GEODE-1647: Add Integrated Security to Peer Authentication * This closes #210
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/16b73564 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/16b73564 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/16b73564 Branch: refs/heads/master Commit: 16b73564f638aea652842dd071d01e1e3d5ad204 Parents: 7c2e219 Author: gmeilen <[email protected]> Authored: Mon Jul 18 13:13:11 2016 -0700 Committer: Jinmei Liao <[email protected]> Committed: Wed Jul 20 16:04:31 2016 -0700 ---------------------------------------------------------------------- .../membership/gms/auth/GMSAuthenticator.java | 79 +++++----- .../gms/interfaces/Authenticator.java | 6 +- .../membership/gms/membership/GMSJoinLeave.java | 2 +- .../cache/tier/sockets/AcceptorImpl.java | 2 +- .../internal/cache/tier/sockets/HandShake.java | 6 +- .../gemfire/internal/i18n/LocalizedStrings.java | 4 +- .../internal/security/GeodeSecurityUtil.java | 45 +++--- .../templates/SampleSecurityManager.java | 5 + .../internal/DistributionConfigJUnitTest.java | 2 +- .../gms/auth/GMSAuthenticatorJUnitTest.java | 37 +++-- .../gms/membership/GMSJoinLeaveJUnitTest.java | 2 +- .../cli/commands/CliCommandTestBase.java | 2 +- .../security/AccessControlMBeanJUnitTest.java | 3 +- ...CacheServerMBeanAuthenticationJUnitTest.java | 4 +- .../CacheServerMBeanAuthorizationJUnitTest.java | 3 +- .../security/CliCommandsSecurityTest.java | 6 +- .../security/DataCommandsSecurityTest.java | 3 +- .../DiskStoreMXBeanSecurityJUnitTest.java | 3 +- .../GatewayReceiverMBeanSecurityTest.java | 3 +- .../GatewaySenderMBeanSecurityTest.java | 3 +- .../GeodeSecurityUtilCustomRealmJUnitTest.java | 4 +- .../security/GfshCommandsPostProcessorTest.java | 3 +- .../security/GfshCommandsSecurityTest.java | 3 +- .../internal/security/JSONAuthorization.java | 48 ------ .../JsonAuthorizationCacheStartRule.java | 1 + .../LockServiceMBeanAuthorizationJUnitTest.java | 3 +- .../security/MBeanSecurityJUnitTest.java | 3 +- .../ManagerMBeanAuthorizationJUnitTest.java | 3 +- .../security/MemberMBeanSecurityJUnitTest.java | 3 +- .../internal/security/MultiUserDUnitTest.java | 4 +- ...ractIntegratedClientAuthDistributedTest.java | 4 +- ...edSecurityCacheLifecycleDistributedTest.java | 19 +-- ...edSecurityCacheLifecycleIntegrationTest.java | 27 +--- ...tegratedSecurityPeerAuthDistributedTest.java | 146 +++++++++++++++++++ .../gemfire/security/JSONAuthorization.java | 54 +++++++ .../gemfire/security/SpySecurityManager.java | 43 ++++++ .../com/gemstone/gemfire/security/peerAuth.json | 36 +++++ .../gemfire/tools/pulse/tests/Server.java | 2 +- 38 files changed, 430 insertions(+), 196 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java index f16a722..cf99ea2 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java @@ -19,19 +19,15 @@ package com.gemstone.gemfire.distributed.internal.membership.gms.auth; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; import static com.gemstone.gemfire.internal.i18n.LocalizedStrings.*; -import java.lang.reflect.Method; import java.security.Principal; import java.util.Properties; -import java.util.Set; import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.distributed.internal.DistributionConfig; import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember; import com.gemstone.gemfire.distributed.internal.membership.NetView; import com.gemstone.gemfire.distributed.internal.membership.gms.Services; import com.gemstone.gemfire.distributed.internal.membership.gms.interfaces.Authenticator; -import com.gemstone.gemfire.internal.ClassLoadUtil; import com.gemstone.gemfire.internal.i18n.LocalizedStrings; import com.gemstone.gemfire.internal.logging.InternalLogWriter; import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; @@ -44,15 +40,13 @@ import com.gemstone.gemfire.security.GemFireSecurityException; public class GMSAuthenticator implements Authenticator { - private final static String secPrefix = DistributionConfig.GEMFIRE_PREFIX + "sys.security-"; - private final static int gemfireSysPrefixLen = (DistributionConfig.GEMFIRE_PREFIX + "sys.").length(); - private Services services; - private Properties securityProps = getSecurityProps(); + private Properties securityProps; @Override public void init(Services s) { this.services = s; + this.securityProps = this.services.getConfig().getDistributionConfig().getSecurityProps(); } @Override @@ -105,57 +99,59 @@ public class GMSAuthenticator implements Authenticator { * this will be removed since return string is used for failure */ @Override - public String authenticate(InternalDistributedMember member, Object credentials) throws AuthenticationFailedException { + public String authenticate(InternalDistributedMember member, Properties credentials) throws AuthenticationFailedException { return authenticate(member, credentials, this.securityProps, this.services.getJoinLeave().getMemberID()); } /** * Method is package protected to be used in testing. */ - String authenticate(DistributedMember member, Object credentials, Properties secProps, DistributedMember localMember) throws AuthenticationFailedException { - - String authMethod = secProps.getProperty(SECURITY_PEER_AUTHENTICATOR); - if (authMethod == null || authMethod.length() == 0) { + String authenticate(DistributedMember member, Properties credentials, Properties secProps, DistributedMember localMember) throws AuthenticationFailedException { + if(!GeodeSecurityUtil.isPeerSecurityRequired()){ return null; } InternalLogWriter securityLogWriter = this.services.getSecurityLogWriter(); - String failMsg = null; - if (credentials != null) { - try { - invokeAuthenticator(authMethod, member, credentials); - - } catch (Exception ex) { - securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION, new Object[] {member, authMethod, ex.getLocalizedMessage()}, ex); - failMsg = AUTH_PEER_AUTHENTICATION_FAILED.toLocalizedString(localMember); - } - } else { // No credentials - need to send failure message - securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS, new Object[] {member, authMethod}); - failMsg = AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS.toLocalizedString(member, authMethod); + if(credentials == null){ + securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS, member); + return AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS.toLocalizedString(member); } + String failMsg = null; + try { + if(GeodeSecurityUtil.isIntegratedSecurity()){ + String username = credentials.getProperty("security-username"); + String password = credentials.getProperty("security-password"); + GeodeSecurityUtil.login(username, password); + } + else { + invokeAuthenticator(secProps, member, credentials); + } + } catch (Exception ex) { + securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION, new Object[] { + member, ex.getLocalizedMessage() + }, ex); + failMsg = AUTH_PEER_AUTHENTICATION_FAILED.toLocalizedString(localMember); + } return failMsg; } + /** * Method is package protected to be used in testing. */ - Principal invokeAuthenticator(String authMethod, DistributedMember member, Object credentials) throws AuthenticationFailedException { + Principal invokeAuthenticator(Properties securityProps, DistributedMember member, Properties credentials) throws AuthenticationFailedException { + String authMethod = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR); com.gemstone.gemfire.security.Authenticator auth = null; - try { - Method getter = ClassLoadUtil.methodFromName(authMethod); - auth = (com.gemstone.gemfire.security.Authenticator) getter.invoke(null, (Object[]) null); - if (auth == null) { - throw new AuthenticationFailedException(HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString()); - } + auth = GeodeSecurityUtil.getObjectOfTypeFromFactoryMethod(authMethod, com.gemstone.gemfire.security.Authenticator .class); LogWriter logWriter = this.services.getLogWriter(); LogWriter securityLogWriter = this.services.getSecurityLogWriter(); auth.init(this.securityProps, logWriter, securityLogWriter); // this.securityProps contains security-ldap-basedn but security-ldap-baseDomainName is expected - return auth.authenticate((Properties) credentials, member); + return auth.authenticate(credentials, member); } catch (GemFireSecurityException gse) { throw gse; @@ -173,10 +169,10 @@ public class GMSAuthenticator implements Authenticator { * * @param member * the target distributed member - * @return the credential object + * @return the credentials */ @Override - public Object getCredentials(InternalDistributedMember member) { + public Properties getCredentials(InternalDistributedMember member) { try { return getCredentials(member, securityProps); @@ -217,16 +213,11 @@ public class GMSAuthenticator implements Authenticator { return credentials; } + /** + * For testing only. + */ Properties getSecurityProps() { - Properties props = new Properties(); - Set keys = System.getProperties().keySet(); - for (Object key: keys) { - String propKey = (String) key; - if (propKey.startsWith(secPrefix)) { - props.setProperty(propKey.substring(gemfireSysPrefixLen), System.getProperty(propKey)); - } - } - return props; + return this.securityProps; } @Override http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java index fe96127..9660267 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/interfaces/Authenticator.java @@ -16,12 +16,14 @@ */ package com.gemstone.gemfire.distributed.internal.membership.gms.interfaces; +import java.util.Properties; + import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember; import com.gemstone.gemfire.security.AuthenticationFailedException; public interface Authenticator extends Service { - String authenticate(InternalDistributedMember m, Object credentials) throws AuthenticationFailedException; + String authenticate(InternalDistributedMember m, Properties credentials) throws AuthenticationFailedException; - Object getCredentials(InternalDistributedMember m); + Properties getCredentials(InternalDistributedMember m); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java index e5cac2d..4b82fa0 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeave.java @@ -476,7 +476,7 @@ public class GMSJoinLeave implements JoinLeave, MessageHandler { Object creds = incomingRequest.getCredentials(); String rejection = null; try { - rejection = services.getAuthenticator().authenticate(incomingRequest.getMemberID(), creds); + rejection = services.getAuthenticator().authenticate(incomingRequest.getMemberID(), (Properties)creds); } catch (Exception e) { rejection = e.getMessage(); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java index 43f90d5..4f952a8 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java @@ -638,7 +638,7 @@ public class AcceptorImpl extends Acceptor implements Runnable this.hsPool = tmp_hsPool; } - isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired(); + isAuthenticationRequired = GeodeSecurityUtil.isClientSecurityRequired(); isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity(); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java index 2dcf8e7..e501531 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java @@ -899,7 +899,7 @@ public class HandShake implements ClientHandShake throws GemFireSecurityException, IOException { Properties credentials = null; - boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(); + boolean requireAuthentication = GeodeSecurityUtil.isClientSecurityRequired(); try { byte secureMode = dis.readByte(); if (secureMode == CREDENTIALS_NONE) { @@ -1161,7 +1161,7 @@ public class HandShake implements ClientHandShake // non-blank setting for DH symmetric algo, or this is a server // that has authenticator defined. if ((dhSKAlgo != null && dhSKAlgo.length() > 0) - || GeodeSecurityUtil.isSecurityRequired()) { + || GeodeSecurityUtil.isClientSecurityRequired()) { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH"); DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL); keyGen.initialize(dhSpec); @@ -1632,7 +1632,7 @@ public class HandShake implements ClientHandShake DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException { - boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(); + boolean requireAuthentication = GeodeSecurityUtil.isClientSecurityRequired(); Properties credentials = null; try { byte secureMode = dis.readByte(); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java index be1ff17..2254a89 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java @@ -3731,9 +3731,9 @@ public class