jinmeiliao commented on a change in pull request #6885:
URL: https://github.com/apache/geode/pull/6885#discussion_r717742989
##########
File path:
geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationMultiServerDUnitTest.java
##########
@@ -174,10 +184,75 @@ public void
clientConnectToLocatorShouldNotAllowOperationIfUserIsNotRefreshed()
AuthenticationRequiredException.class,
AuthenticationExpiredException.class);
}
}
- ExpirableSecurityManager consolidated =
combineSecurityManagerResults(server1, server2);
+ ExpirableSecurityManager consolidated = collectSecurityManagers(server1,
server2);
assertThat(consolidated.getAuthorizedOps().keySet()).isEmpty();
}
+ @Test
+ public void cqWithMultiServer() throws Exception {
+ int locatorPort = locator.getPort();
+ UpdatableUserAuthInitialize.setUser("user1");
+ clientCacheRule
+ .withProperty(SECURITY_CLIENT_AUTH_INIT,
UpdatableUserAuthInitialize.class.getName())
+ .withPoolSubscription(true)
+ .withLocatorConnection(locatorPort);
+ ClientCache cache = clientCacheRule.createCache();
+ EventsCqListner listener =
+ createAndExecuteCQ(cache.getQueryService(), "cq1", "select * from /" +
PARTITION_REGION);
+
+ UpdatableUserAuthInitialize.setUser("user2");
Review comment:
yes, controller VM is a client VM as well. Both uses its own
`UpdatableUserAuthInitialize`
##########
File path:
geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationMultiServerDUnitTest.java
##########
@@ -174,10 +184,75 @@ public void
clientConnectToLocatorShouldNotAllowOperationIfUserIsNotRefreshed()
AuthenticationRequiredException.class,
AuthenticationExpiredException.class);
}
}
- ExpirableSecurityManager consolidated =
combineSecurityManagerResults(server1, server2);
+ ExpirableSecurityManager consolidated = collectSecurityManagers(server1,
server2);
assertThat(consolidated.getAuthorizedOps().keySet()).isEmpty();
}
+ @Test
+ public void cqWithMultiServer() throws Exception {
+ int locatorPort = locator.getPort();
+ UpdatableUserAuthInitialize.setUser("user1");
+ clientCacheRule
+ .withProperty(SECURITY_CLIENT_AUTH_INIT,
UpdatableUserAuthInitialize.class.getName())
+ .withPoolSubscription(true)
+ .withLocatorConnection(locatorPort);
+ ClientCache cache = clientCacheRule.createCache();
+ EventsCqListner listener =
+ createAndExecuteCQ(cache.getQueryService(), "cq1", "select * from /" +
PARTITION_REGION);
+
+ UpdatableUserAuthInitialize.setUser("user2");
+ expireUserOnAllVms("user1");
+ doPutsUsingAnotherClient(locatorPort, "user3", 100);
+
+ // make sure listener still gets all the events
+ await().untilAsserted(() -> assertThat(listener.getKeys()).hasSize(100));
+ ExpirableSecurityManager securityManager =
collectSecurityManagers(server1, server2);
+ assertThat(securityManager.getAuthorizedOps().get("user1"))
+ .containsExactly("DATA:READ:partitionRegion");
+ assertThat(securityManager.getUnAuthorizedOps().get("user1"))
+ .containsExactly("DATA:READ:partitionRegion:key0");
Review comment:
when `key0` is denied, the server will ask the client to
re-authenticate, so client will sends in `user2` credentials, so all keys are
authorized under `user2`.
##########
File path:
geode-junit/src/main/java/org/apache/geode/security/ExpirableSecurityManager.java
##########
@@ -90,4 +90,11 @@ private void addToMap(Map<String, List<String>> maps, Object
user,
}
maps.put(user.toString(), list);
}
+
+ public void close() {
Review comment:
will do
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
