GEODE-3062: create new SecurityService after receiving cluster config
Project: http://git-wip-us.apache.org/repos/asf/geode/repo Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/6f60785c Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/6f60785c Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/6f60785c Branch: refs/heads/feature/GEODE-2804v3 Commit: 6f60785c06a39b9fcc086b9a3501a82b1c049833 Parents: b7f5391 Author: Kirk Lund <kl...@apache.org> Authored: Thu Jun 15 10:04:02 2017 -0700 Committer: Kirk Lund <kl...@apache.org> Committed: Thu Jun 22 12:39:50 2017 -0700 ---------------------------------------------------------------------- .../internal/InternalDistributedSystem.java | 4 ++ .../cache/ClusterConfigurationLoader.java | 7 ++- .../geode/internal/cache/GemFireCacheImpl.java | 47 ++++++++++--------- .../security/IntegratedSecurityService.java | 40 +++++++++------- .../security/LegacySecurityService.java | 15 +----- .../internal/security/SecurityService.java | 48 ++++++++++---------- .../security/SecurityServiceFactory.java | 10 ++-- .../ClusterConfigDeployJarDUnitTest.java | 11 ++--- .../ClusterConfigDistributionDUnitTest.java | 5 +- .../ClusterConfigImportDUnitTest.java | 9 ++-- .../ClusterConfigStartMemberDUnitTest.java | 4 +- .../ClusterConfigWithSecurityDUnitTest.java | 32 ++++++++++--- .../test/dunit/rules/MemberStarterRule.java | 12 ++++- .../test/dunit/rules/ServerStarterRule.java | 31 +++++++++---- 14 files changed, 155 insertions(+), 120 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/main/java/org/apache/geode/distributed/internal/InternalDistributedSystem.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/InternalDistributedSystem.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/InternalDistributedSystem.java index 1572355..a4b3a50 100644 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/InternalDistributedSystem.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/InternalDistributedSystem.java @@ -540,6 +540,10 @@ public class InternalDistributedSystem extends DistributedSystem return this.securityService; } + public void setSecurityService(SecurityService securityService) { + this.securityService = securityService; + } + /** * Registers a listener to the system * http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/main/java/org/apache/geode/internal/cache/ClusterConfigurationLoader.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/ClusterConfigurationLoader.java b/geode-core/src/main/java/org/apache/geode/internal/cache/ClusterConfigurationLoader.java index 4f4881f..92cfd96 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/ClusterConfigurationLoader.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/ClusterConfigurationLoader.java @@ -152,13 +152,12 @@ public class ClusterConfigurationLoader { /*** * Apply the gemfire properties cluster configuration on this member - * - * @param cache Cache created for this member + * * @param response {@link ConfigurationResponse} containing the requested {@link Configuration} * @param config this member's config */ - public static void applyClusterPropertiesConfiguration(Cache cache, - ConfigurationResponse response, DistributionConfig config) { + public static void applyClusterPropertiesConfiguration(ConfigurationResponse response, + DistributionConfig config) { if (response == null || response.getRequestedConfiguration().isEmpty()) { return; } http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java index fe97685..2dda38c 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java @@ -77,6 +77,7 @@ import javax.transaction.TransactionManager; import com.sun.jna.Native; import com.sun.jna.Platform; import org.apache.commons.lang.StringUtils; +import org.apache.geode.internal.security.SecurityServiceFactory; import org.apache.logging.log4j.Logger; import org.apache.geode.CancelCriterion; @@ -323,6 +324,8 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has private static final Pattern DOUBLE_BACKSLASH = Pattern.compile("\\\\"); + private volatile ConfigurationResponse configurationResponse; + /** To test MAX_QUERY_EXECUTION_TIME option. */ public int testMaxQueryExecutionTime = -1; @@ -809,7 +812,16 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has this.system = system; this.dm = this.system.getDistributionManager(); - this.securityService = this.system.getSecurityService(); + this.configurationResponse = requestSharedConfiguration(); + + // apply the cluster's properties configuration and initialize security using that + // configuration + ClusterConfigurationLoader.applyClusterPropertiesConfiguration(this.configurationResponse, + this.system.getConfig()); + + this.securityService = + SecurityServiceFactory.create(this.system.getConfig().getSecurityProps(), cacheConfig); + this.system.setSecurityService(this.securityService); if (!this.isClient && PoolManager.getAll().isEmpty()) { // We only support management on members of a distributed system @@ -1035,17 +1047,6 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has } } - private void deployJarsReceivedFromClusterConfiguration(ConfigurationResponse response) { - try { - ClusterConfigurationLoader.deployJarsReceivedFromClusterConfiguration(this, response); - } catch (IOException | ClassNotFoundException e) { - throw new GemFireConfigException( - LocalizedStrings.GemFireCache_EXCEPTION_OCCURRED_WHILE_DEPLOYING_JARS_FROM_SHARED_CONDFIGURATION - .toLocalizedString(), - e); - } - } - /** * When called, clusterProps and serverProps and key could not be null */ @@ -1150,15 +1151,18 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has listener.cacheCreated(this); } + // set ClassPathLoader and then deploy cluster config jars ClassPathLoader.setLatestToDefault(this.system.getConfig().getDeployWorkingDir()); - // request and check cluster configuration - ConfigurationResponse configurationResponse = requestSharedConfiguration(); - deployJarsReceivedFromClusterConfiguration(configurationResponse); - - // apply the cluster's properties configuration and initialize security using that configuration - ClusterConfigurationLoader.applyClusterPropertiesConfiguration(this, configurationResponse, - this.system.getConfig()); + try { + ClusterConfigurationLoader.deployJarsReceivedFromClusterConfiguration(this, + this.configurationResponse); + } catch (IOException | ClassNotFoundException e) { + throw new GemFireConfigException( + LocalizedStrings.GemFireCache_EXCEPTION_OCCURRED_WHILE_DEPLOYING_JARS_FROM_SHARED_CONDFIGURATION + .toLocalizedString(), + e); + } SystemMemberCacheEventProcessor.send(this, Operation.CACHE_CREATE); this.resourceAdvisor.initializationGate(); @@ -1182,11 +1186,11 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has boolean completedCacheXml = false; try { - if (configurationResponse == null) { + if (this.configurationResponse == null) { // Deploy all the jars from the deploy working dir. ClassPathLoader.getLatest().getJarDeployer().loadPreviouslyDeployedJarsFromDisk(); } - ClusterConfigurationLoader.applyClusterXmlConfiguration(this, configurationResponse, + ClusterConfigurationLoader.applyClusterXmlConfiguration(this, this.configurationResponse, this.system.getConfig()); initializeDeclarativeCache(); completedCacheXml = true; @@ -1199,6 +1203,7 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has // I don't want init to throw an exception that came from the close. // I want it to throw the original exception that came from initializeDeclarativeCache. } + this.configurationResponse = null; } } http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java index 171cfb7..323ab67 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java @@ -14,22 +14,8 @@ */ package org.apache.geode.internal.security; -import java.io.IOException; -import java.security.AccessController; -import java.util.Properties; -import java.util.Set; -import java.util.concurrent.Callable; - import org.apache.commons.lang.SerializationException; import org.apache.commons.lang.StringUtils; -import org.apache.logging.log4j.Logger; -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.ShiroException; -import org.apache.shiro.subject.Subject; -import org.apache.shiro.subject.support.SubjectThreadState; -import org.apache.shiro.util.ThreadContext; -import org.apache.shiro.util.ThreadState; - import org.apache.geode.GemFireIOException; import org.apache.geode.internal.cache.EntryEventImpl; import org.apache.geode.internal.logging.LogService; @@ -46,6 +32,20 @@ import org.apache.geode.security.ResourcePermission; import org.apache.geode.security.ResourcePermission.Operation; import org.apache.geode.security.ResourcePermission.Resource; import org.apache.geode.security.ResourcePermission.Target; +import org.apache.geode.security.SecurityManager; +import