GEODE-37 Renamed security related stuff
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9d7a6960 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9d7a6960 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9d7a6960 Branch: refs/heads/feature/GEODE-37_2 Commit: 9d7a6960afedd8991fd6be44e4ca10a0b43b59ce Parents: 7c20e69 Author: Hitesh Khamesra <[email protected]> Authored: Tue Sep 13 15:56:14 2016 -0700 Committer: Hitesh Khamesra <[email protected]> Committed: Tue Sep 13 15:56:14 2016 -0700 ---------------------------------------------------------------------- .../gemfire/security/AccessControl.java | 105 - .../gemfire/security/AuthInitialize.java | 97 - .../security/AuthenticationFailedException.java | 53 - .../AuthenticationRequiredException.java | 53 - .../gemfire/security/Authenticator.java | 96 - .../security/GemFireSecurityException.java | 132 -- .../security/NotAuthorizedException.java | 134 -- .../com/gemstone/gemfire/security/package.html | 39 - .../apache/geode/security/AccessControl.java | 105 + .../apache/geode/security/AuthInitialize.java | 97 + .../security/AuthenticationFailedException.java | 53 + .../AuthenticationRequiredException.java | 53 + .../apache/geode/security/Authenticator.java | 96 + .../security/GemFireSecurityException.java | 132 ++ .../geode/security/NotAuthorizedException.java | 134 ++ .../java/org/apache/geode/security/package.html | 39 + .../security/AbstractSecureServerDUnitTest.java | 162 -- .../security/ClientAuthenticationDUnitTest.java | 90 - .../ClientAuthenticationPart2DUnitTest.java | 76 - .../security/ClientAuthenticationTestCase.java | 562 ----- .../security/ClientAuthenticationTestUtils.java | 90 - .../security/ClientAuthorizationDUnitTest.java | 647 ------ .../security/ClientAuthorizationTestCase.java | 1325 ------------ .../security/ClientMultiUserAuthzDUnitTest.java | 345 ---- .../DeltaClientAuthorizationDUnitTest.java | 201 -- .../DeltaClientPostAuthorizationDUnitTest.java | 284 --- .../security/GemFireSecurityExceptionTest.java | 169 -- .../security/IntegratedClientAuthDUnitTest.java | 64 - ...tedClientContainsKeyAuthDistributedTest.java | 55 - ...entDestroyInvalidateAuthDistributedTest.java | 84 - ...dClientDestroyRegionAuthDistributedTest.java | 65 - ...lientExecuteFunctionAuthDistributedTest.java | 61 - ...xecuteRegionFunctionAuthDistributedTest.java | 62 - ...tegratedClientGetAllAuthDistributedTest.java | 57 - ...tGetClientPRMetaDataAuthDistributedTest.java | 66 - ...ientPartitionAttrCmdAuthDistributedTest.java | 52 - ...gratedClientGetEntryAuthDistributedTest.java | 76 - ...tegratedClientGetPutAuthDistributedTest.java | 116 -- ...tedClientRegionClearAuthDistributedTest.java | 63 - ...ientRegisterInterestAuthDistributedTest.java | 164 -- ...ratedClientRemoveAllAuthDistributedTest.java | 65 - ...IntegratedClientSizeAuthDistributedTest.java | 54 - ...ntUnregisterInterestAuthDistributedTest.java | 48 - ...edSecurityCacheLifecycleDistributedTest.java | 134 -- ...edSecurityCacheLifecycleIntegrationTest.java | 74 - ...tegratedSecurityPeerAuthDistributedTest.java | 146 -- .../security/NoShowValue1PostProcessor.java | 36 - .../NoShowValue1PostProcessorDUnitTest.java | 86 - .../security/NotAuthorizedExceptionTest.java | 200 -- .../security/P2PAuthenticationDUnitTest.java | 541 ----- .../PDXGfshPostProcessorOnRemoteServerTest.java | 159 -- .../gemfire/security/PDXPostProcessor.java | 60 - .../security/PDXPostProcessorDUnitTest.java | 233 --- .../security/PostProcessorDUnitTest.java | 126 -- .../gemfire/security/SecurityTestUtils.java | 1930 ------------------ .../gemfire/security/SpySecurityManager.java | 42 - .../generator/AuthzCredentialGenerator.java | 447 ---- .../security/generator/CredentialGenerator.java | 333 --- .../DummyAuthzCredentialGenerator.java | 129 -- .../generator/DummyCredentialGenerator.java | 89 - .../generator/LdapUserCredentialGenerator.java | 165 -- .../generator/PKCSCredentialGenerator.java | 115 -- .../generator/SSLCredentialGenerator.java | 123 -- .../UserPasswordWithExtraPropsAuthInit.java | 70 - .../generator/XmlAuthzCredentialGenerator.java | 257 --- .../security/templates/DummyAuthenticator.java | 75 - .../security/templates/DummyAuthorization.java | 122 -- .../templates/FunctionSecurityPrmsHolder.java | 50 - .../templates/LdapUserAuthenticator.java | 107 - .../security/templates/PKCSAuthInit.java | 120 -- .../security/templates/PKCSAuthenticator.java | 158 -- .../security/templates/PKCSPrincipal.java | 40 - .../security/templates/PKCSPrincipalTest.java | 50 - .../templates/UserPasswordAuthInit.java | 75 - .../security/templates/UsernamePrincipal.java | 44 - .../templates/UsernamePrincipalTest.java | 50 - .../security/templates/XmlAuthorization.java | 615 ------ .../security/templates/XmlErrorHandler.java | 75 - .../security/AbstractSecureServerDUnitTest.java | 162 ++ .../security/ClientAuthenticationDUnitTest.java | 90 + .../ClientAuthenticationPart2DUnitTest.java | 76 + .../security/ClientAuthenticationTestCase.java | 562 +++++ .../security/ClientAuthenticationTestUtils.java | 90 + .../security/ClientAuthorizationDUnitTest.java | 647 ++++++ .../security/ClientAuthorizationTestCase.java | 1325 ++++++++++++ .../security/ClientMultiUserAuthzDUnitTest.java | 345 ++++ .../DeltaClientAuthorizationDUnitTest.java | 201 ++ .../DeltaClientPostAuthorizationDUnitTest.java | 284 +++ .../security/GemFireSecurityExceptionTest.java | 169 ++ .../security/IntegratedClientAuthDUnitTest.java | 64 + ...tedClientContainsKeyAuthDistributedTest.java | 55 + ...entDestroyInvalidateAuthDistributedTest.java | 84 + ...dClientDestroyRegionAuthDistributedTest.java | 65 + ...lientExecuteFunctionAuthDistributedTest.java | 61 + ...xecuteRegionFunctionAuthDistributedTest.java | 62 + ...tegratedClientGetAllAuthDistributedTest.java | 57 + ...tGetClientPRMetaDataAuthDistributedTest.java | 66 + ...ientPartitionAttrCmdAuthDistributedTest.java | 52 + ...gratedClientGetEntryAuthDistributedTest.java | 76 + ...tegratedClientGetPutAuthDistributedTest.java | 116 ++ ...tedClientRegionClearAuthDistributedTest.java | 63 + ...ientRegisterInterestAuthDistributedTest.java | 164 ++ ...ratedClientRemoveAllAuthDistributedTest.java | 65 + ...IntegratedClientSizeAuthDistributedTest.java | 54 + ...ntUnregisterInterestAuthDistributedTest.java | 48 + ...edSecurityCacheLifecycleDistributedTest.java | 134 ++ ...edSecurityCacheLifecycleIntegrationTest.java | 74 + ...tegratedSecurityPeerAuthDistributedTest.java | 146 ++ .../security/NoShowValue1PostProcessor.java | 36 + .../NoShowValue1PostProcessorDUnitTest.java | 86 + .../security/NotAuthorizedExceptionTest.java | 200 ++ .../security/P2PAuthenticationDUnitTest.java | 541 +++++ .../PDXGfshPostProcessorOnRemoteServerTest.java | 159 ++ .../apache/geode/security/PDXPostProcessor.java | 60 + .../security/PDXPostProcessorDUnitTest.java | 233 +++ .../geode/security/PostProcessorDUnitTest.java | 126 ++ .../geode/security/SecurityTestUtils.java | 1930 ++++++++++++++++++ .../geode/security/SpySecurityManager.java | 42 + .../generator/AuthzCredentialGenerator.java | 447 ++++ .../security/generator/CredentialGenerator.java | 333 +++ .../DummyAuthzCredentialGenerator.java | 129 ++ .../generator/DummyCredentialGenerator.java | 89 + .../generator/LdapUserCredentialGenerator.java | 165 ++ .../generator/PKCSCredentialGenerator.java | 115 ++ .../generator/SSLCredentialGenerator.java | 123 ++ .../UserPasswordWithExtraPropsAuthInit.java | 70 + .../generator/XmlAuthzCredentialGenerator.java | 257 +++ .../security/templates/DummyAuthenticator.java | 75 + .../security/templates/DummyAuthorization.java | 122 ++ .../templates/FunctionSecurityPrmsHolder.java | 50 + .../templates/LdapUserAuthenticator.java | 107 + .../geode/security/templates/PKCSAuthInit.java | 120 ++ .../security/templates/PKCSAuthenticator.java | 158 ++ .../geode/security/templates/PKCSPrincipal.java | 40 + .../security/templates/PKCSPrincipalTest.java | 50 + .../templates/UserPasswordAuthInit.java | 75 + .../security/templates/UsernamePrincipal.java | 44 + .../templates/UsernamePrincipalTest.java | 50 + .../security/templates/XmlAuthorization.java | 615 ++++++ .../security/templates/XmlErrorHandler.java | 75 + .../gemfire/security/generator/authz-dummy.xml | 124 -- .../gemfire/security/generator/authz-ldap.xml | 83 - .../generator/authz-multiUser-dummy.xml | 104 - .../security/generator/authz-multiUser-ldap.xml | 81 - .../security/generator/keys/gemfire1.keystore | Bin 1536 -> 0 bytes .../security/generator/keys/gemfire10.keystore | Bin 1546 -> 0 bytes .../security/generator/keys/gemfire11.keystore | Bin 1546 -> 0 bytes .../security/generator/keys/gemfire2.keystore | Bin 1536 -> 0 bytes .../security/generator/keys/gemfire3.keystore | Bin 1536 -> 0 bytes .../security/generator/keys/gemfire4.keystore | Bin 1536 -> 0 bytes .../security/generator/keys/gemfire5.keystore | Bin 1536 -> 0 bytes .../security/generator/keys/gemfire6.keystore | Bin 1536 -> 0 bytes .../security/generator/keys/gemfire7.keystore | Bin 1536 -> 0 bytes .../security/generator/keys/gemfire8.keystore | Bin 1536 -> 0 bytes .../security/generator/keys/gemfire9.keystore | Bin 1536 -> 0 bytes .../generator/keys/ibm/gemfire1.keystore | Bin 1426 -> 0 bytes .../generator/keys/ibm/gemfire10.keystore | Bin 1434 -> 0 bytes .../generator/keys/ibm/gemfire11.keystore | Bin 1434 -> 0 bytes .../generator/keys/ibm/gemfire2.keystore | Bin 1434 -> 0 bytes .../generator/keys/ibm/gemfire3.keystore | Bin 1426 -> 0 bytes .../generator/keys/ibm/gemfire4.keystore | Bin 1434 -> 0 bytes .../generator/keys/ibm/gemfire5.keystore | Bin 1434 -> 0 bytes .../generator/keys/ibm/gemfire6.keystore | Bin 1434 -> 0 bytes .../generator/keys/ibm/gemfire7.keystore | Bin 1426 -> 0 bytes .../generator/keys/ibm/gemfire8.keystore | Bin 1434 -> 0 bytes .../generator/keys/ibm/gemfire9.keystore | Bin 1426 -> 0 bytes .../security/generator/keys/ibm/publickeyfile | Bin 4535 -> 0 bytes .../security/generator/keys/publickeyfile | Bin 4535 -> 0 bytes .../com/gemstone/gemfire/security/peerAuth.json | 36 - .../gemfire/security/templates/authz5_5.dtd | 105 - .../gemfire/security/templates/authz6_0.dtd | 110 - .../geode/security/generator/authz-dummy.xml | 124 ++ .../geode/security/generator/authz-ldap.xml | 83 + .../generator/authz-multiUser-dummy.xml | 104 + .../security/generator/authz-multiUser-ldap.xml | 81 + .../security/generator/keys/gemfire1.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire10.keystore | Bin 0 -> 1546 bytes .../security/generator/keys/gemfire11.keystore | Bin 0 -> 1546 bytes .../security/generator/keys/gemfire2.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire3.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire4.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire5.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire6.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire7.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire8.keystore | Bin 0 -> 1536 bytes .../security/generator/keys/gemfire9.keystore | Bin 0 -> 1536 bytes .../generator/keys/ibm/gemfire1.keystore | Bin 0 -> 1426 bytes .../generator/keys/ibm/gemfire10.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire11.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire2.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire3.keystore | Bin 0 -> 1426 bytes .../generator/keys/ibm/gemfire4.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire5.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire6.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire7.keystore | Bin 0 -> 1426 bytes .../generator/keys/ibm/gemfire8.keystore | Bin 0 -> 1434 bytes .../generator/keys/ibm/gemfire9.keystore | Bin 0 -> 1426 bytes .../security/generator/keys/ibm/publickeyfile | Bin 0 -> 4535 bytes .../geode/security/generator/keys/publickeyfile | Bin 0 -> 4535 bytes .../org/apache/geode/security/peerAuth.json | 36 + .../geode/security/templates/authz5_5.dtd | 105 + .../geode/security/templates/authz6_0.dtd | 110 + 202 files changed, 13531 insertions(+), 13531 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java deleted file mode 100644 index 3d22864..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.gemstone.gemfire.security; - -import java.security.Principal; - -import com.gemstone.gemfire.cache.Cache; -import com.gemstone.gemfire.cache.CacheCallback; -import com.gemstone.gemfire.cache.operations.OperationContext; -import com.gemstone.gemfire.distributed.DistributedMember; - -/** - * Specifies the interface to authorize operations at the cache or region level - * for clients or servers. Implementations should register name of the static - * creation function as the <code>security-client-accessor</code> system - * property with all the servers uniformly in the distributed system for client - * authorization. When the <code>security-client-accessor-pp</code> property - * is set then the callback mentioned is invoked after the operation completes - * successfully and when sending notifications. - * - * When the registration has been done for a client/peer then an object of this - * class is created for each connection from the client/peer and the - * <code>authorizeOperation</code> method invoked before/after each operation. - * - * @since GemFire 5.5 - * - * @deprecated since Geode 1.0, use {@link SecurityManager} instead - */ -public interface AccessControl extends CacheCallback { - - /** - * Initialize the callback for a client/peer having the given principal. - * - * This is invoked when a new connection from a client/peer is created with - * the host. The callback is expected to store authentication information of - * the given principal for the different regions for maximum efficiency when - * invoking <code>authorizeOperation</code> in each operation. - * - * @param principal - * the principal associated with the authenticated client or - * peer; a null principal implies an unauthenticated client - * which should be handled properly by implementations - * @param remoteMember - * the {@link DistributedMember} object for the remote - * authenticated client or peer - * @param cache - * reference to the cache object - * - * @throws NotAuthorizedException - * if some exception condition happens during the - * initialization; in such a case all subsequent client - * operations on that connection will throw - * <code>NotAuthorizedException</code> - */ - void init(Principal principal, DistributedMember remoteMember, - Cache cache) throws NotAuthorizedException; - - default void init(Principal principal, DistributedMember remoteMember) throws NotAuthorizedException { - init(principal, remoteMember, null); - } - - default void init(Principal principal) throws NotAuthorizedException { - init(principal, null, null); - } - - /** - * Check if the given operation is allowed for the cache/region. - * - * This method is invoked in each cache and region level operation. It is, - * therefore, expected that as far as possible relevant information has been - * cached in the <code>init</code> call made when the connection was - * established so that this call is as quick as possible. - * - * @param regionName - * When null then it indicates a cache-level operation (i.e. - * one of {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#REGION_DESTROY} or - * {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#QUERY}, else the name of the region - * for the operation. - * @param context - * When invoked before the operation then the data required by - * the operation. When invoked as a post-process filter then it - * contains the result of the operation. The data in the - * context can be possibly modified by the method. - * - * @return true if the operation is authorized and false otherwise - * - */ - boolean authorizeOperation(String regionName, OperationContext context); - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java deleted file mode 100644 index e92772b..