http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java deleted file mode 100644 index 24fcc3f..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package com.gemstone.gemfire.security; - -import org.junit.Ignore; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import com.gemstone.gemfire.test.junit.categories.DistributedTest; -import com.gemstone.gemfire.test.junit.categories.SecurityTest; - -/** - * this class contains test methods that used to be in its superclass but - * that test started taking too long and caused dunit runs to hang - */ -@Category({ DistributedTest.class, SecurityTest.class }) -public class ClientAuthenticationPart2DUnitTest extends ClientAuthenticationTestCase { - - @Test - public void testNoCredentialsForMultipleUsers() throws Exception { - doTestNoCredentials(true); - } - - @Test - public void testInvalidCredentialsForMultipleUsers() throws Exception { - doTestInvalidCredentials(true); - } - - @Test - public void testInvalidAuthInitForMultipleUsers() throws Exception { - doTestInvalidAuthInit(true); - } - - @Test - public void testNoAuthInitWithCredentialsForMultipleUsers() throws Exception { - doTestNoAuthInitWithCredentials(true); - } - - @Test - public void testInvalidAuthenitcatorForMultipleUsers() throws Exception { - doTestInvalidAuthenticator(true); - } - - @Test - public void testNoAuthenticatorWithCredentialsForMultipleUsers() throws Exception { - doTestNoAuthenticatorWithCredentials(true); - } - - @Ignore("Disabled for unknown reason") - @Test - public void testCredentialsWithFailoverForMultipleUsers() throws Exception { - doTestCredentialsWithFailover(true); - } - - @Ignore("Disabled for unknown reason") - @Test - public void testCredentialsForNotificationsForMultipleUsers() throws Exception { - doTestCredentialsForNotifications(true); - } -}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java deleted file mode 100644 index 7e6d022..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java +++ /dev/null @@ -1,562 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.internal.AvailablePort.*; -import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheClient; -import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheServer; -import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.*; -import static com.gemstone.gemfire.security.SecurityTestUtils.*; -import static com.gemstone.gemfire.security.SecurityTestUtils.createCacheClient; -import static com.gemstone.gemfire.test.dunit.IgnoredException.*; -import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*; -import static com.gemstone.gemfire.test.dunit.Wait.*; - -import java.io.IOException; -import java.util.Properties; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLHandshakeException; - -import com.gemstone.gemfire.security.generator.CredentialGenerator; -import com.gemstone.gemfire.security.generator.DummyCredentialGenerator; -import com.gemstone.gemfire.test.dunit.Host; -import com.gemstone.gemfire.test.dunit.VM; -import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase; - -public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTestCase { - - private VM server1 = null; - private VM server2 = null; - private VM client1 = null; - private VM client2 = null; - - private static final String[] serverIgnoredExceptions = { - AuthenticationRequiredException.class.getName(), - AuthenticationFailedException.class.getName(), - GemFireSecurityException.class.getName(), - ClassNotFoundException.class.getName(), - IOException.class.getName(), - SSLException.class.getName(), - SSLHandshakeException.class.getName() - }; - - private static final String[] clientIgnoredExceptions = { - AuthenticationRequiredException.class.getName(), - AuthenticationFailedException.class.getName(), - SSLHandshakeException.class.getName() - }; - - @Override - public final void postSetUp() throws Exception { - final Host host = Host.getHost(0); - server1 = host.getVM(0); - server2 = host.getVM(1); - client1 = host.getVM(2); - client2 = host.getVM(3); - - addIgnoredException("Connection refused: connect"); - - server1.invoke(() -> registerExpectedExceptions(serverIgnoredExceptions)); - server2.invoke(() -> registerExpectedExceptions(serverIgnoredExceptions)); - client1.invoke(() -> registerExpectedExceptions(clientIgnoredExceptions)); - client2.invoke(() -> registerExpectedExceptions(clientIgnoredExceptions)); - } - - protected void doTestValidCredentials(final boolean multiUser) throws Exception { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - getLogWriter().info("testValidCredentials: Using scheme: " + gen.classCode()); - getLogWriter().info("testValidCredentials: Using authenticator: " + authenticator); - getLogWriter().info("testValidCredentials: Using authinit: " + authInit); - - // Start the servers - int locPort1 = getLocatorPort(); - int locPort2 = getLocatorPort(); - String locString = getAndClearLocatorString(); - - int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps)); - int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps)); - - // Start the clients with valid credentials - Properties credentials1 = gen.getValidCredentials(1); - Properties javaProps1 = gen.getJavaProperties(); - - getLogWriter().info("testValidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); - - Properties credentials2 = gen.getValidCredentials(2); - Properties javaProps2 = gen.getJavaProperties(); - - getLogWriter().info("testValidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2); - - createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2)); - - // Verify that the puts succeeded - client2.invoke(() -> doGets(2)); - - if (multiUser) { - client1.invoke(() -> doProxyCacheClose()); - client2.invoke(() -> doProxyCacheClose()); - client1.invoke(() -> doSimplePut("CacheClosedException")); - client2.invoke(() -> doSimpleGet("CacheClosedException")); - } - } - - protected void doTestNoCredentials(final boolean multiUser) throws Exception { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - getLogWriter().info("testNoCredentials: Using scheme: " + gen.classCode()); - getLogWriter().info("testNoCredentials: Using authenticator: " + authenticator); - getLogWriter().info("testNoCredentials: Using authinit: " + authInit); - - // Start