org.apache.logging.log4j.Logger; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.ShiroException; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.subject.support.SubjectThreadState; +import org.apache.shiro.util.ThreadContext; +import org.apache.shiro.util.ThreadState; + +import java.io.IOException; +import java.security.AccessController; +import java.util.Properties; +import java.util.Set; +import java.util.concurrent.Callable; /** * Security service with SecurityManager and an optional PostProcessor. @@ -54,7 +54,7 @@ public class IntegratedSecurityService implements SecurityService { private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME); private final PostProcessor postProcessor; - private final org.apache.geode.security.SecurityManager securityManager; + private final SecurityManager securityManager; /** * this creates a security service using a SecurityManager @@ -72,11 +72,13 @@ public class IntegratedSecurityService implements SecurityService { this.postProcessor = postProcessor; } + @Override public PostProcessor getPostProcessor() { return this.postProcessor; } - public org.apache.geode.security.SecurityManager getSecurityManager() { + @Override + public SecurityManager getSecurityManager() { return this.securityManager; } @@ -187,6 +189,7 @@ public class IntegratedSecurityService implements SecurityService { return threadState; } + @Override public void authorizeClusterManage() { authorize(Resource.CLUSTER, Operation.MANAGE, Target.ALL, ResourcePermission.ALL); } @@ -266,14 +269,17 @@ public class IntegratedSecurityService implements SecurityService { authorize(Resource.DATA, Operation.READ, regionName, key); } + @Override public void authorize(Resource resource, Operation operation, Target target, String key) { authorize(resource, operation, target.getName(), key); } + @Override public void authorize(Resource resource, Operation operation, Target target) { authorize(resource, operation, target, ResourcePermission.ALL); } + @Override public void authorize(Resource resource, Operation operation, String target, String key) { authorize(new ResourcePermission(resource, operation, target, key)); } @@ -300,7 +306,7 @@ public class IntegratedSecurityService implements SecurityService { @Override public void close() { if (this.securityManager != null) { - securityManager.close(); + this.securityManager.close(); } if (this.postProcessor != null) { this.postProcessor.close(); http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java index c594bf9..66b6876 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java @@ -14,17 +14,7 @@ */ package org.apache.geode.internal.security; -import java.util.Properties; -import java.util.concurrent.Callable; - import org.apache.commons.lang.StringUtils; -import org.apache.shiro.subject.Subject; -import org.apache.shiro.util.ThreadState; - -import org.apache.geode.management.internal.security.ResourceOperation; -import org.apache.geode.security.PostProcessor; -import org.apache.geode.security.ResourcePermission; -import org.apache.geode.security.SecurityManager; /** * implementing SecurityService when only legacy authenticators are specified @@ -32,12 +22,11 @@ import org.apache.geode.security.SecurityManager; public class LegacySecurityService implements SecurityService { private final boolean hasClientAuthenticator; - private final boolean hasPeerAuthenticator; LegacySecurityService() { - hasClientAuthenticator = false; - hasPeerAuthenticator = false; + this.hasClientAuthenticator = false; + this.hasPeerAuthenticator = false; } LegacySecurityService(final String clientAuthenticator, final String peerAuthenticator) { http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java index feea899..b00e0f4 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java @@ -14,7 +14,6 @@ */ package org.apache.geode.internal.security; -import org.apache.geode.management.internal.security.ResourceOperation; import org.apache.geode.security.PostProcessor; import org.apache.geode.security.ResourcePermission; import org.apache.geode.security.ResourcePermission.Resource; @@ -28,6 +27,7 @@ import java.util.Properties; import java.util.concurrent.Callable; public interface SecurityService { + default ThreadState bindSubject(Subject subject) { return null; } @@ -40,57 +40,57 @@ public interface SecurityService { return null; } - default