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.gemstone.gemfire.security; - -import java.util.Properties; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.cache.CacheCallback; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.distributed.DistributedSystem; -import com.gemstone.gemfire.internal.cache.GemFireCacheImpl; - -// TODO Add example usage of this interface and configuration details -/** - * Specifies the mechanism to obtain credentials for a client or peer. It is - * mandatory for clients and peers when running in secure mode and an - * {@link Authenticator} has been configured on the server/locator side - * respectively. Implementations should register name of the static creation - * function (that returns an object of the class) as the - * <i>security-peer-auth-init</i> system property on peers and as the - * <i>security-client-auth-init</i> system property on clients. - * - * @since GemFire 5.5 - */ -public interface AuthInitialize extends CacheCallback { - - /** - * Initialize the callback for a client/peer. This is invoked when a new - * connection from a client/peer is created with the host. - * - * @param systemLogger - * {@link LogWriter} for system logs - * @param securityLogger - * {@link LogWriter} for security logs - * - * @throws AuthenticationFailedException - * if some exception occurs during the initialization - * - * @deprecated since Geode 1.0, use init() - */ - public void init(LogWriter systemLogger, LogWriter securityLogger) - throws AuthenticationFailedException; - - /** - * @since Geode 1.0. implement this method instead of init with logwriters. - * Implementation should use log4j instead of these loggers. - */ - default public void init(){ - GemFireCacheImpl cache = GemFireCacheImpl.getInstance(); - init(cache.getLogger(), cache.getSecurityLogger()); - } - /** - * Initialize with the given set of security properties and return the - * credentials for the peer/client as properties. - * - * This method can modify the given set of properties. For example it may - * invoke external agents or even interact with the user. - * - * Normally it is expected that implementations will filter out <i>security-*</i> - * properties that are needed for credentials and return only those. - * - * @param securityProps - * the security properties obtained using a call to - * {@link DistributedSystem#getSecurityProperties} that will be - * used for obtaining the credentials - * @param server - * the {@link DistributedMember} object of the - * server/group-coordinator to which connection is being - * attempted - * @param isPeer - * true when this is invoked for peer initialization and false - * when invoked for client initialization - * - * @throws AuthenticationFailedException - * in case of failure to obtain the credentials - * - * @return the credentials to be used for the given <code>server</code> - */ - public Properties getCredentials(Properties securityProps, - DistributedMember server, boolean isPeer) - throws AuthenticationFailedException; -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java deleted file mode 100644 index 3ab728f..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.gemstone.gemfire.security; - -/** - * Thrown if authentication of this client/peer fails. - * - * @since GemFire 5.5 - */ -public class AuthenticationFailedException extends GemFireSecurityException { -private static final long serialVersionUID = -8202866472279088879L; - - // TODO Derive from SecurityException - /** - * Constructs instance of <code>AuthenticationFailedException</code> with - * error message. - * - * @param message - * the error message - */ - public AuthenticationFailedException(String message) { - super(message); - } - - /** - * Constructs instance of <code>AuthenticationFailedException</code> with - * error message and cause. - * - * @param message - * the error message - * @param cause - * a <code>Throwable</code> that is a cause of this exception - */ - public AuthenticationFailedException(String message, Throwable cause) { - super(message, cause); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java deleted file mode 100644 index f67af39..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.gemstone.gemfire.security; - -/** - * Thrown if the distributed system is in secure mode and this client/peer has - * not set the security credentials. - * - * @since GemFire 5.5 - */ -public class AuthenticationRequiredException extends GemFireSecurityException { -private static final long serialVersionUID = 4675976651103154919L; - - /** - * Constructs instance of <code>NotAuthenticatedException</code> with error - * message. - * - * @param message - * the error message - */ - public AuthenticationRequiredException(String message) { - super(message); - } - - /** - * Constructs instance of <code>NotAuthenticatedException</code> with error - * message and cause. - * - * @param message - * the error message - * @param cause - * a <code>Throwable</code> that is a cause of this exception - */ - public AuthenticationRequiredException(String message, Throwable cause) { - super(message, cause); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java deleted file mode 100644 index f66f092..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.gemstone.gemfire.security; - -import java.security.Principal; -import java.util.Properties; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.cache.CacheCallback; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.distributed.DistributedSystem; - -/** - * Specifies the mechanism to verify credentials for a client or peer. - * Implementations should register name of the static creation function as the - * <code>security-peer-authenticator</code> system property with all the - * locators in the distributed system for peer authentication, and as - * <code>security-client-authenticator</code> for client authentication. For - * P2P an object is initialized on the group coordinator for each member during - * the {@link DistributedSystem#connect(Properties)} call of a new member. For - * client-server, an object of this class is created for each connection during - * the client-server handshake. - * - * The static creation function should have the following signature: - * <code>public static Authenticator [method-name]();</code> i.e. it should be - * a zero argument function. - * - * @since GemFire 5.5 - * - * @deprecated since Geode 1.0, use {@link SecurityManager} instead - */ -public interface Authenticator extends CacheCallback { - - /** - * Initialize the callback for a client/peer. This is invoked when a new - * connection from a client/peer is created with the host. - * - * @param securityProps - * the security properties obtained using a call to - * {@link DistributedSystem#getSecurityProperties} - * @param systemLogger - * {@link LogWriter} for system logs - * @param securityLogger - * {@link LogWriter} for security logs - * - * @throws AuthenticationFailedException - * if some exception occurs during the