the servers - int locPort1 = getLocatorPort(); - int locPort2 = getLocatorPort(); - String locString = getAndClearLocatorString(); - - int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString); - int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps)); - - // Start first client with valid credentials - Properties credentials1 = gen.getValidCredentials(1); - Properties javaProps1 = gen.getJavaProperties(); - - getLogWriter().info("testNoCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); - - createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2)); - - // Trying to create the region on client2 - if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) { - // For SSL the exception may not come since the server can close socket - // before handshake message is sent from client. However exception - // should come in any region operations. - client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, NO_EXCEPTION)); - client2.invoke(() -> doPuts(2, OTHER_EXCEPTION)); - - } else { - client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); - } - } - - protected void doTestInvalidCredentials(final boolean multiUser) throws Exception { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - getLogWriter().info("testInvalidCredentials: Using scheme: " + gen.classCode()); - getLogWriter().info("testInvalidCredentials: Using authenticator: " + authenticator); - getLogWriter().info("testInvalidCredentials: Using authinit: " + authInit); - - // Start the servers - int locPort1 = getLocatorPort(); - int locPort2 = getLocatorPort(); - String locString = getAndClearLocatorString(); - - int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString); - int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps)); - - // Start first client with valid credentials - Properties credentials1 = gen.getValidCredentials(1); - Properties javaProps1 = gen.getJavaProperties(); - getLogWriter().info("testInvalidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); - - createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2)); - - // Start second client with invalid credentials - // Trying to create the region on client2 should throw a security - // exception - Properties credentials2 = gen.getInvalidCredentials(1); - Properties javaProps2 = gen.getJavaProperties(); - getLogWriter().info("testInvalidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2); - - client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION)); - } - - protected void doTestInvalidAuthInit(final boolean multiUser) throws Exception { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - final Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - - getLogWriter().info("testInvalidAuthInit: Using scheme: " + gen.classCode()); - getLogWriter().info("testInvalidAuthInit: Using authenticator: " + authenticator); - - // Start the server - int locPort1 = getLocatorPort(); - String locString = getAndClearLocatorString(); - - int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString); - Properties credentials = gen.getValidCredentials(1); - getLogWriter().info("testInvalidAuthInit: For first client credentials: " + credentials + " : " + javaProps); - - client1.invoke(() -> createCacheClient("com.gemstone.none", credentials, javaProps, new int[] { port1 }, 0, false, multiUser, true, SECURITY_EXCEPTION)); - } - - protected void doTestNoAuthInitWithCredentials(final boolean multiUser) throws Exception { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - - getLogWriter().info("testNoAuthInitWithCredentials: Using scheme: " + gen.classCode()); - getLogWriter().info("testNoAuthInitWithCredentials: Using authenticator: " + authenticator); - - // Start the servers - int locPort1 = getLocatorPort(); - int locPort2 = getLocatorPort(); - String locString = getAndClearLocatorString(); - - int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString); - int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps)); - - // Start the clients with valid credentials - Properties credentials1 = gen.getValidCredentials(1); - Properties javaProps1 = gen.getJavaProperties(); - getLogWriter().info("testNoAuthInitWithCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); - - Properties credentials2 = gen.getValidCredentials(2); - Properties javaProps2 = gen.getJavaProperties(); - getLogWriter().info("testNoAuthInitWithCredentials: For second client credentials: " + credentials2 + " : " + javaProps2); - - client1.invoke(() -> createCacheClient(null, credentials1, javaProps1, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); - client2.invoke(() -> createCacheClient(null, credentials2, javaProps2, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); - client2.invoke(() -> closeCache()); - - // Now also try with invalid credentials - Properties credentials3 = gen.getInvalidCredentials(5); - Properties javaProps3 = gen.getJavaProperties(); - - client2.invoke(() -> createCacheClient(null, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); - } - - /** - * NOTE: "final boolean multiUser" is unused - */ - protected void doTestInvalidAuthenticator(final boolean multiUser) throws Exception { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authInit = gen.getAuthInit(); - - getLogWriter().info("testInvalidAuthenticator: Using scheme: " + gen.classCode()); - getLogWriter().info("testInvalidAuthenticator: Using authinit: " + authInit); - - // Start the server with invalid authenticator - int locPort1 = getLocatorPort(); - String locString = getAndClearLocatorString(); - - server1.invoke(() -> createCacheServer(locPort1, locString, "com.gemstone.gemfire.none", extraProps, javaProps, AUTHREQ_EXCEPTION)); - } - - protected void doTestNoAuthenticatorWithCredentials(final boolean multiUser) throws Exception { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - getLogWriter().info("testNoAuthenticatorWithCredentials: Using scheme: " + gen.classCode()); - getLogWriter().info("testNoAuthenticatorWithCredentials: Using authinit: " + authInit); - - // Start the servers with no authenticator - int locPort1 = getLocatorPort(); - int locPort2 = getLocatorPort(); - String locString = getAndClearLocatorString(); - - int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, null, extraProps, javaProps)); - int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, null, extraProps, javaProps)); - - // Clients should connect successfully and work properly with - // valid/invalid credentials when none are required on the server side - Properties credentials1 = gen.getValidCredentials(3); - Properties javaProps1 = gen.getJavaProperties(); - getLogWriter().info("testNoAuthenticatorWithCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); - - Properties credentials2 = gen.getInvalidCredentials(5); - Properties javaProps2 = gen.getJavaProperties(); - getLogWriter().info("testNoAuthenticatorWithCredentials: For second client credentials: " + credentials2 + " : " + javaProps2); - - createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2)); - - // Verify that the puts succeeded - client2.invoke(() -> doGets(2)); - } - - protected void doTestCredentialsWithFailover(final boolean multiUser) throws Exception { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - getLogWriter().info("testCredentialsWithFailover: Using scheme: " + gen.classCode()); - getLogWriter().info("testCredentialsWithFailover: Using authenticator: " + authenticator); - getLogWriter().info("testCredentialsWithFailover: Using authinit: " + authInit); - - // Start the first server - int locPort1 = getLocatorPort(); - int locPort2 = getLocatorPort(); - String locString = getAndClearLocatorString(); - - int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps)); - - // Get a port for second server but do not start it - // This forces the clients to connect to the first server - int port2 = getRandomAvailablePort(SOCKET); - - // Start the clients with valid credentials - Properties credentials1 = gen.getValidCredentials(5); - Properties javaProps1 = gen.getJavaProperties(); - getLogWriter().info("testCredentialsWithFailover: For first client credentials: " + credentials1 + " : " + javaProps1); - - Properties credentials2 = gen.getValidCredentials(6); - Properties javaProps2 = gen.getJavaProperties(); - getLogWriter().info("testCredentialsWithFailover: For second client credentials: " + credentials2 + " : " + javaProps2); - - createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2)); - // Verify that the puts succeeded - client2.invoke(() -> doGets(2)); - - // start the second one and stop the first server to force a failover - server2.invoke(() -> createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps)); - server1.invoke(() -> closeCache()); - - // Perform some create/update operations from client1 - client1.invoke(() -> doNPuts(4)); - // Verify that the creates/updates succeeded - client2.invoke(() -> doNGets(4)); - - // Try to connect client2 with no credentials - // Verify that the creation of region throws security exception - if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) { - // For SSL the exception may not come since the server can close socket - // before handshake message is sent from client. However exception - // should come in any region operations. - client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, NOFORCE_AUTHREQ_EXCEPTION)); - client2.invoke(() -> doPuts(2, OTHER_EXCEPTION)); - - } else { - client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); - } - - // Now try to connect client1 with invalid credentials - // Verify that the creation of region throws security exception - Properties credentials3 = gen.getInvalidCredentials(7); - Properties javaProps3 = gen.getJavaProperties(); - getLogWriter().info("testCredentialsWithFailover: For first client invalid credentials: " + credentials3 + " : " + javaProps3); - - client1.invoke(() -> createCacheClient(authInit, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION)); - - if (multiUser) { - client1.invoke(() -> doProxyCacheClose()); - client2.invoke(() -> doProxyCacheClose()); - client1.invoke(() -> doSimplePut("CacheClosedException")); - client2.invoke(() -> doSimpleGet("CacheClosedException")); - } - } - - protected void doTestCredentialsForNotifications(final boolean multiUser) throws Exception { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - getLogWriter().info("testCredentialsForNotifications: Using scheme: " + gen.classCode()); - getLogWriter().info("testCredentialsForNotifications: Using authenticator: " + authenticator); - getLogWriter().info("testCredentialsForNotifications: Using authinit: " + authInit); - - // Start the first server - int locPort1 = getLocatorPort(); - int locPort2 = getLocatorPort(); - String locString = getAndClearLocatorString(); - - int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps)); - - // Get a port for second server but do not start it - // This forces the clients to connect to the first server - int port2 = getRandomAvailablePort(SOCKET); - - // Start the clients with valid credentials - Properties credentials1 = gen.getValidCredentials(3); - Properties javaProps1 = gen.getJavaProperties(); - getLogWriter().info("testCredentialsForNotifications: For first client credentials: " + credentials1 + " : " + javaProps1); - - Properties credentials2 = gen.getValidCredentials(4); - Properties javaProps2 = gen.getJavaProperties(); - getLogWriter().info("testCredentialsForNotifications: For second client credentials: " + credentials2 + " : " + javaProps2); - - createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1); - - // Set up zero forward connections to check notification handshake only - int zeroConns = 0; - createClient2NoException(multiUser, authInit, port1, port2, credentials2, javaProps2, zeroConns); - - // Register interest on all keys on second client - client2.invoke(() -> registerAllInterest()); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2)); - - // Verify that the puts succeeded - client2.invoke(() -> doLocalGets(2)); - - // start the second one and stop the first server to force a failover - server2.invoke(() -> createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps)); - server1.invoke(() -> closeCache()); - - // Wait for failover to complete - pause(500); - - // Perform some create/update operations from client1 - client1.invoke(() -> doNPuts(4)); - // Verify that the creates/updates succeeded - client2.invoke(() -> doNLocalGets(4)); - - // Try to connect client1 