http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java index 155b1ad..c281080 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommandsTest.java @@ -16,21 +16,16 @@ package org.apache.geode.management.internal.cli.commands; -import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; -import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -import org.mockito.ArgumentCaptor; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.management.DistributedSystemMXBean; -import org.apache.geode.management.internal.cli.functions.RegionFunctionArgs; import org.apache.geode.test.dunit.rules.GfshParserRule; import org.apache.geode.test.junit.categories.IntegrationTest; @@ -49,17 +44,7 @@ public class CreateAlterDestroyRegionCommandsTest { doReturn(cache).when(spy).getCache(); doReturn(dsMBean).when(spy).getDSMBean(cache); - parser.executeLastCommandWithInstance(spy); - - ArgumentCaptor<RegionFunctionArgs> argsCaptor = - ArgumentCaptor.forClass(RegionFunctionArgs.class); - - verify(spy).validateRegionFunctionArgs(any(), argsCaptor.capture()); - - RegionFunctionArgs args = argsCaptor.getValue(); - assertThat(args.getPartitionResolver()).isEqualTo("Foo"); - - assertThatThrownBy(() -> spy.validateRegionFunctionArgs(cache, args)) + assertThatThrownBy(() -> parser.executeLastCommandWithInstance(spy)) .hasMessageContaining("Foo is an invalid Partition Resolver"); } }
http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java index 9a1605a..1d98087 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java @@ -16,28 +16,26 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; -import org.apache.geode.management.CacheServerMXBean; -import org.apache.geode.security.TestSecurityManager; -import org.apache.geode.test.dunit.rules.ConnectionConfiguration; -import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; -import org.apache.geode.test.dunit.rules.ServerStarterRule; -import org.apache.geode.test.junit.categories.IntegrationTest; import org.junit.Before; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; +import org.apache.geode.management.CacheServerMXBean; +import org.apache.geode.security.SimpleTestSecurityManager; +import org.apache.geode.test.dunit.rules.ConnectionConfiguration; +import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; + @Category(IntegrationTest.class) public class CacheServerMBeanAuthenticationJUnitTest { private CacheServerMXBean bean; @ClassRule public static ServerStarterRule server = new ServerStarterRule().withJMXManager() - .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) - .withProperty(TestSecurityManager.SECURITY_JSON, - "org/apache/geode/management/internal/security/cacheServer.json") - .withAutoStart(); + .withProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()).withAutoStart(); @Rule public MBeanServerConnectionRule connectionRule = @@ -49,7 +47,7 @@ public class CacheServerMBeanAuthenticationJUnitTest { } @Test - @ConnectionConfiguration(user = "data-admin", password = "1234567") + @ConnectionConfiguration(user = "data,cluster", password = "data,cluster") public void testAllAccess() throws Exception { bean.removeIndex("foo"); bean.fetchLoadProbe(); http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java index c7c76f6..de88614 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java @@ -17,6 +17,13 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.assertj.core.api.Assertions.assertThatThrownBy; +import org.assertj.core.api.SoftAssertions; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.management.CacheServerMXBean; import org.apache.geode.security.TestSecurityManager; import org.apache.geode.test.dunit.rules.ConnectionConfiguration; @@ -24,11 +31,6 @@ import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Before; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class CacheServerMBeanAuthorizationJUnitTest { @@ -58,8 +60,10 @@ public class CacheServerMBeanAuthorizationJUnitTest { .hasMessageContaining(TestCommand.dataRead.toString()); bean.fetchLoadProbe(); bean.getActiveCQCount(); - bean.stopContinuousQuery("bar"); - bean.closeAllContinuousQuery("bar"); + assertThatThrownBy(() -> bean.stopContinuousQuery("bar")) + .hasMessageContaining(TestCommand.clusterManageQuery.toString()); + assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar")) + .hasMessageContaining(TestCommand.clusterManageQuery.toString()); bean.isRunning(); bean.showClientQueueDetails("foo"); } @@ -88,21 +92,25 @@ public class CacheServerMBeanAuthorizationJUnitTest { @Test @ConnectionConfiguration(user = "stranger", password = "1234567") public void testNoAccess() throws Exception { - assertThatThrownBy(() -> bean.removeIndex("foo")) + SoftAssertions softly = new SoftAssertions(); + + softly.assertThatThrownBy(() -> bean.removeIndex("foo")) .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.executeContinuousQuery("bar")) + softly.assertThatThrownBy(() -> bean.executeContinuousQuery("bar")) .hasMessageContaining(TestCommand.dataRead.toString()); - assertThatThrownBy(() -> bean.fetchLoadProbe()) + softly.assertThatThrownBy(() -> bean.fetchLoadProbe()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getActiveCQCount()) + softly.assertThatThrownBy(() -> bean.getActiveCQCount()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.stopContinuousQuery("bar")) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar")) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.isRunning()) + softly.assertThatThrownBy(() -> bean.stopContinuousQuery("bar")) + .hasMessageContaining(TestCommand.clusterManageQuery.toString()); + softly.assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar")) + .hasMessageContaining(TestCommand.clusterManageQuery.toString()); + softly.assertThatThrownBy(() -> bean.isRunning()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.showClientQueueDetails("bar")) + softly.assertThatThrownBy(() -> bean.showClientQueueDetails("bar")) .hasMessageContaining(TestCommand.clusterRead.toString()); + + softly.assertAll(); } } http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java index 55f592e..dc1c01a 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanWithShiroIniIntegrationTest.java @@ -17,17 +17,18 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; import static org.assertj.core.api.Assertions.assertThatThrownBy; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.management.CacheServerMXBean; import org.apache.geode.test.dunit.rules.ConnectionConfiguration; import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Before; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class CacheServerMBeanWithShiroIniIntegrationTest { @@ -71,9 +72,9 @@ public class CacheServerMBeanWithShiroIniIntegrationTest { assertThatThrownBy(() -> bean.getActiveCQCount()) .hasMessageContaining(TestCommand.clusterRead.toString()); assertThatThrownBy(() -> bean.stopContinuousQuery("bar")) - .hasMessageContaining(TestCommand.dataManage.toString()); + .hasMessageContaining(TestCommand.clusterManageQuery.toString()); assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar")) - .hasMessageContaining(TestCommand.dataManage.toString()); + .hasMessageContaining(TestCommand.clusterManageQuery.toString()); assertThatThrownBy(() -> bean.isRunning()) .hasMessageContaining(TestCommand.clusterRead.toString()); assertThatThrownBy(() -> bean.showClientQueueDetails("bar")) http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java