initialization - */ - void init(Properties securityProps, LogWriter systemLogger, - LogWriter securityLogger) throws AuthenticationFailedException; - - default void init(Properties securityProps) throws AuthenticationFailedException{ - init(securityProps, null, null); - } - - /** - * Verify the credentials provided in the properties for the client/peer as - * specified in member ID and returns the principal associated with the - * client/peer. - * - * @param props - * the credentials of the client/peer as a set of property - * key/values - * @param member - * the {@link DistributedMember} object of the connecting - * client/peer member. NULL when invoked locally on the - * member initiating the authentication request. - * - * @return the principal for the client/peer when authentication succeeded - * - * @throws AuthenticationFailedException - * If the authentication of the client/peer fails. - */ - Principal authenticate(Properties props, DistributedMember member) - throws AuthenticationFailedException; - - default Principal authenticate(Properties props) throws AuthenticationFailedException{ - return authenticate(props, null); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java deleted file mode 100644 index 049137d..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security; - -import java.io.IOException; -import java.io.ObjectOutputStream; -import java.io.Serializable; -import javax.naming.NamingException; - -import com.gemstone.gemfire.GemFireException; - -/** - * The base class for all com.gemstone.gemfire.security package related - * exceptions. - * - * @since GemFire 5.5 - */ -public class GemFireSecurityException extends GemFireException { - - private static final long serialVersionUID = 3814254578203076926L; - - private Throwable cause; - - /** - * Constructs a new exception with the specified detail message. - * - * @param message the detail message (which is saved for later retrieval - * by the {@link #getMessage()} method). (A <tt>null</tt> value - * is permitted.) - */ - public GemFireSecurityException(final String message) { - this(message, null); - } - - /** - * Constructs a new exception with the specified cause. - * - * <p>Note that the detail message associated with {@code cause} <i>is</i> - * automatically used as this exception's detail message. - * - * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A <tt>null</tt> value is - * permitted, and indicates that the cause is nonexistent or - * unknown.) - */ - public GemFireSecurityException(final Throwable cause) { - this(cause != null ? cause.getMessage() : null, cause); - } - - /** - * Constructs a new exception with the specified detail message and cause. - * - * <p>If {@code message} is null, then the detail message associated with - * {@code cause} <i>is</i> automatically used as this exception's detail - * message. - * - * @param message the detail message (which is saved for later retrieval - * by the {@link #getMessage()} method). (A <tt>null</tt> value - * is permitted.) - * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A <tt>null</tt> value is - * permitted, and indicates that the cause is nonexistent or - * unknown.) - */ - public GemFireSecurityException(final String message, final Throwable cause) { - super(message != null ? message : (cause != null ? cause.getMessage() : null)); - this.cause = cause; - } - - @Override - public final synchronized Throwable getCause() { - return (this.cause == this ? null : this.cause); - } - - /** - * Returns true if the provided {@code object} implements {@code Serializable}. - * - * @param object the {@code object} to test for implementing {@code Serializable}. - * @return true if the provided {@code object} implements {@code Serializable}. - */ - protected final boolean isSerializable(final Object object) { - if (object == null) { - return true; - } - return Serializable.class.isInstance(object); - } - - /** - * Returns {@link NamingException#getResolvedObj()} if the {@code cause} - * is a {@code NamingException}. Returns <tt>null</tt> for any other type - * of {@code cause}. - * - * @return {@code NamingException#getResolvedObj()} if the {@code cause} - * is a {@code NamingException}. - */ - protected final Object getResolvedObj() { - final Throwable thisCause = this.cause; - if (thisCause != null && NamingException.class.isInstance(thisCause)) { - return ((NamingException) thisCause).getResolvedObj(); - } - return null; - } - - private synchronized void writeObject(final ObjectOutputStream out) throws IOException { - final Object resolvedObj = getResolvedObj(); - if (isSerializable(resolvedObj)) { - out.defaultWriteObject(); - } else { - final NamingException namingException = (NamingException) getCause(); - namingException.setResolvedObj(null); - try { - out.defaultWriteObject(); - } finally { - namingException.setResolvedObj(resolvedObj); - } - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java deleted file mode 100644 index 2e834f8..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security; - -import java.io.IOException; -import java.io.ObjectOutputStream; -import java.security.Principal; -import javax.naming.NamingException; - -/** - * Thrown when a client/peer is unauthorized to perform a requested operation. - * - * @since GemFire 5.5 - */ -public class NotAuthorizedException extends GemFireSecurityException { - - private static final long serialVersionUID = 419215768216387745L; - - private Principal principal = null; - - /** - * Constructs a new exception with the specified detail message and - * principal. - * - * @param message the detail message (which is saved for later retrieval - * by the {@link #getMessage()} method). (A <tt>null</tt> value - * is permitted.) - */ - public NotAuthorizedException(final String message) { - this(message, null, null); - } - - /** - * Constructs a new exception with the specified detail message and cause. - * - * <p>If {@code message} is null, then the detail message associated with - * {@code cause} <i>is</i> automatically used as this exception's detail - * message. - * - * @param message the detail message (which is saved for later retrieval - * by the {@link #getMessage()} method). (A <tt>null</tt> value - * is permitted.) - * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A <tt>null</tt> value is - * permitted, and indicates that the cause is nonexistent or - * unknown.) - */ - public NotAuthorizedException(final String message, final Throwable cause) { - this(message, cause, null); - } - - /** - * Constructs a new exception with the specified detail message and - * principal. - * - * @param message the detail message (which is saved for later retrieval - * by the {@link #getMessage()} method). (A <tt>null</tt> value - * is permitted.) - * @param principal the principal for which authorization failed. - * (A <tt>null</tt> value is permitted.) - */ - public NotAuthorizedException(final String message, final Principal principal) { - this(message, null, principal); - } - - /** - * Constructs a new exception with the specified detail message, cause and - * principal. - * - * <p>If {@code message} is null, then the detail message associated with - * {@code cause} <i>is</i> automatically used as this exception's detail - * message. - * - * @param message the detail message (which is saved for later retrieval - * by the {@link #getMessage()} method). (A <tt>null</tt> value - * is permitted.) - * @param cause the cause (which is saved for later retrieval by the - * {@link #getCause()} method). (A <tt>null</tt> value is - * permitted, and indicates that the cause is nonexistent or - * unknown.) - * @param