http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java new file mode 100644 index 0000000..81d28be --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java @@ -0,0 +1,418 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import java.io.IOException; +import java.io.Serializable; +import java.security.AccessController; +import java.util.Properties; +import java.util.Set; +import java.util.concurrent.Callable; + +import org.apache.commons.lang.SerializationException; +import org.apache.commons.lang.StringUtils; +import org.apache.logging.log4j.Logger; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.ShiroException; +import org.apache.shiro.mgt.DefaultSecurityManager; +import org.apache.shiro.realm.Realm; +import org.apache.shiro.session.mgt.DefaultSessionManager; +import org.apache.shiro.session.mgt.SessionManager; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.subject.support.SubjectThreadState; +import org.apache.shiro.util.ThreadContext; +import org.apache.shiro.util.ThreadState; + +import org.apache.geode.GemFireIOException; +import org.apache.geode.internal.cache.EntryEventImpl; +import org.apache.geode.internal.logging.LogService; +import org.apache.geode.internal.security.shiro.CustomAuthRealm; +import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken; +import org.apache.geode.internal.security.shiro.ShiroPrincipal; +import org.apache.geode.internal.util.BlobHelper; +import org.apache.geode.management.internal.security.ResourceOperation; +import org.apache.geode.security.AuthenticationFailedException; +import org.apache.geode.security.GemFireSecurityException; +import org.apache.geode.security.NotAuthorizedException; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.security.ResourcePermission.Operation; +import org.apache.geode.security.ResourcePermission.Resource; +import org.apache.geode.security.SecurityManager; + +/** + * Security service with SecurityManager and an optional PostProcessor. + * + * TODO: rename EnabledSecurityService to IntegratedSecurityService + */ +public class EnabledSecurityService implements SecurityService { + private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME); + + private final SecurityManager securityManager; + + private final PostProcessor postProcessor; + + EnabledSecurityService(final SecurityManager securityManager, final PostProcessor postProcessor) { + this.securityManager = securityManager; + this.postProcessor = postProcessor; + + // initialize Shiro + Realm realm = new CustomAuthRealm(securityManager); + DefaultSecurityManager shiroManager = new DefaultSecurityManager(realm); + SecurityUtils.setSecurityManager(shiroManager); + increaseShiroGlobalSessionTimeout(shiroManager); + } + + @Override + public void initSecurity(final Properties securityProps) { + // nothing + } + + @Override + public void setSecurityManager(final SecurityManager securityManager) { + // nothing + } + + @Override + public void setPostProcessor(final PostProcessor postProcessor) { + // nothing + } + + /** + * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to + * process operations from the same client, then it looks into Shiro's thead context. + * + * @return the shiro subject, null if security is not enabled + */ + @Override + public Subject getSubject() { + Subject currentUser; + + // First try get the principal out of AccessControlContext instead of Shiro's Thread context + // since threads can be shared between JMX clients. + javax.security.auth.Subject jmxSubject = + javax.security.auth.Subject.getSubject(AccessController.getContext()); + + if (jmxSubject != null) { + Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class); + if (!principals.isEmpty()) { + ShiroPrincipal principal = principals.iterator().next(); + currentUser = principal.getSubject(); + ThreadContext.bind(currentUser); + return currentUser; + } + } + + // in other cases like rest call, client operations, we get it from the current thread + currentUser = SecurityUtils.getSubject(); + + if (currentUser == null || currentUser.getPrincipal() == null) { + throw new GemFireSecurityException("Error: Anonymous User"); + } + + return currentUser; + } + + /** + * @return null if security is not enabled, otherwise return a shiro subject + */ + @Override + public Subject login(final Properties credentials) { + if (credentials == null) { + return null; + } + + // this makes sure it starts with a clean user object + ThreadContext.remove(); + + Subject currentUser = SecurityUtils.getSubject(); + GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials); + try { + logger.info("Logging in " + token.getPrincipal()); + currentUser.login(token); + } catch (ShiroException e) { + logger.info(e.getMessage(), e); + throw new AuthenticationFailedException( + "Authentication error. Please check your credentials.", e); + } + + return currentUser; + } + + @Override + public void logout() { + Subject currentUser = getSubject(); + if (currentUser == null) { + return; + } + + try { + logger.info("Logging out " + currentUser.getPrincipal()); + currentUser.logout(); + } catch (ShiroException e) { + logger.info(e.getMessage(), e); + throw new GemFireSecurityException(e.getMessage(), e); + } + + // clean out Shiro's thread local content + ThreadContext.remove(); + } + + @Override // TODO: give Callable a type + public Callable associateWith(final Callable callable) { + Subject currentUser = getSubject(); + if (currentUser == null) { + return callable; + } + + return currentUser.associateWith(callable); + } + + /** + * Binds the passed-in subject to the executing thread. Usage: + * + * <pre> + * ThreadState state = null; + * try { + * state = IntegratedSecurityService.bindSubject(subject); + * //do the rest of the work as this subject + * } finally { + * if(state!