with no credentials - // Verify that the creation of region throws security exception - final int p = server1.invoke(() -> createCacheServer(locPort1, locString, 0, authenticator, extraProps, javaProps)); - if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) { - // For SSL the exception may not come since the server can close socket - // before handshake message is sent from client. However exception - // should come in any region operations. - client1.invoke(() -> createCacheClient(null, null, null, p, port2, zeroConns, multiUser, NOFORCE_AUTHREQ_EXCEPTION)); - client1.invoke(() -> doPuts(2, OTHER_EXCEPTION)); - - } else { - client1.invoke(() -> createCacheClient(null, null, null, p, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION)); - } - - // Now try to connect client2 with invalid credentials - // Verify that the creation of region throws security exception - credentials2 = gen.getInvalidCredentials(3); - javaProps2 = gen.getJavaProperties(); - getLogWriter().info("testCredentialsForNotifications: For second client invalid credentials: " + credentials2 + " : " + javaProps2); - - createClient2WithException(multiUser, authInit, p, port2, credentials2, javaProps2, zeroConns); - - // Now try to connect client2 with invalid auth-init method - // Trying to create the region on client with valid credentials should - // throw a security exception - client2.invoke(() -> createCacheClient("com.gemstone.none", credentials1, javaProps1, p, port2, zeroConns, multiUser, SECURITY_EXCEPTION)); - - // Try connection with null auth-init on clients. - // Skip this test for a scheme which does not have an authInit in the - // first place (e.g. SSL). - if (authInit != null && authInit.length() > 0) { - final int p1 = server1.invoke(() -> createCacheServer(locPort1, locString, 0, authenticator, extraProps, javaProps)); - final int p2 = server2.invoke(() -> createCacheServer(locPort2, locString, 0, authenticator, extraProps, javaProps)); - client1.invoke(() -> createCacheClient(null, credentials1, javaProps1, p1, p2, 0, multiUser, AUTHREQ_EXCEPTION)); - - createClient2AuthReqException(multiUser, p1, p2, credentials2, javaProps2, zeroConns); - createClient2AuthReqException(multiUser, p1, p2, credentials2, javaProps2, zeroConns); - - } else { - getLogWriter().info("testCredentialsForNotifications: Skipping null authInit for scheme [" + gen.classCode() + "] which has no authInit"); - } - - // Try connection with null authenticator on server and sending - // valid/invalid credentials. - // If the scheme does not have an authenticator in the first place (e.g. - // SSL) then skip it since this test is useless. - if (authenticator != null && authenticator.length() > 0) { - final int p1 = server1.invoke(() -> createCacheServer(locPort1, locString, 0, null, extraProps, javaProps)); - final int p2 = server2.invoke(() -> createCacheServer(locPort2, locString, 0, null, extraProps, javaProps)); - - createClient1NoException(multiUser, authInit, p1, p2, credentials1, javaProps1); - createClient2NoException(multiUser, authInit, p1, p2, credentials2, javaProps2, zeroConns); - - // Register interest on all keys on second client - client2.invoke(() -> registerAllInterest()); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(4)); - - // Verify that the puts succeeded - client2.invoke(() -> doLocalGets(4)); - - // Now also try with valid credentials on client2 - createClient1NoException(multiUser, authInit, p1, p2, credentials2, javaProps2); - createClient2NoException(multiUser, authInit, p1, p2, credentials1, javaProps1, zeroConns); - - // Register interest on all keys on second client - client2.invoke(() -> registerAllInterest()); - - // Perform some put operations from client1 - client1.invoke(() -> doNPuts(4)); - - // Verify that the puts succeeded - client2.invoke(() -> doNLocalGets(4)); - - } else { - getLogWriter().info("testCredentialsForNotifications: Skipping scheme [" + gen.classCode() + "] which has no authenticator"); - } - } - - private int createServer1(final Properties extraProps, final Properties javaProps, final String authenticator, final int locPort1, final String locString) { - return server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps)); - } - - private void createClient1NoException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2) { - client1.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, NO_EXCEPTION)); - } - - private void createClient2AuthReqException(final boolean multiUser, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) { - client2.invoke(() -> createCacheClient(null, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION)); - } - - private void createClient1WithException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) { - client1.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHFAIL_EXCEPTION)); - } - - private void createClient2WithException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) { - client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHFAIL_EXCEPTION)); - } - - private void createClient2NoException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) { - client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, NO_EXCEPTION)); - } - - private void createClientsNoException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials1, final Properties javaProps1, final Properties credentials2, final Properties javaProps2) { - createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1); - client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, NO_EXCEPTION)); - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java deleted file mode 100644 index 3073705..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; -import static com.gemstone.gemfire.security.SecurityTestUtils.*; -import static org.junit.Assert.