LocalizedStrings { public static final StringId Network_partition_detected = new StringId(6607, "Exiting due to possible network partition event due to loss of {0} cache processes: {1}"); // GMSAuthenticator - public static final StringId AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION = new StringId(6608, "Authentication failed for [{0}] using Authenticator [{1}]. {2}"); + public static final StringId AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION = new StringId(6608, "Authentication failed for [{0}]. {1}"); public static final StringId AUTH_PEER_AUTHENTICATION_FAILED = new StringId(6609, "Authentication failed. See coordinator [{0}] logs for details."); - public static final StringId AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS = new StringId(6610, "Failed to find credentials from [{0}] using Authenticator [{1}]"); + public static final StringId AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS = new StringId(6610, "Failed to find credentials from [{0}]"); public static final StringId AUTH_FAILED_TO_ACQUIRE_AUTHINITIALIZE_INSTANCE = new StringId(6611, "AuthInitialize instance could not be obtained"); public static final StringId AUTH_FAILED_TO_OBTAIN_CREDENTIALS_IN_0_USING_AUTHINITIALIZE_1_2 = new StringId(6612, "Failed to obtain credentials using AuthInitialize [{1}]. {2}"); public static final StringId DistributedSystem_BACKUP_ALREADY_IN_PROGRESS = new StringId(6613, "A backup is already in progress."); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java index d439b19..ead82e5 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java @@ -65,7 +65,7 @@ public class GeodeSecurityUtil { * @return the shiro subject, null if security is not enabled */ public static Subject getSubject() { - if (!isIntegratedSecure) { + if (!isIntegratedSecurity) { return null; } @@ -102,7 +102,7 @@ public class GeodeSecurityUtil { * @return null if security is not enabled, otherwise return a shiro subject */ public static Subject login(String username, String password) { - if (!isIntegratedSecure) { + if (!isIntegratedSecurity) { return null; } @@ -271,8 +271,9 @@ public class GeodeSecurityUtil { private static PostProcessor postProcessor; private static SecurityManager securityManager; - private static boolean isSecure; - private static boolean isIntegratedSecure; + private static boolean isIntegratedSecurity; + private static boolean isClientAuthenticator; + private static boolean isPeerAuthenticator; /** * initialize Shiro's Security Manager and Security Utilities @@ -286,6 +287,7 @@ public class GeodeSecurityUtil { String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT); String securityConfig = securityProps.getProperty(SECURITY_MANAGER); String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR); + String peerAuthenticatorConfig = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR); if (!StringUtils.isBlank(shiroConfig)) { IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig); @@ -299,8 +301,7 @@ public class GeodeSecurityUtil { org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); - isSecure = true; - isIntegratedSecure = true; + isIntegratedSecurity = true; } // only set up shiro realm if user has implemented SecurityManager else if (!StringUtils.isBlank(securityConfig)) { @@ -309,17 +310,18 @@ public class GeodeSecurityUtil { Realm realm = new CustomAuthRealm(securityManager); org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm); SecurityUtils.setSecurityManager(shiroManager); - isSecure = true; - isIntegratedSecure = true; + isIntegratedSecurity = true; } else if( !StringUtils.isBlank(clientAuthenticatorConfig)) { - isSecure = true; - isIntegratedSecure = false; + isClientAuthenticator = true; + } + else if (!StringUtils.isBlank(peerAuthenticatorConfig)) { + isPeerAuthenticator = true; } else { - SecurityUtils.setSecurityManager(null); - isSecure = false; - isIntegratedSecure = false; + isIntegratedSecurity = false; + isClientAuthenticator = false; + isPeerAuthenticator = false; } // this initializes the post processor @@ -344,8 +346,9 @@ public class GeodeSecurityUtil { postProcessor = null; } ThreadContext.remove(); - isSecure = false; - isIntegratedSecure = false; + isIntegratedSecurity = false; + isClientAuthenticator = false; + isPeerAuthenticator = false; } /** @@ -353,7 +356,7 @@ public class GeodeSecurityUtil { * But if your postProcess is pretty involved with preparations and you need to bypass it entirely, call this first. */ public static boolean needPostProcess(){ - return (isIntegratedSecure && postProcessor != null); + return (isIntegratedSecurity && postProcessor != null); } public static Object postProcess(String regionPath, Object key, Object result){ @@ -446,12 +449,16 @@ public class GeodeSecurityUtil { } - public static boolean isSecurityRequired(){ - return isSecure; + public static boolean isClientSecurityRequired() { + return isClientAuthenticator || isIntegratedSecurity; + } + + public static boolean isPeerSecurityRequired() { + return isPeerAuthenticator || isIntegratedSecurity; } public static boolean isIntegratedSecurity(){ - return isIntegratedSecure; + return isIntegratedSecurity; } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java index f0275e4..dd49f11 100644 --- a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java +++ b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java @@ -21,6 +21,7 @@ import java.io.InputStream; import java.io.StringWriter; import java.security.Principal; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -154,6 +155,10 @@ public class SampleSecurityManager implements SecurityManager { } private static Map<String, Role> readRoles(JsonNode jsonNode) { + if (jsonNode.get("roles") == null) { + return Collections.EMPTY_MAP; + } + Map<String, Role> roleMap = new HashMap<>(); for (JsonNode r : jsonNode.get("roles")) { Role role = new Role(); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java index d2b0d51..c4b3a4d 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java @@ -38,7 +38,7 @@ import org.junit.experimental.categories.Category; import com.gemstone.gemfire.InternalGemFireException; import com.gemstone.gemfire.UnmodifiableException; import com.gemstone.gemfire.internal.ConfigSource; -import