void logout() {}; + default void logout() {} default Callable associateWith(Callable callable) { return callable; } - default void authorize(Resource resource, Operation operation, String target, String key) {}; + default void authorize(Resource resource, Operation operation, String target, String key) {} - default void authorize(Resource resource, Operation operation, Target target, String key) {}; + default void authorize(Resource resource, Operation operation, Target target, String key) {} - default void authorize(Resource resource, Operation operation, Target target) {}; + default void authorize(Resource resource, Operation operation, Target target) {} - default void authorizeClusterManage() {}; + default void authorizeClusterManage() {} - default void authorizeClusterWrite() {}; + default void authorizeClusterWrite() {} - default void authorizeClusterRead() {}; + default void authorizeClusterRead() {} - default void authorizeDataManage() {}; + default void authorizeDataManage() {} - default void authorizeDataWrite() {}; + default void authorizeDataWrite() {} - default void authorizeDataRead() {}; + default void authorizeDataRead() {} - default void authorizeDiskManage() {}; + default void authorizeDiskManage() {} - default void authorizeGatewayManage() {}; + default void authorizeGatewayManage() {} - default void authorizeJarManage() {}; + default void authorizeJarManage() {} - default void authorizeQueryManage() {}; + default void authorizeQueryManage() {} - default void authorizeRegionManage(String regionName) {}; + default void authorizeRegionManage(String regionName) {} - default void authorizeRegionManage(String regionName, String key) {}; + default void authorizeRegionManage(String regionName, String key) {} - default void authorizeRegionWrite(String regionName) {}; + default void authorizeRegionWrite(String regionName) {} - default void authorizeRegionWrite(String regionName, String key) {}; + default void authorizeRegionWrite(String regionName, String key) {} - default void authorizeRegionRead(String regionName) {}; + default void authorizeRegionRead(String regionName) {} - default void authorizeRegionRead(String regionName, String key) {}; + default void authorizeRegionRead(String regionName, String key) {} - default void authorize(ResourcePermission context) {}; + default void authorize(ResourcePermission context) {} - default void close() {}; + default void close() {} default boolean needPostProcess() { return false; - }; + } default Object postProcess(String regionPath, Object key, Object value, boolean valueIsSerialized) { http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java index 2e0ad95..19645b6 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java @@ -18,18 +18,17 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIE import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; -import java.util.Properties; - import org.apache.commons.lang.StringUtils; -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.UnavailableSecurityManagerException; - import org.apache.geode.internal.cache.CacheConfig; import org.apache.geode.internal.cache.GemFireCacheImpl; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.security.shiro.SecurityManagerProvider; import org.apache.geode.security.PostProcessor; import org.apache.geode.security.SecurityManager; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.UnavailableSecurityManagerException; + +import java.util.Properties; public class SecurityServiceFactory { @@ -106,5 +105,4 @@ public class SecurityServiceFactory { } } - } http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDeployJarDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDeployJarDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDeployJarDUnitTest.java index 3781c98..3b105a4 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDeployJarDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDeployJarDUnitTest.java @@ -12,13 +12,11 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.management.internal.configuration; import static org.apache.geode.distributed.ConfigurationProperties.GROUPS; import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS; import static org.apache.geode.distributed.ConfigurationProperties.LOG_LEVEL; -import static org.apache.geode.test.dunit.Host.getHost; import static org.assertj.core.api.Assertions.assertThat; import