GEODE-1571: Allow AuthInit to take either a constructor or a static factory method
* Allow AuthInit to take either a constructor or a static factory method * add more javadoc * simplify security check * fix test failures Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/d37e08e6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/d37e08e6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/d37e08e6 Branch: refs/heads/master Commit: d37e08e69fe3b5920c98bd9198ad37a9edd17ed7 Parents: 701909f Author: Jinmei Liao <jil...@pivotal.io> Authored: Mon Jul 18 11:48:44 2016 -0700 Committer: Jinmei Liao <jil...@pivotal.io> Committed: Tue Jul 19 09:50:27 2016 -0700 ---------------------------------------------------------------------- .../membership/gms/auth/GMSAuthenticator.java | 24 ++-- .../cache/tier/sockets/AcceptorImpl.java | 4 +- .../internal/cache/tier/sockets/HandShake.java | 26 ++--- .../internal/security/GeodeSecurityUtil.java | 117 +++++++++++++------ .../security/shiro/CustomAuthRealm.java | 6 +- .../gemfire/security/AuthInitialize.java | 12 +- .../apache/geode/security/GeodePermission.java | 21 ++++ .../apache/geode/security/PostProcessor.java | 2 +- .../security/templates/SamplePostProcessor.java | 16 ++- .../gms/auth/GMSAuthenticatorJUnitTest.java | 46 ++++---- .../security/GeodeSecurityUtilTest.java | 4 +- .../security/ClientAuthenticationTestCase.java | 4 +- .../gemfire/security/SecurityTestUtils.java | 9 ++ 13 files changed, 191 insertions(+), 100 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java index b82fdb1..f16a722 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java @@ -16,6 +16,14 @@ */ package com.gemstone.gemfire.distributed.internal.membership.gms.auth; +import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import static com.gemstone.gemfire.internal.i18n.LocalizedStrings.*; + +import java.lang.reflect.Method; +import java.security.Principal; +import java.util.Properties; +import java.util.Set; + import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; import com.gemstone.gemfire.distributed.internal.DistributionConfig; @@ -26,19 +34,12 @@ import com.gemstone.gemfire.distributed.internal.membership.gms.interfaces.Authe import com.gemstone.gemfire.internal.ClassLoadUtil; import com.gemstone.gemfire.internal.i18n.LocalizedStrings; import com.gemstone.gemfire.internal.logging.InternalLogWriter; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import com.gemstone.gemfire.security.AuthInitialize; import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.AuthenticationRequiredException; import com.gemstone.gemfire.security.GemFireSecurityException; -import java.lang.reflect.Method; -import java.security.Principal; -import java.util.Properties; -import java.util.Set; - -import static com.gemstone.gemfire.internal.i18n.LocalizedStrings.*; -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; - // static messages public class GMSAuthenticator implements Authenticator { @@ -195,12 +196,7 @@ public class GMSAuthenticator implements Authenticator { try { if (authMethod != null && authMethod.length() > 0) { - Method getter = ClassLoadUtil.methodFromName(authMethod); - AuthInitialize auth = (AuthInitialize)getter.invoke(null, (Object[]) null); - if (auth == null) { - throw new AuthenticationRequiredException(AUTH_FAILED_TO_ACQUIRE_AUTHINITIALIZE_INSTANCE.toLocalizedString(authMethod)); - } - + AuthInitialize auth = GeodeSecurityUtil.getObjectOfType(authMethod, AuthInitialize.class); try { LogWriter logWriter = services.getLogWriter(); LogWriter securityLogWriter = services.getSecurityLogWriter(); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java index e93faf8..43f90d5 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java @@ -638,9 +638,9 @@ public class AcceptorImpl extends Acceptor implements Runnable this.hsPool = tmp_hsPool; } - isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired(this.cache.getDistributedSystem().getSecurityProperties()); + isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired(); - isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity(this.cache.getDistributedSystem().getSecurityProperties()); + isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity(); String postAuthzFactoryName = this.cache.getDistributedSystem() .getProperties().getProperty(SECURITY_CLIENT_ACCESSOR_PP); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java index a2951f5..2dcf8e7 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java @@ -899,7 +899,7 @@ public class HandShake implements