*; - -import java.util.Properties; - -import com.gemstone.gemfire.cache.Region; - -/** - * Extracted from ClientAuthenticationDUnitTest - */ -public abstract class ClientAuthenticationTestUtils { - - protected ClientAuthenticationTestUtils() { - } - - protected static Integer createCacheServer(final int locatorPort, final String locatorString, final String authenticator, final Properties extraProps, final Properties javaProps) { - return createCacheServer(locatorPort, locatorString, 0, authenticator, extraProps, javaProps, NO_EXCEPTION); - } - - protected static Integer createCacheServer(final int locatorPort, final String locatorString, final int serverPort, final String authenticator, final Properties extraProps, final Properties javaProps) { - return createCacheServer(locatorPort, locatorString, serverPort, authenticator, extraProps, javaProps, NO_EXCEPTION); - } - protected static Integer createCacheServer(final int locatorPort, final String locatorString, final String authenticator, final Properties extraProps, final Properties javaProps, final int expectedResult) { - - return createCacheServer(locatorPort, locatorString, 0, authenticator, extraProps, javaProps, expectedResult); - } - - protected static Integer createCacheServer(final int locatorPort, final String locatorString, final int serverPort, final String authenticator, final Properties extraProps, final Properties javaProps, int expectedResult) { - Properties authProps; - if (extraProps == null) { - authProps = new Properties(); - } else { - authProps = extraProps; - } - - if (authenticator != null) { - authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticator); - } - return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, locatorString, serverPort, expectedResult); - } - - protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean multiUserMode, final boolean subscriptionEnabled, final int expectedResult) { - SecurityTestUtils.createCacheClient(authInit, authProps, javaProps, ports, numConnections, false, multiUserMode, subscriptionEnabled, expectedResult); - } - - protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean multiUserMode, final int expectedResult) { - createCacheClient(authInit, authProps, javaProps, ports, numConnections, multiUserMode, true, expectedResult); - } - - protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int numConnections, final int expectedResult) { - createCacheClient(authInit, authProps, javaProps, new int[] { port1 }, numConnections, false, true, expectedResult); - } - - protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final int expectedResult) { - createCacheClient(authInit, authProps, javaProps, port1, port2, numConnections, false, expectedResult); - } - - protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final boolean multiUserMode, final int expectedResult) { - createCacheClient(authInit, authProps, javaProps, port1, port2, numConnections, multiUserMode, true, expectedResult); - } - - protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final boolean multiUserMode, final boolean subscriptionEnabled, final int expectedResult) { - createCacheClient(authInit, authProps, javaProps, new int[] { port1, port2 }, numConnections, multiUserMode, subscriptionEnabled, expectedResult); - } - - protected static void registerAllInterest() { - Region region = getCache().getRegion(REGION_NAME); - assertNotNull(region); - region.registerInterestRegex(".*"); - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java deleted file mode 100644 index 79feae9..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java +++ /dev/null @@ -1,647 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.internal.AvailablePort.*; -import static com.gemstone.gemfire.security.SecurityTestUtils.*; -import static com.gemstone.gemfire.test.dunit.Assert.*; -import static com.gemstone.gemfire.test.dunit.IgnoredException.*; -import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*; - -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Properties; - -import com.gemstone.gemfire.internal.AvailablePortHelper; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator; -import com.gemstone.gemfire.security.generator.CredentialGenerator; -import com.gemstone.gemfire.security.generator.DummyCredentialGenerator; -import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator; -import com.gemstone.gemfire.security.templates.UserPasswordAuthInit; -import com.gemstone.gemfire.test.dunit.VM; -import com.gemstone.gemfire.test.junit.categories.DistributedTest; -import com.gemstone.gemfire.test.junit.categories.SecurityTest; - -/** - * Tests for authorization from client to server. This tests for authorization - * of all operations with both valid and invalid credentials/modules with - * pre-operation callbacks. It also checks for authorization in case of - * failover. - * - * @since GemFire 5.5 - */ -@Category({ DistributedTest.class, SecurityTest.class }) -public class ClientAuthorizationDUnitTest extends ClientAuthorizationTestCase { - - @Override - public final void preTearDownClientAuthorizationTestBase() throws Exception { - closeCache(); - } - - @Test - public void testAllowPutsGets() { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit); - getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator); - getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - int port1 = createServer1(javaProps, serverProps); - int port2 = createServer2(javaProps, serverProps); - - // Start client1 with valid CREATE credentials - Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1); - javaProps = cGen.getJavaProperties(); - - getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials); - - createClient1NoException(javaProps, authInit, port1, port2, createCredentials); - - // Start client2 with valid GET credentials - Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2); - javaProps = cGen.getJavaProperties(); - - getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials); - - createClient2NoException(javaProps, authInit, port1, port2, getCredentials); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2, NO_EXCEPTION)); - - // Verify that the gets succeed - client2.invoke(() -> doGets(2, NO_EXCEPTION)); - } - - @Test - public void testPutAllWithSecurity() { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testPutAllWithSecurity: Using authinit: " + authInit); - getLogWriter().info("testPutAllWithSecurity: Using authenticator: " + authenticator); - getLogWriter().info("testPutAllWithSecurity: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - int port1 = createServer1(javaProps, serverProps); - int port2 = createServer2(javaProps, serverProps); - - // Start client1 with