spotlessCheck is broken by this commit
Le 4/17/2017 à 8:06 AM, jinmeil...@apache.org a écrit :
Repository: geode
Updated Branches:
refs/heads/develop 3a3077094 -> 3423f6f5a
GEODE-2775: Corrected setting of Pulse SSL Manager flag from System properties
instead of pulse.properties when running in embedded mode.
* this closes #454
Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/3423f6f5
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/3423f6f5
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/3423f6f5
Branch: refs/heads/develop
Commit: 3423f6f5a9102859fdae8a95c7715dfd64dacc75
Parents: 3a30770
Author: Patrick Rhomberg <prhomb...@pivotal.io>
Authored: Wed Apr 12 11:39:11 2017 -0700
Committer: Jinmei Liao <jil...@pivotal.io>
Committed: Mon Apr 17 08:06:01 2017 -0700
----------------------------------------------------------------------
.../tools/pulse/PulseSecurityWithSSLTest.java | 83 ++++++++++++++++++++
.../management/internal/ManagementAgent.java | 16 ++--
.../tools/pulse/internal/PulseAppListener.java | 4 +
3 files changed, 95 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/geode/blob/3423f6f5/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
----------------------------------------------------------------------
diff --git
a/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
b/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
new file mode 100644
index 0000000..3b9cd72
--- /dev/null
+++
b/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ * or implied. See the License for the specific language governing permissions
and limitations under
+ * the License.
+ */
+
+package org.apache.geode.tools.pulse;
+
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
+import static
org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
+import static
org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
+import static
org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
+import static
org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
+import static
org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
+import static
org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.util.test.TestUtil.getResourcePath;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.apache.geode.security.SecurableCommunicationChannels;
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.test.dunit.rules.HttpClientRule;
+import org.apache.geode.test.dunit.rules.LocatorStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.http.HttpResponse;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.io.File;
+import java.util.Properties;
+
+
+@Category(IntegrationTest.class)
+public class PulseSecurityWithSSLTest {
+
+ private static File jks =
+ new File(getResourcePath(PulseSecurityWithSSLTest.class,
"/ssl/trusted.keystore"));
+
+ @ClassRule
+ public static LocatorStarterRule locator = new LocatorStarterRule();
+
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ Properties securityProps = new Properties();
+ securityProps.setProperty(SSL_ENABLED_COMPONENTS,
SecurableCommunicationChannels.JMX);
+ securityProps.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
+ securityProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
+ // securityProps.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+ securityProps.setProperty(SSL_TRUSTSTORE, jks.getCanonicalPath());
+ securityProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
+ securityProps.setProperty(SSL_PROTOCOLS, "TLSv1.2");
+ securityProps.setProperty(SSL_CIPHERS, "any");
+
+
locator.withSecurityManager(SimpleTestSecurityManager.class).withProperties(securityProps)
+ .startLocator();
+ }
+
+ @Rule
+ public HttpClientRule client = new HttpClientRule(locator::getHttpPort);
+
+
+ @Test
+ public void loginWithIncorrectPassword() throws Exception {
+ HttpResponse response = client.loginToPulse("data", "wrongPassword");
+ assertThat(response.getStatusLine().getStatusCode()).isEqualTo(302);
+ assertThat(response.getFirstHeader("Location").getValue())
+ .contains("/pulse/login.html?error=BAD_CREDS");
+
+ client.loginToPulseAndVerify("data", "data");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/3423f6f5/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git
a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index 025e5e5..5cbb990 100755
---
a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++
b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -100,6 +100,7 @@ public class ManagementAgent {
*/
private static final String PULSE_EMBEDDED_PROP = "pulse.embedded";
private static final String PULSE_PORT_PROP = "pulse.port";
+ private static final String PULSE_USESSL_MANAGER = "pulse.useSSL.manager";
public ManagementAgent(DistributionConfig config) {
this.config = config;
@@ -269,6 +270,10 @@ public class ManagementAgent {
System.setProperty(PULSE_EMBEDDED_PROP, "true");
System.setProperty(PULSE_PORT_PROP, "" +
config.getJmxManagerPort());
+ final SocketCreator socketCreator =
+
SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX);
+ System.setProperty(PULSE_USESSL_MANAGER, socketCreator.useSSL() +
"");
+
this.httpServer = JettyHelper.startJetty(this.httpServer);
// now, that Tomcat has been started, we can set the URL used by web
@@ -504,14 +509,9 @@ public class ManagementAgent {
if (names.isEmpty()) {
try {
platformMBeanServer.registerMBean(acc, accessControlMBeanON);
- logger.info("Registered AccessContorlMBean on " +
accessControlMBeanON);
- } catch (InstanceAlreadyExistsException e) {
- throw new GemFireConfigException("Error while configuring accesscontrol
for jmx resource",
- e);
- } catch (MBeanRegistrationException e) {
- throw new GemFireConfigException("Error while configuring accesscontrol
for jmx resource",
- e);
- } catch (NotCompliantMBeanException e) {
+ logger.info("Registered AccessControlMBean on " +
accessControlMBeanON);
+ } catch (InstanceAlreadyExistsException | MBeanRegistrationException
+ | NotCompliantMBeanException e) {
throw new GemFireConfigException("Error while configuring accesscontrol
for jmx resource",
e);
}
http://git-wip-us.apache.org/repos/asf/geode/blob/3423f6f5/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
----------------------------------------------------------------------
diff --git
a/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
b/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
index 75bcc98..35f494b 100644
---
a/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
+++
b/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
@@ -169,6 +169,10 @@ public class PulseAppListener implements
ServletContextListener {
// set SSL info
initializeSSL();
+ if (sysIsEmbedded) {
+ sysPulseUseSSLManager = Boolean
+
.parseBoolean(System.getProperty(PulseConstants.SYSTEM_PROPERTY_PULSE_USESSL_MANAGER));
+ }
repository.setUseSSLLocator(sysPulseUseSSLLocator);
repository.setUseSSLManager(sysPulseUseSSLManager);
