Repository: geode Updated Branches: refs/heads/develop e0ece3315 -> 9e5fad2e8
GEODE-3447 Implement client authorization for the new protocol Implementation of authorization checks for the new protocol. Project: http://git-wip-us.apache.org/repos/asf/geode/repo Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/9e5fad2e Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/9e5fad2e Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/9e5fad2e Branch: refs/heads/develop Commit: 9e5fad2e8699917a3317811c877148674d663bda Parents: e0ece33 Author: Bruce Schuchardt <bschucha...@pivotal.io> Authored: Thu Aug 17 15:22:57 2017 -0700 Committer: Bruce Schuchardt <bschucha...@pivotal.io> Committed: Mon Aug 28 12:48:31 2017 -0700 ---------------------------------------------------------------------- .../sockets/ClientProtocolMessageHandler.java | 3 + .../GenericProtocolServerConnection.java | 2 +- .../tier/sockets/MessageExecutionContext.java | 43 +++- .../geode/security/NoOpStreamAuthenticator.java | 7 +- .../geode/security/NoOpStreamAuthorizer.java | 26 +++ .../geode/security/StreamAuthenticator.java | 8 +- .../apache/geode/security/StreamAuthorizer.java | 19 ++ .../protocol/protobuf/OperationContext.java | 10 +- .../protocol/protobuf/ProtobufOpsProcessor.java | 14 +- .../protobuf/ProtobufSimpleAuthenticator.java | 23 ++- .../protobuf/ProtobufSimpleAuthorizer.java | 42 ++++ .../protobuf/ProtobufStreamProcessor.java | 1 + .../registry/OperationContextRegistry.java | 39 +++- .../protocol/AuthorizationIntegrationTest.java | 206 +++++++++++++++++++ .../protobuf/ProtobufStreamProcessorTest.java | 3 +- .../GetAllRequestOperationHandlerJUnitTest.java | 11 +- ...onNamesRequestOperationHandlerJUnitTest.java | 5 +- ...tRegionRequestOperationHandlerJUnitTest.java | 6 +- .../GetRequestOperationHandlerJUnitTest.java | 11 +- .../PutAllRequestOperationHandlerJUnitTest.java | 16 +- .../PutRequestOperationHandlerJUnitTest.java | 9 +- .../RemoveRequestOperationHandlerJUnitTest.java | 9 +- 22 files changed, 450 insertions(+), 63 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java index 0ced3aa..0d1dfd9 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java @@ -15,6 +15,9 @@ package org.apache.geode.internal.cache.tier.sockets; +import org.apache.geode.internal.cache.InternalCache; +import org.apache.geode.security.StreamAuthorizer; + import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java index 0b221b0..0b53cb7 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java @@ -63,7 +63,7 @@ public class GenericProtocolServerConnection extends ServerConnection { authenticator.receiveMessage(inputStream, outputStream, securityManager); } else { messageHandler.receiveMessage(inputStream, outputStream, - new MessageExecutionContext(this.getCache())); + new MessageExecutionContext(this.getCache(), authenticator.getAuthorizer())); } } catch (EOFException e) { this.setFlagProcessMessagesAsFalse(); http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java index 1cb8c9d..817df0e 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java @@ -18,39 +18,60 @@ package org.apache.geode.internal.cache.tier.sockets; import org.apache.geode.annotations.Experimental; import org.apache.geode.cache.Cache; import org.apache.geode.distributed.internal.InternalLocator; +import org.apache.geode.security.NoOpStreamAuthorizer; +import org.apache.geode.security.StreamAuthorizer; @Experimental public class MessageExecutionContext { private Cache cache; private InternalLocator locator; + private StreamAuthorizer authorizer; - public MessageExecutionContext(Cache cache) { + public MessageExecutionContext(Cache cache, StreamAuthorizer streamAuthorizer) { this.cache = cache; + this.authorizer = streamAuthorizer; } public MessageExecutionContext(InternalLocator locator) { this.locator = locator; + // set a no-op authorizer until such time as locators implement authentication + // and authorization checks + this.authorizer = new NoOpStreamAuthorizer(); } - // This throws if the cache isn't present because we know that non of the callers can take any - // reasonable action if the cache is not present + /** + * Returns the cache associated with this execution + * <p> + * + * @throws InvalidExecutionContextException if there is no cache available + */ public Cache getCache() throws InvalidExecutionContextException { if (cache != null) { return cache; - } else { - throw new InvalidExecutionContextException( - "Operations on the locator should not to try to operate on a cache"); } + throw new InvalidExecutionContextException( + "Operations on the locator should not to try to operate on a cache"); } - // This throws if the locator isn't present because we know that non of the callers can take any - // reasonable action if the locator is not present + /** + * Returns the locator associated with this execution + * <p> + * + * @throws InvalidExecutionContextException if there is no locator available + */ public InternalLocator getLocator() throws InvalidExecutionContextException { if (locator != null) { return locator; - } else { - throw new InvalidExecutionContextException( - "Operations on the server should not to try to operate on a locator"); } + throw new InvalidExecutionContextException( + "Operations on the server should not to try to operate on a locator"); + } + + /** + * Returns the StreamAuthorizer associated with this execution. This can be used to perform + * authorization checks for the user associated with this thread. + */ + public StreamAuthorizer getAuthorizer() { + return authorizer; } } http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-core/src/main/java/org/apache/geode/security/NoOpStreamAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/NoOpStreamAuthenticator.java b/geode-core/src/main/java/org/apache/geode/security/NoOpStreamAuthenticator.java index 0a6dde1..62f49fe 100644 --- a/geode-core/src/main/java/org/apache/geode/security/NoOpStreamAuthenticator.java +++ b/geode-core/src/main/java/org/apache/geode/security/NoOpStreamAuthenticator.java @@ -23,8 +23,6 @@ import java.io.OutputStream; * returns true. */ public class NoOpStreamAuthenticator implements StreamAuthenticator { - - @Override public void receiveMessage(InputStream inputStream, OutputStream outputStream, SecurityManager securityManager) throws IOException { @@ -37,6 +35,11 @@ public class NoOpStreamAuthenticator implements StreamAuthenticator { } @Override + public StreamAuthorizer getAuthorizer() { + return new NoOpStreamAuthorizer(); + } + + @Override public String implementationID() { return "NOOP"; } http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-core/src/main/java/org/apache/geode/security/NoOpStreamAuthorizer.