com.gemstone.gemfire.management.internal.security.JSONAuthorization; +import com.gemstone.gemfire.security.JSONAuthorization; import com.gemstone.gemfire.test.junit.categories.UnitTest; @Category(UnitTest.class) http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java index d52b261..18152b0 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java @@ -32,8 +32,10 @@ import org.junit.experimental.categories.Category; import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; import com.gemstone.gemfire.distributed.internal.DistributionConfig; +import com.gemstone.gemfire.distributed.internal.membership.gms.ServiceConfig; import com.gemstone.gemfire.distributed.internal.membership.gms.Services; import com.gemstone.gemfire.internal.logging.InternalLogWriter; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import com.gemstone.gemfire.security.AuthInitialize; import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.Authenticator; @@ -46,6 +48,7 @@ public class GMSAuthenticatorJUnitTest { private String prefix; private Properties props; + protected Properties securityProps; private Services services; private GMSAuthenticator authenticator; private DistributedMember member; @@ -57,27 +60,26 @@ public class GMSAuthenticatorJUnitTest { public void setUp() throws Exception { prefix = getClass().getName() + "$"; props = new Properties(); + securityProps = new Properties(); authenticator = new GMSAuthenticator(); services = mock(Services.class); InternalLogWriter securityLog = mock(InternalLogWriter.class); when(services.getSecurityLogWriter()).thenReturn(mock(InternalLogWriter.class)); - authenticator.init(services); + DistributionConfig distributionConfig = mock(DistributionConfig.class); + when(distributionConfig.getSecurityProps()).thenReturn(securityProps); - member = mock(DistributedMember.class); - } + ServiceConfig serviceConfig = mock(ServiceConfig.class); + when(serviceConfig.getDistributionConfig()).thenReturn(distributionConfig); - @Test - public void testGetSecurityProps() throws Exception { - props.setProperty(DistributionConfig.GEMFIRE_PREFIX + "sys."+SECURITY_PEER_AUTH_INIT, "dummy1"); - props.setProperty(DistributionConfig.GEMFIRE_PREFIX + "sys."+SECURITY_PEER_AUTHENTICATOR, "dummy2"); - props.setProperty("security-auth-init", "dummy3"); - System.setProperties(props); - Properties secProps = authenticator.getSecurityProps(); - assertEquals("wrong size", 2, secProps.size()); - assertEquals("wrong value", "dummy1", secProps.getProperty(SECURITY_PEER_AUTH_INIT)); - assertEquals("wrong value", "dummy2", secProps.getProperty(SECURITY_PEER_AUTHENTICATOR)); + services = mock(Services.class); + when(services.getSecurityLogWriter()).thenReturn(securityLog); + when(services.getConfig()).thenReturn(serviceConfig); + + authenticator.init(services); + GeodeSecurityUtil.initSecurity(securityProps); + member = mock(DistributedMember.class); } @Test @@ -141,6 +143,7 @@ public class GMSAuthenticatorJUnitTest { @Test public void testAuthenticatorNormal() throws Exception { props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator4.create"); + GeodeSecurityUtil.initSecurity(props); TestAuthenticator4 auth = new TestAuthenticator4(); assertFalse(auth.isClosed()); TestAuthenticator4.setAuthenticator(auth); @@ -159,6 +162,7 @@ public class GMSAuthenticatorJUnitTest { @Test public void testAuthenticatorWithEmptyAuth() throws Exception { props.setProperty(SECURITY_PEER_AUTHENTICATOR, ""); + GeodeSecurityUtil.initSecurity(props); String result = authenticator.authenticate(member, props, props, member); assertNull(result); } @@ -166,34 +170,39 @@ public class GMSAuthenticatorJUnitTest { @Test public void testAuthenticatorWithNotExistAuth() throws Exception { props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "NotExistAuth.create"); + GeodeSecurityUtil.initSecurity(props); verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator"); } @Test public void testAuthenticatorWithNullAuth() throws Exception { props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator1.create"); + GeodeSecurityUtil.initSecurity(props); verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator"); } @Test public void testAuthenticatorWithNullCredential() throws Exception { props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator1.create"); + GeodeSecurityUtil.initSecurity(props); verifyNegativeAuthenticate(null, props, "Failed to find credentials from"); } @Test public void testAuthenticatorWithAuthInitFailure() throws Exception { props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator2.create"); + GeodeSecurityUtil.initSecurity(props); verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator"); } @Test public void testAuthenticatorWithAuthFailure() throws Exception { props.setProperty(SECURITY_PEER_AUTHENTICATOR, prefix + "TestAuthenticator3.create"); + GeodeSecurityUtil.initSecurity(props); verifyNegativeAuthenticate(props, props, "Authentication failed. See coordinator"); } - void verifyNegativeAuthenticate(Object credential, Properties props, String expectedError) throws Exception { + void verifyNegativeAuthenticate(Properties credential, Properties props, String expectedError) throws Exception { String result = authenticator.authenticate(member, credential, props, member); assertTrue(result, result.startsWith(expectedError)); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java index 732d7a1..35298ac 100755 --- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/membership/GMSJoinLeaveJUnitTest.java @@ -67,7 +67,7 @@ public class GMSJoinLeaveJUnitTest { private InternalDistributedMember gmsJoinLeaveMemberId; private InternalDistributedMember[] mockMembers; private InternalDistributedMember mockOldMember; - private Object credentials = new Object(); + private Properties credentials = new Properties(); private Messenger messenger; private GMSJoinLeave gmsJoinLeave; private Manager manager; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java index 75d88aa..163f9b5 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java @@ -42,7 +42,7 @@ import com.gemstone.gemfire.management.internal.cli.parser.CommandTarget; import com.gemstone.gemfire.management.internal.cli.result.CommandResult; import com.gemstone.gemfire.management.internal.cli.shell.Gfsh; import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder; -import com.gemstone.gemfire.management.internal.security.JSONAuthorization; +import com.gemstone.gemfire.security.JSONAuthorization; import com.gemstone.gemfire.test.dunit.Host; import com.gemstone.gemfire.test.dunit.IgnoredException; import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java index ac5c65a..6c626fc 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java @@ -16,6 +16,7 @@ */ package com.gemstone.gemfire.management.internal.security; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import static org.assertj.core.api.Assertions.