http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/main/java/org/apache/geode/internal/security/shiro/SecurityManagerProvider.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/SecurityManagerProvider.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/SecurityManagerProvider.java new file mode 100644 index 0000000..ad8e66e --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/SecurityManagerProvider.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.internal.security.shiro; + +import org.apache.logging.log4j.Logger; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.config.Ini; +import org.apache.shiro.config.IniSecurityManagerFactory; +import org.apache.shiro.mgt.DefaultSecurityManager; +import org.apache.shiro.realm.Realm; +import org.apache.shiro.session.mgt.DefaultSessionManager; +import org.apache.shiro.session.mgt.SessionManager; + +import org.apache.geode.internal.logging.LogService; +import org.apache.geode.security.SecurityManager; + +public class SecurityManagerProvider { + private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME); + + private org.apache.shiro.mgt.SecurityManager shiroManager; + private SecurityManager securityManager; + + public SecurityManagerProvider() { + shiroManager = SecurityUtils.getSecurityManager(); + } + + public SecurityManagerProvider(String shiroConfig) { + this.securityManager = null; + + IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig); + // we will need to make sure that shiro uses a case sensitive permission resolver + Ini.Section main = factory.getIni().addSection("main"); + main.put("geodePermissionResolver", GeodePermissionResolver.class.getName()); + if (!main.containsKey("iniRealm.permissionResolver")) { + main.put("iniRealm.permissionResolver", "$geodePermissionResolver"); + } + shiroManager = factory.getInstance(); + } + + + public SecurityManagerProvider(SecurityManager securityManager) { + this.securityManager = securityManager; + + Realm realm = new CustomAuthRealm(securityManager); + shiroManager = new DefaultSecurityManager(realm); + increaseShiroGlobalSessionTimeout((DefaultSecurityManager) shiroManager); + } + + private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager) { + SessionManager sessionManager = shiroManager.getSessionManager(); + if (DefaultSessionManager.class.isInstance(sessionManager)) { + DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager; + defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE); + long value = defaultSessionManager.getGlobalSessionTimeout(); + if (value != Long.MAX_VALUE) { + logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.", value); + } + } else { + logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is '{}'.", + sessionManager == null ? "null" : sessionManager.getClass()); + } + } + + public org.apache.shiro.mgt.SecurityManager getShiroSecurityManager() { + return shiroManager; + } + + public SecurityManager getSecurityManager() { + return securityManager; + } +}
http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/distributed/internal/membership/MembershipJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/distributed/internal/membership/MembershipJUnitTest.java b/geode-core/src/test/java/org/apache/geode/distributed/internal/membership/MembershipJUnitTest.java index a0c3cf3..b0e20d9 100755 --- a/geode-core/src/test/java/org/apache/geode/distributed/internal/membership/MembershipJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/distributed/internal/membership/MembershipJUnitTest.java @@ -58,9 +58,6 @@ import org.apache.geode.internal.admin.remote.RemoteTransportConfig; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.security.SecurityServiceFactory; import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.logging.log4j.Level; -import org.junit.AfterClass; -import org.junit.BeforeClass; import org.junit.Test; import org.junit.experimental.categories.Category; http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/DisabledSecurityServiceTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/DisabledSecurityServiceTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/DisabledSecurityServiceTest.java deleted file mode 100644 index cacbeed..0000000 --- a/geode-core/src/test/java/org/apache/geode/internal/security/DisabledSecurityServiceTest.java +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.internal.security; - -import static org.assertj.core.api.Assertions.*; -import static org.mockito.Mockito.*; - -import org.apache.geode.security.PostProcessor; -import org.apache.geode.test.junit.categories.UnitTest; -import org.apache.shiro.subject.Subject; -import org.apache.shiro.subject.support.SubjectThreadState; -import org.apache.shiro.util.ThreadState; -import org.apache.geode.security.SecurityManager; -import org.junit.Before; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import java.util.Properties; -import java.util.concurrent.Callable; - -@Category(UnitTest.class) -public class DisabledSecurityServiceTest { - - private DisabledSecurityService disabledSecurityService; - private Subject mockSubject; - - @Before - public void before() throws Exception { - this.disabledSecurityService = new DisabledSecurityService(); - this.mockSubject = mock(Subject.class); - } - - @Test - public void bindSubject_null() throws Exception { - ThreadState threadState = this.disabledSecurityService.bindSubject(null); - assertThat(threadState).isNull(); - } - - @Test - public void bindSubject_subject_shouldReturnThreadState() throws Exception { - ThreadState threadState = this.disabledSecurityService.bindSubject(this.mockSubject); - assertThat(threadState).isNotNull().isInstanceOf(SubjectThreadState.class); - } - - @Test - public void getSubject_beforeLogin_shouldReturnNull() throws Exception { - Subject subject = this.disabledSecurityService.getSubject(); - assertThat(subject).isNull(); - } - - @Test - public void login_null_shouldReturnNull() throws Exception { - Subject subject = this.disabledSecurityService.login(null); - assertThat(subject).isNull(); - } - - @Test - public void login_properties_shouldReturnNull() throws Exception { - Subject subject = this.disabledSecurityService.login(new Properties()); - assertThat(subject).isNull(); - } - - @Test - public void getSubject_afterLogin_shouldReturnNull() throws Exception { - this.disabledSecurityService.login(new Properties()); - Subject subject = this.disabledSecurityService.getSubject(); - assertThat(subject).isNull(); - } - - @Test - public void getSubject_afterLogout_shouldReturnNull() throws Exception { - this.disabledSecurityService.login(new Properties()); - this.disabledSecurityService.logout(); - Subject subject = this.disabledSecurityService.getSubject(); - assertThat(subject).isNull(); - } - - @Test - public void associateWith_callable_shouldReturnSameCallable() throws Exception { - Callable mockCallable = mock(Callable.class); - Callable callable = this.disabledSecurityService.associateWith(mockCallable); - assertThat(callable).isNotNull().isSameAs(mockCallable); - } - - @Test - public void associateWith_null_should() throws Exception { - Callable callable = this.disabledSecurityService.associateWith(null); - assertThat(callable).isNull(); - } - - @Test - public void needPostProcess_returnsFalse() throws Exception { - boolean needPostProcess = this.disabledSecurityService.needPostProcess(); - assertThat(needPostProcess).isFalse(); - } - - @Test - public void postProcess1_value_shouldReturnSameValue() throws Exception { - Object value = new Object(); - Object result = this.disabledSecurityService.postProcess(null, null, value, false); - assertThat(result).isNotNull().isSameAs(value); - } - - @Test - public void postProcess1_null_returnsNull() throws Exception { - Object result = this.disabledSecurityService.postProcess(null, null, null, false); - assertThat(result).isNull(); - } - - @Test - public void postProcess2_value_shouldReturnSameValue() throws Exception { - Object value = new Object(); - Object result = this.disabledSecurityService.postProcess(null, null, null, value, false); - assertThat(result).isNotNull().isSameAs(value); - } - - @Test - public void postProcess2_null_returnsNull() throws Exception { - Object result = this.disabledSecurityService.postProcess(null, null, null, null, false); - assertThat(result).isNull(); - } - - @Test - public void isClientSecurityRequired_returnsFalse() throws Exception { - boolean result = this.disabledSecurityService.isClientSecurityRequired(); - assertThat(result).isFalse(); - } - - @Test - public