index a66f05b..dec4703 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java @@ -15,8 +15,15 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; + +import java.util.List; + +import org.assertj.core.api.SoftAssertions; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.MemberMXBean; @@ -27,13 +34,6 @@ import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Before; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import java.util.List; @Category({IntegrationTest.class, SecurityTest.class}) public class CliCommandsSecurityTest { @@ -60,22 +60,22 @@ public class CliCommandsSecurityTest { @Test @ConnectionConfiguration(user = "stranger", password = "1234567") public void testNoAccess() { + SoftAssertions softly = new SoftAssertions(); for (TestCommand command : commands) { // skip query commands since query commands are only available in client shell if (command.getCommand().startsWith("query")) continue; LogService.getLogger().info("processing: " + command.getCommand()); // for those commands that requires a permission, we expect an exception to be thrown - if (command.getPermission() != null) { - try { - String result = bean.processCommand(command.getCommand()); - fail(command.getCommand() + " has result: " + result); - } catch (NotAuthorizedException e) { - assertTrue(e.getMessage() + " should contain " + command.getPermission(), - e.getMessage().contains(command.getPermission().toString())); - } + // This has the potential to become flaky for commands with more than one permission. + if (command.getPermissions() != null && command.getPermissions().length > 0) { + softly.assertThatThrownBy(() -> bean.processCommand(command.getCommand())) + .describedAs(command.getCommand()).isInstanceOf(NotAuthorizedException.class) + .hasMessageContaining(command.getPermissions()[0].toString()); + // } } } + softly.assertAll(); } @Test http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java index f746aaf..6269cf5 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java @@ -17,6 +17,13 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.assertj.core.api.Assertions.assertThatThrownBy; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.cache.Cache; import org.apache.geode.management.MemberMXBean; import org.apache.geode.security.GemFireSecurityException; @@ -26,12 +33,6 @@ import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class DataCommandsSecurityTest { http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java index a4b8c67..9dd4d99 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/DeployCommandsSecurityTest.java @@ -18,14 +18,8 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANA import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.junit.Assert.assertTrue; -import org.apache.geode.management.MemberMXBean; -import org.apache.geode.security.NotAuthorizedException; -import org.apache.geode.security.SimpleTestSecurityManager; -import org.apache.geode.test.dunit.rules.ConnectionConfiguration; -import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; -import org.apache.geode.test.dunit.rules.ServerStarterRule; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; +import java.io.File; + import org.junit.Before; import org.junit.BeforeClass; import org.junit.ClassRule; @@ -34,7 +28,14 @@ import org.junit.Test; import org.junit.experimental.categories.Category; import org.junit.rules.TemporaryFolder; -import java.io.File; +import org.apache.geode.management.MemberMXBean; +import org.apache.geode.security.NotAuthorizedException; +import org.apache.geode.security.SimpleTestSecurityManager; +import org.apache.geode.test.dunit.rules.ConnectionConfiguration; +import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; @Category({IntegrationTest.class, SecurityTest.class}) public class DeployCommandsSecurityTest { @@ -81,14 +82,7 @@ public class DeployCommandsSecurityTest { .isInstanceOf(NotAuthorizedException.class); } - @Test // only cluster access right is not enough to deploy - @ConnectionConfiguration(user = "cluster", password = "cluster") - public void testNoAccess3() { - assertThatThrownBy(() -> bean.processCommand(deployCommand)) - .isInstanceOf(NotAuthorizedException.class); - } - - @Test // not sufficient privalge + @Test // not sufficient privilege @ConnectionConfiguration(user = "clusterRead,clusterWrite,dataRead,dataWrite", password = "clusterRead,clusterWrite,dataRead,dataWrite") public void testNoAccess4() { http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java index e6502c0..4d101e7 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java @@ -17,13 +17,7 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.assertj.core.api.Assertions.assertThatThrownBy; -import org.apache.geode.management.DiskStoreMXBean; -import org.apache.geode.security.TestSecurityManager; -import org.apache.geode.test.dunit.rules.ConnectionConfiguration; -import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; -import org.apache.geode.test.dunit.rules.ServerStarterRule; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; +import org.assertj.core.api.SoftAssertions; import org.junit.Before; import org.junit.BeforeClass; import org.junit.ClassRule; @@ -31,16 +25,21 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; +import org.apache.geode.management.DiskStoreMXBean; +import org.apache.geode.security.SimpleTestSecurityManager; +import org.apache.geode.test.dunit.rules.ConnectionConfiguration; +import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; + @Category({IntegrationTest.class, SecurityTest.class}) public class DiskStoreMXBeanSecurityJUnitTest { private DiskStoreMXBean bean; @ClassRule public static ServerStarterRule server = new ServerStarterRule().withJMXManager() - .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) - .withProperty(TestSecurityManager.SECURITY_JSON, - "org/apache/geode/management/internal/security/cacheServer.json") - .withAutoStart(); + .withProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()).withAutoStart(); @BeforeClass public static void beforeClass() throws Exception { @@ -57,7 +56,48 @@ public class DiskStoreMXBeanSecurityJUnitTest { } @Test - @ConnectionConfiguration(user = "data-admin", password = "1234567") + @ConnectionConfiguration(user = "clusterRead", password = "clusterRead") + public void testClusterReadAccess() throws Exception { + assertThatThrownBy(() -> bean.flush()).hasMessageContaining(TestCommand.diskManage.toString()); + assertThatThrownBy(() -> bean.forceCompaction()) + .hasMessageContaining(TestCommand.diskManage.toString()); + assertThatThrownBy(() -> bean.forceRoll()) + .hasMessageContaining(TestCommand.diskManage.toString()); + assertThatThrownBy(() -> bean.setDiskUsageCriticalPercentage(0.5f)) + .hasMessageContaining(TestCommand.diskManage.toString()); + assertThatThrownBy(() -> bean.setDiskUsageWarningPercentage(0.5f)) + .hasMessageContaining(TestCommand.diskManage.toString()); + + bean.getCompactionThreshold(); + bean.getDiskDirectories(); + bean.getDiskReadsRate(); + bean.isAutoCompact(); + bean.isForceCompactionAllowed(); + } + + @Test + @ConnectionConfiguration(user = "clusterManageDisk", password = "clusterManageDisk") + public void testDiskManageAccess() throws Exception { + assertThatThrownBy(() -> bean.getCompactionThreshold()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + assertThatThrownBy(() -> bean.getDiskDirectories()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + assertThatThrownBy(() -> bean.getDiskReadsRate()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + assertThatThrownBy(() -> bean.isAutoCompact()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + assertThatThrownBy(() -> bean.isForceCompactionAllowed()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + + bean.flush(); + bean.forceCompaction(); + bean.forceRoll(); + bean.setDiskUsageCriticalPercentage(0.5f); + bean.setDiskUsageWarningPercentage(0.5f); + } + + @Test + @ConnectionConfiguration(user = "data,cluster", password = "data,cluster") public void testAllAccess() throws Exception { bean.flush(); bean.forceCompaction(); @@ -72,26 +112,30 @@ public class DiskStoreMXBeanSecurityJUnitTest { } @Test - @ConnectionConfiguration(user = "data-user", password = "1234567") + @ConnectionConfiguration(user = "noAccess", password = "noAccess") public void testNoAccess() throws Exception { - assertThatThrownBy(() -> bean.flush()).hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.forceCompaction()) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.forceRoll()) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.getCompactionThreshold()) + SoftAssertions softly = new SoftAssertions(); + + softly.assertThatThrownBy(() -> bean.flush()) + .hasMessageContaining(TestCommand.clusterManageDisk.toString()); + softly.assertThatThrownBy(() -> bean.forceCompaction()) + .hasMessageContaining(TestCommand.clusterManageDisk.toString()); + softly.assertThatThrownBy(() -> bean.forceRoll()) + .hasMessageContaining(TestCommand.clusterManageDisk.toString()); + softly.assertThatThrownBy(() -> bean.getCompactionThreshold()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getDiskDirectories()) + softly.assertThatThrownBy(() -> bean.getDiskDirectories()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getDiskReadsRate()) + softly.assertThatThrownBy(() -> bean.getDiskReadsRate()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.isAutoCompact()) + softly.assertThatThrownBy(() -> bean.isAutoCompact()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.isForceCompactionAllowed()) + softly.assertThatThrownBy(() -> bean.isForceCompactionAllowed()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.setDiskUsageCriticalPercentage(0.5f)) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.setDiskUsageWarningPercentage(0.5f)) - .hasMessageContaining(TestCommand.dataManage.toString()); + softly.assertThatThrownBy(() -> bean.setDiskUsageCriticalPercentage(0.5f)) + .hasMessageContaining(TestCommand.clusterManageDisk.toString()); + softly.assertThatThrownBy(() -> bean.setDiskUsageWarningPercentage(0.5f)) + .hasMessageContaining(TestCommand.clusterManageDisk.toString()); + softly.assertAll(); } } http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/DistributedSystemMXBeanSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/DistributedSystemMXBeanSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/DistributedSystemMXBeanSecurityTest.java new file mode 100644 index 0000000..138aba6 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/DistributedSystemMXBeanSecurityTest.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.geode.management.internal.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import org.apache.geode.management.DistributedSystemMXBean; +import org.apache.geode.security.NotAuthorizedException; +import org.apache.geode.security.SimpleTestSecurityManager; +import org.apache.geode.security.TestSecurityManager; +import org.apache.geode.test.dunit.rules.ConnectionConfiguration; +import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; + +@Category({DistributedTest.class, SecurityTest.class}) +public class DistributedSystemMXBeanSecurityTest { + + private DistributedSystemMXBean bean; + + @ClassRule + public static ServerStarterRule server = new ServerStarterRule().withJMXManager() + .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withSecurityManager(SimpleTestSecurityManager.class).withAutoStart(); + + @Rule + public MBeanServerConnectionRule connectionRule = + new MBeanServerConnectionRule(server::getJmxPort); + + @Before + public void setUp() throws Exception { + bean = connectionRule.getProxyMBean(DistributedSystemMXBean.class); + } + + @Test + @ConnectionConfiguration(user = "dataRead", password = "dataRead") + public void testDataReadAccess() throws Exception { + assertThatThrownBy(() -> bean.backupAllMembers(null, null)) + .isInstanceOf(NotAuthorizedException.class); + } + + @Test + @ConnectionConfiguration(user = "clusterManageDisk", password = "clusterManageDisk") + public void testDiskManageAccess() throws Exception { + assertThatThrownBy(() -> bean.backupAllMembers(null, null)) + .isInstanceOf(NotAuthorizedException.class); + } + + @Test + @ConnectionConfiguration(user = "dataRead,clusterWriteDisk", + password = "dataRead,clusterWriteDisk") + public void testBothAccess() throws Exception { + assertThatThrownBy(() -> bean.backupAllMembers(null, null)) + .isNotInstanceOf(NotAuthorizedException.class); + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java index 73783d5..3257edb 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java @@ -15,17 +15,11 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; -import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.mockito.Mockito.mock; -import org.apache.geode.management.GatewayReceiverMXBean; -import org.apache.geode.management.ManagementService; -import org.apache.geode.security.TestSecurityManager; -import org.apache.geode.test.dunit.rules.ConnectionConfiguration; -import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; -import org.apache.geode.test.dunit.rules.ServerStarterRule; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; +import javax.management.ObjectName; + +import org.assertj.core.api.SoftAssertions; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; @@ -34,7 +28,14 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -import javax.management.ObjectName; +import org.apache.geode.management.GatewayReceiverMXBean; +import org.apache.geode.management.ManagementService; +import org.apache.geode.security.SimpleTestSecurityManager; +import org.apache.geode.test.dunit.rules.ConnectionConfiguration; +import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; @Category({IntegrationTest.class, SecurityTest.class}) public class GatewayReceiverMBeanSecurityTest { @@ -47,10 +48,7 @@ public class GatewayReceiverMBeanSecurityTest { @ClassRule public static ServerStarterRule server = new ServerStarterRule().withJMXManager() - .