=null) state.clear(); + * } + * </pre> + */ + @Override + public ThreadState bindSubject(final Subject subject) { + if (subject == null) { + return null; + } + + ThreadState threadState = new SubjectThreadState(subject); + threadState.bind(); + return threadState; + } + + @Override + public void authorize(final ResourceOperation resourceOperation) { + if (resourceOperation == null) { + return; + } + + authorize(resourceOperation.resource().name(), resourceOperation.operation().name(), null); + } + + @Override + public void authorizeClusterManage() { + authorize("CLUSTER", "MANAGE"); + } + + @Override + public void authorizeClusterWrite() { + authorize("CLUSTER", "WRITE"); + } + + @Override + public void authorizeClusterRead() { + authorize("CLUSTER", "READ"); + } + + @Override + public void authorizeDataManage() { + authorize("DATA", "MANAGE"); + } + + @Override + public void authorizeDataWrite() { + authorize("DATA", "WRITE"); + } + + @Override + public void authorizeDataRead() { + authorize("DATA", "READ"); + } + + @Override + public void authorizeRegionManage(final String regionName) { + authorize("DATA", "MANAGE", regionName); + } + + @Override + public void authorizeRegionManage(final String regionName, final String key) { + authorize("DATA", "MANAGE", regionName, key); + } + + @Override + public void authorizeRegionWrite(final String regionName) { + authorize("DATA", "WRITE", regionName); + } + + @Override + public void authorizeRegionWrite(final String regionName, final String key) { + authorize("DATA", "WRITE", regionName, key); + } + + @Override + public void authorizeRegionRead(final String regionName) { + authorize("DATA", "READ", regionName); + } + + @Override + public void authorizeRegionRead(final String regionName, final String key) { + authorize("DATA", "READ", regionName, key); + } + + @Override + public void authorize(final String resource, final String operation) { + authorize(resource, operation, null); + } + + @Override + public void authorize(final String resource, final String operation, final String regionName) { + authorize(resource, operation, regionName, null); + } + + @Override + public void authorize(final String resource, final String operation, String regionName, final String key) { + regionName = StringUtils.stripStart(regionName, "/"); + authorize(new ResourcePermission(resource, operation, regionName, key)); + } + + @Override + public void authorize(final ResourcePermission context) { + Subject currentUser = getSubject(); + if (currentUser == null) { + return; + } + if (context == null) { + return; + } + if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) { + return; + } + + try { + currentUser.checkPermission(context); + } catch (ShiroException e) { + String msg = currentUser.getPrincipal() + " not authorized for " + context; + logger.info(msg); + throw new NotAuthorizedException(msg, e); + } + } + + @Override + public void close() { + if (this.securityManager != null) { + this.securityManager.close(); + } + + if (this.postProcessor != null) { + this.postProcessor.close(); + } + + ThreadContext.remove(); + SecurityUtils.setSecurityManager(null); + } + + /** + * postProcess call already has this logic built in, you don't need to call this everytime you + * call postProcess. But if your postProcess is pretty involved with preparations and you need to + * bypass it entirely, call this first. + */ + @Override + public boolean needPostProcess() { + return this.postProcessor != null; + } + + @Override + public Object postProcess(final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return postProcess(null, regionPath, key, value, valueIsSerialized); + } + + @Override + public Object postProcess(Object principal, final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + if (!needPostProcess()) { + return value; + } + + if (principal == null) { + Subject subject = getSubject(); + if (subject == null) { + return value; + } + principal = (Serializable) subject.getPrincipal(); + } + + String regionName = StringUtils.stripStart(regionPath, "/"); + Object newValue; + + // if the data is a byte array, but the data itself is supposed to be an object, we need to + // deserialize it before we pass it to the callback. + if (valueIsSerialized && value instanceof byte[]) { + try { + Object oldObj = EntryEventImpl.deserialize((byte[]) value); + Object newObj = this.postProcessor.processRegionValue(principal, regionName, key, oldObj); + newValue = BlobHelper.serializeToBlob(newObj); + } catch (IOException | SerializationException e) { + throw new GemFireIOException("Exception de/serializing entry value", e); + } + } else { + newValue = this.postProcessor.processRegionValue(principal, regionName, key, value); + } + + return newValue; + } + + @Override + public SecurityManager getSecurityManager() { + return this.securityManager; + } + + @Override + public PostProcessor getPostProcessor() { + return this.postProcessor; + } + + @Override + public boolean isIntegratedSecurity() { + return true; + } + + @Override + public boolean isClientSecurityRequired() { + return true; + } + + @Override + public boolean isPeerSecurityRequired() { + return true; + } + + private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager) { + SessionManager sessionManager = shiroManager.getSessionManager(); + if (DefaultSessionManager.class.isInstance(sessionManager)) { + DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager; + defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE); + long value = defaultSessionManager.getGlobalSessionTimeout(); + if (value != Long.MAX_VALUE) { + logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.", value); + } + } else { + logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is '{}'.", + sessionManager == null ? "null" : sessionManager.getClass()); + } + } +}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java new file mode 100644 index 0000000..0e8bdbe --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java @@ -0,0 +1,218 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import static org.apache.geode.distributed.ConfigurationProperties.