void isIntegratedSecurity_returnsFalse() throws Exception { - boolean result = this.disabledSecurityService.isIntegratedSecurity(); - assertThat(result).isFalse(); - } - - @Test - public void isPeerSecurityRequired_returnsFalse() throws Exception { - boolean result = this.disabledSecurityService.isPeerSecurityRequired(); - assertThat(result).isFalse(); - } - - @Test - public void getSecurityManager_returnsNull() throws Exception { - SecurityManager securityManager = this.disabledSecurityService.getSecurityManager(); - assertThat(securityManager).isNull(); - } - - @Test - public void getPostProcessor_returnsNull() throws Exception { - PostProcessor postProcessor = this.disabledSecurityService.getPostProcessor(); - assertThat(postProcessor).isNull(); - } -} http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/EnabledSecurityServiceTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/EnabledSecurityServiceTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/EnabledSecurityServiceTest.java deleted file mode 100644 index fca7eae..0000000 --- a/geode-core/src/test/java/org/apache/geode/internal/security/EnabledSecurityServiceTest.java +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.internal.security; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatThrownBy; -import static org.mockito.Mockito.*; - -import org.apache.geode.internal.security.shiro.RealmInitializer; -import org.apache.geode.security.AuthenticationFailedException; -import org.apache.geode.security.GemFireSecurityException; -import org.apache.geode.security.PostProcessor; -import org.apache.geode.security.SecurityManager; -import org.apache.geode.test.junit.categories.UnitTest; -import org.apache.shiro.subject.Subject; -import org.apache.shiro.subject.support.SubjectThreadState; -import org.apache.shiro.util.ThreadState; -import org.junit.Before; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import java.util.Properties; -import java.util.concurrent.Callable; - -@Category(UnitTest.class) -public class EnabledSecurityServiceTest { - - private SecurityManager mockSecurityManager; - private PostProcessor mockPostProcessor; - private RealmInitializer spyRealmInitializer; - private Subject mockSubject; - - private EnabledSecurityService securityService; - private EnabledSecurityService securityServiceWithPostProcessor; - - @Before - public void before() throws Exception { - this.mockSecurityManager = mock(SecurityManager.class); - this.mockPostProcessor = mock(PostProcessor.class); - this.spyRealmInitializer = spy(RealmInitializer.class); - this.mockSubject = mock(Subject.class); - - this.securityService = - new EnabledSecurityService(this.mockSecurityManager, null, this.spyRealmInitializer); - this.securityServiceWithPostProcessor = new EnabledSecurityService(this.mockSecurityManager, - this.mockPostProcessor, this.spyRealmInitializer); - } - - @Test - public void bindSubject_nullSubject_shouldReturn_null() throws Exception { - ThreadState threadState = this.securityService.bindSubject(null); - assertThat(threadState).isNull(); - } - - @Test - public void bindSubject_subject_shouldReturn_ThreadState() throws Exception { - ThreadState threadState = this.securityService.bindSubject(this.mockSubject); - assertThat(threadState).isNotNull().isInstanceOf(SubjectThreadState.class); - } - - @Test - public void getSubject_beforeLogin_shouldThrow_GemFireSecurityException() throws Exception { - assertThatThrownBy(() -> this.securityService.getSubject()) - .isInstanceOf(GemFireSecurityException.class).hasMessageContaining("Anonymous User"); - } - - @Test - public void login_nullProperties_shouldReturn_null() throws Exception { - Subject subject = this.securityService.login(null); - assertThat(subject).isNull(); - } - - @Test - public void login_emptyProperties_shouldThrow_AuthenticationFailedException() throws Exception { - assertThatThrownBy(() -> this.securityService.login(new Properties())) - .isInstanceOf(AuthenticationFailedException.class) - .hasMessageContaining("Please check your credentials"); - } - - @Ignore("Extract all shiro integration code out of EnabledSecurityService for mocking") - @Test - public void getSubject_afterLogin_shouldReturnNull() throws Exception { - this.securityService.login(new Properties()); - Subject subject = this.securityService.getSubject(); - assertThat(subject).isNull(); - } - - @Ignore("Extract all shiro integration code out of EnabledSecurityService for mocking") - @Test - public void getSubject_afterLogout_shouldReturnNull() throws Exception { - this.securityService.login(new Properties()); - this.securityService.logout(); - Subject subject = this.securityService.getSubject(); - assertThat(subject).isNull(); - } - - @Test - public void associateWith_callable_beforeLogin_shouldThrow_GemFireSecurityException() - throws Exception { - assertThatThrownBy(() -> this.securityService.associateWith(mock(Callable.class))) - .isInstanceOf(GemFireSecurityException.class).hasMessageContaining("Anonymous User"); - } - - @Test - public void associateWith_null_should() throws Exception { - assertThatThrownBy(() -> this.securityService.associateWith(null)) - .isInstanceOf(GemFireSecurityException.class).hasMessageContaining("Anonymous User"); - } - - @Test - public void needPostProcess_returnsFalse() throws Exception { - boolean needPostProcess = this.securityService.needPostProcess(); - assertThat(needPostProcess).isFalse(); - } - - @Test - public void postProcess1_value_shouldReturnSameValue() throws Exception { - Object value = new Object(); - Object result = this.securityService.postProcess(null, null, value, false); - assertThat(result).isNotNull().isSameAs(value); - } - - @Test - public void postProcess1_null_returnsNull() throws Exception { - Object result = this.securityService.postProcess(null, null, null, false); - assertThat(result).isNull(); - } - - @Test - public void postProcess2_value_shouldReturnSameValue() throws Exception { - Object value = new Object(); - Object result = this.securityService.postProcess(null, null, null, value, false); - assertThat(result).isNotNull().isSameAs(value); - } - - @Test - public void postProcess2_null_returnsNull() throws Exception { - Object result = this.securityService.postProcess(null, null, null, null, false); - assertThat(result).isNull(); - } - - @Test - public void isClientSecurityRequired_returnsTrue() throws Exception { - boolean result = this.securityService.isClientSecurityRequired(); - assertThat(result).isTrue(); - } - - @Test - public void isIntegratedSecurity_returnsTrue() throws Exception { - boolean result = this.securityService.isIntegratedSecurity(); - assertThat(result).isTrue(); - } - - @Test - public void isPeerSecurityRequired_returnsTrue() throws Exception { - boolean result = this.securityService.isPeerSecurityRequired(); - assertThat(result).isTrue(); - } - - @Test - public void getSecurityManager_returnsSecurityManager() throws Exception { - SecurityManager securityManager = this.securityService.getSecurityManager(); - assertThat(securityManager).isNotNull().isSameAs(this.mockSecurityManager); - } - - @Test - public void getPostProcessor_returnsNull() throws Exception { - PostProcessor postProcessor = this.securityService.getPostProcessor(); - assertThat(postProcessor).isNull(); - } -} http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/FakePostProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/FakePostProcessor.java b/geode-core/src/test/java/org/apache/geode/internal/security/FakePostProcessor.java deleted file mode 100644 index 7082344..0000000 --- a/geode-core/src/test/java/org/apache/geode/internal/security/FakePostProcessor.