[
https://issues.apache.org/jira/browse/GEODE-1571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15368076#comment-15368076
]
ASF GitHub Bot commented on GEODE-1571:
---------------------------------------
Github user jinmeiliao commented on a diff in the pull request:
https://github.com/apache/incubator-geode/pull/192#discussion_r70114470
--- Diff:
geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
---
@@ -0,0 +1,151 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionShortcut;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.cache.server.CacheServer;
+import com.gemstone.gemfire.distributed.internal.InternalLocator;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.NetworkUtils;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.mockito.Spy;
+
+@Category({DistributedTest.class, SecurityTest.class})
+public class IntegratedSecurityCacheLifecycleDistributedTest extends
JUnit4CacheTestCase {
+
+ private static SpySecurityManager spySecurityManager;
+
+ private VM locator;
+
+ @Override
+ public final void postSetUp() throws Exception {
+ Host host = Host.getHost(0);
+ locator = host.getVM(0);
+ JSONAuthorization.setUpWithJsonFile("clientServer.json");
+ int locatorPort =
AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ String locators = NetworkUtils.getServerHostName(host) + "[" +
locatorPort + "]";
+
+ spySecurityManager = new SpySecurityManager();
+
+ locator.invoke(() -> {
+ spySecurityManager = new SpySecurityManager();
+ DistributedTestUtils.deleteLocatorStateFile(locatorPort);
+
+ final Properties properties = new Properties();
+ properties.setProperty(MCAST_PORT, "0");
+ properties.setProperty(START_LOCATOR, locators);
+ properties.setProperty(SECURITY_MANAGER,
SpySecurityManager.class.getName()+".create");
+ properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
+ getSystem(properties);
+ getCache();
+ });
+
+ final Properties properties = new Properties();
+ properties.setProperty(MCAST_PORT, "0");
+ properties.setProperty(SECURITY_MANAGER,
SpySecurityManager.class.getName()+".create");
+ properties.setProperty(LOCATORS, locators);
+ properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
+ getSystem(properties);
+
+ CacheServer server1 = getCache().addCacheServer();
+ server1.setPort(0);
+ server1.start();
+
+ getCache();
+ }
+
+ @Test
+ public void initAndCloseTest () {
+ locator.invoke(() -> {
+ verifyInitInvoked();
+ });
+ verifyInitInvoked();
+ getCache().close();
+ verifyCloseInvoked();
+ locator.invoke(() -> {
+ getCache().close();
--- End diff --
Can we put all the locator.invoke in one block? like this:
locator.invoke(()->{
verifyInitInvoked();
getCache().close();
verifyCloseInvoked();
});
> Client security should be able to use Resource:Operation permissions
> --------------------------------------------------------------------
>
> Key: GEODE-1571
> URL: https://issues.apache.org/jira/browse/GEODE-1571
> Project: Geode
> Issue Type: Sub-task
> Components: security
> Reporter: Swapnil Bawaskar
>
> While providing role based access control for JMX and CLI, noun-verby
> permission of the form of RESOURCE:OPERATION[:REGION] have been introduced.
> Please refer to the wiki for more details:
> https://cwiki.apache.org/confluence/display/GEODE/How+to+secure+JMX+and+GFSH
> We now need to provide a new interface so that client-server security can
> also use these noun-verby permissions.
> To make Geode security "integrated", users will only have to provide an
> implementation of this new interface and it will work for JMX, gfsh and
> client-server.
> {{com.gemstone.gemfire.security.AccessControl}} should be deprecated once we
> have this new interface.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