*; + +import java.util.Properties; +import java.util.concurrent.Callable; + +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.config.Ini.Section; +import org.apache.shiro.config.IniSecurityManagerFactory; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.util.ThreadState; + +import org.apache.geode.management.internal.security.ResourceOperation; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.security.SecurityManager; + +/** + * Legacy security service with ClientAuthenticator and/or PeerAuthenticator. + */ +public class LegacySecurityService implements SecurityService { + + private final boolean hasClientAuthenticator; + + private final boolean hasPeerAuthenticator; + + LegacySecurityService(final String clientAuthenticator, final String peerAuthenticator) { + this.hasClientAuthenticator = clientAuthenticator != null; + this.hasPeerAuthenticator = peerAuthenticator != null; + } + + @Override + public void initSecurity(final Properties securityProps) { + // nothing + } + + @Override + public void setSecurityManager(final SecurityManager securityManager) { + // nothing + } + + @Override + public void setPostProcessor(final PostProcessor postProcessor) { + // nothing + } + + @Override + public ThreadState bindSubject(final Subject subject) { + return null; + } + + @Override + public Subject getSubject() { + return null; + } + + @Override + public Subject login(final Properties credentials) { + return null; + } + + @Override + public void logout() { + // nothing + } + + @Override + public Callable associateWith(final Callable callable) { + return null; + } + + @Override + public void authorize(final ResourceOperation resourceOperation) { + // nothing + } + + @Override + public void authorizeClusterManage() { + // nothing + } + + @Override + public void authorizeClusterWrite() { + // nothing + } + + @Override + public void authorizeClusterRead() { + // nothing + } + + @Override + public void authorizeDataManage() { + // nothing + } + + @Override + public void authorizeDataWrite() { + // nothing + } + + @Override + public void authorizeDataRead() { + // nothing + } + + @Override + public void authorizeRegionManage(final String regionName) { + // nothing + } + + @Override + public void authorizeRegionManage(final String regionName, final String key) { + // nothing + } + + @Override + public void authorizeRegionWrite(final String regionName) { + // nothing + } + + @Override + public void authorizeRegionWrite(final String regionName, final String key) { + // nothing + } + + @Override + public void authorizeRegionRead(final String regionName) { + // nothing + } + + @Override + public void authorizeRegionRead(final String regionName, final String key) { + // nothing + } + + @Override + public void authorize(final String resource, final String operation) { + // nothing + } + + @Override + public void authorize(final String resource, final String operation, final String regionName) { + // nothing + } + + @Override + public void authorize(final String resource, final String operation, final String regionName, final String key) { + // nothing + } + + @Override + public void authorize(final ResourcePermission context) { + // nothing + } + + @Override + public void close() { + // nothing + } + + @Override + public boolean needPostProcess() { + return false; + } + + @Override + public Object postProcess(final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return null; + } + + @Override + public Object postProcess(final Object principal, final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return null; + } + + @Override + public boolean isClientSecurityRequired() { + return this.hasClientAuthenticator; + } + + @Override + public boolean isIntegratedSecurity() { + return false; + } + + @Override + public boolean isPeerSecurityRequired() { + return this.hasPeerAuthenticator; + } + + @Override + public SecurityManager getSecurityManager() { + return null; + } + + @Override + public PostProcessor getPostProcessor() { + return null; + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java index 14784c3..1a5375a 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java @@ -30,6 +30,12 @@ import java.util.concurrent.Callable; public interface SecurityService { + void initSecurity(Properties securityProps); // TODO:KIRK + + void setSecurityManager(SecurityManager securityManager); // TODO:KIRK + + void setPostProcessor(PostProcessor postProcessor); // TODO:KIRK + ThreadState bindSubject(Subject subject); Subject getSubject(); @@ -74,8 +80,6 @@ public interface SecurityService { void authorize(ResourcePermission context); - void initSecurity(Properties securityProps); - void close(); boolean needPostProcess(); @@ -93,21 +97,17 @@ public interface SecurityService { SecurityManager getSecurityManager(); - void setSecurityManager(SecurityManager