ClientHandShake throws GemFireSecurityException, IOException { Properties credentials = null; - boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties()); + boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(); try { byte secureMode = dis.readByte(); if (secureMode == CREDENTIALS_NONE) { @@ -1161,7 +1161,7 @@ public class HandShake implements ClientHandShake // non-blank setting for DH symmetric algo, or this is a server // that has authenticator defined. if ((dhSKAlgo != null && dhSKAlgo.length() > 0) - || GeodeSecurityUtil.isSecurityRequired(config.getSecurityProps())) { + || GeodeSecurityUtil.isSecurityRequired()) { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH"); DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL); keyGen.initialize(dhSpec); @@ -1599,19 +1599,13 @@ public class HandShake implements ClientHandShake Properties credentials = null; try { if (authInitMethod != null && authInitMethod.length() > 0) { - Method instanceGetter = ClassLoadUtil.methodFromName(authInitMethod); - AuthInitialize auth = (AuthInitialize)instanceGetter.invoke(null, - (Object[])null); - if (auth != null) { - auth.init(logWriter, - securityLogWriter); - try { - credentials = auth.getCredentials(securityProperties, server, - isPeer); - } - finally { - auth.close(); - } + AuthInitialize auth = GeodeSecurityUtil.getObjectOfType(authInitMethod, AuthInitialize.class); + auth.init(logWriter, securityLogWriter); + try { + credentials = auth.getCredentials(securityProperties, server, isPeer); + } + finally { + auth.close(); } } } @@ -1638,7 +1632,7 @@ public class HandShake implements ClientHandShake DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException { - boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties()); + boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(); Properties credentials = null; try { byte secureMode = dis.readByte(); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java index 8707a78..d439b19 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java @@ -19,6 +19,7 @@ package com.gemstone.gemfire.internal.security; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import java.lang.reflect.Method; import java.security.AccessController; import java.security.Principal; import java.util.Properties; @@ -26,10 +27,14 @@ import java.util.Set; import java.util.concurrent.Callable; import org.apache.commons.lang.StringUtils; +import org.apache.geode.security.GeodePermission; +import org.apache.geode.security.GeodePermission.Operation; +import org.apache.geode.security.GeodePermission.Resource; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.SecurityManager; import org.apache.logging.log4j.Logger; import org.apache.shiro.SecurityUtils; import org.apache.shiro.ShiroException; -import org.apache.shiro.UnavailableSecurityManagerException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.config.Ini.Section; import org.apache.shiro.config.IniSecurityManagerFactory; @@ -47,12 +52,7 @@ import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal; import com.gemstone.gemfire.management.internal.security.ResourceOperation; import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.GemFireSecurityException; -import org.apache.geode.security.GeodePermission; -import org.apache.geode.security.GeodePermission.Operation; -import org.apache.geode.security.GeodePermission.Resource; import com.gemstone.gemfire.security.NotAuthorizedException; -import org.apache.geode.security.PostProcessor; -import org.apache.geode.security.SecurityManager; public class GeodeSecurityUtil { @@ -65,7 +65,7 @@ public class GeodeSecurityUtil { * @return the shiro subject, null if security is not enabled */ public static Subject getSubject() { - if (!isSecured()) { + if (!isIntegratedSecure) { return null; } @@ -102,7 +102,7 @@ public class GeodeSecurityUtil { * @return null if security is not enabled, otherwise return a shiro subject */ public static Subject login(String username, String password) { - if (!isSecured()) { + if (!isIntegratedSecure) { return null; } @@ -269,18 +269,10 @@ public class GeodeSecurityUtil { } } - private static boolean isSecured() { - try { - SecurityUtils.getSecurityManager(); - } - catch (UnavailableSecurityManagerException e) { - return false; - } - return true; - } - private static PostProcessor postProcessor; private static SecurityManager securityManager; + private static boolean isSecure; + private static boolean isIntegratedSecure; /** * initialize Shiro's Security Manager and Security Utilities @@ -293,6 +285,7 @@ public class GeodeSecurityUtil { String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT); String securityConfig = securityProps.getProperty(SECURITY_MANAGER); + String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR); if (!StringUtils.isBlank(shiroConfig)) { IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig); @@ -306,24 +299,33 @@ public class GeodeSecurityUtil { org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); + isSecure = true; + isIntegratedSecure = true; } - // only set up shiro realm if user has implemented SecurityManager else if (!StringUtils.isBlank(securityConfig)) { - securityManager = getObjectOfType(securityConfig, SecurityManager.class); + securityManager = getObjectOfTypeFromClassName(securityConfig, SecurityManager.class); securityManager.init(securityProps); Realm realm = new CustomAuthRealm(securityManager); org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm); SecurityUtils.setSecurityManager(shiroManager); + isSecure = true; + isIntegratedSecure = true; + } + else if( !StringUtils.isBlank(clientAuthenticatorConfig)) { + isSecure = true; + isIntegratedSecure = false; } else { SecurityUtils.setSecurityManager(null); + isSecure = false; + isIntegratedSecure = false; } // this initializes the post processor String customPostProcessor = securityProps.getProperty(SECURITY_POST_PROCESSOR); if( !StringUtils.isBlank(customPostProcessor)) { - postProcessor = getObjectOfType(customPostProcessor, PostProcessor.class); + postProcessor = getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class); postProcessor.init(securityProps); } else{ @@ -342,6 +344,8 @@ public class GeodeSecurityUtil { postProcessor = null; } ThreadContext.remove(); + isSecure = false; + isIntegratedSecure = false; } /** @@ -349,8 +353,7 @@ public class GeodeSecurityUtil { * But if your postProcess is pretty involved with preparations and you need to bypass it entirely, call this first. */ public static boolean needPostProcess(){ - Subject subject = getSubject(); - return (subject != null && postProcessor != null); + return (isIntegratedSecure && postProcessor != null); } public static Object postProcess(String regionPath, Object key, Object result){ @@ -367,42 +370,88 @@ public class GeodeSecurityUtil { } - public static <T> T getObjectOfType(String className, Class<T> expectedClazz) { + /** + * this method would never return null, it either throws an exception or returns an object + * @param className + * @param expectedClazz + * @param <T> + * @return + */ + public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) { Class actualClass = null; try { actualClass = ClassLoadUtil.classFromName(className); } catch (Exception ex) { - throw new GemFireSecurityException(ex.toString(), ex); + throw new GemFireSecurityException("Instance could not be obtained, "+ex.toString(), ex); } if(!expectedClazz.isAssignableFrom(actualClass)){ - throw new GemFireSecurityException("Expecting a "+expectedClazz.getName()+" class."); + throw new GemFireSecurityException("Instance could not be obtained. Expecting a "+expectedClazz.getName()+" class."); } T actualObject = null; try { actualObject = (T)actualClass.newInstance(); } catch (Exception e) { - throw new GemFireSecurityException("Error instantiating "+actualClass.getName(), e); + throw new GemFireSecurityException("Instance could not be obtained. Error instantiating "+actualClass.getName(), e); } return actualObject; } + /** + * this method would never return null, it either throws an exception or returns an object + * @param factoryMethodName + * @param expectedClazz + * @param <T> + * @return + */ + public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz){ + T actualObject = null; + try { + Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName); + actualObject = (T)factoryMethod.invoke(null, (Object[])null); + } catch (Exception e) { + throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName, e); + } + + if(actualObject == null){ + throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName); + } + + return actualObject; + } + + /** + * this method would never return null, it either throws an exception or returns an object + * @param classOrMethod + * @param expectedClazz + * @param <T> + * @return an object of type expectedClazz. This method would never return null. It either returns an non-null + * object or throws exception. + */ + public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) { + T object = null; + try{ + object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz); + } + catch (Exception e){ + object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz); + } + return object; + } + public static SecurityManager getSecurityManager(){ return securityManager; } - public static boolean isSecurityRequired(Properties securityProps){ - String authenticator = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR); - String securityManager = securityProps.getProperty(SECURITY_MANAGER); - return !StringUtils.isEmpty(authenticator) || !StringUtils.isEmpty(securityManager); + public static boolean isSecurityRequired(){ + return isSecure; } - public static boolean isIntegratedSecurity(Properties securityProps){ - String securityManager = securityProps.getProperty(SECURITY_MANAGER); - return !StringUtils.isEmpty(securityManager); + public static boolean isIntegratedSecurity(){ + return isIntegratedSecure; } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java index 3d6275b..db07fe0 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java @@ -19,6 +19,8 @@ package com.gemstone.gemfire.internal.security.shiro; import java.security.Principal; import java.util.Properties; +import org.apache.geode.security.GeodePermission; +import org.apache.geode.security.SecurityManager; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; @@ -31,8 +33,6 @@ import org.apache.shiro.subject.PrincipalCollection; import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import com.gemstone.gemfire.management.internal.security.ResourceConstants; -import org.apache.geode.security.SecurityManager; -import org.apache.geode.security.GeodePermission; public class CustomAuthRealm extends AuthorizingRealm{ @@ -45,7 +45,7 @@ public class CustomAuthRealm extends AuthorizingRealm{ } public CustomAuthRealm (String authenticatorFactory) { - this.securityManager = GeodeSecurityUtil.getObjectOfType(authenticatorFactory, SecurityManager.class); + this.securityManager = GeodeSecurityUtil.getObjectOfTypeFromClassName(authenticatorFactory, SecurityManager.class); } @Override http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java index 400c665..e92772b 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java @@ -23,6 +23,7 @@ import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.cache.CacheCallback; import com.gemstone.gemfire.distributed.DistributedMember; import com.gemstone.gemfire.distributed.DistributedSystem; +import com.gemstone.gemfire.internal.cache.GemFireCacheImpl; // TODO Add example usage of this interface and configuration details /** @@ -49,11 +50,21 @@ public interface AuthInitialize extends CacheCallback { * * @throws AuthenticationFailedException * if some exception occurs during the initialization + * + * @deprecated since Geode 1.0, use init() */ public void init(LogWriter systemLogger, LogWriter securityLogger) throws AuthenticationFailedException; /** + * @since Geode 1.0. implement this method instead of init with logwriters. + * Implementation should use log4j instead of these loggers. + */ + default public void init(){ + GemFireCacheImpl cache = GemFireCacheImpl.getInstance(); + init(cache.getLogger(), cache.getSecurityLogger()); + } + /** * Initialize with the given set of security properties and return the * credentials for the peer/client as properties. * @@ -83,5 +94,4 @@ public interface AuthInitialize extends CacheCallback { public Properties getCredentials(Properties securityProps, DistributedMember server, boolean isPeer) throws AuthenticationFailedException; - } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java index 866b14e..0a777a8 100644 --- a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java +++ b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java @@ -19,6 +19,11 @@ package org.apache.geode.security; import org.apache.shiro.authz.permission.WildcardPermission; +/** + * GeodePermission defines the resource, the operation, the region and the key involved in the action to be authorized. + * + * It is passed to the SecurityManager for the implementation to decide whether to grant a user this permission or not. + */ public class GeodePermission extends WildcardPermission { public static String ALL_REGIONS = "*"; @@ -37,18 +42,34 @@ public class GeodePermission extends WildcardPermission { READ } + /** + * Returns the resource, could be either DATA or CLUSTER + * @return + */ public Resource getResource() { return resource; } + /** + * Returns the operation, could be either MANAGE, WRITE or READ + * @return + */ public Operation getOperation() { return