GEODE-2030: security support for SDG
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/6ec3f884 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/6ec3f884 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/6ec3f884 Branch: refs/heads/feature/GEM-983 Commit: 6ec3f884c953b48c357bf127a5a37ba88dedee8c Parents: c4e3b15 Author: Jinmei Liao <jil...@pivotal.io> Authored: Mon Oct 24 10:54:36 2016 -0700 Committer: Jinmei Liao <jil...@pivotal.io> Committed: Fri Oct 28 08:48:57 2016 -0700 ---------------------------------------------------------------------- .../org/apache/geode/cache/CacheFactory.java | 34 ++++++ .../geode/internal/cache/CacheConfig.java | 22 +++- .../geode/internal/cache/GemFireCacheImpl.java | 121 ++++++++++--------- .../security/IntegratedSecurityService.java | 69 ++++++++--- .../internal/security/SecurityService.java | 17 +-- .../security/IntegratedSecurityServiceTest.java | 51 +++++++- .../CacheFactoryWithSecurityObjectTest.java | 90 ++++++++++++++ 7 files changed, 320 insertions(+), 84 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java b/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java index b62feac..15557bb 100644 --- a/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java +++ b/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java @@ -28,6 +28,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.jndi.JNDIInvoker; import org.apache.geode.pdx.PdxInstance; import org.apache.geode.pdx.PdxSerializer; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.SecurityManager; /** @@ -326,6 +328,38 @@ public class CacheFactory { } /** + * sets the securityManager for the cache. If this securityManager is set. It will override the + * security-manager property you set in your gemfire system properties. + * + * This is provided mostly for container to inject an already initialized securityManager. An + * object provided this way is expected to be initialized already. We are not calling the init + * method on this object + * + * @param securityManager + * @return + */ + public CacheFactory setSecurityManager(SecurityManager securityManager) { + this.cacheConfig.setSecurityManager(securityManager); + return this; + } + + /** + * sets the postProcessor for the cache. If this postProcessor is set. It will override thie + * security-post-processor setting in the gemfire system properties. + * + * This is provided mostly for container to inject an already initialized post processor. An + * object provided this way is expected to be initialized already. We are not calling the init + * method on this object + * + * @param postProcessor + * @return + */ + public CacheFactory setPostProcessor(PostProcessor postProcessor) { + this.cacheConfig.setPostProcessor(postProcessor); + return this; + } + + /** * Set the PDX serializer for the cache. If this serializer is set, it will be consulted to see if * it can serialize any domain classes which are added to the cache in portable data exchange * format. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java b/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java index 91ae333..45b6a6c 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java @@ -14,13 +14,14 @@ */ package org.apache.geode.internal.cache; -import java.util.List; - import org.apache.geode.internal.cache.xmlcache.CacheServerCreation; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.pdx.PdxSerializer; import org.apache.geode.pdx.ReflectionBasedAutoSerializer; -import org.apache.geode.pdx.internal.AutoSerializableManager; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.SecurityManager; + +import java.util.List; /** * This is helper class used by CacheFactory to pass the cache configuration values to cache @@ -35,6 +36,9 @@ public class CacheConfig { public static boolean DEFAULT_PDX_PERSISTENT = false; public static boolean DEFAULT_PDX_IGNORE_UNREAD_FIELDS = false; + private static SecurityManager securityManager = null; + private static PostProcessor postProcessor = null; + public boolean pdxReadSerialized = DEFAULT_PDX_READ_SERIALIZED; /** @@ -88,14 +92,26 @@ public class CacheConfig { return pdxSerializer; } + public SecurityManager getSecurityManager() { + return securityManager; + } + public void setSecurityManager(SecurityManager securityManager) { + CacheConfig.securityManager = securityManager; + } public void setPdxSerializer(PdxSerializer pdxSerializer) { pdxSerializerUserSet = true; this.pdxSerializer = pdxSerializer; } + public PostProcessor getPostProcessor() { + return postProcessor; + } + public void setPostProcessor(PostProcessor postProcessor) { + CacheConfig.postProcessor = postProcessor; + } public String getPdxDiskStore() { return pdxDiskStore; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java index d9d572c..ba4f1f4 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java @@ -15,65 +15,9 @@ package org.apache.geode.internal.cache; -import java.io.BufferedReader; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.PrintStream; -import java.io.Reader; -import java.io.StringBufferInputStream; -import java.io.StringWriter; -import java.io.Writer; -import java.net.InetSocketAddress; -import