securityManager); - PostProcessor getPostProcessor(); - void setPostProcessor(PostProcessor postProcessor); - /** * this method would never return null, it either throws an exception or returns an object */ - public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) { - Class actualClass = null; + static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) { + Class actualClass; try { actualClass = ClassLoadUtil.classFromName(className); - } catch (Exception ex) { - throw new GemFireSecurityException("Instance could not be obtained, " + ex.toString(), ex); + } catch (Exception e) { + throw new GemFireSecurityException("Instance could not be obtained, " + e, e); } if (!expectedClazz.isAssignableFrom(actualClass)) { @@ -115,22 +115,22 @@ public interface SecurityService { "Instance could not be obtained. Expecting a " + expectedClazz.getName() + " class."); } - T actualObject = null; try { - actualObject = (T) actualClass.newInstance(); + return (T) actualClass.newInstance(); } catch (Exception e) { throw new GemFireSecurityException( "Instance could not be obtained. Error instantiating " + actualClass.getName(), e); } - return actualObject; } /** * this method would never return null, it either throws an exception or returns an object + * + * TODO: expectedClazz is unused */ - public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, + static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz) { - T actualObject = null; + T actualObject; try { Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName); actualObject = (T) factoryMethod.invoke(null, (Object[]) null); @@ -153,17 +153,17 @@ public interface SecurityService { * @return an object of type expectedClazz. This method would never return null. It either returns * an non-null object or throws exception. */ - public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) { - T object = null; + static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) { + T object; try { object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz); - } catch (Exception e) { + } catch (Exception ignore) { object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz); } return object; } - public static Properties getCredentials(Properties securityProps) { + static Properties getCredentials(Properties securityProps) { Properties credentials = null; if (securityProps.containsKey(ResourceConstants.USER_NAME) && securityProps.containsKey(ResourceConstants.PASSWORD)) { @@ -177,6 +177,7 @@ public interface SecurityService { } static SecurityService getSecurityService() { + // TODO:KIRK return IntegratedSecurityService.getSecurityService(); } http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java new file mode 100644 index 0000000..83781a7 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java @@ -0,0 +1,136 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import static org.apache.geode.distributed.ConfigurationProperties.*; + +import java.util.Properties; + +import org.apache.commons.lang.StringUtils; + +import org.apache.geode.distributed.internal.DistributionConfig; +import org.apache.geode.internal.cache.CacheConfig; +import org.apache.geode.internal.security.shiro.ConfigInitialization; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.SecurityManager; + +public class SecurityServiceFactory { + + private SecurityServiceFactory() { + // do not instantiate + } + + public static SecurityService create(CacheConfig cacheConfig, DistributionConfig distributionConfig) { + Properties securityConfig = getSecurityConfig(distributionConfig); + SecurityManager securityManager = getSecurityManager(getSecurityManagerFromConfig(cacheConfig), securityConfig); + PostProcessor postProcessor = getPostProcessor(getPostProcessorFromConfig(cacheConfig), securityConfig); + + SecurityService securityService = create(securityConfig, securityManager, postProcessor); + // securityService.initSecurity(distributionConfig.getSecurityProps()); + return securityService; + } + + static SecurityService create(Properties securityConfig, SecurityManager securityManager, PostProcessor postProcessor) { + SecurityServiceType type = determineType(securityConfig, securityManager); + switch (type) { + case CUSTOM: + String shiroConfig = securityConfig.getProperty(SECURITY_SHIRO_INIT); + ConfigInitialization configInitialization = new ConfigInitialization(shiroConfig); + configInitialization.initialize(); + return new CustomSecurityService(); + case ENABLED: + return new EnabledSecurityService(securityManager, postProcessor); + case LEGACY: + String clientAuthenticator = securityConfig.getProperty(SECURITY_CLIENT_AUTHENTICATOR); + String peerAuthenticator = securityConfig.getProperty(SECURITY_PEER_AUTHENTICATOR); + return new LegacySecurityService(clientAuthenticator, peerAuthenticator); + default: + return new DisabledSecurityService(); + } + } + + static SecurityServiceType determineType(Properties securityConfig, SecurityManager securityManager) { + boolean hasShiroConfig = securityConfig.getProperty(SECURITY_SHIRO_INIT) != null; + if (hasShiroConfig) { + return SecurityServiceType.CUSTOM; + } + + boolean hasSecurityManager = securityManager != null; + if (hasSecurityManager) { + return SecurityServiceType.ENABLED; + } + + boolean hasClientAuthenticator = securityConfig.getProperty(SECURITY_CLIENT_AUTHENTICATOR) != null; + boolean hasPeerAuthenticator = securityConfig.getProperty(SECURITY_PEER_AUTHENTICATOR) != null; + if (hasClientAuthenticator || hasPeerAuthenticator) { + return SecurityServiceType.LEGACY; + } + + return SecurityServiceType.DISABLED; + } + + static