Repository: incubator-geode Updated Branches: refs/heads/develop 9b710ab0a -> 65f35581b
GEODE-1883: making AuthInit optional when starting a server/client Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/65f35581 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/65f35581 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/65f35581 Branch: refs/heads/develop Commit: 65f35581b9f7dded29ad37d06f5e036d6a9f0aa1 Parents: 9b710ab Author: Jinmei Liao <jil...@pivotal.io> Authored: Thu Sep 15 13:57:09 2016 -0700 Committer: Jinmei Liao <jil...@pivotal.io> Committed: Thu Sep 15 14:53:09 2016 -0700 ---------------------------------------------------------------------- .../distributed/ConfigurationProperties.java | 1 - .../membership/gms/auth/GMSAuthenticator.java | 28 ++------------------ .../cache/tier/sockets/CacheClientProxy.java | 12 ++++----- .../internal/cache/tier/sockets/HandShake.java | 26 ++++++++++-------- .../internal/security/SecurityService.java | 14 ++++++++-- .../apache/geode/security/AuthInitialize.java | 16 +++++++++-- .../PDXGfshPostProcessorOnRemoteServerTest.java | 11 +++----- 7 files changed, 52 insertions(+), 56 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65f35581/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java index 8a4446c..d2dd371 100644 --- a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java @@ -18,7 +18,6 @@ package org.apache.geode.distributed; import org.apache.geode.redis.GeodeRedisServer; -import org.apache.geode.security.SecurableComponents; /** * This interface defines all the configuration properties that can be used. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65f35581/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java index 68ec0c0..a448d8c 100755 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java @@ -28,13 +28,12 @@ import org.apache.geode.distributed.internal.membership.InternalDistributedMembe import org.apache.geode.distributed.internal.membership.NetView; import org.apache.geode.distributed.internal.membership.gms.Services; import org.apache.geode.distributed.internal.membership.gms.interfaces.Authenticator; +import org.apache.geode.internal.cache.tier.sockets.HandShake; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.InternalLogWriter; import org.apache.geode.internal.security.IntegratedSecurityService; import org.apache.geode.internal.security.SecurityService; -import org.apache.geode.security.AuthInitialize; import org.apache.geode.security.AuthenticationFailedException; -import org.apache.geode.security.AuthenticationRequiredException; import org.apache.geode.security.GemFireSecurityException; public class GMSAuthenticator implements Authenticator { @@ -185,31 +184,8 @@ public class GMSAuthenticator implements Authenticator { * For testing only. */ Properties getCredentials(DistributedMember member, Properties secProps) { - Properties credentials = null; String authMethod = secProps.getProperty(SECURITY_PEER_AUTH_INIT); - - try { - if (authMethod != null && authMethod.length() > 0) { - AuthInitialize auth = SecurityService.getObjectOfType(authMethod, AuthInitialize.class); - assert auth != null; - try { - LogWriter logWriter = services.getLogWriter(); - LogWriter securityLogWriter = services.getSecurityLogWriter(); - auth.init(logWriter, securityLogWriter); - credentials = auth.getCredentials(secProps, member, true); - } finally { - auth.close(); - } - } - - } catch (GemFireSecurityException gse) { - throw gse; - - } catch (Exception ex) { - throw new AuthenticationRequiredException(HandShake_FAILED_TO_ACQUIRE_AUTHINITIALIZE_METHOD_0.toLocalizedString(authMethod), ex); - } - - return credentials; + return HandShake.getCredentials(authMethod, secProps, member, true, services.getLogWriter(), services.getSecurityLogWriter()); } /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65f35581/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java index 3d2458e..5fa4c2e 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java @@ -41,10 +41,6 @@ import java.util.concurrent.locks.ReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock; import java.util.regex.Pattern; -import org.apache.logging.log4j.Logger; -import org.apache.shiro.subject.Subject; -import org.apache.shiro.util.ThreadState; - import org.apache.geode.CancelException; import org.apache.geode.DataSerializer; import org.apache.geode.StatisticsFactory; @@ -106,9 +102,11 @@ import org.apache.geode.internal.logging.LoggingThreadGroup; import org.apache.geode.internal.logging.log4j.LocalizedMessage; import org.apache.geode.internal.logging.log4j.LogMarker; import org.apache.geode.internal.security.AuthorizeRequestPP; -import org.apache.geode.internal.security.IntegratedSecurityService; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.AccessControl; +import org.apache.logging.log4j.Logger; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.util.ThreadState; /** * Class <code>CacheClientProxy</code> represents the server side of the @@ -338,7 +336,7 @@ public class CacheClientProxy implements ClientSession { private int numDrainsInProgress = 0; private final Object drainsInProgressLock = new Object(); - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); + private SecurityService securityService = SecurityService.getSecurityService(); /** * Constructor. @@ -1678,7 +1676,7 @@ public class CacheClientProxy implements ClientSession { // post process if(this.securityService.needPostProcess()) { Object oldValue = clientMessage.getValue(); - Object newValue = IntegratedSecurityService.getSecurityService().postProcess(clientMessage.getRegionName(), clientMessage.getKeyOfInterest(), oldValue, clientMessage.valueIsObject()); + Object newValue = securityService.postProcess(clientMessage.getRegionName(), clientMessage.getKeyOfInterest(), oldValue, clientMessage.valueIsObject()); clientMessage.setLatestValue(newValue); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65f35581/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java index 00372ae..d63dfa0 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/HandShake.java @@ -60,8 +60,6 @@ import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.net.ssl.SSLSocket; -import org.apache.logging.log4j.Logger; - import org.apache.geode.CancelCriterion; import org.apache.geode.DataSerializer; import org.apache.geode.InternalGemFireException; @@ -88,6 +86,7 @@ import org.apache.geode.internal.cache.tier.Acceptor; import