principal the principal for which authorization failed. - * (A <tt>null</tt> value is permitted.) - */ - public NotAuthorizedException(final String message, final Throwable cause, final Principal principal) { - super(message, cause); - this.principal = principal; - } - - /** - * Returns the {@code principal} for which authorization failed. - * - * @return the {@code principal} for which authorization failed. - */ - public synchronized Principal getPrincipal() { - return this.principal; - } - - private synchronized void writeObject(final ObjectOutputStream out) throws IOException { - final Principal thisPrincipal = this.principal; - if (!isSerializable(thisPrincipal)) { - this.principal = null; - } - - final Object resolvedObj = getResolvedObj(); - NamingException namingException = null; - if (!isSerializable(resolvedObj)) { - namingException = (NamingException) getCause(); - namingException.setResolvedObj(null); - } - - try { - out.defaultWriteObject(); - } finally { - this.principal = thisPrincipal; - if (namingException != null) { - namingException.setResolvedObj(resolvedObj); - } - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/package.html ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/package.html b/geode-core/src/main/java/com/gemstone/gemfire/security/package.html deleted file mode 100644 index 7772765..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/package.html +++ /dev/null @@ -1,39 +0,0 @@ -<!-- -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. ---> -<HTML> -<BODY> - -<P>Provides an API for plugging in authentication and authorization -for members of a distributed system and clients. - -<H3>GemFire security framework</H3> -The security framework tackles two requirements: authentication of nodes -and authorization for operations. The authentication piece deals with -authentication of nodes in a peer-to-peer network as well as of the clients -that connect to the servers. - -<P> -<I> -It is not our plan to provide a sophisticated security infrastructure -built into GemFire. Most enterprise customers have their own authentication -and entitlement management infrastructure and our plan is make sure the -framework allows application administrators to delegate the responsibility -to external providers. -</I> - -</BODY> -</HTML> http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AccessControl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/AccessControl.java b/geode-core/src/main/java/org/apache/geode/security/AccessControl.java new file mode 100644 index 0000000..3d22864 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/AccessControl.java @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.gemstone.gemfire.security; + +import java.security.Principal; + +import com.gemstone.gemfire.cache.Cache; +import com.gemstone.gemfire.cache.CacheCallback; +import com.gemstone.gemfire.cache.operations.OperationContext; +import com.gemstone.gemfire.distributed.DistributedMember; + +/** + * Specifies the interface to authorize operations at the cache or region level + * for clients or servers. Implementations should register name of the static + * creation function as the <code>security-client-accessor</code> system + * property with all the servers uniformly in the distributed system for client + * authorization. When the <code>security-client-accessor-pp</code> property + * is set then the callback mentioned is invoked after the operation completes + * successfully and when sending notifications. + * + * When the registration has been done for a client/peer then an object of this + * class is created for each connection from the client/peer and the + * <code>authorizeOperation</code> method invoked before/after each operation. + * + * @since GemFire 5.5 + * + * @deprecated since Geode 1.0, use {@link SecurityManager} instead + */ +public interface AccessControl extends CacheCallback { + + /** + * Initialize the callback for a client/peer having the given principal. + * + * This is invoked when a new connection from a client/peer is created with + * the host. The callback is expected to store authentication information of + * the given principal for the different regions for maximum efficiency when + * invoking <code>authorizeOperation</code> in each operation. + * + * @param principal + * the principal associated with the authenticated client or + * peer; a null principal implies an unauthenticated client + * which should be handled properly by implementations + * @param remoteMember + * the {@link DistributedMember} object for the remote + * authenticated client or peer + * @param cache + * reference to the cache object + * + * @throws NotAuthorizedException + * if some exception condition happens during the + * initialization; in such a case all subsequent client + * operations on that connection will throw + * <code>NotAuthorizedException</code> + */ + void init(Principal principal, DistributedMember remoteMember, + Cache cache) throws NotAuthorizedException; + + default void init(Principal principal, DistributedMember remoteMember) throws NotAuthorizedException { + init(principal, remoteMember, null); + } + + default void init(Principal principal) throws NotAuthorizedException { + init(principal, null, null); + } + + /** + * Check if the given operation is allowed for the cache/region. + * + * This method is invoked in each cache and region level operation. It is, + * therefore, expected that as far as possible relevant information has been + * cached in the <code>init</code> call made when the connection was + * established so that this call is as quick as possible. + * + * @param regionName + * When null then it indicates a cache-level operation (i.e. + * one of {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#REGION_DESTROY} or + * {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#QUERY}, else the name of the region + * for the operation. + * @param context + * When invoked before the operation then the data required by + * the operation. When invoked as a post-process filter then it + * contains the result of the operation. The data in the + * context can be possibly modified by the method. + * + * @return true if the operation is authorized and false otherwise + * + */ + boolean authorizeOperation(String regionName, OperationContext context); + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java new file mode 100644 index 0000000..e92772b --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java @@ -0,0 +1,97 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.gemstone.gemfire.security; + +import java.util.Properties; + +import com.gemstone.gemfire.LogWriter; +import com.gemstone.gemfire.cache.CacheCallback; +import com.gemstone.gemfire.distributed.DistributedMember; +import com.gemstone.gemfire.distributed.DistributedSystem; +import com.gemstone.gemfire.internal.cache.GemFireCacheImpl; + +// TODO Add example usage of this interface and configuration details +/** + * Specifies the mechanism to obtain credentials for a client or peer. It is + * mandatory for clients and peers when running in secure mode and an + * {@link Authenticator} has been configured on the server/locator side + * respectively. Implementations should register name of the static creation + * function (that returns an object of the class) as the + * <i>security-peer-auth-init</i> system property on peers and as the + * <i>security-client-auth-init</i> system property on clients. + * + * @since GemFire 5.5 + */ +public interface AuthInitialize extends CacheCallback { + + /** + * Initialize the callback for a client/peer. This is invoked when a new + * connection from