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/NoOpStreamAuthorizer.java b/geode-core/src/main/java/org/apache/geode/security/NoOpStreamAuthorizer.java new file mode 100644 index 0000000..1b21576 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/NoOpStreamAuthorizer.java @@ -0,0 +1,26 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +/** + * An implementation of {@link StreamAuthorizer} that doesn't use its parameters and always returns + * true. + */ +public class NoOpStreamAuthorizer implements StreamAuthorizer { + @Override + public boolean authorize(ResourcePermission permissionRequested) { + return true; + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-core/src/main/java/org/apache/geode/security/StreamAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/StreamAuthenticator.java b/geode-core/src/main/java/org/apache/geode/security/StreamAuthenticator.java index 7db1a2b..8bba60c 100644 --- a/geode-core/src/main/java/org/apache/geode/security/StreamAuthenticator.java +++ b/geode-core/src/main/java/org/apache/geode/security/StreamAuthenticator.java @@ -14,8 +14,6 @@ */ package org.apache.geode.security; -import org.apache.geode.security.SecurityManager; - import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -46,6 +44,12 @@ public interface StreamAuthenticator { boolean isAuthenticated(); /** + * Return an authorization object which can be used to determine which permissions this stream has + * according to the provided securityManager. + */ + StreamAuthorizer getAuthorizer() throws AuthenticationRequiredException; + + /** * @return a unique identifier for this particular implementation (NOOP, PASSTHROUGH, etc.) */ String implementationID(); http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-core/src/main/java/org/apache/geode/security/StreamAuthorizer.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/StreamAuthorizer.java b/geode-core/src/main/java/org/apache/geode/security/StreamAuthorizer.java new file mode 100644 index 0000000..fdb6b17 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/StreamAuthorizer.java @@ -0,0 +1,19 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +public interface StreamAuthorizer { + boolean authorize(ResourcePermission permissionRequested); +} http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/OperationContext.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/OperationContext.java b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/OperationContext.java index efaa40d..a36c1bc 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/OperationContext.java +++ b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/OperationContext.java @@ -21,6 +21,7 @@ import org.apache.geode.annotations.Experimental; import org.apache.geode.internal.protocol.protobuf.BasicTypes; import org.apache.geode.internal.protocol.protobuf.ClientProtocol; import org.apache.geode.protocol.operations.OperationHandler; +import org.apache.geode.security.ResourcePermission; @Experimental public class OperationContext<OperationRequest, OperationResponse> { @@ -28,14 +29,17 @@ public class OperationContext<OperationRequest, OperationResponse> { private final Function<ClientProtocol.Request, OperationRequest> fromRequest; private final Function<OperationResponse, ClientProtocol.Response.Builder> toResponse; private final Function<BasicTypes.ErrorResponse, ClientProtocol.Response.Builder> toErrorResponse; + private final ResourcePermission accessPermissionRequired; public OperationContext(Function<ClientProtocol.Request, OperationRequest> fromRequest, OperationHandler<OperationRequest, OperationResponse> operationHandler, - Function<OperationResponse, ClientProtocol.Response.Builder> toResponse) { + Function<OperationResponse, ClientProtocol.Response.Builder> toResponse, + ResourcePermission permissionRequired) { this.operationHandler = operationHandler; this.fromRequest = fromRequest; this.toResponse = toResponse; this.toErrorResponse = OperationContext::makeErrorBuilder; + accessPermissionRequired = permissionRequired; } public static ClientProtocol.Response.Builder makeErrorBuilder( @@ -58,4 +62,8 @@ public class OperationContext<OperationRequest, OperationResponse> { public Function<BasicTypes.ErrorResponse, ClientProtocol.Response.Builder> getToErrorResponse() { return toErrorResponse; } + + public ResourcePermission getAccessPermissionRequired() { + return accessPermissionRequired; + } } http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufOpsProcessor.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufOpsProcessor.java b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufOpsProcessor.java index b3eeb3a..a2f752d 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufOpsProcessor.java +++ b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufOpsProcessor.java @@ -15,11 +15,13 @@ package org.apache.geode.protocol.protobuf; import org.apache.geode.annotations.Experimental; +import org.apache.geode.internal.cache.Token; import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext; import org.apache.geode.internal.cache.tier.sockets.InvalidExecutionContextException; import org.apache.geode.internal.protocol.protobuf.ClientProtocol; import org.apache.geode.protocol.protobuf.registry.OperationContextRegistry; import org.apache.geode.protocol.protobuf.utilities.ProtobufResponseUtilities; +import org.apache.geode.security.StreamAuthorizer; import org.apache.geode.serialization.SerializationService; /** @@ -45,9 +47,15 @@ public class ProtobufOpsProcessor { ClientProtocol.Response.Builder builder; Result result; try { - result = operationContext.getOperationHandler().process(serializationService, - operationContext.getFromRequest().apply(request), context); - } catch (InvalidExecutionContextException e) { + if (context.getAuthorizer().authorize(operationContext.getAccessPermissionRequired())) { + result = operationContext.getOperationHandler().process(serializationService, + operationContext.getFromRequest().apply(request), context); + } else { + result = Failure.of(ProtobufResponseUtilities.makeErrorResponse( + ProtocolErrorCode.AUTHORIZATION_FAILED.codeValue, + "User isn't authorized for this operation.")); + } + } catch (InvalidExecutionContextException exception) { result = Failure.of(ProtobufResponseUtilities.makeErrorResponse( ProtocolErrorCode.UNSUPPORTED_OPERATION.codeValue, "Invalid execution context found for operation.")); http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthenticator.java index 02111dd..1bb0678 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthenticator.java +++ b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthenticator.java @@ -16,9 +16,11 @@ package org.apache.geode.protocol.protobuf; import org.apache.geode.management.internal.security.ResourceConstants; import org.apache.geode.internal.protocol.protobuf.AuthenticationAPI; +import org.apache.geode.security.AuthenticationRequiredException; import org.apache.geode.security.StreamAuthenticator; import org.apache.geode.security.AuthenticationFailedException; import org.apache.geode.security.SecurityManager; +import org.apache.geode.security.StreamAuthorizer; import java.io.EOFException; import java.io.IOException; @@ -28,6 +30,7 @@ import java.util.Properties; public class ProtobufSimpleAuthenticator implements StreamAuthenticator { private boolean authenticated; + private ProtobufSimpleAuthorizer authorizer = null; @Override public void receiveMessage(InputStream inputStream, OutputStream outputStream, @@ -42,20 +45,32 @@ public class ProtobufSimpleAuthenticator implements StreamAuthenticator { properties.setProperty(ResourceConstants.USER_NAME, authenticationRequest.getUsername()); properties.setProperty(ResourceConstants.PASSWORD, authenticationRequest.getPassword()); + authorizer = null; // authenticating a new user clears current authorizer try { Object principal = securityManager.authenticate(properties); - authenticated = principal != null; + if (principal != null) { + authorizer = new ProtobufSimpleAuthorizer(principal, securityManager); + } } catch (AuthenticationFailedException e) { - authenticated = false; + authorizer = null; } - AuthenticationAPI.SimpleAuthenticationResponse.newBuilder().setAuthenticated(authenticated) + AuthenticationAPI.SimpleAuthenticationResponse.newBuilder().setAuthenticated(isAuthenticated()) .build().writeDelimitedTo(outputStream); } @Override public boolean isAuthenticated() { - return authenticated; + // note: an authorizer is only created if the user has been authenticated + return authorizer != null; + } + + @Override + public StreamAuthorizer getAuthorizer() throws AuthenticationRequiredException { + if (authorizer == null) { + throw new AuthenticationRequiredException("Not yet authenticated"); + } + return authorizer; } @Override http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthorizer.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthorizer.java b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthorizer.java new file mode 100644 index 0000000..872632a --- /dev/null +++ b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufSimpleAuthorizer.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.protocol.protobuf; + +import java.io.EOFException; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.Properties; + +import org.apache.geode.security.AuthenticationFailedException; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.security.SecurityManager; +import org.apache.geode.security.StreamAuthenticator; +import org.apache.geode.security.StreamAuthorizer; + +public class ProtobufSimpleAuthorizer implements StreamAuthorizer { + private final Object authenticatedPrincipal; + private final SecurityManager securityManager; + + public ProtobufSimpleAuthorizer(Object authenticatedPrincipal, SecurityManager securityManager) { + this.authenticatedPrincipal = authenticatedPrincipal; + this.securityManager = securityManager; + } + + @Override + public boolean authorize(ResourcePermission permissionRequested) { + return securityManager.authorize(authenticatedPrincipal, permissionRequested); + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessor.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessor.java b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessor.java index f28c310..23924db 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessor.java +++ b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessor.java @@ -27,6 +27,7 @@ import org.apache.geode.internal.protocol.protobuf.ClientProtocol; import org.apache.geode.protocol.protobuf.registry.OperationContextRegistry; import org.apache.geode.protocol.protobuf.serializer.ProtobufProtocolSerializer; import org.apache.geode.protocol.protobuf.utilities.ProtobufUtilities; +import org.apache.geode.security.StreamAuthorizer; import org.apache.geode.serialization.registry.exception.CodecAlreadyRegisteredForTypeException; /** http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/registry/OperationContextRegistry.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/registry/OperationContextRegistry.java b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/registry/OperationContextRegistry.java index 599d15d..ebbc8ba 100644 --- a/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/registry/OperationContextRegistry.java +++ b/geode-protobuf/src/main/java/org/apache/geode/protocol/protobuf/registry/OperationContextRegistry.java @@ -30,6 +30,7 @@ import org.apache.geode.protocol.protobuf.operations.GetRequestOperationHandler; import org.apache.geode.protocol.protobuf.operations.PutAllRequestOperationHandler; import org.apache.geode.protocol.protobuf.operations.PutRequestOperationHandler; import org.apache.geode.protocol.protobuf.operations.RemoveRequestOperationHandler; +import org.apache.geode.security.ResourcePermission; @Experimental public class OperationContextRegistry { @@ -47,41 +48,57 @@ public class OperationContextRegistry { operationContexts.put(RequestAPICase.GETREQUEST, new OperationContext<>(ClientProtocol.Request::getGetRequest, new GetRequestOperationHandler(), - opsResp -> ClientProtocol.Response.newBuilder().setGetResponse(opsResp))); + opsResp -> ClientProtocol.Response.newBuilder().setGetResponse(opsResp), + new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.READ))); operationContexts.put(RequestAPICase.GETALLREQUEST, new OperationContext<>(ClientProtocol.Request::getGetAllRequest, new GetAllRequestOperationHandler(), - opsResp -> ClientProtocol.Response.newBuilder().setGetAllResponse(opsResp))); + opsResp -> ClientProtocol.Response.newBuilder().setGetAllResponse(opsResp), + new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.READ))); operationContexts.put(RequestAPICase.PUTREQUEST, new