valid CREATE credentials - Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUTALL }, new String[] { regionName }, 1); - javaProps = cGen.getJavaProperties(); - - getLogWriter().info("testPutAllWithSecurity: For first client credentials: " + createCredentials); - - createClient1NoException(javaProps, authInit, port1, port2, createCredentials); - - // Perform some put all operations from client1 - client1.invoke(() -> doPutAllP()); - } - - @Test - public void testDisallowPutsGets() { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testDisallowPutsGets: Using authinit: " + authInit); - getLogWriter().info("testDisallowPutsGets: Using authenticator: " + authenticator); - getLogWriter().info("testDisallowPutsGets: Using accessor: " + accessor); - - // Check that we indeed can obtain valid credentials not allowed to do gets - Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1); - Properties createJavaProps = cGen.getJavaProperties(); - - getLogWriter().info("testDisallowPutsGets: For first client credentials: " + createCredentials); - - Properties getCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2); - Properties getJavaProps = cGen.getJavaProperties(); - - getLogWriter().info("testDisallowPutsGets: For second client disallowed GET credentials: " + getCredentials); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - int port1 = createServer1(javaProps, serverProps); - int port2 = createServer2(javaProps, serverProps); - - createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials); - - createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2, NO_EXCEPTION)); - - // Gets as normal user should throw exception - client2.invoke(() -> doGets(2, NOTAUTHZ_EXCEPTION)); - - // Try to connect client2 with reader credentials - getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5); - getJavaProps = cGen.getJavaProperties(); - - getLogWriter().info("testDisallowPutsGets: For second client with GET credentials: " + getCredentials); - - createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); - - // Verify that the gets succeed - client2.invoke(() -> doGets(2, NO_EXCEPTION)); - - // Verify that the puts throw exception - client2.invoke(() -> doNPuts(2, NOTAUTHZ_EXCEPTION)); - } - - @Test - public void testInvalidAccessor() { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testInvalidAccessor: Using authinit: " + authInit); - getLogWriter().info("testInvalidAccessor: Using authenticator: " + authenticator); - - // Start server1 with invalid accessor - Properties serverProps = buildProperties(authenticator, "com.gemstone.none", false, extraAuthProps, extraAuthzProps); - - int port1 = createServer1(javaProps, serverProps); - int port2 = getRandomAvailablePort(SOCKET); - - // Client creation should throw exceptions - Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 3); - Properties createJavaProps = cGen.getJavaProperties(); - - getLogWriter().info("testInvalidAccessor: For first client CREATE credentials: " + createCredentials); - - Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 7); - Properties getJavaProps = cGen.getJavaProperties(); - - getLogWriter().info("testInvalidAccessor: For second client GET credentials: " + getCredentials); - - client1.invoke(() -> ClientAuthenticationTestUtils.createCacheClient( authInit, createCredentials, createJavaProps, port1, port2, 0, false, false, NO_EXCEPTION)); - client1.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION)); - - client2.invoke(() -> ClientAuthenticationTestUtils.createCacheClient( authInit, getCredentials, getJavaProps, port1, port2, 0, false, false, NO_EXCEPTION)); - client2.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION)); - - // Now start server2 that has valid accessor - getLogWriter().info("testInvalidAccessor: Using accessor: " + accessor); - serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - createServer2(javaProps, serverProps, port2); - server1.invoke(() -> closeCache()); - - createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials); - createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); - - // Now perform some put operations from client1 - client1.invoke(() -> doPuts(4, NO_EXCEPTION)); - - // Verify that the gets succeed - client2.invoke(() -> doGets(4, NO_EXCEPTION)); - } - - @Test - public void testPutsGetsWithFailover() { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testPutsGetsWithFailover: Using authinit: " + authInit); - getLogWriter().info("testPutsGetsWithFailover: Using authenticator: " + authenticator); - getLogWriter().info("testPutsGetsWithFailover: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - int port1 = createServer1(javaProps, serverProps); - - // Get a port for second server but do not start it. This forces the clients to connect to the first server - int port2 = getRandomAvailablePort(SOCKET); - - // Start client1 with valid CREATE credentials - Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1); - Properties createJavaProps = cGen.getJavaProperties(); - - getLogWriter().info("testPutsGetsWithFailover: For first client credentials: " + createCredentials); - - createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials); - - // Start client2 with valid GET credentials - Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5); - Properties getJavaProps = cGen.getJavaProperties(); - - getLogWriter().info("testPutsGetsWithFailover: For second client credentials: " + getCredentials); - - createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2, NO_EXCEPTION)); - - // Verify that the puts succeeded - client2.invoke(() -> doGets(2, NO_EXCEPTION)); - - createServer2(javaProps, serverProps, port2); - server1.invoke(() -> closeCache()); - - // Perform some put operations from client1 - client1.invoke(() -> doNPuts(4, NO_EXCEPTION)); - - // Verify that the puts succeeded - client2.invoke(() -> doNGets(4, NO_EXCEPTION)); - - // Now re-connect with credentials not allowed to do gets - Properties noGetCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 9); - getJavaProps = cGen.getJavaProperties(); - - getLogWriter().info("testPutsGetsWithFailover: For second client disallowed GET credentials: " + noGetCredentials); - - createClient2NoException(getJavaProps, authInit, port1, port2, noGetCredentials); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(4, NO_EXCEPTION)); - - // Gets as normal user should throw exception - client2.invoke(() -> doGets(4, NOTAUTHZ_EXCEPTION)); - - // force a failover and do the drill again - server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer( getLocatorPort(), port1, serverProps, javaProps )); - server2.invoke(() -> closeCache()); - - // Perform some put operations from client1 - client1.invoke(() -> doNPuts(4, NO_EXCEPTION)); - - // Gets as normal user should throw exception - client2.invoke(() -> doNGets(4, NOTAUTHZ_EXCEPTION)); - - createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); - - // Verify that the gets succeed - client2.invoke(() -> doNGets(4, NO_EXCEPTION)); - - // Verify that the puts throw exception - client2.invoke(() -> doPuts(4, NOTAUTHZ_EXCEPTION)); - } - - @Test - public void testUnregisterInterestWithFailover() throws InterruptedException { - OperationWithAction[] unregisterOps = unregisterOpsForTestUnregisterInterestWithFailover(); - - AuthzCredentialGenerator gen = new XmlAuthzCredentialGenerator(); - CredentialGenerator cGen = new DummyCredentialGenerator(); - cGen.init(); - gen.init(cGen); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testAllOpsWithFailover: Using authinit: " + authInit); - getLogWriter().info("testAllOpsWithFailover: Using authenticator: " + authenticator); - getLogWriter().info("testAllOpsWithFailover: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - // Get ports for the servers - int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2); - int port1 = randomAvailableTCPPorts[0]; - int port2 = randomAvailableTCPPorts[1]; - - // Perform all the ops on the clients - List opBlock = new ArrayList(); - for (int opNum = 0; opNum < unregisterOps.length; ++opNum) { - - // Start client with valid credentials as specified in OperationWithAction - OperationWithAction currentOp = unregisterOps[opNum]; - if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) { - - // End of current operation block; execute all the operations on the servers with/without failover - if (opBlock.size() > 0) { - // Start the first server and execute the operation block - server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps)); - server2.invoke(() -> closeCache()); - - executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, javaProps); - - if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) { - createServer2(javaProps, serverProps, port2); - server1.invoke(() -> closeCache()); - - executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, javaProps); - } - opBlock.clear(); - } - - } else { - currentOp.setOpNum(opNum); - opBlock.add(currentOp); - } - } - } - - @Test - public void testAllOpsWithFailover() throws InterruptedException { - addIgnoredException("Read timed out"); - runOpsWithFailOver(allOpsForAllOpsWithFailover(), "testAllOpsWithFailover"); - } - - private OperationWithAction[] unregisterOpsForTestUnregisterInterestWithFailover() { - return new OperationWithAction[] { - // Register interest in all KEYS using one key at a time - new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.NONE, 4), - new OperationWithAction(OperationCode.REGISTER_INTEREST, 2), - // UPDATE and test with GET - new OperationWithAction(OperationCode.PUT), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), - - // Unregister interest in all KEYS using one key at a time - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN, 4), - // UPDATE and test with GET for no updates - new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), - - OperationWithAction.OPBLOCK_END, - - // Register interest in all KEYS using list - new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_LIST, 4), - new OperationWithAction(OperationCode.REGISTER_INTEREST, 1, OpFlags.USE_LIST, 4), - // UPDATE and test with GET - new OperationWithAction(OperationCode.PUT, 2), - new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), - - // Unregister interest in all KEYS using list - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.USE_LIST | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 1, OpFlags.USE_OLDCONN | OpFlags.USE_LIST, 4), - // UPDATE and test with GET for no updates - new OperationWithAction(OperationCode.PUT, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), - - OperationWithAction.OPBLOCK_END, - - // Register interest in all KEYS using regular expression - new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_REGEX, 4), - new OperationWithAction(OperationCode.REGISTER_INTEREST, 2, OpFlags.USE_REGEX, 4), - // UPDATE and test with GET - new OperationWithAction(OperationCode.PUT), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), - - // Unregister interest in all KEYS using regular expression - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.USE_REGEX | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN | OpFlags.USE_REGEX, 4), - // UPDATE and test with GET for no updates - new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), - - OperationWithAction.OPBLOCK_END - }; - } - - private OperationWithAction[] allOpsForAllOpsWithFailover() { - return new OperationWithAction[] { - // Test CREATE and verify with a GET - new OperationWithAction(OperationCode.PUT, 3, OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.PUT), - new OperationWithAction(OperationCode.GET, 3, OpFlags.CHECK_NOKEY | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.CHECK_NOKEY, 4), - - // OPBLOCK_END indicates end of an operation block; the above block of three operations will be first executed on server1 and then on server2 after failover - OperationWithAction.OPBLOCK_END, - - // Test PUTALL and verify with GETs - new OperationWithAction(OperationCode.PUTALL, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.PUTALL, 1, OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), - OperationWithAction.OPBLOCK_END, - - // Test UPDATE and verify with a GET - new OperationWithAction(OperationCode.PUT, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), - - OperationWithAction.OPBLOCK_END, - - // Test DESTROY and verify with a GET and that key should not exist - new