*; import com.gemstone.gemfire.internal.AvailablePort; @@ -35,7 +36,7 @@ public class AccessControlMBeanJUnitTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java index f38f2fc..6857e18 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java @@ -16,6 +16,8 @@ */ package com.gemstone.gemfire.management.internal.security; +import static com.gemstone.gemfire.security.JSONAuthorization.*; + import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; @@ -34,7 +36,7 @@ public class CacheServerMBeanAuthenticationJUnitTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java index 3ded1dc..39094fb 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java @@ -16,6 +16,7 @@ */ package com.gemstone.gemfire.management.internal.security; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import static org.assertj.core.api.Assertions.*; import com.gemstone.gemfire.internal.AvailablePort; @@ -35,7 +36,7 @@ public class CacheServerMBeanAuthorizationJUnitTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java index abcafaf..af26147 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java @@ -16,6 +16,7 @@ */ package com.gemstone.gemfire.management.internal.security; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import static org.assertj.core.api.AssertionsForClassTypes.fail; import static org.junit.Assert.*; @@ -34,9 +35,6 @@ import com.gemstone.gemfire.security.NotAuthorizedException; import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import com.gemstone.gemfire.test.junit.categories.SecurityTest; -/** - */ - @Category({IntegrationTest.class, SecurityTest.class}) public class CliCommandsSecurityTest { private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); @@ -47,7 +45,7 @@ public class CliCommandsSecurityTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java index 01575b1..73da024 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java @@ -17,6 +17,7 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import com.gemstone.gemfire.internal.AvailablePort; import com.gemstone.gemfire.management.MemberMXBean; @@ -37,7 +38,7 @@ public class DataCommandsSecurityTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java index 05d3e3d..2d8099d 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java @@ -17,6 +17,7 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import com.gemstone.gemfire.internal.AvailablePort; import com.gemstone.gemfire.management.DiskStoreMXBean; @@ -36,7 +37,7 @@ public class DiskStoreMXBeanSecurityJUnitTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java index 6c97694..8bc55f0 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java @@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; import static org.mockito.Mockito.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import javax.management.ObjectName; @@ -45,7 +46,7 @@ public class GatewayReceiverMBeanSecurityTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java index 4806464..fe4f624 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java @@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; import static org.mockito.Mockito.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import javax.management.ObjectName; @@ -45,7 +46,7 @@ public class GatewaySenderMBeanSecurityTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java index 5627c9e..dd9961d 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java @@ -18,11 +18,13 @@ package com.gemstone.gemfire.management.internal.security; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import org.junit.BeforeClass; import org.junit.experimental.categories.Category; import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; +import com.gemstone.gemfire.security.JSONAuthorization; import com.gemstone.gemfire.test.junit.categories.UnitTest; /** @@ -35,7 +37,7 @@ public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWith @BeforeClass public static void beforeClass() throws Exception{ props.put(SECURITY_MANAGER, JSONAuthorization.class.getName()); - JSONAuthorization.setUpWithJsonFile("shiro-ini.json"); + JSONAuthorization.setUpWithJsonFile(SHIRO_INI_JSON); GeodeSecurityUtil.initSecurity(props); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java index 07bd1c1..8b96e8b 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java @@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security; import static com.gemstone.gemfire.internal.Assert.assertTrue; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import org.junit.Before; import org.junit.ClassRule; @@ -38,7 +39,7 @@ public class GfshCommandsPostProcessorTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxPort, "cacheServer.json", SamplePostProcessor.class); + jmxPort, CACHE_SERVER_JSON, SamplePostProcessor.class); @Rule public GfshShellConnectionRule gfshConnection; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java index 6d42aa8..603088e 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java @@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security; import static org.junit.Assert.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import java.util.List; @@ -47,7 +48,7 @@ public class GfshCommandsSecurityTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxPort, httpPort, "cacheServer.json"); + jmxPort, httpPort, CACHE_SERVER_JSON); @Rule public GfshShellConnectionRule gfshConnection; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java deleted file mode 100644 index b97cf85..