a client/peer is created with the host. + * + * @param systemLogger + * {@link LogWriter} for system logs + * @param securityLogger + * {@link LogWriter} for security logs + * + * @throws AuthenticationFailedException + * if some exception occurs during the initialization + * + * @deprecated since Geode 1.0, use init() + */ + public void init(LogWriter systemLogger, LogWriter securityLogger) + throws AuthenticationFailedException; + + /** + * @since Geode 1.0. implement this method instead of init with logwriters. + * Implementation should use log4j instead of these loggers. + */ + default public void init(){ + GemFireCacheImpl cache = GemFireCacheImpl.getInstance(); + init(cache.getLogger(), cache.getSecurityLogger()); + } + /** + * Initialize with the given set of security properties and return the + * credentials for the peer/client as properties. + * + * This method can modify the given set of properties. For example it may + * invoke external agents or even interact with the user. + * + * Normally it is expected that implementations will filter out <i>security-*</i> + * properties that are needed for credentials and return only those. + * + * @param securityProps + * the security properties obtained using a call to + * {@link DistributedSystem#getSecurityProperties} that will be + * used for obtaining the credentials + * @param server + * the {@link DistributedMember} object of the + * server/group-coordinator to which connection is being + * attempted + * @param isPeer + * true when this is invoked for peer initialization and false + * when invoked for client initialization + * + * @throws AuthenticationFailedException + * in case of failure to obtain the credentials + * + * @return the credentials to be used for the given <code>server</code> + */ + public Properties getCredentials(Properties securityProps, + DistributedMember server, boolean isPeer) + throws AuthenticationFailedException; +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java b/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java new file mode 100644 index 0000000..3ab728f --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.gemstone.gemfire.security; + +/** + * Thrown if authentication of this client/peer fails. + * + * @since GemFire 5.5 + */ +public class AuthenticationFailedException extends GemFireSecurityException { +private static final long serialVersionUID = -8202866472279088879L; + + // TODO Derive from SecurityException + /** + * Constructs instance of <code>AuthenticationFailedException</code> with + * error message. + * + * @param message + * the error message + */ + public AuthenticationFailedException(String message) { + super(message); + } + + /** + * Constructs instance of <code>AuthenticationFailedException</code> with + * error message and cause. + * + * @param message + * the error message + * @param cause + * a <code>Throwable</code> that is a cause of this exception + */ + public AuthenticationFailedException(String message, Throwable cause) { + super(message, cause); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java b/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java new file mode 100644 index 0000000..f67af39 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.gemstone.gemfire.security; + +/** + * Thrown if the distributed system is in secure mode and this client/peer has + * not set the security credentials. + * + * @since GemFire 5.5 + */ +public class AuthenticationRequiredException extends GemFireSecurityException { +private static final long serialVersionUID = 4675976651103154919L; + + /** + * Constructs instance of <code>NotAuthenticatedException</code> with error + * message. + * + * @param message + * the error message + */ + public AuthenticationRequiredException(String message) { + super(message); + } + + /** + * Constructs instance of <code>NotAuthenticatedException</code> with error + * message and cause. + * + * @param message + * the error message + * @param cause + * a <code>Throwable</code> that is a cause of this exception + */ + public AuthenticationRequiredException(String message, Throwable cause) { + super(message, cause); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/Authenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/Authenticator.java b/geode-core/src/main/java/org/apache/geode/security/Authenticator.java new file mode 100644 index 0000000..f66f092 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/Authenticator.java @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.gemstone.gemfire.security; + +import java.security.Principal; +import java.util.Properties; + +import com.gemstone.gemfire.LogWriter; +import com.gemstone.gemfire.cache.CacheCallback; +import com.gemstone.gemfire.distributed.DistributedMember; +import com.gemstone.gemfire.distributed.DistributedSystem; + +/** + * Specifies the mechanism to verify credentials for a client or peer. + * Implementations should register name of the static creation function as the + * <code>security-peer-authenticator</code> system property with all the + * locators in the distributed system for peer authentication, and as + * <code>security-client-authenticator</code> for client authentication. For + * P2P an object is initialized on the group coordinator for each member during + * the {@link DistributedSystem#connect(Properties)} call of a new member. For + * client-server, an object of this class is created for each connection during + * the client-server handshake. + * + * The static creation function should have the following signature: + * <code>public static Authenticator [method-name]();</code> i.e. it should be + * a zero argument function. + * + * @since GemFire 5.5 + * + * @deprecated since Geode 1.0, use {@link SecurityManager} instead + */ +public interface Authenticator extends CacheCallback { + + /** + * Initialize the callback for a client/peer. This is invoked when a new + * connection from a client/peer is created with the host. + * + * @param securityProps + * the security properties obtained using a call to + * {@link DistributedSystem#getSecurityProperties} + * @param systemLogger + * {@link LogWriter} for system logs + * @param securityLogger + * {@link LogWriter} for security logs + * + * @throws AuthenticationFailedException + * if some exception occurs during the initialization + */ + void init(Properties securityProps, LogWriter systemLogger, + LogWriter securityLogger) throws AuthenticationFailedException; + + default void init(Properties securityProps) throws AuthenticationFailedException{ + init(securityProps, null, null); + } + + /** + * Verify the credentials provided in the properties for the client/peer as + * specified in member ID and returns the principal associated with the + * client/peer. + * + * @param props + * the credentials of the client/peer as a set of property + * key/values + * @param member + * the {@link DistributedMember} object of the connecting + * client/peer member. NULL when invoked locally on the + * member initiating the authentication request. + * + * @return the principal for the client/peer when authentication succeeded + * + * @throws AuthenticationFailedException + * If the authentication of the client/peer fails. + */ + Principal authenticate(Properties props, DistributedMember member) + throws AuthenticationFailedException; + + default Principal authenticate(Properties props) throws AuthenticationFailedException{ + return authenticate(props, null); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java b/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java new file mode 100644 index 0000000..049137d --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java @@ -0,0 +1,132 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import java.io.IOException; +import java.io.ObjectOutputStream; +import java.io.Serializable; +import javax.naming.NamingException; + +import com.gemstone.gemfire.GemFireException; + +/** + * The base class for all com.gemstone.gemfire.security package related + * exceptions. + * + * @since GemFire 5.5 + */ +public class GemFireSecurityException extends GemFireException { + + private static final long serialVersionUID = 3814254578203076926L; + + private Throwable cause; + + /** + * Constructs a new exception with the specified detail message. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + */ + public GemFireSecurityException(final String message) { + this(message, null); + } + + /** + * Constructs a new exception with the specified cause. + * + * <p>Note that the detail message associated with {@code cause} <i>is</i> + * automatically used as this exception's detail message. + * + * @param cause the cause (which is saved for later retrieval by the + * {@link #getCause()} method). (A <tt>null</tt> value is + * permitted, and indicates that the cause is nonexistent or + * unknown.) + */ + public GemFireSecurityException(final Throwable cause) { + this(cause != null ? cause.getMessage() : null, cause); + } + + /** + * Constructs a new exception with the specified detail message and cause. + * + * <p>If {@code message} is null, then the detail message associated with + * {@code cause} <i>is</i> automatically used as this exception's detail + * message. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + * @param cause the cause (which is saved for later retrieval by the + * {@link #getCause()} method). (A <tt>null</tt> value is + * permitted, and indicates that the cause is nonexistent or + * unknown.) + */ + public GemFireSecurityException(final String message, final Throwable cause) { + super(message != null ? message : (cause != null ? cause.getMessage() : null)); + this.cause = cause; + } + + @Override + public final synchronized Throwable getCause() { + return (this.cause == this ? null : this.cause); + } + + /** + * Returns true if the provided {@code object} implements {@code Serializable}. + * + * @param object the {@code object} to test for implementing {@code Serializable}. + * @return true if the provided {@code object} implements {@code Serializable}. + */ + protected final boolean isSerializable(final Object object) { + if (object == null) { + return true; + } + return Serializable.class.isInstance(object); + } + + /** + * Returns {@link NamingException#getResolvedObj()} if the {@code cause} + * is a {@code NamingException}. Returns <tt>null</tt> for any other type + * of {@code cause}. + * + * @return {@code NamingException#getResolvedObj()} if the {@code cause} + * is a {@code NamingException}. + */ + protected final Object getResolvedObj() { + final Throwable thisCause = this.cause; + if (thisCause != null && NamingException.class.isInstance(thisCause)) { + return ((NamingException) thisCause).getResolvedObj(); + } + return null; + } + + private synchronized void writeObject(final ObjectOutputStream out) throws IOException { + final Object resolvedObj = getResolvedObj(); + if (isSerializable(resolvedObj)) { + out.defaultWriteObject(); + } else { + final NamingException namingException = (NamingException) getCause(); + namingException.setResolvedObj(null); + try { + out.defaultWriteObject(); + } finally { + namingException.setResolvedObj(resolvedObj); + } + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java b/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java new file mode 100644 index 0000000..2e834f8 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java @@ -0,0 +1,134 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import java.io.IOException; +import java.io.ObjectOutputStream; +import java.security.Principal; +import javax.naming.NamingException; + +/** + * Thrown when a client/peer is unauthorized to perform a requested operation. + * + * @since GemFire 5.5 + */ +public class NotAuthorizedException extends GemFireSecurityException { + + private static final long serialVersionUID = 419215768216387745L; + + private Principal principal = null; + + /** + * Constructs a new exception with the specified detail message and + * principal. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + */ + public NotAuthorizedException(final String message) { + this(message, null, null); + } + + /** + * Constructs a new exception with the specified detail message and cause. + * + * <p>If {@code message} is null, then the detail message associated with + * {@code cause} <i>is</i> automatically used as this exception's detail + * message. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + * @param cause the cause (which is saved for later retrieval by the + * {@link #getCause()} method). (A <tt>null</tt> value is + * permitted, and indicates that the cause is nonexistent or + * unknown.) + */ + public NotAuthorizedException(final String message, final Throwable cause) { + this(message, cause, null); + } + + /** + * Constructs a new exception with the specified detail message and + * principal. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + * @param principal the principal for which authorization failed. + * (A <tt>null</tt> value is permitted.) + */ + public NotAuthorizedException(final String message, final Principal principal) { + this(message, null, principal); + } + + /** + * Constructs a new exception with the specified detail message, cause and + * principal. + * + * <p>If {@code message} is null, then the detail message associated with + * {@code cause} <i>is</i> automatically used as this exception's detail + * message. + * + * @param message the detail message (which is saved for later retrieval + * by the {@link #getMessage()} method). (A <tt>null</tt> value + * is permitted.) + * @param cause the cause (which is saved for later retrieval by the + * {@link #getCause()} method). (A <tt>null</tt> value is + * permitted, and indicates that the cause is nonexistent or + * unknown.) + * @param principal the principal for which authorization failed. + * (A <tt>null</tt> value is permitted.) + */ + public NotAuthorizedException(final String message, final Throwable cause, final Principal principal) { + super(message, cause); + this.principal = principal; + } + + /** + * Returns the {@code principal} for which authorization failed. + * + * @return the {@code principal} for which authorization failed. + */ + public synchronized Principal getPrincipal() { + return this.principal; + } + + private synchronized void writeObject(final ObjectOutputStream out) throws IOException { + final Principal thisPrincipal = this.principal; + if (!isSerializable(thisPrincipal)) { + this.principal = null; + } + + final Object resolvedObj = getResolvedObj(); + NamingException namingException = null; + if (!isSerializable(resolvedObj)) { + namingException = (NamingException) getCause(); + namingException.setResolvedObj(null); + } + + try { + out.defaultWriteObject(); + } finally { + this.principal = thisPrincipal; + if (namingException != null) { + namingException.setResolvedObj(resolvedObj); + } + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/package.html ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/package.html b/geode-core/src/main/java/org/apache/geode/security/package.html new file mode 100644 index 0000000..7772765 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/package.html @@ -0,0 +1,39 @@ +<!