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.internal.security; - -import java.util.Properties; -import java.util.concurrent.atomic.AtomicInteger; -import java.util.concurrent.atomic.AtomicReference; - -import org.apache.geode.security.PostProcessor; - -public class FakePostProcessor implements PostProcessor { - - private final AtomicInteger initInvocations = new AtomicInteger(0); - private final AtomicInteger processRegionValueInvocations = new AtomicInteger(0); - private final AtomicInteger closeInvocations = new AtomicInteger(0); - - private final AtomicReference<Properties> securityPropsRef = new AtomicReference<>(); - private final AtomicReference<ProcessRegionValueArguments> processRegionValueArgumentsRef = - new AtomicReference<>(); - - @Override - public void init(Properties securityProps) { - this.initInvocations.incrementAndGet(); - this.securityPropsRef.set(securityProps); - } - - @Override - public Object processRegionValue(final Object principal, final String regionName, - final Object key, final Object value) { - this.processRegionValueInvocations.incrementAndGet(); - this.processRegionValueArgumentsRef - .set(new ProcessRegionValueArguments(principal, regionName, key, value)); - return this.processRegionValueArgumentsRef.get(); - } - - @Override - public void close() { - this.closeInvocations.incrementAndGet(); - } - - public int getInitInvocations() { - return this.initInvocations.get(); - } - - public int getProcessRegionValueInvocations() { - return this.processRegionValueInvocations.get(); - } - - public int getCloseInvocations() { - return this.closeInvocations.get(); - } - - public Properties getSecurityProps() { - return this.securityPropsRef.get(); - } - - public ProcessRegionValueArguments getProcessRegionValueArguments() { - return this.processRegionValueArgumentsRef.get(); - } - - public static class ProcessRegionValueArguments { - private final Object principal; - private final String regionName; - private final Object key; - private final Object value; - - public ProcessRegionValueArguments(final Object principal, final String regionName, - final Object key, final Object value) { - this.principal = principal; - this.regionName = regionName; - this.key = key; - this.value = value; - } - - public Object getPrincipal() { - return this.principal; - } - - public String getRegionName() { - return this.regionName; - } - - public Object getKey() { - return this.key; - } - - public Object getValue() { - return this.value; - } - } -} http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/FakeSecurityManager.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/FakeSecurityManager.java b/geode-core/src/test/java/org/apache/geode/internal/security/FakeSecurityManager.java deleted file mode 100644 index ca4e6b7..0000000 --- a/geode-core/src/test/java/org/apache/geode/internal/security/FakeSecurityManager.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.internal.security; - -import java.util.Properties; -import java.util.concurrent.atomic.AtomicInteger; -import java.util.concurrent.atomic.AtomicReference; - -import org.apache.geode.security.AuthenticationFailedException; -import org.apache.geode.security.ResourcePermission; -import org.apache.geode.security.SecurityManager; - -public class FakeSecurityManager implements SecurityManager { - - private final AtomicInteger initInvocations = new AtomicInteger(0); - private final AtomicInteger authenticateInvocations = new AtomicInteger(0); - private final AtomicInteger authorizeInvocations = new AtomicInteger(0); - private final AtomicInteger closeInvocations = new AtomicInteger(0); - - private final AtomicReference<Properties> securityPropsRef = new AtomicReference<>(); - private final AtomicReference<Properties> credentialsRef = new AtomicReference<>(); - private final AtomicReference<AuthorizeArguments> processAuthorizeArgumentsRef = - new AtomicReference<>(); - - @Override - public void init(final Properties securityProps) { - this.initInvocations.incrementAndGet(); - this.securityPropsRef.set(securityProps); - } - - @Override - public Object authenticate(final Properties credentials) throws AuthenticationFailedException { - this.authenticateInvocations.incrementAndGet(); - this.credentialsRef.set(credentials); - return credentials; - } - - @Override - public boolean authorize(final Object principal, final ResourcePermission permission) { - this.authorizeInvocations.incrementAndGet(); - this.processAuthorizeArgumentsRef.set(new AuthorizeArguments(principal, permission)); - return true; - } - - @Override - public void close() { - this.closeInvocations.incrementAndGet(); - } - - public int getInitInvocations() { - return this.initInvocations.get(); - } - - public int getAuthenticateInvocations() { - return this.authenticateInvocations.get(); - } - - public int getAuthorizeInvocations() { - return this.authorizeInvocations.get(); - } - - public int getCloseInvocations() { - return this.closeInvocations.get(); - } - - public Properties getSecurityProps() { - return this.securityPropsRef.get(); - } - - public AuthorizeArguments getAuthorizeArguments() { - return this.processAuthorizeArgumentsRef.get(); - } - - public static class AuthorizeArguments { - private final Object principal; - private final ResourcePermission permission; - - public AuthorizeArguments(final Object principal, final ResourcePermission permission) { - this.principal = principal; - this.permission = permission; - } - - public Object getPrincipal() { - return this.principal; - } - - public ResourcePermission getPermission() { - return this.permission; - } - } -} http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceConstructorTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceConstructorTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceConstructorTest.java new file mode 100644 index 0000000..afa007f --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceConstructorTest.java @@ -0,0 +1,93 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.geode.internal.security; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import org.apache.shiro.SecurityUtils; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import org.apache.geode.internal.security.shiro.SecurityManagerProvider; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.SecurityManager; +import org.apache.geode.test.junit.categories.UnitTest; + +@Category(UnitTest.class) +public class IntegratedSecurityServiceConstructorTest { + + private IntegratedSecurityService securityService; + private SecurityManager securityManager; + private PostProcessor postProcessor; + private SecurityManagerProvider provider; + private org.apache.shiro.mgt.SecurityManager shiroManager; + + @Before + public void before() throws Exception { + securityManager = mock(SecurityManager.class); + postProcessor = mock(PostProcessor.class); + provider = mock(SecurityManagerProvider.class); + shiroManager = mock(org.apache.shiro.mgt.SecurityManager.class); + when(provider.getShiroSecurityManager()).thenReturn(shiroManager); + } + + @After + public void after() throws Exception { + if (securityService != null) { + securityService.close(); + } + + // some test manually set the shiro security manager + SecurityUtils.setSecurityManager(null); + } + + @Test + public void constructorWithOutsideShrio() throws Exception { + when(provider.getSecurityManager()).thenReturn(null); + securityService = new IntegratedSecurityService(provider, postProcessor); + assertThat(securityService.getPostProcessor()).isEqualTo(postProcessor); + assertThat(securityService.getSecurityManager()).isNull(); + assertIntegratedSecurityService(); + } + + @Test + public void constructorWithSecurityManager() throws Exception { + when(provider.getSecurityManager()).thenReturn(securityManager); + securityService = new IntegratedSecurityService(provider, null); + assertThat(securityService.getPostProcessor()).isNull(); + assertThat(securityService.getSecurityManager()).isEqualTo(securityManager); + assertIntegratedSecurityService(); + } + + @Test + public void constructorWithSecurityManagerAndPostProcessor() throws Exception { + when(provider.getSecurityManager()).thenReturn(securityManager); + securityService = new IntegratedSecurityService(provider, postProcessor); + assertThat(securityService.getPostProcessor()).isEqualTo(postProcessor); + assertThat(securityService.getSecurityManager()).isEqualTo(securityManager); + assertIntegratedSecurityService(); + } + + private void assertIntegratedSecurityService() throws Exception { + assertThat(securityService.isIntegratedSecurity()).isTrue(); + assertThat(securityService.isClientSecurityRequired()).isTrue(); + assertThat(securityService.isPeerSecurityRequired()).isTrue(); + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java new file mode 100644 index 0000000..daaf18d --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java @@ -0,0 +1,166 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.internal.security; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.util.Properties; + +import org.apache.shiro.subject.Subject; +import org.apache.shiro.subject.SubjectContext; +import org.apache.shiro.subject.support.SubjectThreadState; +import org.apache.shiro.util.ThreadContext; +import org.apache.shiro.util.ThreadState; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import org.apache.geode.internal.security.shiro.SecurityManagerProvider; +import