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) - .withProperty(TestSecurityManager.SECURITY_JSON, - "org/apache/geode/management/internal/security/cacheServer.json") - .withAutoStart(); + .withProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()).withAutoStart(); @Rule public MBeanServerConnectionRule connectionRule = @@ -58,7 +56,7 @@ public class GatewayReceiverMBeanSecurityTest { @BeforeClass public static void beforeClass() throws Exception { - // the server does not have a GAtewayReceiverMXBean registered initially, has to register a mock + // the server does not have a GatewayReceiverMXBean registered initially, has to register a mock // one. service = ManagementService.getManagementService(server.getCache()); mockBeanName = ObjectName.getInstance("GemFire", "key", "value"); @@ -76,7 +74,7 @@ public class GatewayReceiverMBeanSecurityTest { } @Test - @ConnectionConfiguration(user = "data-admin", password = "1234567") + @ConnectionConfiguration(user = "data,cluster", password = "data,cluster") public void testAllAccess() throws Exception { bean.getAverageBatchProcessingTime(); bean.getBindAddress(); @@ -87,12 +85,16 @@ public class GatewayReceiverMBeanSecurityTest { } @Test - @ConnectionConfiguration(user = "data-user", password = "1234567") + @ConnectionConfiguration(user = "user", password = "user") public void testNoAccess() throws Exception { - assertThatThrownBy(() -> bean.getTotalConnectionsTimedOut()) + SoftAssertions softly = new SoftAssertions(); + softly.assertThatThrownBy(() -> bean.getTotalConnectionsTimedOut()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.start()).hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.stop()).hasMessageContaining(TestCommand.dataManage.toString()); + softly.assertThatThrownBy(() -> bean.start()) + .hasMessageContaining(TestCommand.clusterManageGateway.toString()); + softly.assertThatThrownBy(() -> bean.stop()) + .hasMessageContaining(TestCommand.clusterManageGateway.toString()); + softly.assertAll(); } } http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java index 887d0dc..3faa73e 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java @@ -15,18 +15,11 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; -import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.mockito.Mockito.mock; -import org.apache.geode.management.GatewaySenderMXBean; -import org.apache.geode.management.ManagementService; -import org.apache.geode.management.internal.beans.GatewaySenderMBean; -import org.apache.geode.security.TestSecurityManager; -import org.apache.geode.test.dunit.rules.ConnectionConfiguration; -import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; -import org.apache.geode.test.dunit.rules.ServerStarterRule; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; +import javax.management.ObjectName; + +import org.assertj.core.api.SoftAssertions; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; @@ -35,7 +28,15 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -import javax.management.ObjectName; +import org.apache.geode.management.GatewaySenderMXBean; +import org.apache.geode.management.ManagementService; +import org.apache.geode.management.internal.beans.GatewaySenderMBean; +import org.apache.geode.security.SimpleTestSecurityManager; +import org.apache.geode.test.dunit.rules.ConnectionConfiguration; +import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; @Category({IntegrationTest.class, SecurityTest.class}) public class GatewaySenderMBeanSecurityTest { @@ -47,10 +48,7 @@ public class GatewaySenderMBeanSecurityTest { @ClassRule public static ServerStarterRule server = new ServerStarterRule().withJMXManager() - .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) - .withProperty(TestSecurityManager.SECURITY_JSON, - "org/apache/geode/management/internal/security/cacheServer.json") - .withAutoStart(); + .withProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()).withAutoStart(); @Rule public MBeanServerConnectionRule connectionRule = @@ -58,7 +56,7 @@ public class GatewaySenderMBeanSecurityTest { @BeforeClass public static void beforeClass() throws Exception { - // the server does not have a GAtewaySenderMXBean registered initially, has to register a mock + // the server does not have a GatewaySenderMXBean registered initially, has to register a mock // one. service = ManagementService.getManagementService(server.getCache()); mockBeanName = ObjectName.getInstance("GemFire", "key", "value"); @@ -76,7 +74,7 @@ public class GatewaySenderMBeanSecurityTest { } @Test - @ConnectionConfiguration(user = "data-admin", password = "1234567") + @ConnectionConfiguration(user = "data,cluster", password = "data,cluster") public void testAllAccess() throws Exception { bean.getAlertThreshold(); bean.getAverageDistributionTimePerBatch(); @@ -93,28 +91,36 @@ public class GatewaySenderMBeanSecurityTest { } @Test - @ConnectionConfiguration(user = "stranger", password = "1234567") + @ConnectionConfiguration(user = "stranger", password = "stranger") public void testNoAccess() throws Exception { - assertThatThrownBy(() -> bean.getAlertThreshold()) + SoftAssertions softly = new SoftAssertions(); + + softly.assertThatThrownBy(() -> bean.getAlertThreshold()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()) + softly.assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getBatchSize()) + softly.assertThatThrownBy(() -> bean.getBatchSize()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getMaximumQueueMemory()) + softly.assertThatThrownBy(() -> bean.getMaximumQueueMemory()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getOrderPolicy()) + softly.assertThatThrownBy(() -> bean.getOrderPolicy()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.isBatchConflationEnabled()) + softly.assertThatThrownBy(() -> bean.isBatchConflationEnabled()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.isManualStart()) + softly.assertThatThrownBy(() -> bean.isManualStart()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.pause()).hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.rebalance()) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.resume()).hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.start()).hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.stop()).hasMessageContaining(TestCommand.dataManage.toString()); + softly.assertThatThrownBy(() -> bean.pause()) + .hasMessageContaining(TestCommand.clusterManageGateway.toString()); + softly.assertThatThrownBy(() -> bean.rebalance()) + .hasMessageContaining(TestCommand.clusterManageGateway.toString()); + softly.assertThatThrownBy(() -> bean.resume()) + .hasMessageContaining(TestCommand.clusterManageGateway.toString()); + softly.assertThatThrownBy(() -> bean.start()) + .hasMessageContaining(TestCommand.clusterManageGateway.toString()); + softly.assertThatThrownBy(() -> bean.stop()) + .hasMessageContaining(TestCommand.clusterManageGateway.toString()); + + softly.assertAll(); } } http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java index 1486866..5603eab 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java @@ -18,19 +18,20 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANA import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR; import static org.assertj.core.api.Assertions.assertThat; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.security.SimpleTestSecurityManager; import org.apache.geode.security.TestPostProcessor; -import org.apache.geode.security.TestSecurityManager; import org.apache.geode.test.dunit.rules.ConnectionConfiguration; import org.apache.geode.test.dunit.rules.GfshShellConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class GfshCommandsPostProcessorTest { @@ -38,10 +39,7 @@ public class GfshCommandsPostProcessorTest { @ClassRule public static ServerStarterRule serverStarter = new ServerStarterRule().withJMXManager() .withProperty(SECURITY_POST_PROCESSOR, TestPostProcessor.class.getName()) - .