http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java deleted file mode 100644 index c222e6c..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java +++ /dev/null @@ -1,1325 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; -import static com.gemstone.gemfire.internal.AvailablePort.*; -import static com.gemstone.gemfire.security.SecurityTestUtils.*; -import static com.gemstone.gemfire.test.dunit.Assert.*; -import static com.gemstone.gemfire.test.dunit.Host.*; -import static com.gemstone.gemfire.test.dunit.Wait.*; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Random; -import java.util.Set; -import java.util.concurrent.Callable; - -import com.gemstone.gemfire.cache.DynamicRegionFactory; -import com.gemstone.gemfire.cache.InterestResultPolicy; -import com.gemstone.gemfire.cache.Operation; -import com.gemstone.gemfire.cache.Region; -import com.gemstone.gemfire.cache.Region.Entry; -import com.gemstone.gemfire.cache.RegionDestroyedException; -import com.gemstone.gemfire.cache.client.ServerConnectivityException; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.cache.query.CqAttributes; -import com.gemstone.gemfire.cache.query.CqAttributesFactory; -import com.gemstone.gemfire.cache.query.CqEvent; -import com.gemstone.gemfire.cache.query.CqException; -import com.gemstone.gemfire.cache.query.CqListener; -import com.gemstone.gemfire.cache.query.CqQuery; -import com.gemstone.gemfire.cache.query.QueryInvocationTargetException; -import com.gemstone.gemfire.cache.query.QueryService; -import com.gemstone.gemfire.cache.query.SelectResults; -import com.gemstone.gemfire.cache.query.Struct; -import com.gemstone.gemfire.internal.AvailablePort.*; -import com.gemstone.gemfire.internal.AvailablePortHelper; -import com.gemstone.gemfire.internal.cache.AbstractRegionEntry; -import com.gemstone.gemfire.internal.cache.LocalRegion; -import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator; -import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator.ClassCode; -import com.gemstone.gemfire.security.generator.CredentialGenerator; -import com.gemstone.gemfire.security.generator.DummyCredentialGenerator; -import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator; -import com.gemstone.gemfire.test.dunit.VM; -import com.gemstone.gemfire.test.dunit.WaitCriterion; -import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase; - -/** - * Base class for tests for authorization from client to server. It contains - * utility functions for the authorization tests from client to server. - * - * @since GemFire 5.5 - */ -public abstract class ClientAuthorizationTestCase extends JUnit4DistributedTestCase { - - private static final int PAUSE = 5 * 1000; - - protected static VM server1 = null; - protected static VM server2 = null; - protected static VM client1 = null; - protected static VM client2 = null; - - protected static final String regionName = REGION_NAME; // TODO: remove - protected static final String SUBREGION_NAME = "AuthSubregion"; - - private static final String[] serverIgnoredExceptions = { - "Connection refused", - AuthenticationRequiredException.class.getName(), - AuthenticationFailedException.class.getName(), - NotAuthorizedException.class.getName(), - GemFireSecurityException.class.getName(), - RegionDestroyedException.class.getName(), - ClassNotFoundException.class.getName() - }; - - private static final String[] clientIgnoredExceptions = { - AuthenticationFailedException.class.getName(), - NotAuthorizedException.class.getName(), - RegionDestroyedException.class.getName() - }; - - @Override - public final void preSetUp() throws Exception { - } - - @Override - public final void postSetUp() throws Exception { - preSetUpClientAuthorizationTestBase(); - setUpClientAuthorizationTestBase(); - postSetUpClientAuthorizationTestBase(); - } - - private final void setUpClientAuthorizationTestBase() throws Exception { - server1 = getHost(0).getVM(0); - server2 = getHost(0).getVM(1); - client1 = getHost(0).getVM(2); - client2 = getHost(0).getVM(3); - setUpIgnoredExceptions(); - } - - private final void setUpIgnoredExceptions() { - Set<String> serverExceptions = new HashSet<>(); - serverExceptions.addAll(Arrays.asList(serverIgnoredExceptions())); - if (serverExceptions.isEmpty()) { - serverExceptions.addAll(Arrays.asList(serverIgnoredExceptions)); - } - - String[] serverExceptionsArray = serverExceptions.toArray(new String[serverExceptions.size()]); - server1.invoke(() -> registerExpectedExceptions(serverExceptionsArray)); - server2.invoke(() -> registerExpectedExceptions(serverExceptionsArray)); - - Set<String> clientExceptions = new HashSet<>(); - clientExceptions.addAll(Arrays.asList(clientIgnoredExceptions())); - if (clientExceptions.isEmpty()) { - clientExceptions.addAll(Arrays.asList(clientIgnoredExceptions)); - } - - String[] clientExceptionsArray = serverExceptions.toArray(new String[clientExceptions.size()]); - client2.invoke(() -> registerExpectedExceptions(clientExceptionsArray)); - registerExpectedExceptions(clientExceptionsArray); - } - - protected String[] serverIgnoredExceptions() { - return new String[]{}; - } - - protected String[] clientIgnoredExceptions() { - return new String[]{}; - } - - protected void preSetUpClientAuthorizationTestBase() throws Exception { - } - - protected void postSetUpClientAuthorizationTestBase() throws Exception { - } - - @Override - public final void preTearDown() throws Exception { - preTearDownClientAuthorizationTestBase(); - tearDownClientAuthorizationTestBase(); - postTearDownClientAuthorizationTestBase(); - } - - @Override - public final void postTearDown() throws Exception { - } - - private final void tearDownClientAuthorizationTestBase() throws Exception { - // close the clients first - client1.invoke(() -> closeCache()); - client2.invoke(() -> closeCache()); - // then close the servers - server1.invoke(() -> closeCache()); - server2.invoke(() -> closeCache()); - } - - protected void preTearDownClientAuthorizationTestBase() throws Exception { - } - - protected void postTearDownClientAuthorizationTestBase() throws Exception { - } - - protected static Properties buildProperties(final String authenticator, final String accessor, final boolean isAccessorPP, final Properties extraAuthProps, final Properties extraAuthzProps) { - Properties authProps = new Properties(); - if (authenticator != null) { - authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticator); - } - if (accessor != null) { - if (isAccessorPP) { - authProps.setProperty(SECURITY_CLIENT_ACCESSOR_PP, accessor); - } else { - authProps.setProperty(SECURITY_CLIENT_ACCESSOR, accessor); - } - } - return concatProperties(new Properties[] { authProps, extraAuthProps, extraAuthzProps }); - } - - protected static Integer createCacheServer(int locatorPort, final Properties authProps, final Properties javaProps) { - if (locatorPort == 0) { - locatorPort = getRandomAvailablePort(SOCKET); - } - return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, null, 0, true, NO_EXCEPTION); - } - - protected static int createCacheServer(int locatorPort, final int serverPort, final Properties authProps, final Properties javaProps) { - if (locatorPort == 0) { - locatorPort = getRandomAvailablePort(SOCKET); - } - return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, null, serverPort, true, NO_EXCEPTION); - } - - protected static Region getRegion() { - return getCache().getRegion(regionName); - } - - protected static Region getSubregion() { - return getCache().getRegion(regionName + '/' + SUBREGION_NAME); - } - - private static Region createSubregion(final Region region) { - Region subregion = getSubregion(); - if (subregion == null) { - subregion = region.createSubregion(SUBREGION_NAME, region.getAttributes()); - } - return subregion; - } - - protected static String indicesToString(final int[] indices) { - String str = ""; - if (indices != null && indices.length > 0) { - str += indices[0]; - for (int index = 1; index < indices.length; ++index) { - str += ","; - str += indices[index]; - } - } - return str; - } - - protected static void doOp(OperationCode op, final int[] indices, final int flagsI, final int expectedResult) throws InterruptedException { - boolean operationOmitted = false; - final int flags = flagsI; - Region region = getRegion(); - - if ((flags & OpFlags.USE_SUBREGION) > 0) { - assertNotNull(region); - Region subregion = null; - - if ((flags & OpFlags.NO_CREATE_SUBREGION) > 0) { - if ((flags & OpFlags.CHECK_NOREGION) > 0) { - // Wait for some time for DRF update to come - waitForCondition(() -> getSubregion() == null); - subregion = getSubregion(); - assertNull(subregion); - return; - - } else { - // Wait for some time for DRF update to come - waitForCondition(() -> getSubregion() != null); - subregion = getSubregion(); - assertNotNull(subregion); - } - - } else { - subregion = createSubregion(region); - } - - assertNotNull(subregion); - region = subregion; - - } else if ((flags & OpFlags.CHECK_NOREGION) > 0) { - // Wait for some time for region destroy update to come - waitForCondition(() -> getRegion() == null); - region = getRegion(); - assertNull(region); - return; - - } else { - assertNotNull(region); - } - - final String[] keys = KEYS; - final String[] vals; - if ((flags & OpFlags.USE_NEWVAL) > 0) { - vals = NVALUES; - } - else { - vals = VALUES; - } - - InterestResultPolicy policy = InterestResultPolicy.KEYS_VALUES; - if ((flags & OpFlags.REGISTER_POLICY_NONE) > 0) { - policy = InterestResultPolicy.NONE; - } - - final int numOps = indices.length; - System.out.println("Got doOp for op: " + op.toString() + ", numOps: " + numOps + ", indices: " + indicesToString(indices) + ", expect: " + expectedResult); - boolean exceptionOccured = false; - boolean breakLoop = false; - - if (op.isGet() || op.isContainsKey() || op.isKeySet() || op.isQuery() || op.isExecuteCQ()) { - Thread.sleep(PAUSE); - } - - for (int indexIndex = 0; indexIndex < numOps; ++indexIndex) { - if (breakLoop) { - break; - } - int index = indices[indexIndex]; - - try { - final Object key = keys[index]; - final Object expectedVal = vals[index]; - - if (op.isGet()) { - Object value = null; - // this is the case for testing GET_ALL - if ((flags & OpFlags.USE_ALL_KEYS) > 0) { - breakLoop = true; - List keyList = new ArrayList(numOps); - Object searchKey; - - for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) { - int keyNum = indices[keyNumIndex]; - searchKey = keys[keyNum]; - keyList.add(searchKey); - - // local invalidate some KEYS to force fetch of those KEYS from server - if ((flags & OpFlags.CHECK_NOKEY) > 0) { - AbstractRegionEntry entry = (AbstractRegionEntry)((LocalRegion)region).getRegionEntry(searchKey); - System.out.println(""+keyNum+": key is " + searchKey + " and entry is " + entry); - assertFalse(region.containsKey(searchKey)); - } else { - if (keyNumIndex % 2 == 1) { - assertTrue(region.containsKey(searchKey)); - region.localInvalidate(searchKey); - } - } - } - - Map entries = region.getAll(keyList); - - for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) { - int keyNum = indices[keyNumIndex]; - searchKey = keys[keyNum]; - if ((flags & OpFlags.CHECK_FAIL) > 0) { - assertFalse(entries.containsKey(searchKey)); - } else { - assertTrue(entries.containsKey(searchKey)); - value = entries.get(searchKey); - assertEquals(vals[keyNum], value); - } - } - - break; - } - - if ((flags & OpFlags.LOCAL_OP) > 0) { - Callable<Boolean> condition = new Callable<Boolean>() { - private Region region; - - @Override - public Boolean call() throws Exception { - Object value = getLocalValue(region, key); - return (flags & OpFlags.CHECK_FAIL) > 0 ? !expectedVal.equals(value) : expectedVal.equals(value); - } - - public Callable<Boolean> init(Region region) { - this.region = region; - return this; - } - }.init(region); - waitForCondition(condition); - - value = getLocalValue(region, key); - - } else if ((flags & OpFlags.USE_GET_ENTRY_IN_TX) > 0) { - getCache().getCacheTransactionManager().begin(); - Entry e = region.getEntry(key); - - // Also, check getAll() - ArrayList a = new ArrayList(); - a.addAll(a); - region.getAll(a); - - getCache().getCacheTransactionManager().commit(); - value = e.getValue(); - - } else { - if ((flags & OpFlags.CHECK_NOKEY) > 0) { - assertFalse(region.containsKey(key)); - } else { - assertTrue(region.containsKey(key) || ((LocalRegion)region).getRegionEntry(key).isTombstone()); - region.localInvalidate(key); - } - value = region.get(key); - } - - if ((flags & OpFlags.CHECK_FAIL) > 0) { - assertFalse(expectedVal.equals(value)); - } else { - assertNotNull(value); - assertEquals(expectedVal, value); - } - - } else if (op.isPut()) { - region.put(key, expectedVal); - - } else if (op.isPutAll()) { - HashMap map = new HashMap(); - for (int i=0; i<indices.length; i++) { - map.put(keys[indices[i]], vals[indices[i]]); - } - region.putAll(map); - breakLoop = true; - - } else if (op.isDestroy()) { - // if (!region.containsKey(key)) { - // // Since DESTROY will fail unless the value is present - // // in the local cache, this is a workaround for two cases: - // // 1. When the operation is supposed to succeed then in - // // the current AuthzCredentialGenerators the clients having - // // DESTROY permission also has CREATE/UPDATE permission - // // so that calling region.put() will work for that case. - // // 2. When the operation is supposed to fail with - // // NotAuthorizedException then in the current - // // AuthzCredentialGenerators the clients not - // // having DESTROY permission are those with reader role that have - // // GET permission. - // // - // // If either of these assumptions fails, then this has to be - // // adjusted or reworked accordingly. - // if ((flags & OpFlags.CHECK_NOTAUTHZ) > 0) { - // Object value = region.get(key); - // assertNotNull(value); - // assertIndexDetailsEquals(vals[index], value); - // } - // else { - // region.put(key, vals[index]); - // } - // } - if ((flags & OpFlags.LOCAL_OP) > 0) { - region.localDestroy(key); - } - else { - region.destroy(key); - } - - } else if (op.isInvalidate()) { - if (region.containsKey(key)) { - if ((flags & OpFlags.LOCAL_OP) > 0) { - region.localInvalidate(key); - } else { - region.invalidate(key); - } - } - - } else if (op.isContainsKey()) { - boolean result; - if ((flags & OpFlags.LOCAL_OP) > 0) { - result = region.containsKey(key); - } else { - result = region.containsKeyOnServer(key); - } - if ((flags & OpFlags.CHECK_FAIL) > 0) { - assertFalse(result); - } else { - assertTrue(result); - } - - } else if (op.isRegisterInterest()) { - if ((flags & OpFlags.USE_LIST) > 0) { - breakLoop = true; - // Register interest list in this case - List keyList = new ArrayList(numOps); - for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) { - int keyNum = indices[keyNumIndex]; - keyList.add(keys[keyNum]); - } - region.registerInterest(keyList, policy); - - } else if ((flags & OpFlags.USE_REGEX) > 0) { - breakLoop = true; - region.registerInterestRegex("key[1-" + numOps + ']', policy); - - } else if ((flags & OpFlags.USE_ALL_KEYS) > 0) { - breakLoop = true; - region.registerInterest("ALL_KEYS", policy); - - } else { - region.registerInterest(key, policy); - } - - } else if (op.isUnregisterInterest()) { - if ((flags & OpFlags.USE_LIST) > 0) { - breakLoop = true; - // Register interest list in this case - List keyList = new ArrayList(numOps); - for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) { - int keyNum = indices[keyNumIndex]; - keyList.add(keys[keyNum]); - } - region.unregisterInterest(keyList); - - } else if ((flags & OpFlags.USE_REGEX) > 0) { - breakLoop = true; - region.unregisterInterestRegex("key[1-" + numOps + ']'); - - } else if ((flags & OpFlags.USE_ALL_KEYS) > 0) { - breakLoop = true; - region.unregisterInterest("ALL_KEYS"); - - } else { - region.unregisterInterest(key); - } - - } else if (op.isKeySet()) { - breakLoop = true; - Set keySet; - if ((flags & OpFlags.LOCAL_OP) > 0) { - keySet = region.keySet(); - } else { - keySet = region.keySetOnServer(); - } - - assertNotNull(keySet); - if ((flags & OpFlags.CHECK_FAIL) == 0) { - assertEquals(numOps, keySet.size()); - } - for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) { - int keyNum = indices[keyNumIndex]; - if ((flags & OpFlags.CHECK_FAIL) > 0) { - assertFalse(keySet.contains(keys[keyNum])); - } else { - assertTrue(keySet.contains(keys[keyNum])); - } - } - - } else if (op.isQuery()) { - breakLoop = true; - SelectResults queryResults = region.query("SELECT DISTINCT * FROM " + region.getFullPath()); - assertNotNull(queryResults); - Set queryResultSet = queryResults.asSet(); - if ((flags & OpFlags.CHECK_FAIL) == 0) { - assertEquals(numOps, queryResultSet.size()); - } - for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) { - int keyNum = indices[keyNumIndex]; - if ((flags & OpFlags.CHECK_FAIL) > 0) { - assertFalse(queryResultSet.contains(vals[keyNum])); - } else { - assertTrue(queryResultSet.contains(vals[keyNum])); - } - } - - } else if (op.isExecuteCQ()) { - breakLoop = true; - QueryService queryService = getCache().getQueryService(); - CqQuery cqQuery; - if ((cqQuery = queryService.getCq("cq1")) == null) { - CqAttributesFactory cqFact = new CqAttributesFactory(); - cqFact.addCqListener(new AuthzCqListener()); - CqAttributes cqAttrs = cqFact.create(); - cqQuery = queryService.newCq("cq1", "SELECT * FROM " + region.getFullPath(), cqAttrs); - } - - if ((flags & OpFlags.LOCAL_OP) > 0) { - // Interpret this as testing results using CqListener - final AuthzCqListener listener = (AuthzCqListener)cqQuery.getCqAttributes().getCqListener(); - WaitCriterion ev = new WaitCriterion() { - @Override - public boolean done() { - if ((flags & OpFlags.CHECK_FAIL) > 0) { - return 0 == listener.getNumUpdates(); - } else { - return numOps == listener.getNumUpdates(); - } - } - @Override - public String description() { - return null; - } - }; - waitForCriterion(ev, 3 * 1000, 200, true); - - if ((flags & OpFlags.CHECK_FAIL) > 0) { - assertEquals(0, listener.getNumUpdates()); - } else { - assertEquals(numOps, listener.getNumUpdates()); - listener.checkPuts(vals, indices); - } - - assertEquals(0, listener.getNumCreates()); - assertEquals(0, listener.getNumDestroys()); - assertEquals(0, listener.getNumOtherOps()); - assertEquals(0, listener.getNumErrors()); - - } else { - SelectResults cqResults = cqQuery.executeWithInitialResults(); - assertNotNull(cqResults); - Set cqResultValues = new HashSet(); - for (Object o : cqResults.asList()) { - Struct s = (Struct)o; - cqResultValues.add(s.get("value")); - } - - Set cqResultSet = cqResults.asSet(); - if ((flags & OpFlags.CHECK_FAIL) == 0) { - assertEquals(numOps, cqResultSet.size()); - } - - for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) { - int keyNum = indices[keyNumIndex]; - if ((flags & OpFlags.CHECK_FAIL) > 0) { - assertFalse(cqResultValues.contains(vals[keyNum])); - } else { - assertTrue(cqResultValues.contains(vals[keyNum])); - } - } - } - - } else if (op.isStopCQ()) { - breakLoop = true; - CqQuery cqQuery = getCache().getQueryService().getCq("cq1"); - ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset(); - cqQuery.stop(); - - } else if (op.isCloseCQ()) { - breakLoop = true; - CqQuery cqQuery = getCache().getQueryService().getCq("cq1"); - ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset(); - cqQuery.close(); - - } else if (op.isRegionClear()) { - breakLoop = true; - if ((flags & OpFlags.LOCAL_OP) > 0) { - region.localClear(); - } else { - region.clear(); - } - - } else if (op.isRegionCreate()) { - breakLoop = true; - // Region subregion = createSubregion(region); - // subregion.createRegionOnServer(); - // Create region on server using the DynamicRegionFactory - // Assume it has been already initialized - DynamicRegionFactory drf = DynamicRegionFactory.get(); - Region subregion = drf.createDynamicRegion(regionName, SUBREGION_NAME); - assertEquals('/' + regionName + '/' + SUBREGION_NAME, subregion.getFullPath()); - - } else if (op.isRegionDestroy()) { - breakLoop = true; - if ((flags & OpFlags.LOCAL_OP) > 0) { - region.localDestroyRegion(); - - } else { - if ((flags & OpFlags.USE_SUBREGION) > 0) { - try { - DynamicRegionFactory.get().destroyDynamicRegion(region.getFullPath()); - } catch (RegionDestroyedException ex) { - // harmless to ignore this - System.out.println("doOp: sub-region " + region.getFullPath() + " already destroyed"); - operationOmitted = true; - } - } else { - region.destroyRegion(); - } - } - - } else { - fail("doOp: Unhandled operation " + op); - } - - if (expectedResult != NO_EXCEPTION) { - if (!operationOmitted && !op.isUnregisterInterest()) { - fail("Expected an exception while performing operation op =" + op + "flags = " + OpFlags.description(flags)); - } - } - - } catch (Exception ex) { - exceptionOccured = true; - if ((ex instanceof ServerConnectivityException || ex instanceof QueryInvocationTargetException || ex instanceof CqException) - && (expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) { - System.out.println("doOp: Got expected NotAuthorizedException when doing operation [" + op + "] with flags " + OpFlags.description(flags) + ": " + ex.getCause()); - continue; - } else if (expectedResult == OTHER_EXCEPTION) { - System.out.println("doOp: Got expected exception when doing operation: " + ex.toString()); - continue; - } else { - fail("doOp: Got unexpected exception when doing operation. Policy = " + policy + " flags = " + OpFlags.description(flags), ex); - } - } - } - if (!exceptionOccured && !operationOmitted && expectedResult != NO_EXCEPTION) { - fail("Expected an exception while performing operation: " + op + " flags = " + OpFlags.description(flags)); - } - } - - protected void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException { - for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext();) { - // Start client with valid credentials as specified in OperationWithAction - OperationWithAction currentOp = opIter.next(); - OperationCode opCode = currentOp.getOperationCode(); - int opFlags = currentOp.getFlags(); - int clientNum = currentOp.getClientNum(); - VM clientVM = null; - boolean useThisVM = false; - - switch (clientNum) { - case 1: - clientVM = client1; - break; - case 2: - clientVM = client2; - break; - case 3: - useThisVM = true; - break; - default: - fail("executeOpBlock: Unknown client number " + clientNum); - break; - } - - System.out.println("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp); - if ((opFlags & OpFlags.USE_OLDCONN) == 0) { - Properties opCredentials; - int newRnd = random.nextInt(100) + 1; - String currentRegionName = '/' + regionName; - if ((opFlags & OpFlags.USE_SUBREGION) > 0) { - currentRegionName += ('/' + SUBREGION_NAME); - } - - String credentialsTypeStr; - OperationCode authOpCode = currentOp.getAuthzOperationCode(); - int[] indices = currentOp.getIndices(); - CredentialGenerator cGen = credentialGenerator.getCredentialGenerator(); - final Properties javaProps = cGen == null ? null : cGen.getJavaProperties(); - - if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) { - opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd); - credentialsTypeStr = " unauthorized " + authOpCode; - } else { - opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] { opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd); - credentialsTypeStr = " authorized " + authOpCode; - } - - Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps }); - // Start the client with valid credentials but allowed or disallowed to perform an operation - System.out.println("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials); - boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0; - - if (useThisVM) { - SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION); - } else { - clientVM.invoke("SecurityTestUtils.createCacheClientWithDynamicRegion", - () -> SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION)); - } - } - - int expectedResult; - if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) { - expectedResult = NOTAUTHZ_EXCEPTION; - } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) { - expectedResult = OTHER_EXCEPTION; - } else { - expectedResult = NO_EXCEPTION; - } - - // Perform the operation from selected client - if (useThisVM) { - doOp(opCode, currentOp.getIndices(), new Integer(opFlags), new Integer(expectedResult)); - } else { - int[] indices = currentOp.getIndices(); - clientVM.invoke("ClientAuthorizationTestCase.doOp", - () -> ClientAuthorizationTestCase.doOp( opCode, indices, new Integer(opFlags), new Integer(expectedResult) )); - } - } - } - - protected AuthzCredentialGenerator getXmlAuthzGenerator(){ - AuthzCredentialGenerator authzGen = new XmlAuthzCredentialGenerator(); - CredentialGenerator cGen = new DummyCredentialGenerator(); - cGen.init(); - authzGen.init(cGen); - return authzGen; - } - - protected List<AuthzCredentialGenerator> getDummyGeneratorCombos() { - List<AuthzCredentialGenerator> generators = new ArrayList<>(); - Iterator authzCodeIter = AuthzCredentialGenerator.ClassCode.getAll().iterator(); - - while (authzCodeIter.hasNext()) { - ClassCode authzClassCode = (ClassCode) authzCodeIter.next(); - AuthzCredentialGenerator authzGen = AuthzCredentialGenerator.create(authzClassCode); - - if (authzGen != null) { - CredentialGenerator cGen = new DummyCredentialGenerator(); - cGen.init(); - if (authzGen.init(cGen)) { - generators.add(authzGen); - } - } - } - - assertTrue(generators.size() > 0); - return generators; - } - - protected void runOpsWithFailOver(final OperationWithAction[] opCodes, final String testName) throws InterruptedException { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen); - - System.out.println(testName + ": Using authinit: " + authInit); - System.out.println(testName + ": Using authenticator: " + authenticator); - System.out.println(testName + ": Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - // Get ports for the servers - List<Keeper> randomAvailableTCPPortKeepers = AvailablePortHelper.getRandomAvailableTCPPortKeepers(4); - Keeper locator1PortKeeper = randomAvailableTCPPortKeepers.get(0); - Keeper locator2PortKeeper = randomAvailableTCPPortKeepers.get(1); - Keeper port1Keeper = randomAvailableTCPPortKeepers.get(2); - Keeper port2Keeper = randomAvailableTCPPortKeepers.get(3); - int locator1Port = locator1PortKeeper.getPort(); - int locator2Port = locator2PortKeeper.getPort(); - int port1 = port1Keeper.getPort(); - int port2 = port2Keeper.getPort(); - - // Perform all the ops on the clients - List opBlock = new ArrayList(); - Random rnd = new Random(); - - for (int opNum = 0; opNum < opCodes.length; ++opNum) { - // Start client with valid credentials as specified in OperationWithAction - OperationWithAction currentOp = opCodes[opNum]; - - if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) { - // End of current operation block; execute all the operations on the servers with/without failover - if (opBlock.size() > 0) { - locator1PortKeeper.release(); - port1Keeper.release(); - - // Start the first server and execute the operation block - server1.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator1Port, port1, serverProps, javaProps )); - server2.invoke("closeCache", () -> closeCache()); - - executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd); - - if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) { - // Failover to the second server and run the block again - locator2PortKeeper.release(); - port2Keeper.release(); - - server2.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator2Port, port2, serverProps, javaProps )); - server1.invoke("closeCache", () -> closeCache()); - - executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd); - } - opBlock.clear(); - } - - } else { - currentOp.setOpNum(opNum); - opBlock.add(currentOp); - } - } - } - - /** - * Implements the {@link CqListener} interface and counts the number of - * different operations and also queues up the received updates to precise - * checking of each update. - * - * @since GemFire 5.5 - */ - private static class AuthzCqListener implements CqListener { - - private List<CqEvent> eventList; - private int numCreates; - private int numUpdates; - private int numDestroys; - private int numOtherOps; - private int numErrors; - - public AuthzCqListener() { - this.eventList = new ArrayList<>(); - reset(); - } - - public void reset() { - this.eventList.clear(); - this.numCreates = 0; - this.numUpdates = 0; - this.numErrors = 0; - } - - public void onEvent(final CqEvent aCqEvent) { - Operation op = aCqEvent.getBaseOperation(); - if (op.isCreate()) { - ++this.numCreates; - } else if (op.isUpdate()) { - ++this.numUpdates; - } else if (op.isDestroy()) { - ++this.numDestroys; - } else { - ++this.numOtherOps; - } - eventList.add(aCqEvent); - } - - public void onError(final CqEvent aCqEvent) { - ++this.numErrors; - } - - public void close() { - this.eventList.clear(); - } - - public int getNumCreates() { - return this.numCreates; - } - - public int getNumUpdates() { - return this.numUpdates; - } - - public int getNumDestroys() { - return this.numDestroys; - } - - public int getNumOtherOps() { - return this.numOtherOps; - } - - public int getNumErrors() { - return this.numErrors; - } - - public void checkPuts(final String[] vals, final int[] indices) { - for (int indexIndex = 0; indexIndex < indices.length; ++indexIndex) { - int index = indices[indexIndex]; - boolean foundKey = false; - - for (Iterator<CqEvent> eventIter = this.eventList.iterator(); eventIter.hasNext();) { - CqEvent event = (CqEvent)eventIter.next(); - if (KEYS[index].equals(event.getKey())) { - assertEquals(vals[index], event.getNewValue()); - foundKey = true; - break; - } - } - - assertTrue(foundKey); - } - } - } - - /** - * This class specifies flags that can be used to alter the behaviour of - * operations being performed by the <code>doOp</code> function. - * - * @since GemFire 5.5 - */ - protected static class OpFlags { - - /** - * Default behaviour. - */ - public static final int NONE = 0x0; - - /** - * Check that the operation should fail. - */ - public static final int CHECK_FAIL = 0x1; - - /** - * Check that the operation should throw <code>NotAuthorizedException</code>. - */ - public static final int CHECK_NOTAUTHZ = 0x2; - - /** - * Check that the region should not be available. - */ - public static final int CHECK_NOREGION = 0x4; - - /** - * Check that the operation should throw an exception other than the - * <code>NotAuthorizedException</code>. - */ - public static final int CHECK_EXCEPTION = 0x8; - - /** - * Check for nvalues[] instead of values[]. - */ - public static final int USE_NEWVAL = 0x10; - - /** - * Register all KEYS. For GET operations indicates using getAll(). - */ - public static final int USE_ALL_KEYS = 0x20; - - /** - * Register a regular expression. - */ - public static final int USE_REGEX = 0x40; - - /** - * Register a list of KEYS. - */ - public static final int USE_LIST = 0x80; - - /** - * Perform the local version of the operation. - */ - public static final int LOCAL_OP = 0x100; - - /** - * Check that the key for the operation should not be present. - */ - public static final int CHECK_NOKEY = 0x200; - - /** - * Use the sub-region for performing the operation. - */ - public static final int USE_SUBREGION = 0x400; - - /** - * Do not try to create the sub-region. - */ - public static final int NO_CREATE_SUBREGION = 0x800; - - /** - * Do not re-connect using new credentials rather use the previous - * connection. - */ - public static final int USE_OLDCONN = 0x1000; - - /** - * Do the connection with unauthorized credentials but do not check that the - * operation throws <code>NotAuthorizedException</code>. - */ - public static final int USE_NOTAUTHZ = 0x2000; - - /** - * Enable {@link DynamicRegionFactory} on the client. - */ - public static final int ENABLE_DRF = 0x4000; - - /** - * Use the {@link InterestResultPolicy#NONE} for register interest. - */ - public static final int REGISTER_POLICY_NONE = 0x8000; - - /** - * Use the {@link LocalRegion#getEntry} under transaction. - */ - public static final int USE_GET_ENTRY_IN_TX = 0x10000; - - public static String description(int f) { - StringBuffer sb = new StringBuffer(); - sb.append("["); - if ((f & CHECK_FAIL) != 0) { - sb.append("CHECK_FAIL,"); - } - if ((f & CHECK_NOTAUTHZ) != 0) { - sb.append("CHECK_NOTAUTHZ,"); - } - if ((f & CHECK_NOREGION) != 0) { - sb.append("CHECK_NOREGION,"); - } - if ((f & CHECK_EXCEPTION) != 0) { - sb.append("CHECK_EXCEPTION,"); - } - if ((f & USE_NEWVAL) != 0) { - sb.append("USE_NEWVAL,"); - } - if ((f & USE_ALL_KEYS) != 0) { - sb.append("USE_ALL_KEYS,"); - } - if ((f & USE_REGEX) != 0) { - sb.append("USE_REGEX,"); - } - if ((f & USE_LIST) != 0) { - sb.append("USE_LIST,"); - } - if ((f & LOCAL_OP) != 0) { - sb.append("LOCAL_OP,"); - } - if ((f & CHECK_NOKEY) != 0) { - sb.append("CHECK_NOKEY,"); - } - if ((f & USE_SUBREGION) != 0) { - sb.append("USE_SUBREGION,"); - } - if ((f & NO_CREATE_SUBREGION) != 0) { - sb.append("NO_CREATE_SUBREGION,"); - } - if ((f & USE_OLDCONN) != 0) { - sb.append("USE_OLDCONN,"); - } - if ((f & USE_NOTAUTHZ) != 0) { - sb.append("USE_NOTAUTHZ"); - } - if ((f & ENABLE_DRF) != 0) { - sb.append("ENABLE_DRF,"); - } - if ((f & REGISTER_POLICY_NONE) != 0) { - sb.append("REGISTER_POLICY_NONE,"); - } - sb.append("]"); - return sb.toString(); - } - } - - /** - * This class encapsulates an {@link OperationCode} with associated flags, the - * client to perform the operation, and the number of operations to perform. - * - * @since GemFire 5.5 - */ - protected static class OperationWithAction { - - /** - * The operation to be performed. - */ - private OperationCode opCode; - - /** - * The operation for which authorized or unauthorized credentials have to be - * generated. This is the same as {@link #opCode} when not specified. - */ - private OperationCode authzOpCode; - - /** - * The client number on which the operation has to be performed. - */ - private int clientNum; - - /** - * Bitwise or'd {@link OpFlags} integer to change/specify the behaviour of the operations. - */ - private int flags; - - /** - * Indices of the KEYS array to be used for operations. - */ - private int[] indices; - - /** - * An index for the operation used for logging. - */ - private int opNum; - - /** - * Indicates end of an operation block which can be used for testing with failover - */ - public static final OperationWithAction OPBLOCK_END = new OperationWithAction(null, 4); - - /** - * Indicates end of an operation block which should not be used for testing with failover - */ - public static final OperationWithAction OPBLOCK_NO_FAILOVER = new OperationWithAction(null, 5); - - private void setIndices(int numOps) { - this.indices = new int[numOps]; - for (int index = 0; index < numOps; ++index) { - this.indices[index] = index; - } - } - - public OperationWithAction(final OperationCode opCode) { - this.opCode = opCode; - this.authzOpCode = opCode; - this.clientNum = 1; - this.flags = OpFlags.NONE; - setIndices(4); - this.opNum = 0; - } - - public OperationWithAction(final OperationCode opCode, final int clientNum) { - this.opCode = opCode; - this.authzOpCode = opCode; - this.clientNum = clientNum; - this.flags = OpFlags.NONE; - setIndices(4); - this.opNum = 0; - } - - public OperationWithAction(final OperationCode opCode, final int clientNum, final int flags, final int numOps) { - this.opCode = opCode; - this.authzOpCode = opCode; - this.clientNum = clientNum; - this.flags = flags; - setIndices(numOps); - this.opNum = 0; - } - - public OperationWithAction(final OperationCode opCode, final OperationCode deniedOpCode, final int clientNum, final int flags, final int numOps) { - this.opCode = opCode; - this.authzOpCode = deniedOpCode; - this.clientNum = clientNum; - this.flags = flags; - setIndices(numOps); - this.opNum = 0; - } - - public OperationWithAction(final OperationCode opCode, final int clientNum, final int flags, final int[] indices) { - this.opCode = opCode; - this.authzOpCode = opCode; - this.clientNum = clientNum; - this.flags = flags; - this.indices = indices; - this.opNum = 0; - } - - public OperationWithAction(final OperationCode opCode, final OperationCode deniedOpCode, final int clientNum, final int flags, final int[] indices) { - this.opCode = opCode; - this.authzOpCode = deniedOpCode; - this.clientNum = clientNum; - this.flags = flags; - this.indices = indices; - this.opNum = 0; - } - - public OperationCode getOperationCode() { - return this.opCode; - } - - public OperationCode getAuthzOperationCode() { - return this.authzOpCode; - } - - public int getClientNum() { - return this.clientNum; - } - - public int getFlags() { - return this.flags; - } - - public int[] getIndices() { - return this.indices; - } - - public int getOpNum() { - return this.opNum; - } - - public void setOpNum(int opNum) { - this.opNum = opNum; - } - - @Override - public String toString() { - return "opCode:" + this.opCode + ",authOpCode:" + this.authzOpCode + ",clientNum:" + this.clientNum + ",flags:" + this.flags + ",numOps:" + this.indices.length + ",indices:" + indicesToString(this.indices); - } - } - - /** - * Simple interface to generate credentials with authorization based on key - * indices also. This is utilized by the post-operation authorization tests - * where authorization is based on key indices. - * - * @since GemFire 5.5 - */ - protected interface TestCredentialGenerator { - - /** - * Get allowed credentials for the given set of operations in the given - * regions and indices of KEYS in the <code>KEYS</code> array - */ - public Properties getAllowedCredentials(OperationCode[] opCodes, String[] regionNames, int[] keyIndices, int num); - - /** - * Get disallowed credentials for the given set of operations in the given - * regions and indices of KEYS in the <code>KEYS</code> array - */ - public Properties getDisallowedCredentials(OperationCode[] opCodes, String[] regionNames, int[] keyIndices, int num); - - /** - * Get the {@link CredentialGenerator} if any. - */ - public CredentialGenerator getCredentialGenerator(); - } - - /** - * Contains a {@link AuthzCredentialGenerator} and implements the - * {@link TestCredentialGenerator} interface. - * - * @since GemFire 5.5 - */ - protected static class TestAuthzCredentialGenerator implements TestCredentialGenerator { - - private AuthzCredentialGenerator authzGen; - - public TestAuthzCredentialGenerator(final AuthzCredentialGenerator authzGen) { - this.authzGen = authzGen; - } - - public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int[] keyIndices, final int num) { - return this.authzGen.getAllowedCredentials(opCodes, regionNames, num); - } - - public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int[] keyIndices, final int num) { - return this.authzGen.getDisallowedCredentials(opCodes, regionNames, num); - } - - public CredentialGenerator getCredentialGenerator() { - return authzGen.getCredentialGenerator(); - } - } -}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java deleted file mode 100644 index 38f9988..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java +++ /dev/null @@ -1,345 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.security.SecurityTestUtils.*; -import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*; - -import java.util.Iterator; -import java.util.Properties; - -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import com.gemstone.gemfire.cache.Region; -import com.gemstone.gemfire.cache.execute.Function; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.internal.cache.GemFireCacheImpl; -import com.gemstone.gemfire.internal.cache.execute.PRClientServerTestBase; -import com.gemstone.gemfire.internal.cache.functions.TestFunction; -import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator; -import com.gemstone.gemfire.security.generator.CredentialGenerator; -import com.gemstone.gemfire.test.dunit.VM; -import com.gemstone.gemfire.test.junit.categories.DistributedTest; -import com.gemstone.gemfire.test.junit.categories.SecurityTest; - -@Category({ DistributedTest.class, SecurityTest.class }) -public class ClientMultiUserAuthzDUnitTest extends ClientAuthorizationTestCase { - - @Override - public final void preTearDownClientAuthorizationTestBase() throws Exception { - closeCache(); - } - - /** - * Tests with one user authorized to do puts/gets/containsKey/destroys and - * another not authorized for the same. - */ - @Test - public void testOps1() throws Exception { - for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext();) { - AuthzCredentialGenerator gen = iter.next(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testOps1: Using authinit: " + authInit); - getLogWriter().info("testOps1: Using authenticator: " + authenticator); - getLogWriter().info("testOps1: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - int port1 = createCacheServerOnVM(server1, javaProps, serverProps); - int port2 = createCacheServerOnVM(server2, javaProps, serverProps); - - if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT}, new OperationCode[] { OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1, port2)) { - continue; - } - - verifyPutsGets(); - - if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY}, javaProps, authInit, port1, port2)) { - continue; - } - - verifyContainsKeyDestroys(); - - if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.INVALIDATE, OperationCode.INVALIDATE}, javaProps, authInit, port1, port2)) { - continue; - } - - verifyContainsKeyInvalidates(); - - if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.GET, OperationCode.GET}, new OperationCode[] { OperationCode.REGION_DESTROY, OperationCode.REGION_DESTROY}, javaProps, authInit, port1, port2)) { - continue; - } - - verifyGetAllInTX(); - verifyGetAllRegionDestroys(); - } - } - - /** - * Test query/function execute - */ - @Test - public void testOps2() throws Exception { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testOps2: Using authinit: " + authInit); - getLogWriter().info("testOps2: Using authenticator: " + authenticator); - getLogWriter().info("testOps2: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - int port1 = createCacheServerOnVM(server1, javaProps, serverProps); - int port2 = createCacheServerOnVM(server2, javaProps, serverProps); - - // Start client1 with valid/invalid QUERY credentials - Properties[] client1Credentials = new Properties[] { - gen.getAllowedCredentials(new OperationCode[] {OperationCode.PUT, OperationCode.QUERY}, new String[] {regionName}, 1), - gen.getDisallowedCredentials(new OperationCode[] {OperationCode.PUT, OperationCode.QUERY}, new String[] {regionName}, 1) - }; - - javaProps = cGen.getJavaProperties(); - getLogWriter().info("testOps2: For first client credentials: " + client1Credentials[0] + "\n" + client1Credentials[1]); - - final Properties finalJavaProps = javaProps; - client1.