org.apache.geode.security.AuthenticationRequiredException; +import org.apache.geode.security.GemFireSecurityException; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.SecurityManager; +import org.apache.geode.test.junit.categories.UnitTest; + +@Category(UnitTest.class) +public class IntegratedSecurityServiceTest { + + private SecurityManager mockSecurityManager; + private SecurityManagerProvider provider; + private Subject mockSubject; + private org.apache.shiro.mgt.SecurityManager shiroManager; + + private IntegratedSecurityService securityService; + + @Before + public void before() throws Exception { + this.mockSecurityManager = mock(SecurityManager.class); + this.shiroManager = mock(org.apache.shiro.mgt.SecurityManager.class); + this.provider = mock(SecurityManagerProvider.class); + this.mockSubject = mock(Subject.class); + when(provider.getShiroSecurityManager()).thenReturn(shiroManager); + when(provider.getSecurityManager()).thenReturn(mockSecurityManager); + when(shiroManager.createSubject(any(SubjectContext.class))).thenReturn(mockSubject); + when(mockSubject.getPrincipal()).thenReturn("principal"); + + this.securityService = new IntegratedSecurityService(provider, null); + } + + @After + public void after() throws Exception { + securityService.close(); + } + + @Test + public void bindSubject_nullSubject_shouldReturn_null() throws Exception { + assertThatThrownBy(() -> this.securityService.bindSubject(null)) + .isInstanceOf(GemFireSecurityException.class).hasMessageContaining("Anonymous User"); + } + + @Test + public void bindSubject_subject_shouldReturn_ThreadState() throws Exception { + ThreadState threadState = this.securityService.bindSubject(this.mockSubject); + assertThat(threadState).isNotNull().isInstanceOf(SubjectThreadState.class); + } + + @Test + public void login_nullProperties_shouldReturn_null() throws Exception { + assertThatThrownBy(() -> this.securityService.login(null)) + .isInstanceOf(AuthenticationRequiredException.class) + .hasMessageContaining("credentials are null"); + } + + @Test + public void getSubject_login_logout() throws Exception { + this.securityService.login(new Properties()); + Subject subject = this.securityService.getSubject(); + assertThat(subject).isNotNull(); + assertThat(ThreadContext.getSubject()).isNotNull(); + this.securityService.logout(); + assertThat(ThreadContext.getSubject()).isNull(); + } + + @Test + public void associateWith_null_should_return_null() throws Exception { + assertThat(this.securityService.associateWith(null)).isNull(); + } + + @Test + public void needPostProcess_returnsFalse() throws Exception { + boolean needPostProcess = this.securityService.needPostProcess(); + assertThat(needPostProcess).isFalse(); + } + + @Test + public void postProcess1_value_shouldReturnSameValue() throws Exception { + Object value = new Object(); + Object result = this.securityService.postProcess(null, null, value, false); + assertThat(result).isNotNull().isSameAs(value); + } + + @Test + public void postProcess1_null_returnsNull() throws Exception { + Object result = this.securityService.postProcess(null, null, null, false); + assertThat(result).isNull(); + } + + @Test + public void postProcess2_value_shouldReturnSameValue() throws Exception { + Object value = new Object(); + Object result = this.securityService.postProcess(null, null, null, value, false); + assertThat(result).isNotNull().isSameAs(value); + } + + @Test + public void postProcess2_null_returnsNull() throws Exception { + Object result = this.securityService.postProcess(null, null, null, null, false); + assertThat(result).isNull(); + } + + @Test + public void isClientSecurityRequired_returnsTrue() throws Exception { + boolean result = this.securityService.isClientSecurityRequired(); + assertThat(result).isTrue(); + } + + @Test + public void isIntegratedSecurity_returnsTrue() throws Exception { + boolean result = this.securityService.isIntegratedSecurity(); + assertThat(result).isTrue(); + } + + @Test + public void isPeerSecurityRequired_returnsTrue() throws Exception { + boolean result = this.securityService.isPeerSecurityRequired(); + assertThat(result).isTrue(); + } + + @Test + public void getSecurityManager_returnsSecurityManager() throws Exception { + SecurityManager securityManager = this.securityService.getSecurityManager(); + assertThat(securityManager).isNotNull().isSameAs(this.mockSecurityManager); + } + + @Test + public void getPostProcessor_returnsNull() throws Exception { + PostProcessor postProcessor = this.securityService.getPostProcessor(); + assertThat(postProcessor).isNull(); + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/LegacySecurityServiceTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/LegacySecurityServiceTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/LegacySecurityServiceTest.java new file mode 100644 index 0000000..bac79ec --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/internal/security/LegacySecurityServiceTest.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.geode.internal.security; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.apache.geode.test.junit.categories.UnitTest; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category(UnitTest.class) +public class LegacySecurityServiceTest { + private LegacySecurityService service; + + @Test + public void emptyConstructor() throws Exception { + service = new LegacySecurityService(); + assertThat(service.isIntegratedSecurity()).isFalse(); + assertThat(service.isClientSecurityRequired()).isFalse(); + assertThat(service.isPeerSecurityRequired()).isFalse(); + assertThat(service.getPostProcessor()).isNull(); + assertThat(service.getSecurityManager()).isNull(); + } + + @Test + public void clientAuthenticator() throws Exception { + service = new LegacySecurityService("abc.create", null); + assertThat(service.isIntegratedSecurity()).isFalse(); + assertThat(service.isClientSecurityRequired()).isTrue(); + assertThat(service.isPeerSecurityRequired()).isFalse(); + assertThat(service.getPostProcessor()).isNull(); + assertThat(service.getSecurityManager()).isNull(); + } + + @Test + public void peerAuthenticator() throws Exception { + service = new LegacySecurityService(null, "abc.create"); + assertThat(service.isIntegratedSecurity()).isFalse(); + assertThat(service.isClientSecurityRequired()).isFalse(); + assertThat(service.isPeerSecurityRequired()).isTrue(); + assertThat(service.getPostProcessor()).isNull(); + assertThat(service.getSecurityManager()).isNull(); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryShiroIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryShiroIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryShiroIntegrationTest.java index 8907012..e8548ed8 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryShiroIntegrationTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryShiroIntegrationTest.java @@ -14,24 +14,15 @@ */ package org.apache.geode.internal.security; -import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR; -import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.Mockito.mock; -import org.apache.geode.security.PostProcessor; -import org.apache.geode.security.SecurityManager; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.util.ThreadContext; import org.junit.After; import org.junit.Before; -import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -import org.junit.rules.TemporaryFolder; import java.util.Properties; @@ -42,8 +33,8 @@ public class SecurityServiceFactoryShiroIntegrationTest { private String shiroIniInClasspath; - @Rule - public TemporaryFolder temporaryFolder = new TemporaryFolder(); + private SecurityService service; + @Before public void before() throws Exception { @@ -53,8 +44,9 @@ public class SecurityServiceFactoryShiroIntegrationTest { @After public void after() throws Exception { - ThreadContext.remove(); - SecurityUtils.setSecurityManager(null); + if (service != null) { + service.close(); + } } @Test @@ -67,24 +59,8 @@ public class SecurityServiceFactoryShiroIntegrationTest { public void create_shiro_createsCustomSecurityService() throws Exception { Properties securityConfig = new Properties(); securityConfig.setProperty(SECURITY_SHIRO_INIT, this.shiroIniInClasspath); - - assertThat(SecurityServiceFactory.create(securityConfig, null, null)) - .isInstanceOf(CustomSecurityService.class); - } - - @Test - public void create_all_createsCustomSecurityService() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_SHIRO_INIT, this.shiroIniInClasspath); - securityConfig.