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.management.internal.security; - -import java.io.File; -import java.io.FileReader; -import java.io.IOException; - -import org.apache.geode.security.templates.SampleSecurityManager; -import com.gemstone.gemfire.util.test.TestUtil; - -/** - * Used by test code. when using this class for security-manager, you will need explicitly call setUpWithJsonFile - * to initialize the acl (access control list). - */ -public class JSONAuthorization extends SampleSecurityManager { - - /** - * Override the child class's implemention to look for jsonFile in the same package as this class instead of - * in the classpath - * @param jsonFileName - * @throws IOException - */ - public static void setUpWithJsonFile(String jsonFileName) throws IOException { - String filePath = TestUtil.getResourcePath(JSONAuthorization.class, jsonFileName); - File file = new File(filePath); - FileReader reader = new FileReader(file); - char[] buffer = new char[(int) file.length()]; - reader.read(buffer); - String json = new String(buffer); - reader.close(); - readSecurityDescriptor(json); - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java index d64e2ee..1d4fb40 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java @@ -24,6 +24,7 @@ import org.junit.rules.ExternalResource; import com.gemstone.gemfire.cache.Cache; import com.gemstone.gemfire.cache.CacheFactory; +import com.gemstone.gemfire.security.JSONAuthorization; public class JsonAuthorizationCacheStartRule extends ExternalResource { private Cache cache; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java index f07358b..44e414c 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java @@ -17,6 +17,7 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import com.gemstone.gemfire.cache.Cache; import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem; @@ -40,7 +41,7 @@ public class LockServiceMBeanAuthorizationJUnitTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java index 6f8ee34..1d6c95d 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java @@ -26,6 +26,7 @@ import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import javax.management.DynamicMBean; import javax.management.MBeanServer; @@ -47,7 +48,7 @@ public class MBeanSecurityJUnitTest { private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); @ClassRule - public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, "cacheServer.json"); + public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java index 425c467..635daa6 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java @@ -18,6 +18,7 @@ package com.gemstone.gemfire.management.internal.security; import static org.assertj.core.api.Assertions.*; import static org.mockito.Mockito.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import java.lang.management.ManagementFactory; import javax.management.ObjectName; @@ -41,7 +42,7 @@ public class ManagerMBeanAuthorizationJUnitTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java index e32b6ca..4ee5b13 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java @@ -16,6 +16,7 @@ */ package com.gemstone.gemfire.management.internal.security; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import static org.assertj.core.api.Assertions.*; import com.gemstone.gemfire.internal.AvailablePort; @@ -35,7 +36,7 @@ public class MemberMBeanSecurityJUnitTest { @ClassRule public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( - jmxManagerPort, "cacheServer.json"); + jmxManagerPort, CACHE_SERVER_JSON); @Rule public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java index 1c55a3c..e86cf61 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java @@ -19,12 +19,14 @@ package com.gemstone.gemfire.management.internal.security; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; import static org.junit.Assert.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import java.io.IOException; import java.util.List; import java.util.Properties; import java.util.concurrent.TimeUnit; +import com.gemstone.gemfire.security.JSONAuthorization; import com.jayway.awaitility.Awaitility; import org.json.JSONException; import org.junit.Test; @@ -54,7 +56,7 @@ public class MultiUserDUnitTest extends CliCommandTestBase { properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName()); // set up vm_0 the secure jmx manager - Object[] results = setUpJMXManagerOnVM(0, properties, "cacheServer.json"); + Object[] results = setUpJMXManagerOnVM(0, properties, CACHE_SERVER_JSON); String gfshDir = this.gfshDir; // set up vm_1 as a gfsh vm, data-reader will login and log out constantly in this vm until the test is done. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java index 10c316a..feee478 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java @@ -17,6 +17,7 @@ package com.gemstone.gemfire.security; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import static org.assertj.core.api.Assertions.*; import static org.junit.Assert.*; @@ -32,7 +33,6 @@ import com.gemstone.gemfire.cache.client.ClientCache; import com.gemstone.gemfire.cache.client.ClientCacheFactory; import com.gemstone.gemfire.cache.client.ClientRegionShortcut; import com.gemstone.gemfire.cache.server.CacheServer; -import com.gemstone.gemfire.management.internal.security.JSONAuthorization; import com.gemstone.gemfire.security.templates.UserPasswordAuthInit; import com.gemstone.gemfire.test.dunit.Host; import com.gemstone.gemfire.test.dunit.Invoke; @@ -56,7 +56,7 @@ public class AbstractIntegratedClientAuthDistributedTest extends JUnit4CacheTest this.client2 = host.getVM(2); this.client3 = host.getVM(3); - JSONAuthorization.setUpWithJsonFile("clientServer.json"); + JSONAuthorization.setUpWithJsonFile(CLIENT_SERVER_JSON); Properties props = new Properties(); props.setProperty(SECURITY_MANAGER, JSONAuthorization.class.getName()); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java index 9f06482..dc63f2f 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java @@ -16,11 +16,10 @@ */ package com.gemstone.gemfire.security; - import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; import static org.assertj.core.api.Assertions.