java.net.URL; -import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Properties; -import java.util.ServiceLoader; -import java.util.Set; -import java.util.TreeMap; -import java.util.concurrent.ArrayBlockingQueue; -import java.util.concurrent.CancellationException; -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.ConcurrentMap; -import java.util.concurrent.CopyOnWriteArrayList; -import java.util.concurrent.CopyOnWriteArraySet; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.Executor; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.Future; -import java.util.concurrent.LinkedBlockingQueue; -import java.util.concurrent.RejectedExecutionException; -import java.util.concurrent.ThreadFactory; -import java.util.concurrent.ThreadPoolExecutor; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicBoolean; -import java.util.concurrent.atomic.AtomicInteger; -import java.util.concurrent.atomic.AtomicReference; - -import javax.naming.Context; - import com.sun.jna.Native; import com.sun.jna.Platform; import org.apache.commons.lang.StringUtils; -import org.apache.logging.log4j.Logger; - import org.apache.geode.CancelCriterion; import org.apache.geode.CancelException; import org.apache.geode.ForcedDisconnectException; @@ -229,6 +173,60 @@ import org.apache.geode.pdx.internal.PdxInstanceFactoryImpl; import org.apache.geode.pdx.internal.PdxInstanceImpl; import org.apache.geode.pdx.internal.TypeRegistry; import org.apache.geode.redis.GeodeRedisServer; +import org.apache.logging.log4j.Logger; + +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.PrintStream; +import java.io.Reader; +import java.io.StringBufferInputStream; +import java.io.StringWriter; +import java.io.Writer; +import java.net.InetSocketAddress; +import java.net.URL; +import java.net.UnknownHostException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; +import java.util.ServiceLoader; +import java.util.Set; +import java.util.TreeMap; +import java.util.concurrent.ArrayBlockingQueue; +import java.util.concurrent.CancellationException; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; +import java.util.concurrent.CopyOnWriteArrayList; +import java.util.concurrent.CopyOnWriteArraySet; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Executor; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; +import java.util.concurrent.LinkedBlockingQueue; +import java.util.concurrent.RejectedExecutionException; +import java.util.concurrent.ThreadFactory; +import java.util.concurrent.ThreadPoolExecutor; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.concurrent.atomic.AtomicReference; +import javax.naming.Context; // @todo somebody Come up with more reasonable values for {@link #DEFAULT_LOCK_TIMEOUT}, etc. /** @@ -1203,7 +1201,18 @@ public class GemFireCacheImpl // apply the cluster's properties configuration and initialize security using that configuration ClusterConfigurationLoader.applyClusterPropertiesConfiguration(this, configurationResponse, system.getConfig()); + + // first initialize the security service using the security properties securityService.initSecurity(system.getConfig().getSecurityProps()); + // secondly if cacheConfig has a securityManager, use that instead + if (cacheConfig.getSecurityManager() != null) { + securityService.setSecurityManager(cacheConfig.getSecurityManager()); + } + // if cacheConfig has a postProcessor, use that instead + if (cacheConfig.getPostProcessor() != null) { + securityService.setPostProcessor(cacheConfig.getPostProcessor()); + } + SystemMemberCacheEventProcessor.send(this, Operation.CACHE_CREATE); this.resourceAdvisor.initializationGate(); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java index 8fc0f11..7a898d1 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java @@ -42,6 +42,7 @@ import org.apache.geode.security.SecurityManager; import org.apache.logging.log4j.Logger; import org.apache.shiro.SecurityUtils; import org.apache.shiro.ShiroException; +import org.apache.shiro.UnavailableSecurityManagerException; import org.apache.shiro.config.Ini.Section; import org.apache.shiro.config.IniSecurityManagerFactory; import org.apache.shiro.mgt.DefaultSecurityManager; @@ -73,7 +74,7 @@ public class IntegratedSecurityService implements SecurityService { private PostProcessor postProcessor; private SecurityManager securityManager; - private boolean isIntegratedSecurity; + private Boolean isIntegratedSecurity; private boolean isClientAuthenticator; // is there a SECURITY_CLIENT_AUTHENTICATOR private boolean isPeerAuthenticator; // is there a SECURITY_PEER_AUTHENTICATOR @@ -85,7 +86,7 @@ public class IntegratedSecurityService implements SecurityService { * @return the shiro subject, null if security is not enabled */ public Subject getSubject() { - if (!isIntegratedSecurity) { + if (!isIntegratedSecurity()) { return null; } @@ -133,7 +134,7 @@ public class IntegratedSecurityService implements SecurityService { * @return null if security is not enabled, otherwise return a shiro subject */ public Subject login(Properties credentials) { - if (!isIntegratedSecurity) { + if (!isIntegratedSecurity()) { return null; } @@ -300,7 +301,7 @@ public class IntegratedSecurityService implements SecurityService { } String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT); - String securityConfig = securityProps.getProperty(SECURITY_MANAGER); + String securityManagerConfig = securityProps.getProperty(SECURITY_MANAGER); String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR); String peerAuthenticatorConfig = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR); @@ -318,18 +319,17 @@ public class IntegratedSecurityService implements SecurityService { org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); isIntegratedSecurity = true; + isClientAuthenticator = false; + isPeerAuthenticator = false; } // only set up shiro realm if user has implemented SecurityManager - else if (!StringUtils.isBlank(securityConfig)) { - securityManager = - SecurityService.getObjectOfTypeFromClassName(securityConfig, SecurityManager.class); + else if (!StringUtils.isBlank(securityManagerConfig)) { + SecurityManager securityManager = SecurityService + .getObjectOfTypeFromClassName(securityManagerConfig, SecurityManager.class); securityManager.init(securityProps); - Realm realm = new CustomAuthRealm(securityManager); - org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm); - SecurityUtils.setSecurityManager(shiroManager); - isIntegratedSecurity = true; + this.setSecurityManager(securityManager); } else { - isIntegratedSecurity = false; + isIntegratedSecurity = null; isClientAuthenticator = !StringUtils.isBlank(clientAuthenticatorConfig); isPeerAuthenticator = !StringUtils.isBlank(peerAuthenticatorConfig); } @@ -356,7 +356,8 @@ public class IntegratedSecurityService implements SecurityService { postProcessor = null; } ThreadContext.remove(); - isIntegratedSecurity = false; + SecurityUtils.setSecurityManager(null); + isIntegratedSecurity = null; isClientAuthenticator = false; isPeerAuthenticator = false; } @@ -367,7 +368,7 @@ public class IntegratedSecurityService implements SecurityService { * bypass it entirely, call this first. */ public boolean needPostProcess() { - return (isIntegratedSecurity && postProcessor != null); + return (isIntegratedSecurity() && postProcessor != null); } public Object postProcess(String regionPath, Object key, Object value, @@ -412,19 +413,55 @@ public class IntegratedSecurityService implements SecurityService { return securityManager; } + public void setSecurityManager(SecurityManager securityManager) { + if (securityManager == null) { + return; + } + + this.securityManager = securityManager; + Realm realm = new CustomAuthRealm(securityManager); + org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm); + SecurityUtils.setSecurityManager(shiroManager); + isIntegratedSecurity = true; + isClientAuthenticator = false; + isPeerAuthenticator = false; + } + public PostProcessor getPostProcessor() { return postProcessor; } + public void setPostProcessor(PostProcessor postProcessor) { + if (postProcessor == null) { + return; + } + + this.postProcessor = postProcessor; + } + + /** + * If Shiro's security manager is configured, then return true, otherwise, return false; + * + * @return + */ public boolean isIntegratedSecurity() { + if (isIntegratedSecurity != null) { + return isIntegratedSecurity; + } + + try { + isIntegratedSecurity = (SecurityUtils.getSecurityManager() != null); + } catch (UnavailableSecurityManagerException e) { + isIntegratedSecurity = false; + } return isIntegratedSecurity; } public boolean isClientSecurityRequired() { - return isClientAuthenticator || isIntegratedSecurity; + return isClientAuthenticator || isIntegratedSecurity(); } public boolean isPeerSecurityRequired() { - return isPeerAuthenticator || isIntegratedSecurity; + return isPeerAuthenticator || isIntegratedSecurity(); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java index 41b08d5..727a1ce 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java @@ -14,13 +14,6 @@ */ package org.apache.geode.internal.security; -import java.lang.reflect.Method; -import java.util.Properties; -import java.util.concurrent.Callable; - -import org.apache.shiro.subject.Subject; -import org.apache.shiro.util.ThreadState; - import org.apache.geode.internal.ClassLoadUtil; import org.apache.geode.management.internal.security.ResourceConstants; import org.apache.geode.management.internal.security.ResourceOperation; @@ -28,6 +21,12 @@ import org.apache.geode.security.GemFireSecurityException; import org.apache.geode.security.PostProcessor; import org.apache.geode.security.ResourcePermission; import org.apache.geode.security.SecurityManager; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.util.ThreadState; + +import java.lang.reflect.Method; +import java.util.Properties; +import java.util.concurrent.Callable; public interface SecurityService { @@ -96,8 +95,12 @@ public interface SecurityService { SecurityManager getSecurityManager(); + void setSecurityManager(SecurityManager securityManager); + PostProcessor getPostProcessor(); + void setPostProcessor(PostProcessor postProcessor); + /** * this method would never return null, it either throws an exception or returns an object */ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java index 8c81026..1a8e601 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java @@ -18,14 +18,19 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIE import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; -import static org.assertj.core.api.Java6Assertions.assertThatThrownBy; +import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import org.apache.geode.security.GemFireSecurityException; +import org.apache.geode.security.templates.SamplePostProcessor; import org.apache.geode.security.templates.SampleSecurityManager; +import org.apache.geode.security.templates.SimpleSecurityManager; import org.apache.geode.test.junit.categories.UnitTest; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.mgt.DefaultSecurityManager; +import org.junit.After; import org.junit.Before; import org.junit.Test; import org.junit.experimental.categories.Category; @@ -133,7 +138,7 @@ public class IntegratedSecurityServiceTest { } @Test - public void testInitWithBothAuthenticator() { + public void testInitWithAuthenticators() { properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test"); properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test"); @@ -155,6 +160,48 @@ public class IntegratedSecurityServiceTest { assertTrue(securityService.isPeerSecurityRequired()); } + @Test + public void testNoInit() { + assertFalse(securityService.isIntegratedSecurity()); + } + + @Test + public void testInitWithOutsideShiroSecurityManager() { + SecurityUtils.setSecurityManager(new DefaultSecurityManager()); + securityService.initSecurity(properties); + assertTrue(securityService.isIntegratedSecurity()); + } + + @Test + public void testSetSecurityManager() { + // initially + assertFalse(securityService.isIntegratedSecurity()); + + // init with client authenticator + properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test"); + securityService.initSecurity(properties); + assertFalse(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertFalse(securityService.isPeerSecurityRequired()); + + // set a security manager + securityService.setSecurityManager(new SimpleSecurityManager()); + assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); + assertFalse(securityService.needPostProcess()); + + // set a post processor + securityService.setPostProcessor(new SamplePostProcessor()); + assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.needPostProcess()); + } + + @After + public void after() { + securityService.close(); + } + private static class Factories { public static String getString() { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java b/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java new file mode 100644 index 0000000..742167c --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java @@ -0,0 +1,90 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.geode.security; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import org.apache.geode.cache.Cache; +import org.apache.geode.cache.CacheFactory; +import org.apache.geode.distributed.ConfigurationProperties; +import org.apache.geode.internal.security.SecurityService; +import org.apache.geode.security.templates.DummyAuthenticator; +import org.apache.geode.security.templates.SamplePostProcessor; +import org.apache.geode.security.templates.SimpleSecurityManager; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import java.util.Properties; + +@Category({IntegrationTest.class, SecurityTest.class}) +public class CacheFactoryWithSecurityObjectTest { + + private SecurityService securityService; + private SecurityManager simpleSecurityManager; + private Properties properties = new Properties(); + Cache cache; + + @Before + public void before() throws Exception { + securityService = SecurityService.getSecurityService(); + simpleSecurityManager = new SimpleSecurityManager(); + properties.setProperty("mcast-port", "0"); + } + + @Test + public void testCreateCacheWithSecurityManager() throws Exception { + cache = new CacheFactory(properties).setSecurityManager(simpleSecurityManager) + .setPostProcessor(null).create(); + assertTrue(securityService.isIntegratedSecurity()); + assertFalse(securityService.needPostProcess()); + assertNotNull(securityService.getSecurityManager()); + } + + @Test + public void testCreateCacheWithPostProcessor() throws Exception { + cache = new CacheFactory(properties).setPostProcessor(new SamplePostProcessor()) + .setSecurityManager(null).create(); + assertFalse(securityService.isIntegratedSecurity()); + assertFalse(securityService.needPostProcess()); + assertNotNull(securityService.getPostProcessor()); + } + + @Test + public void testOverride() throws Exception { + properties.setProperty(ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR, + DummyAuthenticator.class.getName()); + + cache = new CacheFactory(properties).setSecurityManager(simpleSecurityManager) + .setPostProcessor(new SamplePostProcessor()).create(); + + assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.needPostProcess()); + assertNotNull(securityService.getSecurityManager()); + } + + @After + public void after() { + cache.close(); + } + +}