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "value"); - securityConfig.setProperty(SECURITY_PEER_AUTHENTICATOR, "value"); - - SecurityManager mockSecurityManager = mock(SecurityManager.class); - PostProcessor mockPostProcessor = mock(PostProcessor.class); - - assertThat( - SecurityServiceFactory.create(securityConfig, mockSecurityManager, mockPostProcessor)) - .isInstanceOf(CustomSecurityService.class); + service = SecurityServiceFactory.create(securityConfig); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); } private String getResourcePackage(Class classInPackage) { http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryTest.java index f027a43..fc4447b 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceFactoryTest.java @@ -21,14 +21,18 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; +import org.apache.geode.internal.cache.CacheConfig; import org.apache.geode.security.PostProcessor; -import org.apache.geode.security.SecurityManager; +import org.apache.geode.security.SimpleTestSecurityManager; +import org.apache.geode.security.TestPostProcessor; import org.apache.geode.test.junit.categories.SecurityTest; import org.apache.geode.test.junit.categories.UnitTest; import org.apache.shiro.SecurityUtils; -import org.apache.shiro.util.ThreadContext; +import org.apache.shiro.mgt.SecurityManager; import org.junit.After; +import org.junit.Before; import org.junit.Test; import org.junit.experimental.categories.Category; @@ -37,244 +41,152 @@ import java.util.Properties; @Category({UnitTest.class, SecurityTest.class}) public class SecurityServiceFactoryTest { - @After - public void after() throws Exception { - ThreadContext.remove(); - SecurityUtils.setSecurityManager(null); - } - - @Test - public void getPostProcessor_null_returnsNull() throws Exception { - assertThat(SecurityServiceFactory.getPostProcessor(null, null)).isNull(); - } - - @Test - public void getPostProcessor_returnsPostProcessor() throws Exception { - PostProcessor mockPostProcessor = mock(PostProcessor.class); - - assertThat(SecurityServiceFactory.getPostProcessor(mockPostProcessor, null)) - .isSameAs(mockPostProcessor); - } - - @Test - public void getPostProcessor_SecurityConfig_createsPostProcessor() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_POST_PROCESSOR, FakePostProcessor.class.getName()); - - PostProcessor postProcessor = SecurityServiceFactory.getPostProcessor(null, securityConfig); - - assertThat(postProcessor).isInstanceOf(FakePostProcessor.class); - - FakePostProcessor fakePostProcessor = (FakePostProcessor) postProcessor; - - assertThat(fakePostProcessor.getInitInvocations()).isEqualTo(0); - assertThat(fakePostProcessor.getSecurityProps()).isNull(); - } - - @Test - public void getPostProcessor_prefersPostProcessorOverSecurityConfig() throws Exception { - PostProcessor mockPostProcessor = mock(PostProcessor.class); - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_POST_PROCESSOR, FakePostProcessor.class.getName()); - - assertThat(SecurityServiceFactory.getPostProcessor(mockPostProcessor, securityConfig)) - .isSameAs(mockPostProcessor); - } - - @Test - public void getSecurityManager_null_returnsNull() throws Exception { - assertThat(SecurityServiceFactory.getSecurityManager(null, null)).isNull(); - } - - @Test - public void getSecurityManager_returnsSecurityManager() throws Exception { - SecurityManager mockSecurityManager = mock(SecurityManager.class); - - assertThat(SecurityServiceFactory.getSecurityManager(mockSecurityManager, null)) - .isSameAs(mockSecurityManager); - } - - @Test - public void getSecurityManager_SecurityConfig_createsSecurityManager() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_MANAGER, FakeSecurityManager.class.getName()); - - SecurityManager securityManager = - SecurityServiceFactory.getSecurityManager(null, securityConfig); - - assertThat(securityManager).isInstanceOf(FakeSecurityManager.class); - - FakeSecurityManager fakeSecurityManager = (FakeSecurityManager) securityManager; - - assertThat(fakeSecurityManager.getInitInvocations()).isEqualTo(0); - assertThat(fakeSecurityManager.getSecurityProps()).isNull(); - } - - @Test - public void getSecurityManager_prefersSecurityManagerOverSecurityConfig() throws Exception { - SecurityManager mockSecurityManager = mock(SecurityManager.class); - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_MANAGER, FakePostProcessor.class.getName()); - - assertThat(SecurityServiceFactory.getSecurityManager(mockSecurityManager, securityConfig)) - .isSameAs(mockSecurityManager); - } - - @Test - public void determineType_null_returnsDISABLED() throws Exception { - assertThat(SecurityServiceFactory.determineType(null, null, null)) - .isSameAs(SecurityServiceType.DISABLED); - } - - @Test - public void determineType_shiro_returnsCUSTOM() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_SHIRO_INIT, "value"); - - assertThat(SecurityServiceFactory.determineType(securityConfig, null, null)) - .isSameAs(SecurityServiceType.CUSTOM); - } - - @Test - public void determineType_securityManager_returnsENABLED() throws Exception { - Properties securityConfig = new Properties(); - SecurityManager mockSecurityManager = mock(SecurityManager.class); - - assertThat(SecurityServiceFactory.determineType(securityConfig, mockSecurityManager, null)) - .isSameAs(SecurityServiceType.ENABLED); - } - - @Test - public void determineType_postProcessor_returnsDISABLED() throws Exception { - Properties securityConfig = new Properties(); - PostProcessor mockPostProcessor = mock(PostProcessor.class); + private SecurityService service; + private Properties properties; + private org.apache.geode.security.SecurityManager securityManager; + private PostProcessor postProcessor; + private CacheConfig cacheConfig; - assertThat(SecurityServiceFactory.determineType(securityConfig, null, mockPostProcessor)) - .isSameAs(SecurityServiceType.DISABLED); + @Before + public void before() throws Exception { + securityManager = mock(org.apache.geode.security.SecurityManager.class); + postProcessor = mock(PostProcessor.class); + cacheConfig = mock(CacheConfig.class); + properties = new Properties(); } - @Test - public void determineType_both_returnsENABLED() throws Exception { - Properties securityConfig = new Properties(); - SecurityManager mockSecurityManager = mock(SecurityManager.class); - PostProcessor mockPostProcessor = mock(PostProcessor.class); + @After + public void after() throws Exception { + if (service != null) { + service.close(); + } - assertThat(SecurityServiceFactory.determineType(securityConfig, mockSecurityManager, - mockPostProcessor)).isSameAs(SecurityServiceType.ENABLED); + // some test manually set the shiro security manager + SecurityUtils.setSecurityManager(null); } @Test - public void determineType_prefersCUSTOM() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_SHIRO_INIT, "value"); - securityConfig.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "value"); - securityConfig.setProperty(SECURITY_PEER_AUTHENTICATOR, "value"); - SecurityManager mockSecurityManager = mock(SecurityManager.class); - - assertThat(SecurityServiceFactory.determineType(securityConfig, mockSecurityManager, null)) - .isSameAs(SecurityServiceType.CUSTOM); + public void createWithNoArgument() throws Exception { + service = SecurityServiceFactory.create(); + assertThat(service).isInstanceOf(LegacySecurityService.class); } @Test - public void determineType_clientAuthenticator_returnsLEGACY() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "value"); + public void createWithPropsWithNothingOrAuthenticators() throws Exception { + service = SecurityServiceFactory.create(properties); + assertThat(service).isInstanceOf(LegacySecurityService.class); + assertThat(service.isClientSecurityRequired()).isFalse(); + assertThat(service.isPeerSecurityRequired()).isFalse(); - assertThat(SecurityServiceFactory.determineType(securityConfig, null, null)) - .isSameAs(SecurityServiceType.LEGACY); - } - - @Test - public void determineType_peerAuthenticator_returnsLEGACY() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_PEER_AUTHENTICATOR, "value"); + // add client auth + properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "com.abc.Auth"); + service = SecurityServiceFactory.create(properties); + assertThat(service).isInstanceOf(LegacySecurityService.class); + assertThat(service.isClientSecurityRequired()).isTrue(); + assertThat(service.isPeerSecurityRequired()).isFalse(); - assertThat(SecurityServiceFactory.determineType(securityConfig, null, null)) - .isSameAs(SecurityServiceType.LEGACY); + // add peer auth + properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "com.abc.PeerAuth"); + service = SecurityServiceFactory.create(properties); + assertThat(service).isInstanceOf(LegacySecurityService.class); + assertThat(service.isClientSecurityRequired()).isTrue(); + assertThat(service.isPeerSecurityRequired()).isTrue(); } @Test - public void determineType_authenticators_returnsLEGACY() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "value"); - securityConfig.setProperty(SECURITY_PEER_AUTHENTICATOR, "value"); + public void createWithPropsWithSecurityManager() throws Exception { + properties.