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) - .withProperty("security-json", - "org/apache/geode/management/internal/security/cacheServer.json") - .withAutoStart(); + .withProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()).withAutoStart(); @Rule public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule( @@ -53,7 +51,7 @@ public class GfshCommandsPostProcessorTest { } @Test - @ConnectionConfiguration(user = "data-user", password = "1234567") + @ConnectionConfiguration(user = "dataWrite,dataRead", password = "dataWrite,dataRead") public void testGetPostProcess() throws Exception { gfshConnection.executeCommand("put --region=region1 --key=key1 --value=value1"); gfshConnection.executeCommand("put --region=region1 --key=key2 --value=value2"); @@ -61,12 +59,12 @@ public class GfshCommandsPostProcessorTest { // for get command, assert the return value is processed String result = gfshConnection.execute("get --region=region1 --key=key1"); - assertThat(result).contains("data-user/region1/key1/value1"); + assertThat(result).contains("dataWrite,dataRead/region1/key1/value1"); // for query command, assert the return values are processed result = gfshConnection.execute("query --query=\"select * from /region1\""); - assertThat(result).contains("data-user/null/null/value1"); - assertThat(result).contains("data-user/null/null/value2"); - assertThat(result).contains("data-user/null/null/value3"); + assertThat(result).contains("dataWrite,dataRead/null/null/value1"); + assertThat(result).contains("dataWrite,dataRead/null/null/value2"); + assertThat(result).contains("dataWrite,dataRead/null/null/value3"); } } http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java index 84ef3fc..c2be173 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java @@ -15,12 +15,20 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; -import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import java.util.List; + +import org.apache.shiro.authz.permission.WildcardPermission; +import org.assertj.core.api.SoftAssertions; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.cache.RegionShortcut; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.cli.Result; @@ -33,14 +41,6 @@ import org.apache.geode.test.dunit.rules.GfshShellConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.apache.shiro.authz.permission.WildcardPermission; -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import java.util.List; @Category({IntegrationTest.class, SecurityTest.class}) public class GfshCommandsSecurityTest { @@ -49,7 +49,7 @@ public class GfshCommandsSecurityTest { .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) .withProperty("security-json", "org/apache/geode/management/internal/security/cacheServer.json") - .withAutoStart(); + .withRegion(RegionShortcut.REPLICATE_PERSISTENT, "persistentRegion"); @Rule public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule( @@ -75,82 +75,89 @@ public class GfshCommandsSecurityTest { @Test @ConnectionConfiguration(user = "cluster-reader", password = "1234567") public void testClusterReader() throws Exception { - runCommandsWithAndWithout("CLUSTER:READ"); + runCommandsPermittedAndForbiddenBy("CLUSTER:READ"); } @Test @ConnectionConfiguration(user = "cluster-writer", password = "1234567") public void testClusterWriter() throws Exception { - runCommandsWithAndWithout("CLUSTER:WRITE"); + runCommandsPermittedAndForbiddenBy("CLUSTER:WRITE"); } @Test @ConnectionConfiguration(user = "cluster-manager", password = "1234567") public void testClusterManager() throws Exception { - runCommandsWithAndWithout("CLUSTER:MANAGE"); + runCommandsPermittedAndForbiddenBy("CLUSTER:MANAGE"); } @Test @ConnectionConfiguration(user = "data-reader", password = "1234567") public void testDataReader() throws Exception { - runCommandsWithAndWithout("DATA:READ"); + runCommandsPermittedAndForbiddenBy("DATA:READ"); } @Test @ConnectionConfiguration(user = "data-writer", password = "1234567") public void testDataWriter() throws Exception { - runCommandsWithAndWithout("DATA:WRITE"); + runCommandsPermittedAndForbiddenBy("DATA:WRITE"); } @Test @ConnectionConfiguration(user = "data-manager", password = "1234567") public void testDataManager() throws Exception { - runCommandsWithAndWithout("DATA:MANAGE"); + runCommandsPermittedAndForbiddenBy("DATA:MANAGE"); } @Test @ConnectionConfiguration(user = "regionA-reader", password = "1234567") public void testRegionAReader() throws Exception { - runCommandsWithAndWithout("DATA:READ:RegionA"); + runCommandsPermittedAndForbiddenBy("DATA:READ:RegionA"); } @Test @ConnectionConfiguration(user = "regionA-writer", password = "1234567") public void testRegionAWriter() throws Exception { - runCommandsWithAndWithout("DATA:WRITE:RegionA"); + runCommandsPermittedAndForbiddenBy("DATA:WRITE:RegionA"); } @Test @ConnectionConfiguration(user = "regionA-manager", password = "1234567") public void testRegionAManager() throws Exception { - runCommandsWithAndWithout("DATA:MANAGE:RegionA"); + runCommandsPermittedAndForbiddenBy("DATA:MANAGE:RegionA"); + } + + @Test + @ConnectionConfiguration(user = "super-user", password = "1234567") + public void testRegionSuperUser() throws Exception { + runCommandsPermittedAndForbiddenBy("*"); } - private void runCommandsWithAndWithout(String permission) throws Exception { + private void runCommandsPermittedAndForbiddenBy(String permission) throws Exception { List<TestCommand> allPermitted = TestCommand.getPermittedCommands(new WildcardPermission(permission, true)); + SoftAssertions softly = new SoftAssertions(); + for (TestCommand permitted : allPermitted) { System.out.println("Processing authorized command: " + permitted.getCommand()); CommandResult result = gfshConnection.executeCommand(permitted.getCommand()); assertNotNull(result); if (result.getResultData() instanceof ErrorResultData) { - assertNotEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED, - ((ErrorResultData) result.getResultData()).getErrorCode()); + softly.assertThat(ResultBuilder.ERRORCODE_UNAUTHORIZED).describedAs(permitted.getCommand()) + .isNotEqualTo(((ErrorResultData) result.getResultData()).getErrorCode()); } else { - assertEquals(Result.Status.OK, result.getStatus()); + softly.assertThat(Result.Status.OK).describedAs(permitted.toString()) + .isEqualTo(result.getStatus()); } } - List<TestCommand> others = TestCommand.getCommands(); + // skip no permission commands + List<TestCommand> others = TestCommand.getOnlineCommands(); others.removeAll(allPermitted); for (TestCommand other : others) { - // skip no permission commands - if (other.getPermission() == null) - continue; System.out.println("Processing unauthorized command: " + other.getCommand()); - CommandResult result = (CommandResult) gfshConnection.executeCommand(other.getCommand()); + CommandResult result = gfshConnection.executeCommand(other.getCommand()); int errorCode = ((ErrorResultData) result.getResultData()).getErrorCode(); // for some commands there are pre execution checks to check for user input error, will skip @@ -160,13 +167,12 @@ public class GfshCommandsSecurityTest { continue; } - assertEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED, - ((ErrorResultData) result.getResultData()).getErrorCode()); - String resultMessage = result.getContent().toString(); - String permString = other.getPermission().toString(); - assertTrue(resultMessage + " does not contain " + permString, - resultMessage.contains(permString)); + softly.assertThat(ResultBuilder.ERRORCODE_UNAUTHORIZED).describedAs(other.getCommand()) + .isEqualTo(((ErrorResultData) result.getResultData()).getErrorCode()); } + + softly.assertAll(); + } @Test http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java index dad2e9c..dd5cd13 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java @@ -15,25 +15,26 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; -import static org.assertj.core.api.Assertions.assertThatThrownBy; + +import org.assertj.core.api.SoftAssertions; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; import org.apache.geode.cache.Cache; import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.distributed.internal.locks.DLockService; import org.apache.geode.management.LockServiceMXBean; -import org.apache.geode.security.TestSecurityManager; +import org.apache.geode.security.SimpleTestSecurityManager; import org.apache.geode.test.dunit.rules.ConnectionConfiguration; import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class LockServiceMBeanAuthorizationJUnitTest { @@ -41,10 +42,7 @@ public class LockServiceMBeanAuthorizationJUnitTest { @ClassRule public static ServerStarterRule server = new ServerStarterRule().withJMXManager() - .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) - .withProperty(TestSecurityManager.SECURITY_JSON, - "org/apache/geode/management/internal/security/cacheServer.json") - .withAutoStart(); + .withProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()).withAutoStart(); @Rule public MBeanServerConnectionRule connectionRule = @@ -68,7 +66,8 @@ public class LockServiceMBeanAuthorizationJUnitTest { } @Test - @ConnectionConfiguration(user = "data-admin", password = "1234567") + @ConnectionConfiguration(user = "clusterRead,clusterManage", + password = "clusterRead,clusterManage") public void testAllAccess() throws Exception { lockServiceMBean.becomeLockGrantor(); lockServiceMBean.fetchGrantorMember(); @@ -78,24 +77,50 @@ public class LockServiceMBeanAuthorizationJUnitTest { } @Test - @ConnectionConfiguration(user = "cluster-admin", password = "1234567") - public void testSomeAccess() throws Exception { - assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()); + @ConnectionConfiguration(user = "clusterManage", password = "clusterManage") + public void testClusterManage() throws Exception { + SoftAssertions softly = new SoftAssertions(); + lockServiceMBean.becomeLockGrantor(); // c:m + softly.assertThatThrownBy(() -> lockServiceMBean.fetchGrantorMember()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + softly.assertThatThrownBy(() -> lockServiceMBean.getMemberCount()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + softly.assertThatThrownBy(() -> lockServiceMBean.isDistributed()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + softly.assertThatThrownBy(() -> lockServiceMBean.listThreadsHoldingLock()) + .hasMessageContaining(TestCommand.clusterRead.toString()); + softly.assertAll(); + } + + @Test + @ConnectionConfiguration(user = "clusterRead", password = "clusterRead") + public void testClusterRead() throws Exception { + SoftAssertions softly = new SoftAssertions(); + softly.assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()) + .hasMessageContaining(TestCommand.clusterManage.toString()); + lockServiceMBean.fetchGrantorMember(); lockServiceMBean.getMemberCount(); + lockServiceMBean.isDistributed(); + lockServiceMBean.listThreadsHoldingLock(); + softly.assertAll(); } @Test - @ConnectionConfiguration(user = "data-user", password = "1234567") + @ConnectionConfiguration(user = "user", password = "user") public void testNoAccess() throws Exception { - assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> lockServiceMBean.fetchGrantorMember()) + SoftAssertions softly = new SoftAssertions(); + + softly.assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()) + .hasMessageContaining(TestCommand.clusterManage.toString()); + softly.assertThatThrownBy(() -> lockServiceMBean.fetchGrantorMember()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> lockServiceMBean.getMemberCount()) + softly.assertThatThrownBy(() -> lockServiceMBean.getMemberCount()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> lockServiceMBean.isDistributed()) + softly.assertThatThrownBy(() -> lockServiceMBean.isDistributed()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> lockServiceMBean.listThreadsHoldingLock()) + softly.assertThatThrownBy(() -> lockServiceMBean.listThreadsHoldingLock()) .hasMessageContaining(TestCommand.clusterRead.toString()); + + softly.assertAll(); } } http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java index 091b1db..187246d 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java @@ -19,6 +19,22 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.mockito.Mockito.mock; +import java.io.IOException; +import java.util.Set; + +import javax.management.DynamicMBean; +import javax.management.MBeanServer; +import javax.management.MBeanServerConnection; +import javax.management.MalformedObjectNameException; +import javax.management.ObjectInstance; +import javax.management.ObjectName; +import javax.management.ReflectionException; + +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.management.ManagementException; import org.apache.geode.management.ManagementService; import org.apache.geode.management.MemberMXBean; @@ -29,20 +45,6 @@ import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import java.io.IOException; -import java.util.Set; -import javax.management.DynamicMBean; -import javax.management.MBeanServer; -import javax.management.MBeanServerConnection; -import javax.management.MalformedObjectNameException; -import javax.management.ObjectInstance; -import javax.management.ObjectName; -import javax.management.ReflectionException; @Category({IntegrationTest.class, SecurityTest.class}) public class MBeanSecurityJUnitTest { http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java index 