAuthorization.setUpWithJsonFile(SHIRO_INI_JSON); + public static void beforeClass() throws Exception { + props.put(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/shiro-ini.json"); + props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName()); GeodeSecurityUtil.initSecurity(props); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java index 6496076..ec0d393 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.management.internal.security; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; @@ -22,23 +21,24 @@ import static org.assertj.core.api.Assertions.*; import java.util.Properties; +import org.apache.geode.security.GeodePermission; import org.junit.BeforeClass; import org.junit.Test; import org.junit.experimental.categories.Category; import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import com.gemstone.gemfire.security.GemFireSecurityException; -import org.apache.geode.security.GeodePermission; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import com.gemstone.gemfire.test.junit.categories.SecurityTest; -import com.gemstone.gemfire.test.junit.categories.UnitTest; /** - * this test and ShiroUtilCustomRealmJUunitTest uses the same test body, but initialize the SecurityUtils differently. - * If you change shiro.ini, remmber to change the shiro-ini.json to match the changes as well. + * Integration tests for {@link GeodeSecurityUtil} using shiro.ini */ -@Category({UnitTest.class, SecurityTest.class}) +@Category({ IntegrationTest.class, SecurityTest.class }) public class GeodeSecurityUtilWithIniFileJUnitTest { + protected static Properties props = new Properties(); + @BeforeClass public static void beforeClass() throws Exception{ props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java index 8b96e8b..44db600 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java @@ -14,12 +14,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.management.internal.security; -import static com.gemstone.gemfire.internal.Assert.assertTrue; -import static com.gemstone.gemfire.security.JSONAuthorization.*; +import static com.gemstone.gemfire.internal.Assert.*; +import org.apache.geode.security.templates.SamplePostProcessor; import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; @@ -28,25 +27,22 @@ import org.junit.experimental.categories.Category; import com.gemstone.gemfire.internal.AvailablePortHelper; import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh; -import org.apache.geode.security.templates.SamplePostProcessor; import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; -@Category(IntegrationTest.class) +@Category({ IntegrationTest.class, SecurityTest.class }) public class GfshCommandsPostProcessorTest { + protected static int jmxPort = AvailablePortHelper.getRandomAvailableTCPPort(); private HeadlessGfsh gfsh = null; @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxPort, CACHE_SERVER_JSON, SamplePostProcessor.class); + jmxPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json", SamplePostProcessor.class); @Rule - public GfshShellConnectionRule gfshConnection; - - public GfshCommandsPostProcessorTest(){ - gfshConnection = new GfshShellConnectionRule(jmxPort); - } + public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(jmxPort); @Before public void before(){ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java index 603088e..8d6c54d 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java @@ -14,11 +14,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.management.internal.security; import static org.junit.Assert.*; -import static com.gemstone.gemfire.security.JSONAuthorization.*; import java.util.List; @@ -37,9 +35,11 @@ import com.gemstone.gemfire.management.internal.cli.result.CommandResult; import com.gemstone.gemfire.management.internal.cli.result.ErrorResultData; import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder; import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; -@Category(IntegrationTest.class) +@Category({ IntegrationTest.class, SecurityTest.class }) public class GfshCommandsSecurityTest { + protected static int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2); protected static int jmxPort = ports[0]; protected static int httpPort = ports[1]; @@ -48,15 +48,10 @@ public class GfshCommandsSecurityTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxPort, httpPort, CACHE_SERVER_JSON); + jmxPort, httpPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule - public GfshShellConnectionRule gfshConnection; - - public GfshCommandsSecurityTest(){ - gfshConnection = new GfshShellConnectionRule(jmxPort, httpPort, false); - } - + public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(jmxPort, httpPort, false); @Before public void before(){ @@ -129,7 +124,6 @@ public class GfshCommandsSecurityTest { runCommandsWithAndWithout("DATA:MANAGE:RegionA"); } - private void runCommandsWithAndWithout(String permission) throws Exception{ List<TestCommand> allPermitted = TestCommand.getPermittedCommands(new WildcardPermission(permission, true)); for(TestCommand permitted:allPermitted) { @@ -184,6 +178,4 @@ public class GfshCommandsSecurityTest { gfsh.executeCommand("query --query=\"select * from /region1\""); } - - } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java index 1d4fb40..81cf92f 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java @@ -20,13 +20,14 @@ import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; import java.util.Properties; +import org.apache.geode.security.templates.SampleSecurityManager; import org.junit.rules.ExternalResource; import com.gemstone.gemfire.cache.Cache; import com.gemstone.gemfire.cache.CacheFactory; -import com.gemstone.gemfire.security.JSONAuthorization; public class JsonAuthorizationCacheStartRule extends ExternalResource { + private Cache cache; private int jmxManagerPort = 0; private int httpPort = 0; @@ -39,7 +40,6 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource { this.postProcessor = postProcessor; } - public JsonAuthorizationCacheStartRule(int jmxManagerPort, String jsonFile) { this.jmxManagerPort = jmxManagerPort; this.jsonFile = jsonFile; @@ -53,6 +53,7 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource { protected void before() throws Throwable { Properties properties = new Properties(); + properties.put(SampleSecurityManager.SECURITY_JSON, jsonFile); properties.put(NAME, JsonAuthorizationCacheStartRule.class.getSimpleName()); properties.put(LOCATORS, ""); properties.put(MCAST_PORT, "0"); @@ -60,20 +61,18 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource { properties.put(JMX_MANAGER_START, "true"); properties.put(JMX_MANAGER_PORT, String.valueOf(jmxManagerPort)); properties.put(HTTP_SERVICE_PORT, String.valueOf(httpPort)); - properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName()); + properties.put(SECURITY_MANAGER, SampleSecurityManager.class.getName()); - if(postProcessor!=null){ + if (postProcessor!