org.apache.geode.test.dunit.rules.GfshShellConnectionRule; @@ -31,11 +29,14 @@ import org.junit.experimental.categories.Category; @Category(DistributedTest.class) public class ClusterConfigDeployJarDUnitTest extends ClusterConfigTestBase { + + private String clusterJar; + private String group1Jar; + private String group2Jar; + @Rule public GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule(); - private String clusterJar, group1Jar, group2Jar; - @Before public void before() throws Exception { clusterJar = createJarFileWithClass("Cluster", "cluster.jar", lsRule.getTempFolder().getRoot()); @@ -88,7 +89,6 @@ public class ClusterConfigDeployJarDUnitTest extends ClusterConfigTestBase { expectedClusterConfig.verify(locator3); } - @Test public void testDeploy() throws Exception { // set up the locator/servers @@ -134,7 +134,6 @@ public class ClusterConfigDeployJarDUnitTest extends ClusterConfigTestBase { expectedGroup1and2Config.verify(server3); } - @Test public void testUndeploy() throws Exception { // set up the locator/servers http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDistributionDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDistributionDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDistributionDUnitTest.java index 52a1f9b..4b003a8 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDistributionDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigDistributionDUnitTest.java @@ -12,7 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.management.internal.configuration; import static org.apache.commons.io.FileUtils.writeByteArrayToFile; @@ -44,6 +43,7 @@ import java.util.Properties; @Category(DistributedTest.class) public class ClusterConfigDistributionDUnitTest { + private static final String REPLICATE_REGION = "ReplicateRegion1"; private static final String PARTITION_REGION = "PartitionRegion1"; private static final String INDEX1 = "ID1"; @@ -67,7 +67,6 @@ public class ClusterConfigDistributionDUnitTest { lsRule.startServerVM(1, locator.getPort()); } - @Test public void testIndexAndAsyncEventQueueCommands() throws Exception { final String DESTROY_REGION = "regionToBeDestroyed"; @@ -88,7 +87,6 @@ public class ClusterConfigDistributionDUnitTest { String asyncEventQueueJarPath = createAsyncEventQueueJar(); gfshConnector.executeAndVerifyCommand("deploy --jar=" + asyncEventQueueJarPath); - CommandStringBuilder csb = new CommandStringBuilder(CliStrings.CREATE_ASYNC_EVENT_QUEUE); csb.addOptionWithValueCheck(CliStrings.CREATE_ASYNC_EVENT_QUEUE__ID, AsyncEventQueue1); csb.addOptionWithValueCheck(CliStrings.CREATE_ASYNC_EVENT_QUEUE__LISTENER, @@ -138,7 +136,6 @@ public class ClusterConfigDistributionDUnitTest { }); } - private String createAsyncEventQueueJar() throws IOException { String queueCommandsJarName = this.lsRule.getTempFolder().getRoot().getCanonicalPath() + File.separator + "testEndToEndSC-QueueCommands.jar"; http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigImportDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigImportDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigImportDUnitTest.java index 521e084..066f882 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigImportDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigImportDUnitTest.java @@ -13,7 +13,6 @@ * the License. * */ - package org.apache.geode.management.internal.configuration; import static org.apache.geode.distributed.ConfigurationProperties.GROUPS; @@ -43,13 +42,14 @@ import java.util.zip.ZipFile; @Category(DistributedTest.class) public class ClusterConfigImportDUnitTest extends ClusterConfigTestBase { - @Rule - public GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule(); - public static final ClusterConfig INITIAL_CONFIG = new ClusterConfig(new ConfigGroup("cluster")); + private static final ClusterConfig INITIAL_CONFIG = new ClusterConfig(new ConfigGroup("cluster")); private MemberVM locatorVM; + @Rule + public GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule(); + @Before public void before() throws Exception { locatorVM = lsRule.startLocatorVM(0, locatorProps); @@ -156,7 +156,6 @@ public class ClusterConfigImportDUnitTest extends ClusterConfigTestBase { public void testExportClusterConfig(String zipFilePath) throws Exception { MemberVM server1 = lsRule.startServerVM(1, serverProps, locatorVM.getPort()); - gfshConnector.executeAndVerifyCommand("create