-- +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> +<HTML> +<BODY> + +<P>Provides an API for plugging in authentication and authorization +for members of a distributed system and clients. + +<H3>GemFire security framework</H3> +The security framework tackles two requirements: authentication of nodes +and authorization for operations. The authentication piece deals with +authentication of nodes in a peer-to-peer network as well as of the clients +that connect to the servers. + +<P> +<I> +It is not our plan to provide a sophisticated security infrastructure +built into GemFire. Most enterprise customers have their own authentication +and entitlement management infrastructure and our plan is make sure the +framework allows application administrators to delegate the responsibility +to external providers. +</I> + +</BODY> +</HTML> http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java deleted file mode 100644 index fd38814..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; -import static org.assertj.core.api.Assertions.*; - -import java.util.HashMap; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Properties; - -import org.apache.geode.security.templates.SampleSecurityManager; -import org.assertj.core.api.ThrowableAssert.ThrowingCallable; -import org.junit.Before; - -import com.gemstone.gemfire.cache.Cache; -import com.gemstone.gemfire.cache.CacheFactory; -import com.gemstone.gemfire.cache.Region; -import com.gemstone.gemfire.cache.RegionShortcut; -import com.gemstone.gemfire.cache.client.ClientCache; -import com.gemstone.gemfire.cache.client.ClientCacheFactory; -import com.gemstone.gemfire.cache.client.ClientRegionShortcut; -import com.gemstone.gemfire.cache.server.CacheServer; -import com.gemstone.gemfire.distributed.*; -import com.gemstone.gemfire.security.templates.UserPasswordAuthInit; -import com.gemstone.gemfire.test.dunit.Host; -import com.gemstone.gemfire.test.dunit.Invoke; -import com.gemstone.gemfire.test.dunit.VM; -import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase; - -public class AbstractSecureServerDUnitTest extends JUnit4CacheTestCase { - - protected static final String REGION_NAME = "AuthRegion"; - - protected VM client1 = null; - protected VM client2 = null; - protected VM client3 = null; - protected int serverPort; - - // child classes can customize these parameters - protected Class postProcessor = null; - protected boolean pdxPersistent = false; - protected int jmxPort = 0; - protected int restPort = 0; - protected Map<String, Object> values; - protected volatile Properties dsProperties; - - public AbstractSecureServerDUnitTest(){ - values = new HashMap(); - for(int i=0; i<5; i++){ - values.put("key"+i, "value"+i); - } - } - - @Before - public void before() throws Exception { - final Host host = Host.getHost(0); - this.client1 = host.getVM(1); - this.client2 = host.getVM(2); - this.client3 = host.getVM(3); - - Properties props = new Properties(); - props.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json"); - props.setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName()); -// props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); - props.setProperty(LOCATORS, ""); - props.setProperty(MCAST_PORT, "0"); - if (postProcessor!=null) { - props.setProperty(SECURITY_POST_PROCESSOR, postProcessor.getName()); - } - props.setProperty(SECURITY_LOG_LEVEL, "finest"); - - props.setProperty("security-pdx", pdxPersistent+""); - if(jmxPort>0){ - props.put(JMX_MANAGER, "true"); - props.put(JMX_MANAGER_START, "true"); - props.put(JMX_MANAGER_PORT, String.valueOf(jmxPort)); - } - - if(restPort>0){ - props.setProperty(START_DEV_REST_API, "true"); - props.setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost"); - props.setProperty(HTTP_SERVICE_PORT, restPort+""); - } - - props.put(ConfigurationProperties.ENABLE_NETWORK_PARTITION_DETECTION, "false"); - - this.dsProperties = props; - - getSystem(props); - - CacheFactory cf = new CacheFactory(); - cf.setPdxPersistent(pdxPersistent); - cf.setPdxReadSerialized(pdxPersistent); - Cache cache = getCache(cf); - - Region region = cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME); - - CacheServer server = cache.addCacheServer(); - server.setPort(0); - server.start(); - - this.serverPort = server.getPort(); - - for(Entry entry:values.entrySet()){ - region.put(entry.getKey(), entry.getValue()); - } - } - - @Override - public Properties getDistributedSystemProperties() { - return dsProperties; - } - - @Override - public void preTearDownCacheTestCase() throws Exception { - Invoke.invokeInEveryVM(()->closeCache()); - closeCache(); - } - - public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) { - assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString); - } - - public static Properties createClientProperties(String userName, String password) { - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, password); - props.setProperty(LOG_LEVEL, "fine"); - props.setProperty(LOCATORS, ""); - props.setProperty(MCAST_PORT, "0"); - props.setProperty(SECURITY_CLIENT_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create"); - props.setProperty(SECURITY_LOG_LEVEL, "finest"); - return props; - } - - public static ClientCache createClientCache(String username, String password, int serverPort){ - ClientCache cache = new ClientCacheFactory(createClientProperties(username, password)) - .setPoolSubscriptionEnabled(true) - .addPoolServer("localhost", serverPort) - .create(); - - cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); - return cache; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java deleted file mode 100644 index dbc782f..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package com.gemstone.gemfire.security; - -import com.gemstone.gemfire.test.junit.categories.DistributedTest; -import com.gemstone.gemfire.test.junit.categories.FlakyTest; -import com.gemstone.gemfire.test.junit.categories.SecurityTest; - -import org.junit.Ignore; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -/** - * Test for authentication from client to server. This tests for both valid and - * invalid credentials/modules. It also checks for authentication - * success/failure in case of failover and for the notification channel. - * - * @since GemFire 5.5 - */ -@Category({ DistributedTest.class, SecurityTest.class }) -public class ClientAuthenticationDUnitTest extends ClientAuthenticationTestCase { - - @Test - public void testValidCredentials() throws Exception { - doTestValidCredentials(false); - } - - @Test - public void testNoCredentials() throws Exception { - doTestNoCredentials(false); - } - - @Test - public void testInvalidCredentials() throws Exception { - doTestInvalidCredentials(false); - } - - @Test - public void testInvalidAuthInit() throws Exception { - doTestInvalidAuthInit(false); - } - - @Test - public void testNoAuthInitWithCredentials() throws Exception { - doTestNoAuthInitWithCredentials(false); - } - - @Test - public void testInvalidAuthenticator() throws Exception { - doTestInvalidAuthenticator(false); - } - - @Test - public void testNoAuthenticatorWithCredentials() throws Exception { - doTestNoAuthenticatorWithCredentials(false); - } - - @Test - public void testCredentialsWithFailover() throws Exception { - doTestCredentialsWithFailover(false); - } - - @Category(FlakyTest.class) // GEODE-838: random ports, thread sleeps, time sensitive - @Test - public void testCredentialsForNotifications() throws Exception { - doTestCredentialsForNotifications(false); - } - - @Ignore("Disabled for unknown reason") - @Test - public void testValidCredentialsForMultipleUsers() throws Exception { - doTestValidCredentials(true); - } -}