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); + service = SecurityServiceFactory.create(properties); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isNotNull(); + assertThat(service.getPostProcessor()).isNull(); - assertThat(SecurityServiceFactory.determineType(securityConfig, null, null)) - .isSameAs(SecurityServiceType.LEGACY); + // add the post processor + properties.setProperty(SECURITY_POST_PROCESSOR, TestPostProcessor.class.getName()); + service = SecurityServiceFactory.create(properties); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isNotNull(); + assertThat(service.getPostProcessor()).isNotNull(); } @Test - public void determineType_empty_returnsDISABLED() throws Exception { - Properties securityConfig = new Properties(); - - assertThat(SecurityServiceFactory.determineType(securityConfig, null, null)) - .isSameAs(SecurityServiceType.DISABLED); + public void createWithPropsWithShiro() throws Exception { + properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); + service = SecurityServiceFactory.create(properties); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isNull(); + assertThat(service.getPostProcessor()).isNull(); } @Test - public void create_clientAuthenticator_createsLegacySecurityService() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "value"); - - assertThat(SecurityServiceFactory.create(securityConfig, null, null)) - .isInstanceOf(LegacySecurityService.class); + public void shiroOverwritesSecurityManager() throws Exception { + properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); + properties.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); + service = SecurityServiceFactory.create(properties); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isNull(); + assertThat(service.getPostProcessor()).isNull(); } @Test - public void create_peerAuthenticator_createsLegacySecurityService() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_PEER_AUTHENTICATOR, "value"); - - assertThat(SecurityServiceFactory.create(securityConfig, null, null)) - .isInstanceOf(LegacySecurityService.class); + public void createWithOutsideShiro() throws Exception { + SecurityUtils.setSecurityManager(mock(SecurityManager.class)); + // create the service with empty properties, but we would still end up with + // an IntegratedSecurityService + service = SecurityServiceFactory.create(properties); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isNull(); + assertThat(service.getPostProcessor()).isNull(); } @Test - public void create_authenticators_createsLegacySecurityService() throws Exception { - Properties securityConfig = new Properties(); - securityConfig.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "value"); - securityConfig.setProperty(SECURITY_PEER_AUTHENTICATOR, "value"); - - assertThat(SecurityServiceFactory.create(securityConfig, null, null)) - .isInstanceOf(LegacySecurityService.class); + public void cacheConfigSecurityManagerOverideShiro() throws Exception { + properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); + when(cacheConfig.getSecurityManager()).thenReturn(securityManager); + service = SecurityServiceFactory.create(properties, cacheConfig); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isNotNull(); + assertThat(service.getPostProcessor()).isNull(); } @Test - public void create_none_createsDisabledSecurityService() throws Exception { - Properties securityConfig = new Properties(); - - assertThat(SecurityServiceFactory.create(securityConfig, null, null)) - .isInstanceOf(DisabledSecurityService.class); + public void cacheConfigOverideProperties_securityManager() throws Exception { + properties.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); + when(cacheConfig.getSecurityManager()).thenReturn(securityManager); + service = SecurityServiceFactory.create(properties, cacheConfig); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isEqualTo(securityManager); + assertThat(service.getPostProcessor()).isNull(); } @Test - public void create_postProcessor_createsDisabledSecurityService() throws Exception { - Properties securityConfig = new Properties(); - PostProcessor mockPostProcessor = mock(PostProcessor.class); - - assertThat(SecurityServiceFactory.create(securityConfig, null, mockPostProcessor)) - .isInstanceOf(DisabledSecurityService.class); + public void cacheConfigOverideProperties_postProcessor() throws Exception { + properties.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); + properties.setProperty(SECURITY_POST_PROCESSOR, TestPostProcessor.class.getName()); + when(cacheConfig.getPostProcessor()).thenReturn(postProcessor); + service = SecurityServiceFactory.create(properties, cacheConfig); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isInstanceOf(SimpleTestSecurityManager.class); + assertThat(service.getPostProcessor()).isEqualTo(postProcessor); } @Test - public void create_securityManager_createsEnabledSecurityService() throws Exception { - Properties securityConfig = new Properties(); - SecurityManager mockSecurityManager = mock(SecurityManager.class); - - assertThat(SecurityServiceFactory.create(securityConfig, mockSecurityManager, null)) - .isInstanceOf(EnabledSecurityService.class); + public void cacheConfigSecurityManagerWithPropertyPostProcessor() throws Exception { + properties.setProperty(SECURITY_POST_PROCESSOR, TestPostProcessor.class.getName()); + when(cacheConfig.getSecurityManager()).thenReturn(securityManager); + service = SecurityServiceFactory.create(properties, cacheConfig); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isEqualTo(securityManager); + assertThat(service.getPostProcessor()).isInstanceOf(TestPostProcessor.class); } @Test - public void create_securityManagerAndPostProcessor_createsEnabledSecurityService() - throws Exception { - Properties securityConfig = new Properties(); - SecurityManager mockSecurityManager = mock(SecurityManager.class); - PostProcessor mockPostProcessor = mock(PostProcessor.class); - - assertThat( - SecurityServiceFactory.create(securityConfig, mockSecurityManager, mockPostProcessor)) - .isInstanceOf(EnabledSecurityService.class); + public void cacheConfigPostProcessorWithPropertySecurityManager() throws Exception { + properties.setProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()); + when(cacheConfig.getPostProcessor()).thenReturn(postProcessor); + service = SecurityServiceFactory.create(properties, cacheConfig); + assertThat(service).isInstanceOf(IntegratedSecurityService.class); + assertThat(service.getSecurityManager()).isInstanceOf(SimpleTestSecurityManager.class); + assertThat(service.getPostProcessor()).isEqualTo(postProcessor); } - } http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceTest.java index 4489352..4b7bbfc 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityServiceTest.java @@ -19,10 +19,7 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANA import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; -import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.security.TestSecurityManager; import org.apache.geode.test.junit.categories.SecurityTest; import org.apache.geode.test.junit.categories.UnitTest; @@ -39,21 +36,17 @@ import java.util.Properties; public class SecurityServiceTest { private Properties properties; - private DistributionConfig distributionConfig; private SecurityService securityService; @Before public void before() { this.properties = new Properties(); - this.distributionConfig = mock(DistributionConfig.class); - when(this.distributionConfig.getSecurityProps()).thenReturn(this.properties); - this.securityService = SecurityServiceFactory.create(null, this.distributionConfig); + this.securityService = SecurityServiceFactory.create(); } @After public void after() throws Exception { this.securityService.close(); - SecurityUtils.setSecurityManager(null); } @Test @@ -70,7 +63,7 @@ public class SecurityServiceTest { this.properties.setProperty(TestSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json"); - this.securityService = SecurityServiceFactory.create(null, this.distributionConfig); + this.securityService = SecurityServiceFactory.create(properties); assertThat(this.securityService.isIntegratedSecurity()).isTrue(); assertThat(this.securityService.isClientSecurityRequired()).isTrue(); @@ -80,7 +73,7 @@ public class SecurityServiceTest { @Test public void testInitWithClientAuthenticator() { this.properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test"); - this.securityService = SecurityServiceFactory.create(null, this.distributionConfig); + this.securityService = SecurityServiceFactory.create(properties); assertThat(this.securityService.isIntegratedSecurity()).isFalse(); assertThat(this.securityService.isClientSecurityRequired()).isTrue(); @@ -90,7 +83,7 @@ public class SecurityServiceTest { @Test public void testInitWithPeerAuthenticator() { this.properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test"); - this.securityService = SecurityServiceFactory.create(null, this.distributionConfig); + this.securityService = SecurityServiceFactory.create(properties); assertThat(this.securityService.isIntegratedSecurity()).isFalse(); assertThat(this.securityService.isClientSecurityRequired()).isFalse(); @@ -102,7 +95,7 @@ public class SecurityServiceTest { this.properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test"); this.properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test"); - this.securityService = SecurityServiceFactory.create(null, this.distributionConfig); + this.securityService = SecurityServiceFactory.create(properties); assertThat(this.securityService.isIntegratedSecurity()).isFalse(); assertThat(this.securityService.isClientSecurityRequired()).isTrue(); @@ -113,7 +106,7 @@ public class SecurityServiceTest { public void testInitWithShiroAuthenticator() { this.properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); - this.securityService = SecurityServiceFactory.create(null, this.distributionConfig); + this.securityService = SecurityServiceFactory.create(properties); assertThat(this.securityService.isIntegratedSecurity()).isTrue(); assertThat(this.securityService.isClientSecurityRequired()).isTrue(); @@ -128,7 +121,7 @@ public class SecurityServiceTest { @Test public void testInitWithOutsideShiroSecurityManager() { SecurityUtils.setSecurityManager(new DefaultSecurityManager()); - this.securityService = SecurityServiceFactory.create(null, this.distributionConfig); + this.securityService = SecurityServiceFactory.create(properties); assertThat(this.securityService.isIntegratedSecurity()).isTrue(); } http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.java deleted file mode 100644 index 857c0be..0000000 --- a/geode-core/src/test/java/org/apache/geode/internal/security/shiro/ConfigInitializerIntegrationTest.java +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ -package org.apache.geode.internal.security.shiro; - -import static org.assertj.core.api.Assertions.*; - -import org.apache.commons.io.FileUtils; -import org.apache.geode.test.junit.categories.UnitTest; -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.UnavailableSecurityManagerException; -import org.apache.shiro.util.ThreadContext; -import org.apache.shiro.config.ConfigurationException; -import org.junit.After; -import org.junit.Before; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; -import org.junit.rules.TemporaryFolder; - -import java.io.File; - -@Category(UnitTest.class) -public class ConfigInitializerIntegrationTest { - - private static final String SHIRO_INI_FILE = "ConfigInitializerIntegrationTest.ini"; - - private String shiroIniInClasspath; - private ConfigInitializer configInitializer; - private String shiroIniInFilesystem; - - @Rule - public TemporaryFolder temporaryFolder = new TemporaryFolder(); - - @Before - public void before() throws Exception { - assertThat(getClass().getResource(SHIRO_INI_FILE)).isNotNull(); - - this.configInitializer = new ConfigInitializer(); - - this.shiroIniInClasspath = getResourcePackage(getClass()) + SHIRO_INI_FILE; - - File shiroIniFile = this.temporaryFolder.newFile(SHIRO_INI_FILE); - FileUtils.copyURLToFile(getClass().getResource(SHIRO_INI_FILE), shiroIniFile); - this.shiroIniInFilesystem = shiroIniFile.getAbsolutePath(); - - assertThatThrownBy(() -> SecurityUtils.getSecurityManager()) - .isInstanceOf(UnavailableSecurityManagerException.class); - } - - @After - public void after() throws Exception { - ThreadContext.remove(); - SecurityUtils.setSecurityManager(null); - } - - @Test - public void initialize_fileInClasspath() throws Exception { - this.configInitializer.initialize(this.shiroIniInClasspath); - assertThat(SecurityUtils.getSecurityManager()).isNotNull(); - } - - @Test - public void initialize_null_throws_ConfigurationException() throws Exception { - assertThatThrownBy(() -> this.configInitializer.initialize(null)) - .isInstanceOf(ConfigurationException.class) - .hasMessageContaining("Resource [classpath:null] could not be found"); - } - - @Test - public void initialize_fileInFilesystem() throws Exception { - assertThatThrownBy(() -> this.configInitializer.initialize(this.shiroIniInFilesystem)) - .isInstanceOf(ConfigurationException.class).hasMessageContaining("Resource [classpath:") - .hasMessageContaining("ConfigInitializerIntegrationTest.ini] could not be found"); - } - - private String getResourcePackage(Class classInPackage) { - return classInPackage.getName().replace(classInPackage.getSimpleName(), "").replace(".", "/"); - } -} http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithCustomRealmIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithCustomRealmIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithCustomRealmIntegrationTest.java index 01d6bb6..c47432b 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithCustomRealmIntegrationTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithCustomRealmIntegrationTest.java @@ -39,6 +39,6 @@ public class SecurityServiceWithCustomRealmIntegrationTest "org/apache/geode/management/internal/security/shiro-ini.json"); this.props.setProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()); this.props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); - this.securityService = SecurityServiceFactory.create(this.props, null, null); + this.securityService = SecurityServiceFactory.create(this.props); } } http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithShiroIniIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithShiroIniIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithShiroIniIntegrationTest.java index 1caedbc..86a0ff0 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithShiroIniIntegrationTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/SecurityServiceWithShiroIniIntegrationTest.java @@ -43,7 +43,7 @@ public class SecurityServiceWithShiroIniIntegrationTest { @Before public void before() throws Exception { this.props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini"); - this.securityService = SecurityServiceFactory.create(this.props, null, null); + this.securityService = SecurityServiceFactory.create(this.props); } @After http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java b/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java index cdb90f1..94e0be5 100644 --- a/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java @@ -22,6 +22,7 @@ import static org.junit.Assert.assertTrue; import org.apache.geode.cache.CacheFactory; import org.apache.geode.distributed.ConfigurationProperties; import org.apache.geode.internal.cache.InternalCache; +import org.apache.geode.internal.security.LegacySecurityService; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.templates.DummyAuthenticator; import org.apache.geode.test.junit.categories.IntegrationTest; @@ -37,17 +38,18 @@ import java.util.Properties; public class CacheFactoryWithSecurityObjectTest { private SecurityManager simpleSecurityManager; - private Properties properties = new Properties(); + private Properties properties; private InternalCache cache; @Before public void before() throws Exception { this.simpleSecurityManager = new SimpleTestSecurityManager(); + properties = new Properties(); this.properties.setProperty("mcast-port", "0"); } @Test - public void testCreateCacheWithSecurityManager() throws Exception { + public void testCreateCacheWithSecurityManagerOnly() throws Exception { this.cache = (InternalCache) new