[GitHub] [geode] jchen21 commented on a change in pull request #6885: GEODE-9570: make sure re-authentication works with registered interests

GitBox Tue, 28 Sep 2021 13:20:37 -0700


jchen21 commented on a change in pull request #6885:
URL: https://github.com/apache/geode/pull/6885#discussion_r717046763




##########
File path: 
geode-junit/src/main/java/org/apache/geode/security/ExpirableSecurityManager.java
##########
@@ -90,4 +90,11 @@ private void addToMap(Map<String, List<String>> maps, Object 
user,
     }
     maps.put(user.toString(), list);
   }
+
+  public void close() {

Review comment:
       Better add annotation `@Override`

##########
File path: 
geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationMultiServerDUnitTest.java
##########
@@ -174,10 +184,75 @@ public void 
clientConnectToLocatorShouldNotAllowOperationIfUserIsNotRefreshed()
             AuthenticationRequiredException.class, 
AuthenticationExpiredException.class);
       }
     }
-    ExpirableSecurityManager consolidated = 
combineSecurityManagerResults(server1, server2);
+    ExpirableSecurityManager consolidated = collectSecurityManagers(server1, 
server2);
     assertThat(consolidated.getAuthorizedOps().keySet()).isEmpty();
   }
 
+  @Test
+  public void cqWithMultiServer() throws Exception {
+    int locatorPort = locator.getPort();
+    UpdatableUserAuthInitialize.setUser("user1");
+    clientCacheRule
+        .withProperty(SECURITY_CLIENT_AUTH_INIT, 
UpdatableUserAuthInitialize.class.getName())
+        .withPoolSubscription(true)
+        .withLocatorConnection(locatorPort);
+    ClientCache cache = clientCacheRule.createCache();
+    EventsCqListner listener =
+        createAndExecuteCQ(cache.getQueryService(), "cq1", "select * from /" + 
PARTITION_REGION);
+
+    UpdatableUserAuthInitialize.setUser("user2");

Review comment:
       Is `user2` required here? 
   `UpdatableUserAuthInitialize` is used here on the controller VM, while in 
`doPutsUsingAnotherClient`, `UpdatableUserAuthInitialize` is used in a client 
VM. Is it expected?

##########
File path: 
geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationMultiServerDUnitTest.java
##########
@@ -174,10 +184,75 @@ public void 
clientConnectToLocatorShouldNotAllowOperationIfUserIsNotRefreshed()
             AuthenticationRequiredException.class, 
AuthenticationExpiredException.class);
       }
     }
-    ExpirableSecurityManager consolidated = 
combineSecurityManagerResults(server1, server2);
+    ExpirableSecurityManager consolidated = collectSecurityManagers(server1, 
server2);
     assertThat(consolidated.getAuthorizedOps().keySet()).isEmpty();
   }
 
+  @Test
+  public void cqWithMultiServer() throws Exception {
+    int locatorPort = locator.getPort();
+    UpdatableUserAuthInitialize.setUser("user1");
+    clientCacheRule
+        .withProperty(SECURITY_CLIENT_AUTH_INIT, 
UpdatableUserAuthInitialize.class.getName())
+        .withPoolSubscription(true)
+        .withLocatorConnection(locatorPort);
+    ClientCache cache = clientCacheRule.createCache();
+    EventsCqListner listener =
+        createAndExecuteCQ(cache.getQueryService(), "cq1", "select * from /" + 
PARTITION_REGION);
+
+    UpdatableUserAuthInitialize.setUser("user2");
+    expireUserOnAllVms("user1");
+    doPutsUsingAnotherClient(locatorPort, "user3", 100);
+
+    // make sure listener still gets all the events
+    await().untilAsserted(() -> assertThat(listener.getKeys()).hasSize(100));
+    ExpirableSecurityManager securityManager = 
collectSecurityManagers(server1, server2);
+    assertThat(securityManager.getAuthorizedOps().get("user1"))
+        .containsExactly("DATA:READ:partitionRegion");
+    assertThat(securityManager.getUnAuthorizedOps().get("user1"))
+        .containsExactly("DATA:READ:partitionRegion:key0");

Review comment:
       Why this does not include `key1` through `key99`, since user1's 
authentication is expired?

##########
File path: 
geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationMultiServerDUnitTest.java
##########
@@ -174,10 +184,75 @@ public void 
clientConnectToLocatorShouldNotAllowOperationIfUserIsNotRefreshed()
             AuthenticationRequiredException.class, 
AuthenticationExpiredException.class);
       }
     }
-    ExpirableSecurityManager consolidated = 
combineSecurityManagerResults(server1, server2);
+    ExpirableSecurityManager consolidated = collectSecurityManagers(server1, 
server2);
     assertThat(consolidated.getAuthorizedOps().keySet()).isEmpty();
   }
 
+  @Test
+  public void cqWithMultiServer() throws Exception {
+    int locatorPort = locator.getPort();
+    UpdatableUserAuthInitialize.setUser("user1");
+    clientCacheRule
+        .withProperty(SECURITY_CLIENT_AUTH_INIT, 
UpdatableUserAuthInitialize.class.getName())
+        .withPoolSubscription(true)
+        .withLocatorConnection(locatorPort);
+    ClientCache cache = clientCacheRule.createCache();
+    EventsCqListner listener =
+        createAndExecuteCQ(cache.getQueryService(), "cq1", "select * from /" + 
PARTITION_REGION);
+
+    UpdatableUserAuthInitialize.setUser("user2");

Review comment:
       `UpdatableUserAuthInitialize` is used here on the controller VM, while 
in `doPutsUsingAnotherClient`, `UpdatableUserAuthInitialize` is used in a 
client VM. Is it expected?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [geode] jchen21 commented on a change in pull request #6885: GEODE-9570: make sure re-authentication works with registered interests

Reply via email to