=null) { properties.put(SECURITY_POST_PROCESSOR, postProcessor.getName()); } - JSONAuthorization.setUpWithJsonFile(jsonFile); - cache = new CacheFactory(properties).create(); cache.addCacheServer().start(); cache.createRegionFactory().create("region1"); } - public Cache getCache(){ + public Cache getCache() { return cache; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java index 44e414c..8258f81 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java @@ -17,14 +17,7 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; -import static com.gemstone.gemfire.security.JSONAuthorization.*; -import com.gemstone.gemfire.cache.Cache; -import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem; -import com.gemstone.gemfire.distributed.internal.locks.DLockService; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.LockServiceMXBean; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; @@ -33,15 +26,24 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category(IntegrationTest.class) +import com.gemstone.gemfire.cache.Cache; +import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem; +import com.gemstone.gemfire.distributed.internal.locks.DLockService; +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.LockServiceMXBean; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +@Category({ IntegrationTest.class, SecurityTest.class }) public class LockServiceMBeanAuthorizationJUnitTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); private LockServiceMXBean lockServiceMBean; @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java index 1d6c95d..1d77375 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java @@ -16,17 +16,11 @@ */ package com.gemstone.gemfire.management.internal.security; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.ManagementException; -import com.gemstone.gemfire.management.ManagementService; -import com.gemstone.gemfire.management.MemberMXBean; -import com.gemstone.gemfire.management.internal.MBeanJMXAdapter; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; -import static com.gemstone.gemfire.security.JSONAuthorization.*; +import static org.assertj.core.api.Assertions.*; +import static org.mockito.Mockito.*; + +import java.io.IOException; +import java.util.Set; import javax.management.DynamicMBean; import javax.management.MBeanServer; @@ -35,25 +29,31 @@ import javax.management.MalformedObjectNameException; import javax.management.ObjectInstance; import javax.management.ObjectName; import javax.management.ReflectionException; -import java.io.IOException; -import java.util.Set; -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatThrownBy; -import static org.mockito.Mockito.mock; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.ManagementException; +import com.gemstone.gemfire.management.ManagementService; +import com.gemstone.gemfire.management.MemberMXBean; +import com.gemstone.gemfire.management.internal.MBeanJMXAdapter; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; -@Category(IntegrationTest.class) +@Category({ IntegrationTest.class, SecurityTest.class }) public class MBeanSecurityJUnitTest { private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); @ClassRule - public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, CACHE_SERVER_JSON); + public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); - /** * No user can call createBean or unregisterBean of GemFire Domain */ @@ -75,9 +75,9 @@ public class MBeanSecurityJUnitTest { ).isInstanceOf(ReflectionException.class); } - /* - * looks like everyone can query for beans, but the AccessControlMXBean is filtered from the result - */ + /** + * looks like everyone can query for beans, but the AccessControlMXBean is filtered from the result + */ @Test @JMXConnectionConfiguration(user = "stranger", password = "1234567") public void testQueryBean() throws MalformedObjectNameException, IOException { @@ -89,8 +89,8 @@ public class MBeanSecurityJUnitTest { assertThat(objects.size()).isEqualTo(1); } - /* - * These calls does not go through the MBeanServerWrapper authentication, therefore is not throwing the SecurityExceptions + /** + * These calls does not go through the MBeanServerWrapper authentication, therefore is not throwing the SecurityExceptions */ @Test public void testLocalCalls() throws Exception{ @@ -103,8 +103,6 @@ public class MBeanSecurityJUnitTest { assertThatThrownBy( () -> adapter.registerMBean(mock(DynamicMBean.class), new ObjectName("MockDomain", "name", "mock"), false) ).isInstanceOf(ManagementException.class); - - } @Test http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java index 51cc6b8..2ca4b19 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java @@ -22,6 +22,7 @@ import java.io.IOException; import java.util.HashMap; import java.util.Map; import java.util.Set; + import javax.management.JMX; import javax.management.MBeanServerConnection; import javax.management.MalformedObjectNameException; @@ -33,13 +34,13 @@ import javax.management.remote.JMXConnector; import javax.management.remote.JMXConnectorFactory; import javax.management.remote.JMXServiceURL; -import com.gemstone.gemfire.test.junit.rules.DescribedExternalResource; import org.junit.runner.Description; +import com.gemstone.gemfire.test.junit.rules.DescribedExternalResource; + /** * Class which eases the creation of MBeans for security testing. When combined with {@link JMXConnectionConfiguration} * it allows for the creation of per-test connections with different user/password combinations. - * */ public class MBeanServerConnectionRule extends DescribedExternalResource { @@ -96,7 +97,6 @@ public class MBeanServerConnectionRule extends DescribedExternalResource { return getProxyMBean(null, beanQueryName); } - public MBeanServerConnection getMBeanServerConnection() throws IOException { return con; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/17ede315/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java index 635daa6..4df20e7 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java @@ -18,15 +18,11 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; import static org.mockito.Mockito.*; -import static com.gemstone.gemfire.security.JSONAuthorization.*; import java.lang.management.ManagementFactory; + import javax.management.ObjectName; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.management.ManagerMXBean; -import com.gemstone.gemfire.management.internal.beans.ManagerMBean; -import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import org.junit.Before; import org.junit.BeforeClass; import org.junit.ClassRule; @@ -34,15 +30,22 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -@Category(IntegrationTest.class) +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.ManagerMXBean; +import com.gemstone.gemfire.management.internal.beans.ManagerMBean; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +@Category({ IntegrationTest.class, SecurityTest.class }) public class ManagerMBeanAuthorizationJUnitTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); private ManagerMXBean managerMXBean; @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, CACHE_SERVER_JSON); + jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json"); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