CacheFactory(this.properties) .setSecurityManager(this.simpleSecurityManager).setPostProcessor(null).create(); SecurityService securityService = this.cache.getSecurityService(); @@ -56,17 +58,20 @@ public class CacheFactoryWithSecurityObjectTest { assertTrue(securityService.isPeerSecurityRequired()); assertFalse(securityService.needPostProcess()); assertNotNull(securityService.getSecurityManager()); + assertNull(securityService.getPostProcessor()); } @Test - public void testCreateCacheWithPostProcessor() throws Exception { + public void testCreateCacheWithPostProcessorOnly() throws Exception { this.cache = (InternalCache) new CacheFactory(this.properties) .setPostProcessor(new TestPostProcessor()).setSecurityManager(null).create(); SecurityService securityService = this.cache.getSecurityService(); + assertTrue(securityService instanceof LegacySecurityService); assertFalse(securityService.isIntegratedSecurity()); assertFalse(securityService.isClientSecurityRequired()); assertFalse(securityService.isPeerSecurityRequired()); assertFalse(securityService.needPostProcess()); + assertNull(securityService.getSecurityManager()); assertNull(securityService.getPostProcessor()); } @@ -89,7 +94,7 @@ public class CacheFactoryWithSecurityObjectTest { * SECURITY_CLIENT_AUTHENTICATOR. */ @Test - public void testOverride() throws Exception { + public void testSecurityManagerOverAuthenticator() throws Exception { this.properties.setProperty(ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR, DummyAuthenticator.class.getName()); @@ -107,6 +112,61 @@ public class CacheFactoryWithSecurityObjectTest { assertNotNull(securityService.getPostProcessor()); } + + @Test + public void testCacheConfigOverProperties1() throws Exception { + this.properties.setProperty(ConfigurationProperties.SECURITY_SHIRO_INIT, "shiro.ini"); + + this.cache = (InternalCache) new CacheFactory(this.properties).setSecurityManager(null) + .setPostProcessor(null).create(); + + SecurityService securityService = this.cache.getSecurityService(); + + assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); + assertFalse(securityService.needPostProcess()); + assertNull(securityService.getSecurityManager()); + assertNull(securityService.getPostProcessor()); + } + + @Test + public void testCacheConfigOverProperties() throws Exception { + this.properties.setProperty(ConfigurationProperties.SECURITY_SHIRO_INIT, "shiro.ini"); + + this.cache = (InternalCache) new CacheFactory(this.properties) + .setSecurityManager(this.simpleSecurityManager).setPostProcessor(new TestPostProcessor()) + .create(); + + SecurityService securityService = this.cache.getSecurityService(); + + assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); + assertTrue(securityService.needPostProcess()); + assertNotNull(securityService.getSecurityManager()); + assertNotNull(securityService.getPostProcessor()); + } + + @Test + public void testCacheConfigKeepsOldPostProcessor() throws Exception { + this.properties.setProperty(ConfigurationProperties.SECURITY_POST_PROCESSOR, + TestPostProcessor.class.getName()); + + this.cache = (InternalCache) new CacheFactory(this.properties) + .setSecurityManager(this.simpleSecurityManager).setPostProcessor(null).create(); + + SecurityService securityService = this.cache.getSecurityService(); + + assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); + assertTrue(securityService.needPostProcess()); + assertNotNull(securityService.getSecurityManager()); + assertNotNull(securityService.getPostProcessor()); + } + + @After public void after() { this.cache.close(); http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-core/src/test/java/org/apache/geode/security/SecurityManagerLifecycleDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/SecurityManagerLifecycleDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/SecurityManagerLifecycleDistributedTest.java index a9048b9..8727406 100644 --- a/geode-core/src/test/java/org/apache/geode/security/SecurityManagerLifecycleDistributedTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/SecurityManagerLifecycleDistributedTest.java @@ -31,7 +31,7 @@ import static org.assertj.core.api.Assertions.assertThat; import org.apache.geode.cache.server.CacheServer; import org.apache.geode.cache30.CacheTestCase; -import org.apache.geode.internal.security.EnabledSecurityService; +import org.apache.geode.internal.security.IntegratedSecurityService; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.management.ManagementService; import org.apache.geode.test.dunit.Host; @@ -127,7 +127,7 @@ public class SecurityManagerLifecycleDistributedTest extends CacheTestCase { private void verifyInitAndCloseInvoked() { SecurityService securityService = getCache().getSecurityService(); - assertThat(securityService).isNotNull().isInstanceOf(EnabledSecurityService.class); + assertThat(securityService).isNotNull().isInstanceOf(IntegratedSecurityService.class); SpySecurityManager ssm = (SpySecurityManager) getCache().getSecurityService().getSecurityManager(); http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/Server.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/Server.java index 63f907c..ad5c080 100644 --- a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/Server.java +++ b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/Server.java @@ -14,19 +14,16 @@ */ package org.apache.geode.tools.pulse.tests; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; + import org.apache.geode.internal.security.SecurityService; import org.apache.geode.internal.security.SecurityServiceFactory; -import org.apache.geode.internal.security.shiro.CustomAuthRealm; import org.apache.geode.internal.security.shiro.JMXShiroAuthenticator; import org.apache.geode.management.internal.security.AccessControlMBean; import org.apache.geode.management.internal.security.MBeanServerWrapper; import org.apache.geode.management.internal.security.ResourceConstants; import org.apache.geode.security.TestSecurityManager; import org.apache.geode.tools.pulse.internal.data.PulseConstants; -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.mgt.DefaultSecurityManager; -import org.apache.shiro.mgt.SecurityManager; -import org.apache.shiro.realm.Realm; import java.io.IOException; import java.lang.management.ManagementFactory; @@ -73,20 +70,16 @@ public class Server { // set up Shiro Security Manager Properties securityProperties = new Properties(); securityProperties.setProperty(TestSecurityManager.SECURITY_JSON, jsonAuthFile); - Realm realm = new CustomAuthRealm(TestSecurityManager.class.getName(), securityProperties); - SecurityManager securityManager = new DefaultSecurityManager(realm); - SecurityUtils.setSecurityManager(securityManager); + securityProperties.setProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()); + + SecurityService securityService = SecurityServiceFactory.create(securityProperties); // register the AccessControll bean - AccessControlMBean acc = new AccessControlMBean(SecurityServiceFactory.create()); + AccessControlMBean acc = new AccessControlMBean(securityService); ObjectName accessControlMBeanON = new ObjectName(ResourceConstants.OBJECT_NAME_ACCESSCONTROL); MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer(); platformMBeanServer.registerMBean(acc, accessControlMBeanON); - SecurityService securityService = - SecurityServiceFactory.create(securityProperties, new TestSecurityManager(), null); - securityService.initSecurity(securityProperties); - // wire in the authenticator and authorizaton JMXShiroAuthenticator interceptor = new JMXShiroAuthenticator(securityService); env.put(JMXConnectorServer.AUTHENTICATOR, interceptor); http://git-wip-us.apache.org/repos/asf/geode/blob/5546a873/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java index 767588d..f62bb74 100644 --- a/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java +++ b/geode-pulse/src/test/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java @@ -14,14 +14,12 @@ */ package org.apache.geode.tools.pulse.tests.rules; -import org.apache.geode.internal.security.DisabledSecurityService; -import org.apache.geode.tools.pulse.internal.data.PulseConstants; -import org.awaitility.Awaitility; import org.apache.geode.internal.AvailablePort; import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.management.internal.JettyHelper; +import org.apache.geode.tools.pulse.internal.data.PulseConstants; import org.apache.geode.tools.pulse.tests.Server; - +import org.awaitility.Awaitility; import org.junit.rules.ExternalResource; import java.io.IOException;
