[
https://issues.apache.org/jira/browse/GEODE-3827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jared Stewart resolved GEODE-3827.
----------------------------------
Resolution: Fixed
> SecurityManager is leaked from one Cache to another
> ---------------------------------------------------
>
> Key: GEODE-3827
> URL: https://issues.apache.org/jira/browse/GEODE-3827
> Project: Geode
> Issue Type: Bug
> Components: configuration, security
> Reporter: Galen O'Sullivan
> Assignee: Jared Stewart
> Fix For: 1.4.0
>
>
> After creating and closing Cache, the SecurityManager is visible to the next
> Cache created. This only happens if CacheServer.setSecurityManager is called,
> not if the class is specified via property. This is causing failure of some
> integration tests we'd like to add.
> I've created a minimal working example, also visible on branch
> {{SecurityManager-integration-test}} of https://github.com/galen-pivotal/geode
> {code}
> package org.apache.geode.security;
> import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
> import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
> import static
> org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
> import static org.assertj.core.api.Assertions.assertThat;
> import java.util.Properties;
> import org.junit.Test;
> import org.apache.geode.cache.CacheFactory;
> import org.apache.geode.examples.SimpleSecurityManager;
> import org.apache.geode.internal.cache.InternalCache;
> import org.apache.geode.internal.security.SecurityService;
> /**
> * This test verifies that when a SecurityManager is set, it does not persist
> between Cache
> * creations.
> *
> * We had seen this issue, and it broke integration tests.
> */
> public class SecurityManagerPersistenceIntegrationTest {
> private static final Properties defaultProperties;
> static {
> Properties properties = new Properties();
> properties.setProperty(MCAST_PORT, "0");
> properties.setProperty(LOCATORS, "");
> defaultProperties = properties;
> }
> @Test
> public void doesNotPersistWhenSetViaCacheFactoryJavaApi() {
> CacheFactory firstCacheFactory = new CacheFactory(new
> Properties(defaultProperties));
> SecurityManager securityManager = new SimpleSecurityManager();
> firstCacheFactory.setSecurityManager(securityManager);
> InternalCache firstCache = (InternalCache) firstCacheFactory.create();
> firstCache.close();
> CacheFactory cacheFactory = new CacheFactory(new
> Properties(defaultProperties));
> try (InternalCache cache = (InternalCache) cacheFactory.create()) {
> assertCacheHasNoSecurity(cache);
> }
> }
> @Test
> public void doesNotPersistWhenSetWithProperty() {
> Properties properties = new Properties(defaultProperties);
> properties.setProperty(SECURITY_MANAGER,
> SimpleSecurityManager.class.getName());
> CacheFactory firstCacheFactory = new CacheFactory(properties);
> InternalCache firstCache = (InternalCache) firstCacheFactory.create();
> firstCache.close();
> // Make sure we're using a fresh CacheFactory, so the test is valid.
> CacheFactory cacheFactory = new CacheFactory(new
> Properties(defaultProperties));
> try (InternalCache cache = (InternalCache) cacheFactory.create()) {
> assertCacheHasNoSecurity(cache);
> }
> }
> private void assertCacheHasNoSecurity(InternalCache cache) {
> SecurityService securityService = cache.getSecurityService();
> assertThat(securityService.isIntegratedSecurity()).isFalse();
> assertThat(securityService.isClientSecurityRequired()).isFalse();
> assertThat(securityService.isPeerSecurityRequired()).isFalse();
> // We expect null if it's not set, but there could be a default security
> manager if
> // implementation details change.
> if (securityService.getSecurityManager() != null) {
> assertThat(securityService.getSecurityManager())
> .describedAs("Security manager is not the same as the previously
> existing Cache")
> .isNotInstanceOf(SpySecurityManager.class);
> }
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