SecurityManager getSecurityManager(SecurityManager securityManager, Properties securityConfig) { + if (securityManager != null) { + return securityManager; + } + + String securityManagerConfig = securityConfig.getProperty(SECURITY_MANAGER); + if (StringUtils.isNotBlank(securityManagerConfig)) { + securityManager = SecurityService.getObjectOfTypeFromClassName(securityManagerConfig, SecurityManager.class); + securityManager.init(securityConfig); + } + + return securityManager; + } + + static PostProcessor getPostProcessor(PostProcessor postProcessor, Properties securityConfig) { + if (postProcessor != null) { + return postProcessor; + } + + String postProcessorConfig = securityConfig.getProperty(SECURITY_POST_PROCESSOR); + if (StringUtils.isNotBlank(postProcessorConfig)) { + postProcessor = + SecurityService.getObjectOfTypeFromClassName(postProcessorConfig, PostProcessor.class); + postProcessor.init(securityConfig); + } + + return postProcessor; + } + + private static Properties getSecurityConfig(DistributionConfig distributionConfig) { + if (distributionConfig == null) { + return new Properties(); + } + return distributionConfig.getSecurityProps(); + } + + private static SecurityManager getSecurityManagerFromConfig(CacheConfig cacheConfig) { + if (cacheConfig == null) { + return null; + } + return cacheConfig.getSecurityManager(); + } + + private static PostProcessor getPostProcessorFromConfig(CacheConfig cacheConfig) { + if (cacheConfig == null) { + return null; + } + return cacheConfig.getPostProcessor(); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java new file mode 100644 index 0000000..99df876 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +public enum SecurityServiceType { + /** Integrated Security is Enabled */ + ENABLED, + /** Security is Disabled */ + DISABLED, + /** Legacy Security is Enabled */ + LEGACY, + /** Shiro Config is specified */ + CUSTOM +} http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java new file mode 100644 index 0000000..18b5dca --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security.shiro; + +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.config.Ini.Section; +import org.apache.shiro.config.IniSecurityManagerFactory; + +public class ConfigInitialization { + + private final String shiroConfig; + + public ConfigInitialization(String shiroConfig) { + this.shiroConfig = shiroConfig; + } + + public void initialize() { + IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + this.shiroConfig); + + // we will need to make sure that shiro uses a case sensitive permission resolver + Section main = factory.getIni().addSection("main"); + main.put("geodePermissionResolver", + "org.apache.geode.internal.security.shiro.GeodePermissionResolver"); + if (!main.containsKey("iniRealm.permissionResolver")) { + main.put("iniRealm.permissionResolver", "$geodePermissionResolver"); + } + + org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance(); + SecurityUtils.setSecurityManager(securityManager); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java index 2a641d3..49d38f5 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java @@ -14,7 +14,11 @@ */ package org.apache.geode.internal.security.shiro; -import static org.apache.geode.management.internal.security.ResourceConstants.*; +import static org.apache.geode.management.internal.security.ResourceConstants.MISSING_CREDENTIALS_MESSAGE; + +import org.apache.geode.internal.security.SecurityService; +import org.apache.geode.management.internal.security.ResourceConstants; +import org.apache.geode.security.AuthenticationFailedException; import java.security.Principal; import java.util.Collections; @@ -26,18 +30,16 @@ import javax.management.remote.JMXConnectionNotification; import javax.management.remote.JMXPrincipal; import javax.security.auth.Subject; -import org.apache.geode.internal.security.IntegratedSecurityService; -import org.apache.geode.internal.security.SecurityService; -import org.apache.geode.management.internal.security.ResourceConstants; -import org.apache.geode.security.AuthenticationFailedException; - /** * this will make JMX authentication to use Shiro for Authentication */ - public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener { - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); + private final SecurityService securityService; + + public JMXShiroAuthenticator(SecurityService securityService) { + this.securityService = securityService; + } @Override public Subject authenticate(Object credentials) { http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java index 767cf94..55957b2 100644 --- a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java +++ b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java @@ -19,6 +19,7 @@ import java.util.Map; import org.apache.geode.cache.Cache; import org.apache.geode.cache.CacheClosedException; +import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.management.DependenciesNotFoundException; import org.apache.geode.management.internal.cli.CliUtil; @@ -124,7 +125,7 @@ public abstract class CommandService { .toLocalizedString(new Object[] {nonExistingDependency})); } - localCommandService = new MemberCommandService(cache); + localCommandService = new MemberCommandService((InternalCache) cache); } return localCommandService; http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java index 3e6e4484..554dc66 100755 --- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java @@ -91,7 +91,7 @@ public class ManagementAgent { private JMXConnectorServer jmxConnectorServer; private