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client1Credentials, finalJavaProps, new int[] {port1, port2}, -1, false, NO_EXCEPTION)); - - // Start client2 with valid/invalid EXECUTE_FUNCTION credentials - Properties[] client2Credentials = new Properties[] { - gen.getAllowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION}, new String[] {regionName}, 2), - gen.getDisallowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION}, new String[] {regionName}, 9) - }; - - javaProps = cGen.getJavaProperties(); - getLogWriter().info("testOps2: For second client credentials: " + client2Credentials[0] + "\n" + client2Credentials[1]); - - final Properties finalJavaProps2 = javaProps; - client2.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client2Credentials, finalJavaProps2, new int[] {port1, port2}, -1, false, NO_EXCEPTION)); - - Function function = new TestFunction(true,TestFunction.TEST_FUNCTION1); - - server1.invoke(() -> PRClientServerTestBase.registerFunction(function)); - - server2.invoke(() -> PRClientServerTestBase.registerFunction(function)); - - // Perform some put operations before verifying queries - client1.invoke(() -> doMultiUserPuts(4, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION})); - client1.invoke(() -> doMultiUserQueries(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4)); - client1.invoke(() -> doMultiUserQueryExecute(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4)); - - // Verify that the FE succeeds/fails - client2.invoke(() ->doMultiUserFE(2, function, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, false)); - - // Failover - server1.invoke(() -> closeCache()); - Thread.sleep(2000); - - client1.invoke(() -> doMultiUserPuts(4, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION})); - - client1.invoke(() -> doMultiUserQueries(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4)); - client1.invoke(() -> doMultiUserQueryExecute(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4)); - - // Verify that the FE succeeds/fails - client2.invoke(() -> doMultiUserFE(2, function, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, true)); - } - - @Test - public void testOpsWithClientsInDifferentModes() throws Exception { - for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext();) { - AuthzCredentialGenerator gen = iter.next(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testOpsWithClientsInDifferentModes: Using authinit: " + authInit); - getLogWriter().info("testOpsWithClientsInDifferentModes: Using authenticator: " + authenticator); - getLogWriter().info("testOpsWithClientsInDifferentModes: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - int port1 = createCacheServerOnVM(server1, javaProps, serverProps); - int port2 = createCacheServerOnVM(server2, javaProps, serverProps); - - if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT}, new OperationCode[] { OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1, port2, false, true)) { - continue; - } - - verifyPutsGets(false, true); - - if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY}, javaProps, authInit, port1, port2, false, false)) { - continue; - } - - verifyContainsKeyDestroys(false, false); - } - } - - private boolean prepareClientsForOps(final AuthzCredentialGenerator gen, final CredentialGenerator cGen, final OperationCode[] client1OpCodes, final OperationCode[] client2OpCodes, final Properties javaProps, final String authInit, final int port1, final int port2) { - return prepareClientsForOps(gen, cGen, client1OpCodes, client2OpCodes, javaProps, authInit, port1, port2, true /* both clients in multiuser mode */, false /* unused */); - } - - private boolean prepareClientsForOps(final AuthzCredentialGenerator gen, final CredentialGenerator cGen, final OperationCode[] client1OpCodes, final OperationCode[] client2OpCodes, Properties javaProps, final String authInit, final int port1, final int port2, final boolean bothClientsInMultiuserMode, final boolean allowOp) { - // Start client1 with valid/invalid client1OpCodes credentials - Properties[] client1Credentials = new Properties[] { gen.getAllowedCredentials(client1OpCodes, new String[] {regionName}, 1), gen.getDisallowedCredentials(new OperationCode[] {client1OpCodes[1]}, new String[] {regionName}, 1)}; - - if (client1Credentials[0] == null || client1Credentials[0].size() == 0) { - getLogWriter().info("testOps1: Unable to obtain valid credentials with " + client1OpCodes[0].toString() + " permission; skipping this combination."); - return false; - } - - if (client1Credentials[1] == null || client1Credentials[1].size() == 0) { - getLogWriter().info("testOps1: Unable to obtain valid credentials with no " + client1OpCodes[0].toString() + " permission; skipping this combination."); - return false; - } - - javaProps = cGen.getJavaProperties(); - getLogWriter().info("testOps1: For first client credentials: " + client1Credentials[0] + "\n" + client1Credentials[1]); - final Properties finalJavaProps = javaProps; - - client1.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client1Credentials, finalJavaProps, new int[] {port1, port2}, -1, false, NO_EXCEPTION)); - - // Start client2 with valid/invalid client2OpCodes credentials - Properties[] client2Credentials = new Properties[] { gen.getAllowedCredentials(client2OpCodes, new String[] {regionName}, 2), gen.getDisallowedCredentials(client2OpCodes, new String[] {regionName}, 9)}; - - if (client2Credentials[0] == null || client2Credentials[0].size() == 0) { - getLogWriter().info("testOps1: Unable to obtain valid credentials with " + client2OpCodes[0].toString() + " permission; skipping this combination."); - return false; - } - - if (client2Credentials[1] == null || client2Credentials[1].size() == 0) { - getLogWriter().info("testOps1: Unable to obtain valid credentials with no " + client2OpCodes[0].toString() + " permission; skipping this combination."); - return false; - } - - javaProps = cGen.getJavaProperties(); - getLogWriter().info("testOps1: For second client credentials: " + client2Credentials[0] + "\n" + client2Credentials[1]); - - if (bothClientsInMultiuserMode) { - final Properties finalJavaProps2 = javaProps; - client2.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client2Credentials, finalJavaProps2, new int[] {port1, port2}, -1, false, NO_EXCEPTION)); - - } else { - int credentialsIndex = allowOp ? 0 : 1; - final Properties finalJavaProps2 = javaProps; - client2.invoke(() -> createCacheClient(authInit, client2Credentials[credentialsIndex], finalJavaProps2, new int[] {port1, port2}, -1, false, false, NO_EXCEPTION)); - } - - return true; - } - - private void verifyPutsGets() throws Exception { - verifyPutsGets(true, false /*unused */); - } - - private void verifyPutsGets(final boolean isMultiuser, final boolean opAllowed) throws Exception { - // Perform some put operations from client1 - client1.invoke(() -> doMultiUserPuts(2, 2, new int[] { NO_EXCEPTION, NOTAUTHZ_EXCEPTION})); - - // Verify that the gets succeed/fail - if (isMultiuser) { - client2.invoke(() -> doMultiUserGets(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION})); - - } else { - int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION; - client2.invoke(() -> doMultiUserGets(1, 1, new int[] {expectedResult})); - } - } - - private void verifyContainsKeyDestroys() throws Exception { - verifyContainsKeyDestroys(true, false /* unused */); - } - - private void verifyContainsKeyDestroys(final boolean isMultiUser, final boolean opAllowed) throws Exception { - // Do puts before verifying containsKey - client1.invoke(() -> doMultiUserPuts(2, 2, new int[] {NO_EXCEPTION, NO_EXCEPTION})); - client1.invoke(() -> doMultiUserContainsKeys(1, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, new boolean[] {true, false})); - - // Verify that the destroys succeed/fail - if (isMultiUser) { - client2.invoke(() -> doMultiUserDestroys(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION})); - - } else { - int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION; - client2.invoke(() -> doMultiUserDestroys(1, 1, new int[] {expectedResult})); - } - } - - private void verifyContainsKeyInvalidates() throws Exception { - verifyContainsKeyInvalidates(true, false /* unused */); - } - - private void verifyContainsKeyInvalidates(final boolean isMultiUser, final boolean opAllowed) throws Exception { - // Do puts before verifying containsKey - client1.invoke(() -> doMultiUserPuts(2, 2, new int[] {NO_EXCEPTION, NO_EXCEPTION})); - client1.invoke(() -> doMultiUserContainsKeys(1, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, new boolean[] {true, false})); - - // Verify that the invalidates succeed/fail - if (isMultiUser) { - client2.invoke(() -> doMultiUserInvalidates(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION})); - - } else { - int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION; - client2.invoke(() -> doMultiUserInvalidates(1, 1, new int[] {expectedResult})); - } - } - - private void verifyGetAllInTX() { - server1.invoke(() -> doPuts()); - client1.invoke(() -> doMultiUserGetAll(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, true/*use TX*/)); - } - - private void verifyGetAllRegionDestroys() { - server1.invoke(() -> doPuts()); - client1.invoke(() -> doMultiUserGetAll(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION})); - - // Verify that the region destroys succeed/fail - client2.invoke(() -> doMultiUserRegionDestroys(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION})); - } - - private void doPuts() { - Region region = GemFireCacheImpl.getInstance().getRegion(REGION_NAME); - region.put("key1", "value1"); - region.put("key2", "value2"); - } - - private int createCacheServerOnVM(final VM server, final Properties javaProps, final Properties serverProps) { - return server.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps)); - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java deleted file mode 100644 index 0efd3d6..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheClient; -import static com.gemstone.gemfire.security.SecurityTestUtils.*; -import static com.gemstone.gemfire.test.dunit.Assert.*; -import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*; - -import java.util.Properties; - -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import com.gemstone.gemfire.DeltaTestImpl; -import com.gemstone.gemfire.cache.Region; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1; -import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator; -import com.gemstone.gemfire.security.generator.CredentialGenerator; -import com.gemstone.gemfire.test.junit.categories.DistributedTest; -import com.gemstone.gemfire.test.junit.categories.SecurityTest; - -/** - * @since GemFire 6.1 - */ -@Category({ DistributedTest.class, SecurityTest.class }) -public final class DeltaClientAuthorizationDUnitTest extends ClientAuthorizationTestCase { - - private DeltaTestImpl[] deltas = new DeltaTestImpl[8]; - - @Override - protected final void preSetUpClientAuthorizationTestBase() throws Exception { - setUpDeltas(); - } - - @Override - public final void preTearDownClientAuthorizationTestBase() throws Exception { - closeCache(); - } - - @Test - public void testAllowPutsGets() throws Exception { - AuthzCredentialGenerator gen = this.getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit); - getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator); - getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - - int port1 = createServer1(javaProps, serverProps); - int port2 = createServer2(javaProps, serverProps); - - // Start client1 with valid CREATE credentials - Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { REGION_NAME }, 1); - javaProps = cGen.getJavaProperties(); - - getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials); - - createClient1(javaProps, authInit, port1, port2, createCredentials); - - // Start client2 with valid GET credentials - Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { REGION_NAME }, 2); - javaProps = cGen.getJavaProperties(); - - getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials); - - createClient2(javaProps, authInit, port1, port2, getCredentials); - - // Perform some put operations from client1 - client1.invoke(() -> doPuts(2, NO_EXCEPTION)); - - Thread.sleep(5000); - assertTrue("Delta feature NOT used", client1.invoke(() -> DeltaTestImpl.toDeltaFeatureUsed())); - - // Verify that the gets succeed - client2.invoke(() -> doGets(2, NO_EXCEPTION)); - } - - private void createClient2(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties getCredentials) { - client2.invoke(() -> createCacheClient(authInit, getCredentials, javaProps, port1, port2, 0, NO_EXCEPTION)); - } - - private void createClient1(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties createCredentials) { - client1.invoke(() -> createCacheClient(authInit, createCredentials, javaProps, port1, port2, 0, NO_EXCEPTION)); - } - - private int createServer2(final Properties javaProps, final Properties serverProps) { - return server2.invoke(() -> createCacheServer(getLocatorPort(), serverProps, javaProps)); - } - - private int createServer1(final Properties javaProps, final Properties serverProps) { - return server1.invoke(() -> createCacheServer(getLocatorPort(), serverProps, javaProps)); - } - - private void doPuts(final int num, final int expectedResult) { - assertTrue(num <= KEYS.length); - Region region = getCache().getRegion(REGION_NAME); - assertNotNull(region); - for (int index = 0; index < num; ++index) { - region.put(KEYS[index], deltas[0]); - } - for (int index = 0; index < num; ++index) { - region.put(KEYS[index], deltas[index]); - if (expectedResult != NO_EXCEPTION) { - fail("Expected a NotAuthorizedException while doing puts"); - } - } - } - - private void doGets(final int num, final int expectedResult) { - assertTrue(num <= KEYS.length); - - Region region = getCache().getRegion(REGION_NAME); - assertNotNull(region); - - for (int index = 0; index < num; ++index) { - region.localInvalidate(KEYS[index]); - Object value = region.get(KEYS[index]); - if (expectedResult != NO_EXCEPTION) { - fail("Expected a NotAuthorizedException while doing gets"); - } - assertNotNull(value); - assertEquals(deltas[index], value); - } - } - - private final void setUpDeltas() { - for (int i = 0; i < 8; i++) { - deltas[i] = new DeltaTestImpl(0, "0", new Double(0), new byte[0], new TestObject1("0", 0)); - } - deltas[1].setIntVar(5); - deltas[2].setIntVar(5); - deltas[3].setIntVar(5); - deltas[4].setIntVar(5); - deltas[5].setIntVar(5); - deltas[6].setIntVar(5); - deltas[7].setIntVar(5); - - deltas[2].resetDeltaStatus(); - deltas[2].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - deltas[3].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - deltas[4].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - deltas[5].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - //deltas[6].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - //deltas[7].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - - deltas[3].resetDeltaStatus(); - deltas[3].setDoubleVar(new Double(5)); - deltas[4].setDoubleVar(new Double(5)); - deltas[5].setDoubleVar(new Double(5)); - deltas[6].setDoubleVar(new Double(5)); - deltas[7].setDoubleVar(new Double(5)); - - deltas[4].resetDeltaStatus(); - deltas[4].setStr("str changed"); - deltas[5].setStr("str changed"); - deltas[6].setStr("str changed"); - //deltas[7].setStr("str changed"); - - deltas[5].resetDeltaStatus(); - deltas[5].setIntVar(100); - deltas[5].setTestObj(new TestObject1("CHANGED", 100)); - deltas[6].setTestObj(new TestObject1("CHANGED", 100)); - deltas[7].setTestObj(new TestObject1("CHANGED", 100)); - - deltas[6].resetDeltaStatus(); - deltas[6].setByteArr(new byte[] { 1, 2, 3 }); - deltas[7].setByteArr(new byte[] { 1, 2, 3 }); - - deltas[7].resetDeltaStatus(); - deltas[7].setStr("delta string"); - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java deleted file mode 100644 index ff8d23d..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java +++ /dev/null @@ -1,284 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.security.SecurityTestUtils.*; -import static com.gemstone.gemfire.test.dunit.Assert.*; -import static com.gemstone.gemfire.test.dunit.IgnoredException.