OperationContext<>(ClientProtocol.Request::getPutRequest, new PutRequestOperationHandler(), - opsResp -> ClientProtocol.Response.newBuilder().setPutResponse(opsResp))); + opsResp -> ClientProtocol.Response.newBuilder().setPutResponse(opsResp), + new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.WRITE))); operationContexts.put(RequestAPICase.PUTALLREQUEST, new OperationContext<>(ClientProtocol.Request::getPutAllRequest, new PutAllRequestOperationHandler(), - opsResp -> ClientProtocol.Response.newBuilder().setPutAllResponse(opsResp))); + opsResp -> ClientProtocol.Response.newBuilder().setPutAllResponse(opsResp), + new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.WRITE))); operationContexts.put(RequestAPICase.REMOVEREQUEST, new OperationContext<>(ClientProtocol.Request::getRemoveRequest, new RemoveRequestOperationHandler(), - opsResp -> ClientProtocol.Response.newBuilder().setRemoveResponse(opsResp))); + opsResp -> ClientProtocol.Response.newBuilder().setRemoveResponse(opsResp), + new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.WRITE))); operationContexts.put(RequestAPICase.GETREGIONNAMESREQUEST, new OperationContext<>(ClientProtocol.Request::getGetRegionNamesRequest, new GetRegionNamesRequestOperationHandler(), - opsResp -> ClientProtocol.Response.newBuilder().setGetRegionNamesResponse(opsResp))); + opsResp -> ClientProtocol.Response.newBuilder().setGetRegionNamesResponse(opsResp), + new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.READ))); operationContexts.put(RequestAPICase.GETREGIONREQUEST, new OperationContext<>(ClientProtocol.Request::getGetRegionRequest, new GetRegionRequestOperationHandler(), - opsResp -> ClientProtocol.Response.newBuilder().setGetRegionResponse(opsResp))); + opsResp -> ClientProtocol.Response.newBuilder().setGetRegionResponse(opsResp), + new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.READ))); - operationContexts.put(RequestAPICase.GETAVAILABLESERVERSREQUEST, new OperationContext<>( - ClientProtocol.Request::getGetAvailableServersRequest, - new GetAvailableServersOperationHandler(), - opsResp -> ClientProtocol.Response.newBuilder().setGetAvailableServersResponse(opsResp))); + operationContexts.put(RequestAPICase.GETAVAILABLESERVERSREQUEST, + new OperationContext<>(ClientProtocol.Request::getGetAvailableServersRequest, + new GetAvailableServersOperationHandler(), + opsResp -> ClientProtocol.Response.newBuilder().setGetAvailableServersResponse(opsResp), + new ResourcePermission(ResourcePermission.Resource.CLUSTER, + ResourcePermission.Operation.READ))); } } http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/test/java/org/apache/geode/protocol/AuthorizationIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/test/java/org/apache/geode/protocol/AuthorizationIntegrationTest.java b/geode-protobuf/src/test/java/org/apache/geode/protocol/AuthorizationIntegrationTest.java new file mode 100644 index 0000000..47bdbf5 --- /dev/null +++ b/geode-protobuf/src/test/java/org/apache/geode/protocol/AuthorizationIntegrationTest.java @@ -0,0 +1,206 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.protocol; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.same; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.Socket; +import java.util.Properties; +import java.util.concurrent.TimeUnit; + +import org.awaitility.Awaitility; +import org.junit.After; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.contrib.java.lang.system.RestoreSystemProperties; +import org.junit.experimental.categories.Category; + +import org.apache.geode.cache.Cache; +import org.apache.geode.cache.CacheFactory; +import org.apache.geode.cache.server.CacheServer; +import org.apache.geode.internal.AvailablePortHelper; +import org.apache.geode.internal.protocol.protobuf.AuthenticationAPI; +import org.apache.geode.internal.protocol.protobuf.ClientProtocol; +import org.apache.geode.internal.protocol.protobuf.RegionAPI; +import org.apache.geode.management.internal.security.ResourceConstants; +import org.apache.geode.protocol.protobuf.ProtobufSerializationService; +import org.apache.geode.protocol.protobuf.ProtocolErrorCode; +import org.apache.geode.protocol.protobuf.serializer.ProtobufProtocolSerializer; +import org.apache.geode.protocol.protobuf.utilities.ProtobufUtilities; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.security.SecurityManager; +import org.apache.geode.serialization.registry.exception.CodecAlreadyRegisteredForTypeException; +import org.apache.geode.test.junit.categories.IntegrationTest; + +@Category(IntegrationTest.class) +public class AuthorizationIntegrationTest { + + private static final String TEST_USERNAME = "bob"; + private static final String TEST_PASSWORD = "bobspassword"; + public static final String TEST_REGION = "testRegion"; + + @Rule + public final RestoreSystemProperties restoreSystemProperties = new RestoreSystemProperties(); + + private Cache cache; + private int cacheServerPort; + private CacheServer cacheServer; + private Socket socket; + private OutputStream outputStream; + private ProtobufSerializationService serializationService; + private InputStream inputStream; + private ProtobufProtocolSerializer protobufProtocolSerializer; + private Object securityPrincipal; + private SecurityManager mockSecurityManager; + private String testRegion; + public static final ResourcePermission READ_PERMISSION = + new ResourcePermission(ResourcePermission.Resource.DATA, ResourcePermission.Operation.READ); + public static final ResourcePermission WRITE_PERMISSION = + new ResourcePermission(ResourcePermission.Resource.DATA, ResourcePermission.Operation.WRITE); + + @Before + public void setUp() throws IOException, CodecAlreadyRegisteredForTypeException { + Properties expectedAuthProperties = new Properties(); + expectedAuthProperties.setProperty(ResourceConstants.USER_NAME, TEST_USERNAME); + expectedAuthProperties.setProperty(ResourceConstants.PASSWORD, TEST_PASSWORD); + + securityPrincipal = new Object(); + mockSecurityManager = mock(SecurityManager.class); + when(mockSecurityManager.authenticate(expectedAuthProperties)).thenReturn(securityPrincipal); + + Properties properties = new Properties(); + CacheFactory cacheFactory = new CacheFactory(properties); + cacheFactory.set("mcast-port", "0"); // sometimes it isn't due to other tests. + + cacheFactory.setSecurityManager(mockSecurityManager); + cache = cacheFactory.create(); + + cacheServer = cache.addCacheServer(); + cacheServerPort = AvailablePortHelper.getRandomAvailableTCPPort(); + cacheServer.setPort(cacheServerPort); + cacheServer.start(); + + cache.createRegionFactory().create(TEST_REGION); + + System.setProperty("geode.feature-protobuf-protocol", "true"); + System.setProperty("geode.protocol-authentication-mode", "SIMPLE"); + socket = new Socket("localhost", cacheServerPort); + + Awaitility.await().atMost(5, TimeUnit.SECONDS).until(socket::isConnected); + outputStream = socket.getOutputStream(); + inputStream = socket.getInputStream(); + outputStream.write(110); + + serializationService = new ProtobufSerializationService(); + protobufProtocolSerializer = new ProtobufProtocolSerializer(); + + when(mockSecurityManager.authorize(same(securityPrincipal), any())).thenReturn(false); + AuthenticationAPI.SimpleAuthenticationRequest authenticationRequest = + AuthenticationAPI.SimpleAuthenticationRequest.newBuilder().setUsername(TEST_USERNAME) + .setPassword(TEST_PASSWORD).build(); + authenticationRequest.writeDelimitedTo(outputStream); + + AuthenticationAPI.SimpleAuthenticationResponse authenticationResponse = + AuthenticationAPI.SimpleAuthenticationResponse.parseDelimitedFrom(inputStream); + assertTrue(authenticationResponse.getAuthenticated()); + } + + @After + public void shutDown() throws IOException { + cache.close(); + socket.close(); + } + + + @Test + public void validateNoPermissions() throws Exception { + when(mockSecurityManager.authorize(securityPrincipal, READ_PERMISSION)).thenReturn(false); + when(mockSecurityManager.authorize(securityPrincipal, WRITE_PERMISSION)).thenReturn(false); + + verifyOperations(false, false); + } + + @Test + public void validateWritePermission() throws Exception { + when(mockSecurityManager.authorize(securityPrincipal, READ_PERMISSION)).thenReturn(false); + when(mockSecurityManager.authorize(securityPrincipal, WRITE_PERMISSION)).thenReturn(true); + + verifyOperations(false, true); + } + + @Test + public void validateReadPermission() throws Exception { + when(mockSecurityManager.authorize(securityPrincipal, READ_PERMISSION)).thenReturn(true); + when(mockSecurityManager.authorize(securityPrincipal, WRITE_PERMISSION)).thenReturn(false); + + verifyOperations(true, false); + } + + @Test + public void validateReadAndWritePermission() throws Exception { + when(mockSecurityManager.authorize(securityPrincipal, READ_PERMISSION)).thenReturn(true); + when(mockSecurityManager.authorize(securityPrincipal, WRITE_PERMISSION)).thenReturn(true); + + verifyOperations(true, true); + } + + private void verifyOperations(boolean readAllowed, boolean writeAllowed) throws Exception { + ClientProtocol.Message getRegionsMessage = + ClientProtocol.Message.newBuilder().setRequest(ClientProtocol.Request.newBuilder() + .setGetRegionNamesRequest(RegionAPI.GetRegionNamesRequest.newBuilder())).build(); + validateOperationAuthorized(getRegionsMessage, inputStream, outputStream, + readAllowed ? ClientProtocol.Response.ResponseAPICase.GETREGIONNAMESRESPONSE + : ClientProtocol.Response.ResponseAPICase.ERRORRESPONSE); + + ClientProtocol.Message putMessage = ClientProtocol.Message.newBuilder() + .setRequest(ClientProtocol.Request.newBuilder() + .setPutRequest(RegionAPI.PutRequest.newBuilder().setRegionName(TEST_REGION).setEntry( + ProtobufUtilities.createEntry(serializationService, "TEST_KEY", "TEST_VALUE")))) + .build(); + validateOperationAuthorized(putMessage, inputStream, outputStream, + writeAllowed ? ClientProtocol.Response.ResponseAPICase.PUTRESPONSE + : ClientProtocol.Response.ResponseAPICase.ERRORRESPONSE); + + ClientProtocol.Message removeMessage = ClientProtocol.Message.newBuilder() + .setRequest(ClientProtocol.Request.newBuilder() + .setRemoveRequest(RegionAPI.RemoveRequest.newBuilder().setRegionName(TEST_REGION) + .setKey(ProtobufUtilities.createEncodedValue(serializationService, "TEST_KEY")))) + .build(); + validateOperationAuthorized(removeMessage, inputStream, outputStream, + writeAllowed ? ClientProtocol.Response.ResponseAPICase.REMOVERESPONSE + : ClientProtocol.Response.ResponseAPICase.ERRORRESPONSE); + } + + private void validateOperationAuthorized(ClientProtocol.Message message, InputStream inputStream, + OutputStream outputStream, ClientProtocol.Response.ResponseAPICase expectedResponseType) + throws Exception { + protobufProtocolSerializer.serialize(message, outputStream); + ClientProtocol.Message response = protobufProtocolSerializer.deserialize(inputStream); + assertEquals(expectedResponseType, response.getResponse().getResponseAPICase()); + if (expectedResponseType == ClientProtocol.Response.ResponseAPICase.ERRORRESPONSE) { + assertEquals(ProtocolErrorCode.AUTHORIZATION_FAILED.codeValue, + response.getResponse().getErrorResponse().getError().getErrorCode()); + } + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessorTest.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessorTest.java b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessorTest.java index 16eb48b..bebbfde 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessorTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/ProtobufStreamProcessorTest.java @@ -27,6 +27,7 @@ import org.junit.experimental.categories.Category; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext; +import org.apache.geode.security.NoOpStreamAuthorizer; import org.apache.geode.test.junit.categories.UnitTest; @Category(UnitTest.class) @@ -39,6 +40,6 @@ public class ProtobufStreamProcessorTest { ProtobufStreamProcessor protobufStreamProcessor = new ProtobufStreamProcessor(); InternalCache mockInternalCache = mock(InternalCache.class); protobufStreamProcessor.receiveMessage(inputStream, outputStream, - new MessageExecutionContext(mockInternalCache)); + new MessageExecutionContext(mockInternalCache, new NoOpStreamAuthorizer())); } } http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetAllRequestOperationHandlerJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetAllRequestOperationHandlerJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetAllRequestOperationHandlerJUnitTest.java index 9b25fdb..b8613b6 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetAllRequestOperationHandlerJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetAllRequestOperationHandlerJUnitTest.java @@ -35,6 +35,7 @@ import org.apache.geode.protocol.protobuf.Result; import org.apache.geode.protocol.protobuf.Success; import