OperationWithAction(OperationCode.DESTROY, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.DESTROY), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4), // bruce: added check_nokey because we now bring tombstones to the client in 8.0 - // Repopulate the region - new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4), - - OperationWithAction.OPBLOCK_END, - - // Check CONTAINS_KEY - new OperationWithAction(OperationCode.CONTAINS_KEY, 3, OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.CONTAINS_KEY), - // Destroy the KEYS and check for failure in CONTAINS_KEY - new OperationWithAction(OperationCode.DESTROY, 2), - new OperationWithAction(OperationCode.CONTAINS_KEY, 3, OpFlags.CHECK_FAIL | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.CONTAINS_KEY, 1, OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4), - // Repopulate the region - new OperationWithAction(OperationCode.PUT), - - OperationWithAction.OPBLOCK_END, - - // Check KEY_SET - new OperationWithAction(OperationCode.KEY_SET, 3, OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.KEY_SET, 2), - - OperationWithAction.OPBLOCK_END, - - // Check QUERY - new OperationWithAction(OperationCode.QUERY, 3, OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.QUERY), - - OperationWithAction.OPBLOCK_END, - - // Register interest in all KEYS using one key at a time - new OperationWithAction(OperationCode.REGISTER_INTEREST, 3, OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.REGISTER_INTEREST, 2), - // UPDATE and test with GET - new OperationWithAction(OperationCode.PUT), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), - - // Unregister interest in all KEYS using one key at a time - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN, 4), - // UPDATE and test with GET for no updates - new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), - - OperationWithAction.OPBLOCK_END, - - // Test GET_ENTRY inside a TX, see #49951 - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_GET_ENTRY_IN_TX | OpFlags.CHECK_FAIL, 4), - - OperationWithAction.OPBLOCK_END }; - } - - private Properties getUserPassword(final String userName) { - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, userName); - return props; - } - - private void executeRIOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final Properties javaProps) throws InterruptedException { - for (Iterator opIter = opBlock.iterator(); opIter.hasNext();) { - // Start client with valid credentials as specified in OperationWithAction - OperationWithAction currentOp = (OperationWithAction)opIter.next(); - OperationCode opCode = currentOp.getOperationCode(); - int opFlags = currentOp.getFlags(); - int clientNum = currentOp.getClientNum(); - VM clientVM = null; - boolean useThisVM = false; - - switch (clientNum) { - case 1: - clientVM = client1; - break; - case 2: - clientVM = client2; - break; - case 3: - useThisVM = true; - break; - default: - fail("executeRIOpBlock: Unknown client number " + clientNum); - break; - } - - getLogWriter().info( "executeRIOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp); - if ((opFlags & OpFlags.USE_OLDCONN) == 0) { - Properties opCredentials = null; - String currentRegionName = '/' + regionName; - if ((opFlags & OpFlags.USE_SUBREGION) > 0) { - currentRegionName += ('/' + SUBREGION_NAME); - } - String credentialsTypeStr; - OperationCode authOpCode = currentOp.getAuthzOperationCode(); - - if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0 || !authOpCode.equals(opCode)) { - credentialsTypeStr = " unauthorized " + authOpCode; - if (authOpCode.isRegisterInterest()) { - opCredentials = getUserPassword("reader7"); - } else if (authOpCode.isUnregisterInterest()) { - opCredentials = getUserPassword("reader6"); - } else { - fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr); - } - - } else { - credentialsTypeStr = " authorized " + authOpCode; - if (authOpCode.isRegisterInterest() || authOpCode.isUnregisterInterest()) { - opCredentials = getUserPassword("reader5"); - } else if (authOpCode.isPut()) { - opCredentials = getUserPassword("writer1"); - } else if (authOpCode.isGet()) { - opCredentials = getUserPassword("reader1"); - } else { - fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr); - } - } - - Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps }); - - // Start the client with valid credentials but allowed or disallowed to perform an operation - getLogWriter().info("executeRIOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials); - if (useThisVM) { - createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION); - } else { - clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION)); - } - - } - - int expectedResult; - if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) { - expectedResult = NOTAUTHZ_EXCEPTION; - } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) { - expectedResult = OTHER_EXCEPTION; - } else { - expectedResult = NO_EXCEPTION; - } - - // Perform the operation from selected client - if (useThisVM) { - doOp(opCode, currentOp.getIndices(), opFlags, expectedResult); - - } else { - int[] indices = currentOp.getIndices(); - clientVM.invoke(() -> ClientAuthorizationTestCase.doOp(opCode, indices, opFlags, expectedResult)); - } - } - } - - private void createClient2NoException(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties getCredentials) { - client2.invoke(() -> ClientAuthenticationTestUtils.createCacheClient(authInit, getCredentials, javaProps, port1, port2, 0, NO_EXCEPTION)); - } - - private void createClient1NoException(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties createCredentials) { - client1.invoke(() -> ClientAuthenticationTestUtils.createCacheClient(authInit, createCredentials, javaProps, port1, port2, 0, NO_EXCEPTION)); - } - - private int createServer2(final Properties javaProps, final Properties serverProps) { - return server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps)); - } - - private int createServer1(final Properties javaProps, final Properties serverProps) { - return server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps)); - } - - private void createServer2(Properties javaProps, Properties serverProps, int port2) { - server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port2, serverProps, javaProps)); - } -}