77f68c3..73ffe97 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java @@ -15,9 +15,20 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; -import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.mockito.Mockito.mock; +import java.lang.management.ManagementFactory; + +import javax.management.ObjectName; + +import org.assertj.core.api.SoftAssertions; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.management.ManagerMXBean; import org.apache.geode.management.internal.beans.ManagerMBean; import org.apache.geode.security.TestSecurityManager; @@ -26,15 +37,6 @@ import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import java.lang.management.ManagementFactory; -import javax.management.ObjectName; @Category({IntegrationTest.class, SecurityTest.class}) public class ManagerMBeanAuthorizationJUnitTest { @@ -76,10 +78,14 @@ public class ManagerMBeanAuthorizationJUnitTest { @Test @ConnectionConfiguration(user = "data-admin", password = "1234567") public void testSomeAccess() throws Exception { - assertThatThrownBy(() -> managerMXBean.start()) + SoftAssertions softly = new SoftAssertions(); + + softly.assertThatThrownBy(() -> managerMXBean.start()) .hasMessageContaining(TestCommand.clusterManage.toString()); - assertThatThrownBy(() -> managerMXBean.getPulseURL()) + softly.assertThatThrownBy(() -> managerMXBean.getPulseURL()) .hasMessageContaining(TestCommand.clusterWrite.toString()); + + softly.assertAll(); managerMXBean.isRunning(); } } http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java index 77ddcc9..e6b50d2 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java @@ -17,6 +17,13 @@ package org.apache.geode.management.internal.security; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.assertj.core.api.Assertions.assertThatThrownBy; +import org.assertj.core.api.SoftAssertions; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.contrib.java.lang.system.RestoreSystemProperties; +import org.junit.experimental.categories.Category; + import org.apache.geode.management.MemberMXBean; import org.apache.geode.security.TestSecurityManager; import org.apache.geode.test.dunit.rules.ConnectionConfiguration; @@ -24,11 +31,6 @@ import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Before; -import org.junit.Rule; -import org.junit.Test; -import org.junit.contrib.java.lang.system.RestoreSystemProperties; -import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class MemberMBeanSecurityJUnitTest { @@ -67,7 +69,6 @@ public class MemberMBeanSecurityJUnitTest { bean.isCacheServer(); bean.isServer(); bean.listConnectedGatewayReceivers(); - // bean.processCommand("create region --name=Region_A"); bean.showJVMMetrics(); bean.status(); } @@ -75,8 +76,7 @@ public class MemberMBeanSecurityJUnitTest { @Test @ConnectionConfiguration(user = "cluster-admin", password = "1234567") public void testClusterAdmin() throws Exception { - assertThatThrownBy(() -> bean.compactAllDiskStores()) - .hasMessageContaining(TestCommand.dataManage.toString()); + bean.compactAllDiskStores(); bean.shutDownMember(); bean.createManager(); bean.fetchJvmThreads(); @@ -93,7 +93,8 @@ public class MemberMBeanSecurityJUnitTest { @Test @ConnectionConfiguration(user = "data-admin", password = "1234567") public void testDataAdmin() throws Exception { - bean.compactAllDiskStores(); + assertThatThrownBy(() -> bean.compactAllDiskStores()) + .hasMessageContaining(TestCommand.clusterManageDisk.toString()); assertThatThrownBy(() -> bean.shutDownMember()) .hasMessageContaining(TestCommand.clusterManage.toString()); assertThatThrownBy(() -> bean.createManager()) @@ -105,31 +106,35 @@ public class MemberMBeanSecurityJUnitTest { @Test @ConnectionConfiguration(user = "data-user", password = "1234567") public void testDataUser() throws Exception { - assertThatThrownBy(() -> bean.shutDownMember()) + SoftAssertions softly = new SoftAssertions(); + + softly.assertThatThrownBy(() -> bean.shutDownMember()) .hasMessageContaining(TestCommand.clusterManage.toString()); - assertThatThrownBy(() -> bean.createManager()) + softly.assertThatThrownBy(() -> bean.createManager()) .hasMessageContaining(TestCommand.clusterManage.toString()); - assertThatThrownBy(() -> bean.compactAllDiskStores()) - .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.fetchJvmThreads()) + softly.assertThatThrownBy(() -> bean.compactAllDiskStores()) + .hasMessageContaining(TestCommand.clusterManageDisk.toString()); + softly.assertThatThrownBy(() -> bean.fetchJvmThreads()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getName()) + softly.assertThatThrownBy(() -> bean.getName()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.getDiskStores()) + softly.assertThatThrownBy(() -> bean.getDiskStores()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.hasGatewayReceiver()) + softly.assertThatThrownBy(() -> bean.hasGatewayReceiver()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.isCacheServer()) + softly.assertThatThrownBy(() -> bean.isCacheServer()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.isServer()) + softly.assertThatThrownBy(() -> bean.isServer()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.listConnectedGatewayReceivers()) + softly.assertThatThrownBy(() -> bean.listConnectedGatewayReceivers()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.processCommand("create region --name=Region_A")) + softly.assertThatThrownBy(() -> bean.processCommand("create region --name=Region_A")) .hasMessageContaining(TestCommand.dataManage.toString()); - assertThatThrownBy(() -> bean.showJVMMetrics()) + softly.assertThatThrownBy(() -> bean.showJVMMetrics()) .hasMessageContaining(TestCommand.clusterRead.toString()); - assertThatThrownBy(() -> bean.status()) + softly.assertThatThrownBy(() -> bean.status()) .hasMessageContaining(TestCommand.clusterRead.toString()); + + softly.assertAll(); } } http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java index 255048d..e3fe173 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/MultiUserDUnitTest.java @@ -18,12 +18,21 @@ import static org.apache.geode.distributed.ConfigurationProperties.NAME; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; -import static org.junit.Assert.assertTrue; + +import java.io.IOException; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.TimeUnit; + +import org.awaitility.Awaitility; +import org.json.JSONException; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.cli.Result.Status; -import org.apache.geode.management.internal.cli.HeadlessGfsh; -import org.apache.geode.management.internal.cli.commands.CliCommandTestBase; import org.apache.geode.management.internal.cli.result.CommandResult; import org.apache.geode.management.internal.cli.result.ErrorResultData; import org.apache.geode.management.internal.cli.result.ResultBuilder; @@ -32,67 +41,62 @@ import org.apache.geode.test.dunit.AsyncInvocation; import org.apache.geode.test.dunit.Host; import org.apache.geode.test.dunit.IgnoredException; import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.rules.GfshShellConnectionRule; +import org.apache.geode.test.dunit.rules.GfshShellConnectionRule.PortType; +import