region --name=myRegion --type=REPLICATE"); ConfigGroup cluster = new ConfigGroup("cluster").regions("myRegion"); http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigStartMemberDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigStartMemberDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigStartMemberDUnitTest.java index 1cdda4c..c84a7c1 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigStartMemberDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigStartMemberDUnitTest.java @@ -13,7 +13,6 @@ * the License. * */ - package org.apache.geode.management.internal.configuration; import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_CONFIGURATION_DIR; @@ -34,7 +33,8 @@ import java.util.Properties; @Category(DistributedTest.class) public class ClusterConfigStartMemberDUnitTest extends ClusterConfigTestBase { - protected MemberVM locator; + + private MemberVM locator; @Before public void before() throws Exception { http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigWithSecurityDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigWithSecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigWithSecurityDUnitTest.java index c551ca9..bb45b0d 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigWithSecurityDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/configuration/ClusterConfigWithSecurityDUnitTest.java @@ -12,7 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.management.internal.configuration; import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS; @@ -24,6 +23,7 @@ import static org.assertj.core.api.Assertions.assertThat; import org.apache.commons.io.FileUtils; import org.apache.geode.distributed.internal.ClusterConfigurationService; import org.apache.geode.distributed.internal.InternalLocator; +import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.configuration.utils.ZipUtils; import org.apache.geode.security.SimpleTestSecurityManager; @@ -43,7 +43,10 @@ import java.util.Properties; @Category({DistributedTest.class, SecurityTest.class}) public class ClusterConfigWithSecurityDUnitTest { - public String clusterConfigZipPath; + + private String clusterConfigZipPath; + private MemberVM locator0; + private Properties locatorProps; @Rule public LocatorServerStartupRule lsRule = new LocatorServerStartupRule(); @@ -51,9 +54,6 @@ public class ClusterConfigWithSecurityDUnitTest { @Rule public GfshShellConnectionRule connector = new GfshShellConnectionRule(); - MemberVM locator0; - Properties locatorProps; - @Before public void before() throws Exception { clusterConfigZipPath = buildSecureClusterConfigZip(); @@ -64,8 +64,8 @@ public class ClusterConfigWithSecurityDUnitTest { } @Test - @Ignore("GEODE-2315") - public void testSecurityPropsInheritance() throws Exception { + @Ignore("Fails until GEODE-2315 is implemented") + public void testSecurityPropsInheritanceOnLocator() throws Exception { locatorProps.clear(); locatorProps.setProperty(LOCATORS, "localhost[" + locator0.getPort() + "]"); locatorProps.setProperty("security-username", "cluster"); @@ -104,6 +104,24 @@ public class ClusterConfigWithSecurityDUnitTest { }); } + @Test // fails due to GEODE-3062 + public void testSecurityPropsInheritanceOnServer() throws Exception { + Properties serverProps = new Properties(); + serverProps.setProperty(LOCATORS, "localhost[" + locator0.getPort() + "]"); + serverProps.setProperty("security-username", "cluster"); + serverProps.setProperty("security-password", "cluster"); + MemberVM server = lsRule.startServerVM(1, serverProps); + + // cluster config specifies a security-manager so integrated security should be enabled + server.invoke(() -> { + InternalCache cache = LocatorServerStartupRule.serverStarter.getCache(); + Properties properties = cache.getDistributedSystem().getSecurityProperties(); + assertThat(properties.getProperty(SECURITY_MANAGER)) + .isEqualTo(SimpleTestSecurityManager.class.getName()); + assertThat(cache.getSecurityService().isIntegratedSecurity()).isTrue(); + }); + } + private String buildSecureClusterConfigZip() throws Exception { File clusterDir = lsRule.getTempFolder().newFolder("cluster"); File clusterSubDir = new File(clusterDir, "cluster"); http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java index e5e598e..008ced7 100644 --- a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java +++ b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/MemberStarterRule.java @@ -27,6 +27,8 @@ import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT; import static org.apache.geode.distributed.ConfigurationProperties.NAME; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import org.apache.geode.distributed.DistributedSystem; +import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.internal.AvailablePortHelper; import org.apache.geode.security.SecurityManager; import org.junit.rules.ExternalResource; @@ -79,12 +81,20 @@ public abstract class MemberStarterRule<T> extends ExternalResource implements M @Override public void after() { + // invoke stopMember() first and then ds.disconnect stopMember(); + + DistributedSystem ds = InternalDistributedSystem.getConnectedInstance(); + if (ds != null) { + ds.disconnect(); + } + if (oldUserDir == null) { System.clearProperty("user.dir"); } else { System.setProperty("user.dir", oldUserDir); } + if (temporaryFolder != null) { temporaryFolder.delete(); } @@ -116,7 +126,7 @@ public abstract class MemberStarterRule<T> extends ExternalResource implements M this.name = name; properties.setProperty(NAME, name); // if log-file is not already set - properties.putIfAbsent(LOG_FILE, new File(name + ".log").getAbsolutePath().toString()); + properties.putIfAbsent(LOG_FILE, new File(name + ".log").getAbsolutePath()); return (T) this; } http://git-wip-us.apache.org/repos/asf/geode/blob/6f60785c/geode-core/src/test/java/org/apache/geode/test/dunit/rules/ServerStarterRule.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/ServerStarterRule.java b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/ServerStarterRule.java index fa3e8c0..6ea2d03 100644 --- a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/ServerStarterRule.java +++ b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/ServerStarterRule.java @@ -12,7 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.test.dunit.rules; import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_BIND_ADDRESS; @@ -22,6 +21,7 @@ import static org.apache.geode.distributed.ConfigurationProperties.START_DEV_RES import org.apache.geode.cache.CacheFactory; import org.apache.geode.cache.RegionShortcut; import org.apache.geode.cache.server.CacheServer; +import org.apache.geode.distributed.DistributedSystem; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.internal.AvailablePortHelper; @@ -34,7 +34,6 @@ import java.util.HashMap; import java.util.Map; import java.util.Properties; - /** * This is a rule to start up a server in your current VM. It's useful for your Integration Tests. * @@ -51,6 +50,7 @@ import java.util.Properties; * use {@link LocatorServerStartupRule}. */ public class ServerStarterRule extends MemberStarterRule<ServerStarterRule> implements Server { + private transient InternalCache cache; private transient CacheServer server; private int embeddedLocatorPort = -1; @@ -62,7 +62,9 @@ public class ServerStarterRule extends MemberStarterRule<ServerStarterRule> impl * Default constructor, if used, the rule will create a temporary folder as the server's working * dir, and will delete it when the test is done. */ - public ServerStarterRule() {} + public ServerStarterRule() { + // nothing + } /** * if constructed this way, the rule won't be deleting the workingDir after the test is done. It's @@ -106,16 +108,26 @@ public class ServerStarterRule extends MemberStarterRule<ServerStarterRule> impl @Override public void stopMember() { + // stop CacheServer and then close cache -- cache.close() will stop any running CacheServers + if (server != null) { + try { + server.stop(); + } catch (Exception e) { + } finally { + server = null; + } + } + // make sure this cache is the one currently open. A server cache can be recreated due to // importing a new set of cluster configuration. cache = GemFireCacheImpl.getInstance(); if (cache != null) { - cache.close(); - cache = null; - } - if (server != null) { - server.stop(); - server = null; + try { + cache.close(); + } catch (Exception e) { + } finally { + cache = null; + } } } @@ -125,7 +137,6 @@ public class ServerStarterRule extends MemberStarterRule<ServerStarterRule> impl } - public ServerStarterRule withEmbeddedLocator() { embeddedLocatorPort = AvailablePortHelper.getRandomAvailableTCPPort(); properties.setProperty("start-locator", "localhost[" + embeddedLocatorPort + "]");