org.apache.geode.protocol.protobuf.utilities.ProtobufRequestUtilities; import org.apache.geode.protocol.protobuf.utilities.ProtobufUtilities; +import org.apache.geode.security.NoOpStreamAuthorizer; import org.apache.geode.serialization.exception.UnsupportedEncodingTypeException; import org.apache.geode.serialization.registry.exception.CodecAlreadyRegisteredForTypeException; import org.apache.geode.serialization.registry.exception.CodecNotRegisteredForTypeException; @@ -78,8 +79,9 @@ public class GetAllRequestOperationHandlerJUnitTest extends OperationHandlerJUni public void processReturnsExpectedValuesForValidKeys() throws CodecAlreadyRegisteredForTypeException, UnsupportedEncodingTypeException, CodecNotRegisteredForTypeException, InvalidExecutionContextException { - Result<RegionAPI.GetAllResponse> result = operationHandler.process(serializationServiceStub, - generateTestRequest(true), new MessageExecutionContext(cacheStub)); + Result<RegionAPI.GetAllResponse> result = + operationHandler.process(serializationServiceStub, generateTestRequest(true), + new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); Assert.assertTrue(result instanceof Success); @@ -98,8 +100,9 @@ public class GetAllRequestOperationHandlerJUnitTest extends OperationHandlerJUni @Test public void processReturnsNoEntriesForNoKeysRequested() throws UnsupportedEncodingTypeException, CodecNotRegisteredForTypeException, InvalidExecutionContextException { - Result<RegionAPI.GetAllResponse> result = operationHandler.process(serializationServiceStub, - generateTestRequest(false), new MessageExecutionContext(cacheStub)); + Result<RegionAPI.GetAllResponse> result = + operationHandler.process(serializationServiceStub, generateTestRequest(false), + new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); Assert.assertTrue(result instanceof Success); http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionNamesRequestOperationHandlerJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionNamesRequestOperationHandlerJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionNamesRequestOperationHandlerJUnitTest.java index 50853b1..323048e 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionNamesRequestOperationHandlerJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionNamesRequestOperationHandlerJUnitTest.java @@ -33,6 +33,7 @@ import org.apache.geode.internal.protocol.protobuf.RegionAPI; import org.apache.geode.protocol.protobuf.Result; import org.apache.geode.protocol.protobuf.Success; import org.apache.geode.protocol.protobuf.utilities.ProtobufRequestUtilities; +import org.apache.geode.security.NoOpStreamAuthorizer; import org.apache.geode.serialization.exception.UnsupportedEncodingTypeException; import org.apache.geode.serialization.registry.exception.CodecAlreadyRegisteredForTypeException; import org.apache.geode.serialization.registry.exception.CodecNotRegisteredForTypeException; @@ -67,7 +68,7 @@ public class GetRegionNamesRequestOperationHandlerJUnitTest extends OperationHan CodecNotRegisteredForTypeException, InvalidExecutionContextException { Result<RegionAPI.GetRegionNamesResponse> result = operationHandler.process( serializationServiceStub, ProtobufRequestUtilities.createGetRegionNamesRequest(), - new MessageExecutionContext(cacheStub)); + new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); Assert.assertTrue(result instanceof Success); RegionAPI.GetRegionNamesResponse getRegionsResponse = result.getMessage(); @@ -93,7 +94,7 @@ public class GetRegionNamesRequestOperationHandlerJUnitTest extends OperationHan .thenReturn(Collections.unmodifiableSet(new HashSet<Region<String, String>>())); Result<RegionAPI.GetRegionNamesResponse> result = operationHandler.process( serializationServiceStub, ProtobufRequestUtilities.createGetRegionNamesRequest(), - new MessageExecutionContext(emptyCache)); + new MessageExecutionContext(emptyCache, new NoOpStreamAuthorizer())); Assert.assertTrue(result instanceof Success); RegionAPI.GetRegionNamesResponse getRegionsResponse = result.getMessage(); http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionRequestOperationHandlerJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionRequestOperationHandlerJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionRequestOperationHandlerJUnitTest.java index b836562..88950b7 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionRequestOperationHandlerJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRegionRequestOperationHandlerJUnitTest.java @@ -28,6 +28,7 @@ import org.apache.geode.protocol.protobuf.Failure; import org.apache.geode.protocol.protobuf.ProtocolErrorCode; import org.apache.geode.internal.protocol.protobuf.RegionAPI; import org.apache.geode.protocol.protobuf.Result; +import org.apache.geode.security.NoOpStreamAuthorizer; import org.apache.geode.serialization.exception.UnsupportedEncodingTypeException; import org.apache.geode.serialization.registry.exception.CodecAlreadyRegisteredForTypeException; import org.apache.geode.serialization.registry.exception.CodecNotRegisteredForTypeException; @@ -75,7 +76,8 @@ public class GetRegionRequestOperationHandlerJUnitTest extends OperationHandlerJ Result<RegionAPI.GetRegionResponse> result = operationHandler.process(serializationServiceStub, - MessageUtil.makeGetRegionRequest(TEST_REGION1), new MessageExecutionContext(cacheStub)); + MessageUtil.makeGetRegionRequest(TEST_REGION1), + new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); RegionAPI.GetRegionResponse response = result.getMessage(); BasicTypes.Region region = response.getRegion(); Assert.assertEquals(TEST_REGION1, region.getName()); @@ -101,7 +103,7 @@ public class GetRegionRequestOperationHandlerJUnitTest extends OperationHandlerJ String unknownRegionName = "UNKNOWN_REGION"; Result<RegionAPI.GetRegionResponse> result = operationHandler.process(serializationServiceStub, MessageUtil.makeGetRegionRequest(unknownRegionName), - new MessageExecutionContext(emptyCache)); + new MessageExecutionContext(emptyCache, new NoOpStreamAuthorizer())); Assert.assertTrue(result instanceof Failure); Assert.assertEquals(ProtocolErrorCode.REGION_NOT_FOUND.codeValue, result.getErrorMessage().getError().getErrorCode()); http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRequestOperationHandlerJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRequestOperationHandlerJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRequestOperationHandlerJUnitTest.java index 0b834ed..f104fb0 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRequestOperationHandlerJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/GetRequestOperationHandlerJUnitTest.java @@ -26,6 +26,7 @@ import org.apache.geode.protocol.protobuf.Result; import org.apache.geode.protocol.protobuf.Success; import org.apache.geode.protocol.protobuf.utilities.ProtobufRequestUtilities; import org.apache.geode.protocol.protobuf.utilities.ProtobufUtilities; +import org.apache.geode.security.NoOpStreamAuthorizer; import org.apache.geode.serialization.exception.UnsupportedEncodingTypeException; import org.apache.geode.serialization.registry.exception.CodecAlreadyRegisteredForTypeException; import org.apache.geode.serialization.registry.exception.CodecNotRegisteredForTypeException; @@ -72,7 +73,7 @@ public class GetRequestOperationHandlerJUnitTest extends OperationHandlerJUnitTe CodecNotRegisteredForTypeException, InvalidExecutionContextException { RegionAPI.GetRequest getRequest = generateTestRequest(false, false, false); Result<RegionAPI.GetResponse> result = operationHandler.process(serializationServiceStub, - getRequest, new MessageExecutionContext(cacheStub)); + getRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); Assert.assertTrue(result instanceof Success); Assert.assertEquals(BasicTypes.EncodedValue.ValueCase.STRINGRESULT, @@ -87,7 +88,7 @@ public class GetRequestOperationHandlerJUnitTest extends OperationHandlerJUnitTe CodecNotRegisteredForTypeException, InvalidExecutionContextException { RegionAPI.GetRequest getRequest = generateTestRequest(true, false, false); Result<RegionAPI.GetResponse> response = operationHandler.process(serializationServiceStub, - getRequest, new MessageExecutionContext(cacheStub)); + getRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); Assert.assertTrue(response instanceof Failure); Assert.assertEquals(ProtocolErrorCode.REGION_NOT_FOUND.codeValue, @@ -100,7 +101,7 @@ public class GetRequestOperationHandlerJUnitTest extends OperationHandlerJUnitTe CodecNotRegisteredForTypeException, InvalidExecutionContextException { RegionAPI.GetRequest getRequest = generateTestRequest(false, true, false); Result<RegionAPI.GetResponse> response = operationHandler.process(serializationServiceStub, - getRequest, new MessageExecutionContext(cacheStub)); + getRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); Assert.assertTrue(response instanceof Success); } @@ -111,7 +112,7 @@ public class GetRequestOperationHandlerJUnitTest extends OperationHandlerJUnitTe CodecNotRegisteredForTypeException, InvalidExecutionContextException { RegionAPI.GetRequest getRequest = generateTestRequest(false, false, true); Result<RegionAPI.GetResponse> response = operationHandler.process(serializationServiceStub, - getRequest, new MessageExecutionContext(cacheStub)); + getRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); Assert.assertTrue(response instanceof Success); } @@ -133,7 +134,7 @@ public class GetRequestOperationHandlerJUnitTest extends OperationHandlerJUnitTe RegionAPI.GetRequest getRequest = ProtobufRequestUtilities.createGetRequest(TEST_REGION, encodedKey).getGetRequest(); Result<RegionAPI.GetResponse> response = operationHandler.process(serializationServiceStub, - getRequest, new MessageExecutionContext(cacheStub)); + getRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); Assert.assertTrue(response instanceof Failure); Assert.assertEquals(ProtocolErrorCode.VALUE_ENCODING_ERROR.codeValue, http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutAllRequestOperationHandlerJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutAllRequestOperationHandlerJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutAllRequestOperationHandlerJUnitTest.java index 1a59a81..71d6a51 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutAllRequestOperationHandlerJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutAllRequestOperationHandlerJUnitTest.java @@ -23,6 +23,7 @@ import org.apache.geode.protocol.protobuf.Result; import org.apache.geode.protocol.protobuf.Success; import org.apache.geode.protocol.protobuf.utilities.ProtobufRequestUtilities; import org.apache.geode.protocol.protobuf.utilities.ProtobufUtilities; +import org.apache.geode.security.NoOpStreamAuthorizer; import org.apache.geode.serialization.exception.UnsupportedEncodingTypeException; import org.apache.geode.serialization.registry.exception.CodecAlreadyRegisteredForTypeException; import org.apache.geode.serialization.registry.exception.CodecNotRegisteredForTypeException; @@ -73,8 +74,9 @@ public class PutAllRequestOperationHandlerJUnitTest extends OperationHandlerJUni CodecAlreadyRegisteredForTypeException, InvalidExecutionContextException { PutAllRequestOperationHandler operationHandler = new PutAllRequestOperationHandler(); - Result<RegionAPI.PutAllResponse> result = operationHandler.process(serializationServiceStub, - generateTestRequest(false, true), new MessageExecutionContext(cacheStub)); + Result<RegionAPI.PutAllResponse> result = + operationHandler.process(serializationServiceStub, generateTestRequest(false, true), + new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); Assert.assertTrue(result instanceof Success); @@ -87,8 +89,9 @@ public class PutAllRequestOperationHandlerJUnitTest extends OperationHandlerJUni public void processWithInvalidEntrySucceedsAndReturnsFailedKey() throws Exception { PutAllRequestOperationHandler operationHandler = new PutAllRequestOperationHandler(); - Result<RegionAPI.PutAllResponse> result = operationHandler.process(serializationServiceStub, - generateTestRequest(true, true), new MessageExecutionContext(cacheStub)); + Result<RegionAPI.PutAllResponse> result = + operationHandler.process(serializationServiceStub, generateTestRequest(true, true), + new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Success); verify(regionMock).put(TEST_KEY1, TEST_VALUE1); @@ -106,8 +109,9 @@ public class PutAllRequestOperationHandlerJUnitTest extends OperationHandlerJUni public void processWithNoEntriesPasses() throws Exception { PutAllRequestOperationHandler operationHandler = new PutAllRequestOperationHandler(); - Result<RegionAPI.PutAllResponse> result = operationHandler.process(serializationServiceStub, - generateTestRequest(false, false), new MessageExecutionContext(cacheStub)); + Result<RegionAPI.PutAllResponse> result = + operationHandler.process(serializationServiceStub, generateTestRequest(false, false), + new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Success); http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutRequestOperationHandlerJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutRequestOperationHandlerJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutRequestOperationHandlerJUnitTest.java index a27987c..cbd897a 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutRequestOperationHandlerJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/PutRequestOperationHandlerJUnitTest.java @@ -26,6 +26,7 @@ import org.apache.geode.protocol.protobuf.Result; import org.apache.geode.protocol.protobuf.Success; import org.apache.geode.protocol.protobuf.utilities.ProtobufRequestUtilities; import org.apache.geode.protocol.protobuf.utilities.ProtobufUtilities; +import org.apache.geode.security.NoOpStreamAuthorizer; import org.apache.geode.serialization.exception.UnsupportedEncodingTypeException; import org.apache.geode.serialization.registry.exception.CodecAlreadyRegisteredForTypeException; import org.apache.geode.serialization.registry.exception.CodecNotRegisteredForTypeException; @@ -68,7 +69,7 @@ public class PutRequestOperationHandlerJUnitTest extends OperationHandlerJUnitTe CodecAlreadyRegisteredForTypeException, InvalidExecutionContextException { PutRequestOperationHandler operationHandler = new PutRequestOperationHandler(); Result<RegionAPI.PutResponse> result = operationHandler.process(serializationServiceStub, - generateTestRequest(), new MessageExecutionContext(cacheStub)); + generateTestRequest(), new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Success); @@ -99,7 +100,7 @@ public class PutRequestOperationHandlerJUnitTest extends OperationHandlerJUnitTe RegionAPI.PutRequest putRequest = ProtobufRequestUtilities.createPutRequest(TEST_REGION, testEntry).getPutRequest(); Result<RegionAPI.PutResponse> result = operationHandler.process(serializationServiceStub, - putRequest, new MessageExecutionContext(cacheStub)); + putRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Failure); assertEquals(ProtocolErrorCode.VALUE_ENCODING_ERROR.codeValue, @@ -113,7 +114,7 @@ public class PutRequestOperationHandlerJUnitTest extends OperationHandlerJUnitTe when(cacheStub.getRegion(TEST_REGION)).thenReturn(null); PutRequestOperationHandler operationHandler = new PutRequestOperationHandler(); Result<RegionAPI.PutResponse> result = operationHandler.process(serializationServiceStub, - generateTestRequest(), new MessageExecutionContext(cacheStub)); + generateTestRequest(), new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Failure); assertEquals(ProtocolErrorCode.REGION_NOT_FOUND.codeValue, @@ -128,7 +129,7 @@ public class PutRequestOperationHandlerJUnitTest extends OperationHandlerJUnitTe PutRequestOperationHandler operationHandler = new PutRequestOperationHandler(); Result<RegionAPI.PutResponse> result = operationHandler.process(serializationServiceStub, - generateTestRequest(), new MessageExecutionContext(cacheStub)); + generateTestRequest(), new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Failure); assertEquals(ProtocolErrorCode.CONSTRAINT_VIOLATION.codeValue, http://git-wip-us.apache.org/repos/asf/geode/blob/9e5fad2e/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/RemoveRequestOperationHandlerJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/RemoveRequestOperationHandlerJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/RemoveRequestOperationHandlerJUnitTest.java index c952c41..5d38e61 100644 --- a/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/RemoveRequestOperationHandlerJUnitTest.java +++ b/geode-protobuf/src/test/java/org/apache/geode/protocol/protobuf/operations/RemoveRequestOperationHandlerJUnitTest.java @@ -27,6 +27,7 @@ import org.apache.geode.protocol.protobuf.Result; import org.apache.geode.protocol.protobuf.Success; import org.apache.geode.protocol.protobuf.utilities.ProtobufRequestUtilities; import org.apache.geode.protocol.protobuf.utilities.ProtobufUtilities; +import org.apache.geode.security.NoOpStreamAuthorizer; import org.apache.geode.serialization.exception.UnsupportedEncodingTypeException; import org.apache.geode.serialization.registry.exception.CodecAlreadyRegisteredForTypeException; import org.apache.geode.serialization.registry.exception.CodecNotRegisteredForTypeException; @@ -73,7 +74,7 @@ public class RemoveRequestOperationHandlerJUnitTest extends OperationHandlerJUni CodecNotRegisteredForTypeException, InvalidExecutionContextException { RegionAPI.RemoveRequest removeRequest = generateTestRequest(false, false).getRemoveRequest(); Result<RegionAPI.RemoveResponse> result = operationHandler.process(serializationServiceStub, - removeRequest, new MessageExecutionContext(cacheStub)); + removeRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Success); verify(regionStub).remove(TEST_KEY); @@ -85,7 +86,7 @@ public class RemoveRequestOperationHandlerJUnitTest extends OperationHandlerJUni CodecNotRegisteredForTypeException, InvalidExecutionContextException { RegionAPI.RemoveRequest removeRequest = generateTestRequest(true, false).getRemoveRequest(); Result<RegionAPI.RemoveResponse> result = operationHandler.process(serializationServiceStub, - removeRequest, new MessageExecutionContext(cacheStub)); + removeRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Failure); assertEquals(ProtocolErrorCode.REGION_NOT_FOUND.codeValue, @@ -98,7 +99,7 @@ public class RemoveRequestOperationHandlerJUnitTest extends OperationHandlerJUni CodecNotRegisteredForTypeException, InvalidExecutionContextException { RegionAPI.RemoveRequest removeRequest = generateTestRequest(false, true).getRemoveRequest(); Result<RegionAPI.RemoveResponse> result = operationHandler.process(serializationServiceStub, - removeRequest, new MessageExecutionContext(cacheStub)); + removeRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Success); } @@ -121,7 +122,7 @@ public class RemoveRequestOperationHandlerJUnitTest extends OperationHandlerJUni RegionAPI.RemoveRequest removeRequest = ProtobufRequestUtilities.createRemoveRequest(TEST_REGION, encodedKey).getRemoveRequest();; Result<RegionAPI.RemoveResponse> result = operationHandler.process(serializationServiceStub, - removeRequest, new MessageExecutionContext(cacheStub)); + removeRequest, new MessageExecutionContext(cacheStub, new NoOpStreamAuthorizer())); assertTrue(result instanceof Failure); assertEquals(ProtocolErrorCode.VALUE_ENCODING_ERROR.codeValue,