org.apache.geode.test.dunit.rules.LocatorServerStartupRule; +import org.apache.geode.test.dunit.rules.Member; import org.apache.geode.test.junit.categories.DistributedTest; import org.apache.geode.test.junit.categories.FlakyTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.awaitility.Awaitility; -import org.json.JSONException; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import java.io.IOException; -import java.util.List; -import java.util.Properties; -import java.util.concurrent.TimeUnit; @Category({DistributedTest.class, SecurityTest.class}) -public class MultiUserDUnitTest extends CliCommandTestBase { +public class MultiUserDUnitTest { - @Category(FlakyTest.class) // GEODE-1579 - @Test - public void testMultiUser() throws IOException, JSONException, InterruptedException { - IgnoredException.addIgnoredException("java.util.zip.ZipException: zip file is empty"); + @Rule + public LocatorServerStartupRule lsRule = new LocatorServerStartupRule(); + + private Member server; + @Before + public void setup() throws Exception { Properties properties = new Properties(); properties.put(NAME, MultiUserDUnitTest.class.getSimpleName()); properties.put(SECURITY_MANAGER, TestSecurityManager.class.getName()); - - // set up vm_0 the secure jmx manager - Object[] results = setUpJMXManagerOnVM(0, properties, + properties.put("security-json", "org/apache/geode/management/internal/security/cacheServer.json"); - String gfshDir = this.gfshDir; + server = lsRule.startServerAsJmxManager(0, properties); + } + + @Category(FlakyTest.class) // GEODE-1579 + @Test + public void testMultiUser() throws IOException, JSONException, InterruptedException { + + IgnoredException.addIgnoredException("java.util.zip.ZipException: zip file is empty"); + int jmxPort = server.getJmxPort(); // set up vm_1 as a gfsh vm, data-reader will login and log out constantly in this vm until the // test is done. VM vm1 = Host.getHost(0).getVM(1); AsyncInvocation vm1Invoke = vm1.invokeAsync("run as data-reader", () -> { - String shellId = getClass().getSimpleName() + "_vm1"; - HeadlessGfsh shell = new HeadlessGfsh(shellId, 30, gfshDir); - while (true) { - connect((String) results[0], (Integer) results[1], (Integer) results[2], shell, - "data-reader", "1234567"); - Awaitility.waitAtMost(5, TimeUnit.MILLISECONDS); - shell.executeCommand("disconnect"); - } + GfshShellConnectionRule gfsh = new GfshShellConnectionRule(); + gfsh.secureConnectAndVerify(jmxPort, PortType.jmxManger, "data-reader", "1234567"); + + Awaitility.waitAtMost(5, TimeUnit.MILLISECONDS); + gfsh.close(); }); VM vm2 = Host.getHost(0).getVM(2); // set up vm_2 as a gfsh vm, and then connect as "stranger" and try to execute the commands and // assert errors comes back are NotAuthorized AsyncInvocation vm2Invoke = vm2.invokeAsync("run as guest", () -> { - String shellId = getClass().getSimpleName() + "_vm2"; - HeadlessGfsh shell = new HeadlessGfsh(shellId, 30, gfshDir); - connect((String) results[0], (Integer) results[1], (Integer) results[2], shell, "stranger", - "1234567"); + GfshShellConnectionRule gfsh = new GfshShellConnectionRule(); + gfsh.secureConnectAndVerify(jmxPort, PortType.jmxManger, "stranger", "1234567"); - List<TestCommand> allCommands = TestCommand.getCommands(); + List<TestCommand> allCommands = TestCommand.getOnlineCommands(); for (TestCommand command : allCommands) { LogService.getLogger().info("executing: " + command.getCommand()); - if (command.getPermission() == null) { - continue; - } - CommandResult result = executeCommand(shell, command.getCommand()); + CommandResult result = gfsh.executeCommand(command.getCommand()); int errorCode = ((ErrorResultData) result.getResultData()).getErrorCode(); @@ -106,11 +110,9 @@ public class MultiUserDUnitTest extends CliCommandTestBase { assertEquals("Not an expected result: " + result.toString(), ResultBuilder.ERRORCODE_UNAUTHORIZED, ((ErrorResultData) result.getResultData()).getErrorCode()); - String resultMessage = result.getContent().toString(); - String permString = command.getPermission().toString(); - assertTrue(resultMessage + " does not contain " + permString, - resultMessage.contains(permString)); + } + gfsh.close(); LogService.getLogger().info("vm 2 done!"); }); @@ -123,28 +125,22 @@ public class MultiUserDUnitTest extends CliCommandTestBase { // set up vm_3 as another gfsh vm, and then connect as "super-user" and try to execute the // commands and assert we don't get a NotAuthorized Exception AsyncInvocation vm3Invoke = vm3.invokeAsync("run as superUser", () -> { - String shellId = getClass().getSimpleName() + "_vm3"; - HeadlessGfsh shell = new HeadlessGfsh(shellId, 30, gfshDir); - connect((String) results[0], (Integer) results[1], (Integer) results[2], shell, "super-user", - "1234567"); + GfshShellConnectionRule gfsh = new GfshShellConnectionRule(); + gfsh.secureConnectAndVerify(jmxPort, PortType.jmxManger, "super-user", "1234567"); - List<TestCommand> allCommands = TestCommand.getCommands(); + List<TestCommand> allCommands = TestCommand.getOnlineCommands(); for (TestCommand command : allCommands) { LogService.getLogger().info("executing: " + command.getCommand()); - if (command.getPermission() == null) { - continue; - } - CommandResult result = executeCommand(shell, command.getCommand()); + CommandResult result = gfsh.executeCommand(command.getCommand()); if (result.getResultData().getStatus() == Status.OK) { continue; } - assertNotEquals("Did not expect an Unauthorized exception: " + result.toString(), ResultBuilder.ERRORCODE_UNAUTHORIZED, ((ErrorResultData) result.getResultData()).getErrorCode()); } - + gfsh.close(); LogService.getLogger().info("vm 3 done!"); }); http://git-wip-us.apache.org/repos/asf/geode/blob/451d12e8/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java index 51f8c5e..54db58e 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/ResourcePermissionTest.java @@ -16,18 +16,17 @@ package org.apache.geode.management.internal.security; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; + +import org.apache.shiro.authz.permission.WildcardPermission; +import org.junit.Test; +import org.junit.experimental.categories.Category; import org.apache.geode.security.ResourcePermission; -import org.apache.geode.security.ResourcePermission.Target; import org.apache.geode.security.ResourcePermission.Operation; import org.apache.geode.security.ResourcePermission.Resource; +import org.apache.geode.security.ResourcePermission.Target; import org.apache.geode.test.junit.categories.SecurityTest; import org.apache.geode.test.junit.categories.UnitTest; -import org.apache.shiro.authz.permission.WildcardPermission; -import org.junit.Test; -import org.junit.experimental.categories.Category; @Category({UnitTest.class, SecurityTest.class}) public class ResourcePermissionTest { @@ -110,7 +109,7 @@ public class ResourcePermissionTest { } @Test - public void testImples() { + public void testImplies() { WildcardPermission role = new WildcardPermission("*:read"); role.implies(new ResourcePermission(Resource.DATA, Operation.READ)); role.implies(new ResourcePermission(Resource.CLUSTER, Operation.READ));