operation; } + /** + * returns the regionName, could be "*", meaning all regions + * @return + */ public String getRegionName() { return regionName; } + /** + * returns the key, could be "*" meaning all keys. + * @return + */ public String getKey() { return key; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java index 0f13b47..1a0e5de 100644 --- a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java +++ b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java @@ -44,7 +44,7 @@ public interface PostProcessor { * @param key * the key of the value that's been accessed. This could be null. * @param value - * the value, this could be null. + * the original value. The orginal value could be null as well. * @return * the value that will be returned to the requester */ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java index 7e078da..8f61db7 100644 --- a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java +++ b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java @@ -22,14 +22,28 @@ import java.util.Properties; import org.apache.geode.security.PostProcessor; +/** + * This is example that implements PostProcessor + */ public class SamplePostProcessor implements PostProcessor{ - public static String MASK = "****"; @Override public void init(final Properties securityProps) { } + /** + * this simply modifies the value with all the parameter values + * @param principal + * The principal that's accessing the value + * @param regionName + * The region that's been accessed. This could be null. + * @param key + * the key of the value that's been accessed. This could be null. + * @param value + * the value, this could be null. + * @return + */ @Override public Object processRegionValue(Principal principal, String regionName, http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java index 78f752a..d52b261 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java @@ -16,6 +16,19 @@ */ package com.gemstone.gemfire.distributed.internal.membership.gms.auth; +import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import static org.junit.Assert.*; +import static org.mockito.Mockito.*; + +import java.security.Principal; +import java.util.Properties; + +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.contrib.java.lang.system.RestoreSystemProperties; +import org.junit.experimental.categories.Category; + import com.gemstone.gemfire.LogWriter; import com.gemstone.gemfire.distributed.DistributedMember; import com.gemstone.gemfire.distributed.internal.DistributionConfig; @@ -27,19 +40,6 @@ import com.gemstone.gemfire.security.Authenticator; import com.gemstone.gemfire.security.GemFireSecurityException; import com.gemstone.gemfire.test.junit.categories.SecurityTest; import com.gemstone.gemfire.test.junit.categories.UnitTest; -import org.junit.Before; -import org.junit.Rule; -import org.junit.Test; -import org.junit.contrib.java.lang.system.RestoreSystemProperties; -import org.junit.experimental.categories.Category; - -import java.security.Principal; -import java.util.Properties; - -import static org.junit.Assert.*; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; @Category({ UnitTest.class, SecurityTest.class }) public class GMSAuthenticatorJUnitTest { @@ -108,13 +108,13 @@ public class GMSAuthenticatorJUnitTest { @Test public void testGetCredentialWithNotExistAuth() throws Exception { props.setProperty(SECURITY_PEER_AUTH_INIT, prefix + "NotExistAuth.create"); - verifyNegativeGetCredential(props, "Failed to acquire AuthInitialize method"); + verifyNegativeGetCredential(props, "Instance could not be obtained"); } @Test public void testGetCredentialWithNullAuth() throws Exception { props.setProperty(SECURITY_PEER_AUTH_INIT, prefix + "TestAuthInit1.create"); - verifyNegativeGetCredential(props, "AuthInitialize instance could not be obtained"); + verifyNegativeGetCredential(props, "Instance could not be obtained"); } @Test @@ -198,7 +198,7 @@ public class GMSAuthenticatorJUnitTest { assertTrue(result, result.startsWith(expectedError)); } - private static class TestAuthInit1 implements AuthInitialize { + public static class TestAuthInit1 implements AuthInitialize { public static AuthInitialize create() { return null; } @@ -214,7 +214,7 @@ public class GMSAuthenticatorJUnitTest { } } - private static class TestAuthInit2 extends TestAuthInit1 { + public static class TestAuthInit2 extends TestAuthInit1 { private static TestAuthInit2 instance = null; private static int createCount = 0; @@ -245,7 +245,7 @@ public class GMSAuthenticatorJUnitTest { } // used