*; -import java.security.Principal; import java.util.Properties; import org.junit.Test; @@ -29,8 +28,6 @@ import org.junit.experimental.categories.Category; import com.gemstone.gemfire.cache.server.CacheServer; import com.gemstone.gemfire.internal.AvailablePort; import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; -import com.gemstone.gemfire.management.internal.security.JSONAuthorization; -import com.gemstone.gemfire.security.IntegratedSecurityCacheLifecycleIntegrationTest.SpySecurityManager; import com.gemstone.gemfire.test.dunit.DistributedTestUtils; import com.gemstone.gemfire.test.dunit.Host; import com.gemstone.gemfire.test.dunit.NetworkUtils; @@ -41,13 +38,14 @@ import com.gemstone.gemfire.test.junit.categories.SecurityTest; @Category({DistributedTest.class, SecurityTest.class}) public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4CacheTestCase { + private VM locator; @Override public final void postSetUp() throws Exception { Host host = Host.getHost(0); locator = host.getVM(0); - JSONAuthorization.setUpWithJsonFile("clientServer.json"); + JSONAuthorization.setUpWithJsonFile(CLIENT_SERVER_JSON); int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); String locators = NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]"; @@ -55,21 +53,19 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache DistributedTestUtils.deleteLocatorStateFile(locatorPort); final Properties properties = new Properties(); +// properties.setProperty(LOCATORS, locators); properties.setProperty(MCAST_PORT, "0"); - properties.setProperty(START_LOCATOR, locators); properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()); + properties.setProperty(START_LOCATOR, locators); properties.setProperty(USE_CLUSTER_CONFIGURATION, "false"); getSystem(properties); getCache(); }); final Properties properties = new Properties(); + properties.setProperty(LOCATORS, locators); properties.setProperty(MCAST_PORT, "0"); properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()); - properties.setProperty(LOCATORS, locators); - properties.setProperty(JMX_MANAGER, "false"); - properties.setProperty(JMX_MANAGER_PORT, "0"); - properties.setProperty(JMX_MANAGER_START, "false"); properties.setProperty(USE_CLUSTER_CONFIGURATION, "false"); getSystem(properties); @@ -95,8 +91,7 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache } private void verifyInitCloseInvoked() { - SpySecurityManager ssm = (SpySecurityManager) GeodeSecurityUtil - .getSecurityManager(); + SpySecurityManager ssm = (SpySecurityManager) GeodeSecurityUtil.getSecurityManager(); assertThat(ssm.initInvoked).isEqualTo(1); getCache().close(); assertThat(ssm.closeInvoked).isEqualTo(1); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java index 712329d..228a8d6 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java @@ -14,13 +14,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.security; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; import static org.assertj.core.api.Assertions.*; +import static org.mockito.Mockito.*; -import java.security.Principal; import java.util.Properties; import com.gemstone.gemfire.cache.Cache; @@ -29,8 +28,6 @@ import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import com.gemstone.gemfire.test.junit.categories.IntegrationTest; import com.gemstone.gemfire.test.junit.categories.SecurityTest; -import org.apache.geode.security.GeodePermission; -import org.apache.geode.security.SecurityManager; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -38,6 +35,7 @@ import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class IntegratedSecurityCacheLifecycleIntegrationTest { + private Properties securityProps; private Cache cache; @@ -52,7 +50,6 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest { props.setProperty(LOCATORS, ""); cache = new CacheFactory(props).create(); - } @After @@ -70,24 +67,4 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest { assertThat(ssm.closeInvoked).isEqualTo(1); } - public static class SpySecurityManager implements SecurityManager { - - public int initInvoked = 0; - public int closeInvoked = 0; - - @Override - public void init(final Properties securityProps) { - initInvoked++; - } - - @Override - public Principal authenticate(final Properties props) throws AuthenticationFailedException { - return null; - } - - @Override - public void close() { - closeInvoked++; - } - } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java new file mode 100644 index 0000000..a5e0aa0 --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java @@ -0,0 +1,146 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import static com.gemstone.gemfire.security.JSONAuthorization.*; +import static com.gemstone.gemfire.test.dunit.Invoke.*; +import static org.assertj.core.api.Assertions.*; + +import java.util.Properties; + +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.security.templates.UserPasswordAuthInit; +import com.gemstone.gemfire.test.dunit.DistributedTestUtils; +import com.gemstone.gemfire.test.dunit.Host; +import com.gemstone.gemfire.test.dunit.NetworkUtils; +import com.gemstone.gemfire.test.dunit.VM; +import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase; +import com.gemstone.gemfire.test.junit.categories.DistributedTest; +import com.gemstone.gemfire.test.junit.categories.SecurityTest; + +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category({ DistributedTest.class, SecurityTest.class }) +public class IntegratedSecurityPeerAuthDistributedTest extends JUnit4CacheTestCase{ + + private static SpyJSONAuthorization spyJSONAuthorization; + + private VM locator; + private VM server1; + private VM server2; + + private String locators; + + @Override + public final void postSetUp() throws Exception { + Host host = Host.getHost(0); + locator = host.getVM(0); + server1 = host.getVM(1); + server2 = host.getVM(2); + + int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); + locators = NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]"; + + locator.invoke(() -> { + JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON); + spyJSONAuthorization = new SpyJSONAuthorization(); + + DistributedTestUtils.deleteLocatorStateFile(locatorPort); + + final Properties properties = createProperties(locators); + properties.setProperty(UserPasswordAuthInit.USER_NAME, "locator1"); + properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567"); + properties.setProperty(START_LOCATOR, locators); + + getSystem(properties); + getCache(); + }); + + server1.invoke(()-> { + JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON); + spyJSONAuthorization = new SpyJSONAuthorization(); + + final Properties properties = createProperties(locators); + properties.setProperty(UserPasswordAuthInit.USER_NAME, "server1"); + properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567"); + + getSystem(properties); + getCache(); + }); + + server2.invoke(()-> { + JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON); + spyJSONAuthorization = new SpyJSONAuthorization(); + + final Properties properties = createProperties(locators); + properties.setProperty(UserPasswordAuthInit.USER_NAME, "server2"); + properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567"); + + getSystem(properties); + getCache(); + }); + } + + @Test + public void initAndCloseTest() throws Exception { + JSONAuthorization.setUpWithJsonFile(PEER_AUTH_JSON); + spyJSONAuthorization = new SpyJSONAuthorization(); + + final Properties properties = createProperties(locators); + properties.setProperty(UserPasswordAuthInit.USER_NAME, "stranger"); + properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567"); + + assertThatThrownBy(() -> getSystem(properties)).isExactlyInstanceOf(AuthenticationFailedException.class); + } + + @Override + public void postTearDownCacheTestCase() throws Exception { + closeAllCache(); + spyJSONAuthorization = null; + invokeInEveryVM(() -> { spyJSONAuthorization = null; }); + } + + private static Properties createProperties(String locators) { + Properties allProperties = new Properties(); + allProperties.setProperty(LOCATORS, locators); + allProperties.setProperty(MCAST_PORT, "0"); + allProperties.setProperty(SECURITY_MANAGER, SpyJSONAuthorization.class.getName()); + allProperties.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create"); + allProperties.setProperty(USE_CLUSTER_CONFIGURATION, "false"); + return allProperties; + } + + public static class SpyJSONAuthorization extends JSONAuthorization { + + static int initInvoked = 0; + static int closeInvoked = 0; + + @Override + public void init(final Properties securityProps) { + initInvoked++; + super.init(securityProps); + } + + @Override + public void close() { + closeInvoked++; + super.close(); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java new file mode 100644 index 0000000..bf7990a --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/JSONAuthorization.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import java.io.File; +import java.io.FileReader; +import java.io.IOException; + +import org.apache.geode.security.templates.SampleSecurityManager; +import com.gemstone.gemfire.util.test.TestUtil; + +/** + * Used by test code. when using this class for security-manager, you will need explicitly call setUpWithJsonFile + * to initialize the acl (access control list). + */ +public class JSONAuthorization extends SampleSecurityManager { + + public static String AUTH1_JSON = "/com/gemstone/gemfire/management/internal/security/auth1.json"; + public static String AUTH2_JSON = "/com/gemstone/gemfire/management/internal/security/auth2.json"; + public static String AUTH3_JSON = "/com/gemstone/gemfire/management/internal/security/auth3.json"; + public static String CACHE_SERVER_JSON = "/com/gemstone/gemfire/management/internal/security/cacheServer.json"; + public static String CLIENT_SERVER_JSON = "/com/gemstone/gemfire/management/internal/security/clientServer.json"; + public static String SHIRO_INI_JSON = "/com/gemstone/gemfire/management/internal/security/shiro-ini.json"; + public static String PEER_AUTH_JSON = "/com/gemstone/gemfire/security/peerAuth.json"; + + /** + * Override the child class's implemention to look for jsonFile in the same package as this class instead of + * in the classpath + */ + public static void setUpWithJsonFile(String jsonFileName) throws IOException { + String filePath = TestUtil.getResourcePath(JSONAuthorization.class, jsonFileName); + File file = new File(filePath); + FileReader reader = new FileReader(file); + char[] buffer = new char[(int) file.length()]; + reader.read(buffer); + String json = new String(buffer); + reader.close(); + readSecurityDescriptor(json); + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java new file mode 100644 index 0000000..6d04a0d --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import java.security.Principal; +import java.util.Properties; + +import org.apache.geode.security.SecurityManager; + +public class SpySecurityManager implements SecurityManager { + + public int initInvoked = 0; + public int closeInvoked = 0; + + @Override + public void init(final Properties securityProps) { + initInvoked++; + } + + @Override + public Principal authenticate(final Properties props) throws AuthenticationFailedException { + return null; + } + + @Override + public void close() { + closeInvoked++; + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json ---------------------------------------------------------------------- diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json b/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json new file mode 100644 index 0000000..9bd8936 --- /dev/null +++ b/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json @@ -0,0 +1,36 @@ +{ + "users": [ + { + "name": "locator1", + "password": "1234567", + "roles": [ + ] + }, + { + "name": "server1", + "password": "1234567", + "roles": [ + ] + }, + { + "name": "server2", + "password": "1234567", + "roles": [ + ] + } + ] + +} + + + + + + + + + + + + + http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/16b73564/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java index 7385e7f..8f47145 100644 --- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java +++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java @@ -46,7 +46,7 @@ import org.apache.shiro.realm.Realm; import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm; import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator; import com.gemstone.gemfire.management.internal.security.AccessControlMBean; -import com.gemstone.gemfire.management.internal.security.JSONAuthorization; +import com.gemstone.gemfire.security.JSONAuthorization; import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper; import com.gemstone.gemfire.management.internal.security.ResourceConstants;