*; -import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*; - -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Properties; -import java.util.Random; - -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import com.gemstone.gemfire.DeltaTestImpl; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.internal.AvailablePortHelper; -import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest; -import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator; -import com.gemstone.gemfire.security.generator.CredentialGenerator; -import com.gemstone.gemfire.test.dunit.VM; -import com.gemstone.gemfire.test.junit.categories.DistributedTest; -import com.gemstone.gemfire.test.junit.categories.SecurityTest; - -/** - * @since GemFire 6.1 - */ -@Category({ DistributedTest.class, SecurityTest.class }) -public class DeltaClientPostAuthorizationDUnitTest extends ClientAuthorizationTestCase { - - private static final int PAUSE = 5 * 1000; // TODO: replace with Awaitility - - private DeltaTestImpl[] deltas = new DeltaTestImpl[8]; - - @Override - public final void preSetUpClientAuthorizationTestBase() throws Exception { - setUpDeltas(); - addIgnoredException("Unexpected IOException"); - addIgnoredException("SocketException"); - } - - @Override - public final void preTearDownClientAuthorizationTestBase() throws Exception { - closeCache(); - } - - @Test - public void testPutPostOpNotifications() throws Exception { - OperationWithAction[] allOps = allOps(); - - AuthzCredentialGenerator gen = this.getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen); - - getLogWriter().info("testAllOpsNotifications: Using authinit: " + authInit); - getLogWriter().info("testAllOpsNotifications: Using authenticator: " + authenticator); - getLogWriter().info("testAllOpsNotifications: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps); - - // Get ports for the servers - int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2); - int port1 = randomAvailableTCPPorts[0]; - int port2 = randomAvailableTCPPorts[1]; - - // Perform all the ops on the clients - List opBlock = new ArrayList(); - Random rnd = new Random(); - - for (int opNum = 0; opNum < allOps.length; ++opNum) { - // Start client with valid credentials as specified in OperationWithAction - OperationWithAction currentOp = allOps[opNum]; - if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) { - - // End of current operation block; execute all the operations on the servers with failover - if (opBlock.size() > 0) { - // Start the first server and execute the operation block - server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps )); - server2.invoke(() -> closeCache()); - - executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd); - - if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) { - // Failover to the second server and run the block again - server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port2, serverProps, javaProps )); - server1.invoke(() -> closeCache()); - - executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd); - } - - opBlock.clear(); - } - - } else { - currentOp.setOpNum(opNum); - opBlock.add(currentOp); - } - } - } - - @Override - protected final void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException { - for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext();) { - // Start client with valid credentials as specified in OperationWithAction - OperationWithAction currentOp = opIter.next(); - OperationCode opCode = currentOp.getOperationCode(); - int opFlags = currentOp.getFlags(); - int clientNum = currentOp.getClientNum(); - VM clientVM = null; - boolean useThisVM = false; - - switch (clientNum) { - case 1: - clientVM = client1; - break; - case 2: - clientVM = client2; - break; - case 3: - useThisVM = true; - break; - default: - fail("executeOpBlock: Unknown client number " + clientNum); - break; - } - - getLogWriter().info("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp); - - if ((opFlags & OpFlags.USE_OLDCONN) == 0) { - Properties opCredentials; - int newRnd = random.nextInt(100) + 1; - String currentRegionName = '/' + regionName; - if ((opFlags & OpFlags.USE_SUBREGION) > 0) { - currentRegionName += ('/' + SUBREGION_NAME); - } - - String credentialsTypeStr; - OperationCode authOpCode = currentOp.getAuthzOperationCode(); - int[] indices = currentOp.getIndices(); - CredentialGenerator cGen = credentialGenerator.getCredentialGenerator(); - final Properties javaProps = cGen == null ? null : cGen.getJavaProperties(); - - if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) { - opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd); - credentialsTypeStr = " unauthorized " + authOpCode; - - } else { - opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] {opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd); - credentialsTypeStr = " authorized " + authOpCode; - } - - Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps }); - - // Start the client with valid credentials but allowed or disallowed to perform an operation - getLogWriter().info("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials); - boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0; - if (useThisVM) { - createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION); - - } else { - clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION)); - } - } - - int expectedResult; - if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) { - expectedResult = NOTAUTHZ_EXCEPTION; - } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) { - expectedResult = OTHER_EXCEPTION; - } else { - expectedResult = NO_EXCEPTION; - } - - // Perform the operation from selected client - if (useThisVM) { - doOp(opCode, currentOp.getIndices(), new Integer( - opFlags), new Integer(expectedResult)); - } - else { - int[] indices = currentOp.getIndices(); - clientVM.invoke(() -> DeltaClientPostAuthorizationDUnitTest.doOp(opCode, - indices, new Integer(opFlags), - new Integer(expectedResult) )); - } - } - } - - private void setUpDeltas() { - for (int i = 0; i < 8; i++) { - deltas[i] = new DeltaTestImpl(0, "0", new Double(0), new byte[0], new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("0", 0)); - } - deltas[1].setIntVar(5); - deltas[2].setIntVar(5); - deltas[3].setIntVar(5); - deltas[4].setIntVar(5); - deltas[5].setIntVar(5); - deltas[6].setIntVar(5); - deltas[7].setIntVar(5); - - deltas[2].resetDeltaStatus(); - deltas[2].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - deltas[3].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - deltas[4].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - deltas[5].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - //deltas[6].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - //deltas[7].setByteArr(new byte[] { 1, 2, 3, 4, 5 }); - - deltas[3].resetDeltaStatus(); - deltas[3].setDoubleVar(new Double(5)); - deltas[4].setDoubleVar(new Double(5)); - deltas[5].setDoubleVar(new Double(5)); - deltas[6].setDoubleVar(new Double(5)); - deltas[7].setDoubleVar(new Double(5)); - - deltas[4].resetDeltaStatus(); - deltas[4].setStr("str changed"); - deltas[5].setStr("str changed"); - deltas[6].setStr("str changed"); - //deltas[7].setStr("str changed"); - - deltas[5].resetDeltaStatus(); - deltas[5].setIntVar(100); - deltas[5].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100)); - deltas[6].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100)); - deltas[7].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100)); - - deltas[6].resetDeltaStatus(); - deltas[6].setByteArr(new byte[] { 1, 2, 3 }); - deltas[7].setByteArr(new byte[] { 1, 2, 3 }); - - deltas[7].resetDeltaStatus(); - deltas[7].setStr("delta string"); - } - - private OperationWithAction[] allOps() { - return new OperationWithAction[] { - // Test CREATE and verify with a GET - new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8), - new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8), - new OperationWithAction(OperationCode.PUT), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), - new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 4), - - // OPBLOCK_END indicates end of an operation block that needs to be executed on each server when doing failover - OperationWithAction.OPBLOCK_END, - - // Test UPDATE and verify with a GET - new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8), - new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8), - new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL | OpFlags.CHECK_FAIL, 4), - - OperationWithAction.OPBLOCK_END - }; - } -}