org.apache.geode.internal.cache.tier.ClientHandShake; import org.apache.geode.internal.cache.tier.ConnectionProxy; import org.apache.geode.internal.i18n.LocalizedStrings; +import org.apache.geode.internal.lang.StringUtils; import org.apache.geode.internal.logging.InternalLogWriter; import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.security.IntegratedSecurityService; @@ -98,6 +97,7 @@ import org.apache.geode.security.AuthenticationFailedException; import org.apache.geode.security.AuthenticationRequiredException; import org.apache.geode.security.Authenticator; import org.apache.geode.security.GemFireSecurityException; +import org.apache.logging.log4j.Logger; public class HandShake implements ClientHandShake { @@ -1596,16 +1596,20 @@ public class HandShake implements ClientHandShake throws AuthenticationRequiredException { Properties credentials = null; + // if no authInit, Try to extract the credentials directly from securityProps + if (StringUtils.isBlank(authInitMethod)){ + return SecurityService.getCredentials(securityProperties); + } + + // if authInit exists try { - if (authInitMethod != null && authInitMethod.length() > 0) { - AuthInitialize auth = SecurityService.getObjectOfType(authInitMethod, AuthInitialize.class); - auth.init(logWriter, securityLogWriter); - try { - credentials = auth.getCredentials(securityProperties, server, isPeer); - } - finally { - auth.close(); - } + AuthInitialize auth = SecurityService.getObjectOfType(authInitMethod, AuthInitialize.class); + auth.init(logWriter, securityLogWriter); + try { + credentials = auth.getCredentials(securityProperties, server, isPeer); + } + finally { + auth.close(); } } catch (GemFireSecurityException ex) { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65f35581/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java index 7380c9a..4d4fcfa 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java @@ -19,14 +19,14 @@ package org.apache.geode.internal.security; import java.util.Properties; import java.util.concurrent.Callable; +import org.apache.geode.management.internal.security.ResourceConstants; +import org.apache.geode.management.internal.security.ResourceOperation; import org.apache.geode.security.PostProcessor; import org.apache.geode.security.ResourcePermission; import org.apache.geode.security.SecurityManager; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.ThreadState; -import org.apache.geode.management.internal.security.ResourceOperation; - public interface SecurityService { ThreadState bindSubject(Subject subject); @@ -76,6 +76,16 @@ public interface SecurityService { return IntegratedSecurityService.getObjectOfTypeFromClassName(className, expectedClazz); } + public static Properties getCredentials(Properties securityProps){ + Properties credentials = null; + if(securityProps.containsKey(ResourceConstants.USER_NAME) && securityProps.containsKey(ResourceConstants.PASSWORD)){ + credentials = new Properties(); + credentials.setProperty(ResourceConstants.USER_NAME, securityProps.getProperty(ResourceConstants.USER_NAME)); + credentials.setProperty(ResourceConstants.PASSWORD, securityProps.getProperty(ResourceConstants.PASSWORD)); + } + return credentials; + } + static SecurityService getSecurityService(){ return IntegratedSecurityService.getSecurityService(); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65f35581/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java index 9123ec4..dae77d4 100644 --- a/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java +++ b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java @@ -90,8 +90,20 @@ public interface AuthInitialize extends CacheCallback { * in case of failure to obtain the credentials * * @return the credentials to be used for the given <code>server</code> + * + * @deprecated since Geode 1.0, use getCredentials(Properties). When using Integrated security, + * all members, peer/client will use the same credentials. */ public Properties getCredentials(Properties securityProps, - DistributedMember server, boolean isPeer) - throws AuthenticationFailedException; + DistributedMember server, boolean isPeer) + throws AuthenticationFailedException; + + /** + * Implement this since Geode1.0 + * @param securityProps + * @return the credentials to be used. It needs to contain "security-username" and "security-password" + */ + default public Properties getCredentials(Properties securityProps){ + return getCredentials(securityProps, null, true); + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65f35581/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java b/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java index 870ff91..34043e8 100644 --- a/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java @@ -25,11 +25,6 @@ import java.util.Properties; import java.util.concurrent.TimeUnit; import com.jayway.awaitility.Awaitility; -import org.apache.geode.security.templates.SampleSecurityManager; -import org.junit.Before; -import org.junit.Test; -import org.junit.experimental.categories.Category; - import org.apache.geode.cache.Cache; import org.apache.geode.cache.CacheFactory; import org.apache.geode.cache.Region; @@ -47,12 +42,15 @@ import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.cli.result.CommandResult; import org.apache.geode.management.internal.cli.util.CommandStringBuilder; import org.apache.geode.pdx.SimpleClass; -import org.apache.geode.security.templates.UserPasswordAuthInit; +import org.apache.geode.security.templates.SampleSecurityManager; import org.apache.geode.test.dunit.Host; import org.apache.geode.test.dunit.VM; import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; import org.apache.geode.test.junit.categories.DistributedTest; import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Before; +import org.junit.Test; +import org.junit.experimental.categories.Category; @Category({ DistributedTest.class, SecurityTest.class }) public class PDXGfshPostProcessorOnRemoteServerTest extends JUnit4DistributedTestCase { @@ -96,7 +94,6 @@ public class PDXGfshPostProcessorOnRemoteServerTest extends JUnit4DistributedTes props.setProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName()); // the following are needed for peer-to-peer authentication - props.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName()); props.setProperty("security-username", "super-user"); props.setProperty("security-password", "1234567"); InternalDistributedSystem ds = getSystem(props);