by reflection by test - private static class TestAuthInit3 extends TestAuthInit1 { + public static class TestAuthInit3 extends TestAuthInit1 { public static AuthInitialize create() { return new TestAuthInit3(); } @@ -255,13 +255,13 @@ public class GMSAuthenticatorJUnitTest { } } - private static class TestAuthInit4 extends TestAuthInit1 { + public static class TestAuthInit4 extends TestAuthInit1 { public static AuthInitialize create() { return new TestAuthInit4(); } } - private static class TestAuthenticator1 implements Authenticator { + public static class TestAuthenticator1 implements Authenticator { public static Authenticator create() { return null; } @@ -277,7 +277,7 @@ public class GMSAuthenticatorJUnitTest { } } - private static class TestAuthenticator2 extends TestAuthenticator1 { + public static class TestAuthenticator2 extends TestAuthenticator1 { public static Authenticator create() { return new TestAuthenticator2(); } @@ -287,7 +287,7 @@ public class GMSAuthenticatorJUnitTest { } } - private static class TestAuthenticator3 extends TestAuthenticator1 { + public static class TestAuthenticator3 extends TestAuthenticator1 { public static Authenticator create() { return new TestAuthenticator3(); } @@ -297,7 +297,7 @@ public class GMSAuthenticatorJUnitTest { } } - private static class TestAuthenticator4 extends TestAuthenticator1 { + public static class TestAuthenticator4 extends TestAuthenticator1 { private static Authenticator instance = null; private static int createCount = 0; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java index 5e19a97..a26f06a 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java @@ -18,9 +18,8 @@ package com.gemstone.gemfire.internal.security; import static org.assertj.core.api.Java6Assertions.*; -import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.*; -import org.junit.Ignore; import org.junit.Test; import org.junit.experimental.categories.Category; @@ -49,7 +48,6 @@ public class GeodeSecurityUtilTest { } @Test - @Ignore public void testGetObjectFromFactoryMethod(){ String string = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class); assertNotNull(string); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java index f51431a..d7c75c7 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java @@ -221,7 +221,7 @@ public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTest Properties credentials = gen.getValidCredentials(1); getLogWriter().info("testInvalidAuthInit: For first client credentials: " + credentials + " : " + javaProps); - client1.invoke(() -> createCacheClient("com.gemstone.none", credentials, javaProps, new int[] { port1 }, 0, false, multiUser, true, AUTHREQ_EXCEPTION)); + client1.invoke(() -> createCacheClient("com.gemstone.none", credentials, javaProps, new int[] { port1 }, 0, false, multiUser, true, SECURITY_EXCEPTION)); } protected void doTestNoAuthInitWithCredentials(final boolean multiUser) throws Exception { @@ -477,7 +477,7 @@ public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTest // Now try to connect client2 with invalid auth-init method // Trying to create the region on client with valid credentials should // throw a security exception - client2.invoke(() -> createCacheClient("com.gemstone.none", credentials1, javaProps1, port1, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION)); + client2.invoke(() -> createCacheClient("com.gemstone.none", credentials1, javaProps1, port1, port2, zeroConns, multiUser, SECURITY_EXCEPTION)); // Try connection with null auth-init on clients. // Skip this test for a scheme which does not have an authInit in the http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java index 5ff0344..b74b054 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java @@ -103,6 +103,7 @@ public final class SecurityTestUtils { protected static final int NOTAUTHZ_EXCEPTION = 4; protected static final int OTHER_EXCEPTION = 5; protected static final int NO_AVAILABLE_SERVERS = 6; + protected static final int SECURITY_EXCEPTION = 7; // Indicates that AuthReqException may not necessarily be thrown protected static final int NOFORCE_AUTHREQ_EXCEPTION = 16; @@ -468,6 +469,14 @@ public final class SecurityTestUtils { } } + catch (GemFireSecurityException ex){ + if(expectedResult == SECURITY_EXCEPTION){ + getLogWriter().info("Got expected exception when starting client: " + ex); + } + else { + fail("Got unexpected exception when starting client", ex); + } + } catch (Exception ex) { fail("Got unexpected exception when starting client", ex); }