JMXShiroAuthenticator shiroAuthenticator; private final DistributionConfig config; - private SecurityService securityService = SecurityService.getSecurityService(); + private final SecurityService securityService; private boolean isHttpServiceRunning = false; /** @@ -103,8 +103,9 @@ public class ManagementAgent { private static final String PULSE_USESSL_MANAGER = "pulse.useSSL.manager"; private static final String PULSE_USESSL_LOCATOR = "pulse.useSSL.locator"; - public ManagementAgent(DistributionConfig config) { + public ManagementAgent(DistributionConfig config, SecurityService securityService) { this.config = config; + this.securityService = securityService; } public synchronized boolean isRunning() { @@ -465,14 +466,14 @@ public class ManagementAgent { }; if (securityService.isIntegratedSecurity()) { - shiroAuthenticator = new JMXShiroAuthenticator(); + shiroAuthenticator = new JMXShiroAuthenticator(this.securityService); env.put(JMXConnectorServer.AUTHENTICATOR, shiroAuthenticator); jmxConnectorServer.addNotificationListener(shiroAuthenticator, null, jmxConnectorServer.getAttributes()); // always going to assume authorization is needed as well, if no custom AccessControl, then // the CustomAuthRealm // should take care of that - MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper(); + MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper(this.securityService); jmxConnectorServer.setMBeanServerForwarder(mBeanServerWrapper); registerAccessControlMBean(); } else { @@ -501,7 +502,7 @@ public class ManagementAgent { private void registerAccessControlMBean() { try { - AccessControlMBean acc = new AccessControlMBean(); + AccessControlMBean acc = new AccessControlMBean(this.securityService); ObjectName accessControlMBeanON = new ObjectName(ResourceConstants.OBJECT_NAME_ACCESSCONTROL); MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer(); http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java b/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java index fc8eb97..11402f1 100755 --- a/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java @@ -144,7 +144,7 @@ public class SystemManagementService extends BaseManagementService { this.notificationHub = new NotificationHub(repo); if (system.getConfig().getJmxManager()) { - this.agent = new ManagementAgent(system.getConfig()); + this.agent = new ManagementAgent(system.getConfig(), cache.getSecurityService()); } else { this.agent = null; } http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java index 26b903b..31d6c0a 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java @@ -50,7 +50,6 @@ import java.util.Set; */ @SuppressWarnings("unused") public abstract class AbstractCommandsSupport implements CommandMarker { - protected static SecurityService securityService = SecurityService.getSecurityService(); protected static void assertArgument(final boolean valid, final String message, final Object... args) { http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java index 6e1a74e..d829b3e 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java @@ -89,8 +89,6 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport { public static final Set<RegionShortcut> PERSISTENT_OVERFLOW_SHORTCUTS = new TreeSet<>(); - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); - static { PERSISTENT_OVERFLOW_SHORTCUTS.add(RegionShortcut.PARTITION_PERSISTENT); PERSISTENT_OVERFLOW_SHORTCUTS.add(RegionShortcut.PARTITION_REDUNDANT_PERSISTENT); http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java index a38e545..696108e 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java @@ -33,8 +33,6 @@ import org.apache.geode.cache.execute.ResultCollector; import org.apache.geode.cache.partition.PartitionRebalanceInfo; import org.apache.geode.distributed.DistributedMember; import org.apache.geode.internal.cache.InternalCache; -import org.apache.geode.internal.security.IntegratedSecurityService; -import org.apache.geode.internal.security.SecurityService; import org.apache.geode.management.DistributedRegionMXBean; import org.apache.geode.management.ManagementService; import org.apache.geode.management.cli.CliMetaData; @@ -49,6 +47,7 @@ import org.apache.geode.management.internal.cli.functions.DataCommandFunction; import org.apache.geode.management.internal.cli.functions.ExportDataFunction; import org.apache.geode.management.internal.cli.functions.ImportDataFunction; import org.apache.geode.management.internal.cli.functions.RebalanceFunction; +import org.apache.geode.management.internal.cli.functions.SelectExecStep; import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.management.internal.cli.multistep.CLIMultiStepHelper; import org.apache.geode.management.internal.cli.multistep.CLIStep; @@ -93,8 +92,6 @@ public class DataCommands implements CommandMarker { private final ImportDataFunction importDataFunction = new ImportDataFunction(); - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); - private Gfsh getGfsh() { return Gfsh.getCurrentInstance(); } @@ -750,7 +747,7 @@ public class DataCommands implements CommandMarker { optionContext = ConverterHint.MEMBERIDNAME, mandatory = true, help = CliStrings.EXPORT_DATA__MEMBER__HELP) String memberNameOrId) { - this.securityService.authorizeRegionRead(regionName); + getCache().getSecurityService().authorizeRegionRead(regionName); final DistributedMember targetMember = CliUtil.getDistributedMemberByNameOrId(memberNameOrId); Result result; @@ -808,7 +805,7 @@ public class DataCommands implements CommandMarker { @CliOption(key = CliStrings.IMPORT_DATA__INVOKE_CALLBACKS, unspecifiedDefaultValue = "false", help = CliStrings.IMPORT_DATA__INVOKE_CALLBACKS__HELP) boolean invokeCallbacks) { - this.securityService.authorizeRegionWrite(regionName); + getCache().getSecurityService().authorizeRegionWrite(regionName); Result result; @@ -869,8 +866,8 @@ public class DataCommands implements CommandMarker { @CliOption(key = {CliStrings.PUT__PUTIFABSENT}, help = CliStrings.PUT__PUTIFABSENT__HELP, unspecifiedDefaultValue = "false") boolean putIfAbsent) { - this.securityService.authorizeRegionWrite(regionPath); InternalCache cache = getCache(); + cache.getSecurityService().authorizeRegionWrite(regionPath); DataCommandResult dataResult; if (StringUtils.isEmpty(regionPath)) { return makePresentationResult(DataCommandResult.createPutResult(key, null, null, @@ -940,9 +937,9 @@ public class DataCommands implements CommandMarker { @CliOption(key = CliStrings.GET__LOAD, unspecifiedDefaultValue = "true", specifiedDefaultValue = "true", help = CliStrings.GET__LOAD__HELP) Boolean loadOnCacheMiss) { - this.securityService.authorizeRegionRead(regionPath, key); InternalCache cache = getCache(); + cache.getSecurityService().authorizeRegionRead(regionPath, key); DataCommandResult dataResult; if (StringUtils.isEmpty(regionPath)) { @@ -968,7 +965,7 @@ public class DataCommands implements CommandMarker { request.setRegionName(regionPath); request.setValueClass(valueClass); request.setLoadOnCacheMiss(loadOnCacheMiss); - Subject subject = this.securityService.getSubject(); + Subject subject = cache.getSecurityService().getSubject(); if (subject != null) { request.setPrincipal(subject.getPrincipal()); } @@ -1005,7 +1002,7 @@ public class DataCommands implements CommandMarker { help = CliStrings.LOCATE_ENTRY__RECURSIVE__HELP, unspecifiedDefaultValue = "false") boolean recursive) { - this.securityService.authorizeRegionRead(regionPath, key); + getCache().getSecurityService().authorizeRegionRead(regionPath, key); DataCommandResult dataResult; @@ -1068,9 +1065,9 @@ public class DataCommands implements CommandMarker { } if (removeAllKeys) { - this.securityService.authorizeRegionWrite(regionPath); + cache.getSecurityService().authorizeRegionWrite(regionPath); } else { - this.securityService.authorizeRegionWrite(regionPath, key); + cache.getSecurityService().authorizeRegionWrite(regionPath, key); } @SuppressWarnings("rawtypes") @@ -1116,7 +1113,7 @@ public class DataCommands implements CommandMarker { } Object[] arguments = new Object[] {query, stepName, interactive}; - CLIStep exec = new DataCommandFunction.SelectExecStep(arguments); + CLIStep exec = new SelectExecStep(arguments); CLIStep display = new DataCommandFunction.SelectDisplayStep(arguments); CLIStep move = new DataCommandFunction.SelectMoveStep(arguments); CLIStep quit = new DataCommandFunction.SelectQuitStep(arguments); http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java index 407424a..51e378a 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java @@ -84,8 +84,6 @@ public class IndexCommands extends AbstractCommandsSupport { private static final Set<IndexInfo> indexDefinitions = Collections.synchronizedSet(new HashSet<IndexInfo>()); - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); - @Override protected Set<DistributedMember> getMembers(final InternalCache cache) { // TODO determine what this does (as it is untested and unmockable!) @@ -202,7 +200,7 @@ public class IndexCommands extends AbstractCommandsSupport { Result result = null; AtomicReference<XmlEntity> xmlEntity = new AtomicReference<>(); - this.securityService.authorizeRegionManage(regionPath); + getCache().getSecurityService().authorizeRegionManage(regionPath); try { final Cache cache = CacheFactory.getAnyInstance(); @@ -361,9 +359,9 @@ public class IndexCommands extends AbstractCommandsSupport { // requires data manage permission on all regions if (StringUtils.isNotBlank(regionPath)) { regionName = regionPath.startsWith("/") ? regionPath.substring(1) : regionPath; - this.securityService.authorizeRegionManage(regionName); + getCache().getSecurityService().authorizeRegionManage(regionName); } else { - this.securityService.authorizeDataManage(); + getCache().getSecurityService().authorizeDataManage(); } IndexInfo indexInfo = new IndexInfo(indexName, regionName); @@ -485,7 +483,7 @@ public class IndexCommands extends AbstractCommandsSupport { Result result = null; XmlEntity xmlEntity = null; - this.securityService.authorizeRegionManage(regionPath); + getCache().getSecurityService().authorizeRegionManage(regionPath); int idxType = IndexInfo.RANGE_INDEX; http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java index e2164a3..9270a94 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java @@ -94,9 +94,6 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti protected static final String SELECT_STEP_EXEC = "SELECT_EXEC"; private static final int NESTED_JSON_LENGTH = 20; - // this needs to be static so that it won't get serialized - private static SecurityService securityService = SecurityService.getSecurityService(); - @Override public String getId() { return DataCommandFunction.class.getName(); @@ -296,7 +293,7 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti List<SelectResultRow> list, AtomicInteger nestedObjectCount) throws GfJsonException { for (Object object : selectResults) { // Post processing - object = securityService.postProcess(principal, null, null, object, false); + object = getCache().getSecurityService().postProcess(principal, null, null, object, false); if (object instanceof Struct) { StructImpl impl = (StructImpl) object; @@ -836,7 +833,7 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti return list; } - private static DataCommandResult cachedResult = null; + static DataCommandResult cachedResult = null; public static class SelectDisplayStep extends CLIMultiStepHelper.LocalStep { @@ -915,107 +912,6 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti } } - public static class SelectExecStep extends CLIMultiStepHelper.RemoteStep { - - private static final long serialVersionUID = 1L; - - private static SecurityService securityService = SecurityService.getSecurityService(); - - public SelectExecStep(Object[] arguments) { - super(SELECT_STEP_EXEC, arguments); - } - - @Override - public Result exec() { - String remainingQuery = (String) commandArguments[0]; - boolean interactive = (Boolean) commandArguments[2]; - DataCommandResult result = _select(remainingQuery); - int endCount = 0; - cachedResult = result; - if (interactive) { - endCount = getPageSize(); - } else { - if (result.getSelectResult() != null) { - endCount = result.getSelectResult().size(); - } - } - if (interactive) { - return result.pageResult(0, endCount, SELECT_STEP_DISPLAY); - } else { - return CLIMultiStepHelper.createBannerResult(new String[] {}, new Object[] {}, - SELECT_STEP_END); - } - } - - public DataCommandResult _select(String query) { - InternalCache cache = (InternalCache) CacheFactory.getAnyInstance(); - DataCommandResult dataResult; - - if (StringUtils.isEmpty(query)) { - dataResult = DataCommandResult.createSelectInfoResult(null, null, -1, null, - CliStrings.QUERY__MSG__QUERY_EMPTY, false); - return dataResult; - } - - Object array[] = DataCommands.replaceGfshEnvVar(query, CommandExecutionContext.getShellEnv()); - query = (String) array[1]; - query = addLimit(query); - - @SuppressWarnings("deprecation") - QCompiler compiler = new QCompiler(); - Set<String> regionsInQuery; - try { - CompiledValue compiledQuery = compiler.compileQuery(query); - Set<String> regions = new HashSet<>(); - compiledQuery.getRegionsInQuery(regions, null); - - // authorize data read on these regions - for (String region : regions) { - securityService.authorizeRegionRead(region); - } - - regionsInQuery = Collections.unmodifiableSet(regions); - if (regionsInQuery.size() > 0) { - Set<DistributedMember> members = - DataCommands.getQueryRegionsAssociatedMembers(regionsInQuery, cache, false); - if (members != null && members.size() > 0) { - DataCommandFunction function = new DataCommandFunction(); - DataCommandRequest request = new DataCommandRequest(); - request.setCommand(CliStrings.QUERY); - request.setQuery(query); - Subject subject = securityService.getSubject(); - if (subject != null) { - request.setPrincipal(subject.getPrincipal()); - } - dataResult = DataCommands.callFunctionForRegion(request, function, members); - dataResult.setInputQuery(query); - return dataResult; - } else { - return DataCommandResult.createSelectInfoResult(null, null, -1, null, CliStrings.format( - CliStrings.QUERY__MSG__REGIONS_NOT_FOUND, regionsInQuery.toString()), false); - } - } else { - return DataCommandResult.createSelectInfoResult(null, null, -1, null, - CliStrings.format(CliStrings.QUERY__MSG__INVALID_QUERY, - "Region mentioned in query probably missing /"), - false); - } - } catch (QueryInvalidException qe) { - logger.error("{} Failed Error {}", query, qe.getMessage(), qe); - return DataCommandResult.createSelectInfoResult(null, null, -1, null, - CliStrings.format(CliStrings.QUERY__MSG__INVALID_QUERY, qe.getMessage()), false); - } - } - - private String addLimit(String query) { - if (StringUtils.containsIgnoreCase(query, " limit") - || StringUtils.containsIgnoreCase(query, " count(")) { - return query; - } - return query + " limit " + getFetchSize(); - } - } - public static class SelectQuitStep extends CLIMultiStepHelper.RemoteStep { public SelectQuitStep(Object[] arguments) { @@ -1063,7 +959,7 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti return pageSize; } - private static int getFetchSize() { + static int getFetchSize() { return CommandExecutionContext.getShellFetchSize(); } http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SelectExecStep.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SelectExecStep.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SelectExecStep.java new file mode 100644 index 0000000..bd58534 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SelectExecStep.java @@ -0,0 +1,139 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.management.internal.cli.functions; + +import org.apache.commons.lang.StringUtils; +import org.apache.geode.cache.CacheFactory; +import org.apache.geode.cache.query.QueryInvalidException; +import org.apache.geode.cache.query.internal.CompiledValue; +import org.apache.geode.cache.query.internal.QCompiler; +import org.apache.geode.distributed.DistributedMember; +import org.apache.geode.internal.cache.InternalCache; +import org.apache.geode.internal.logging.LogService; +import org.apache.geode.management.cli.Result; +import org.apache.geode.management.internal.cli.commands.DataCommands; +import org.apache.geode.management.internal.cli.domain.DataCommandRequest; +import org.apache.geode.management.internal.cli.domain.DataCommandResult; +import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.management.internal.cli.multistep.CLIMultiStepHelper; +import org.apache.geode.management.internal.cli.remote.CommandExecutionContext; +import org.apache.logging.log4j.Logger; +import org.apache.shiro.subject.Subject; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +public class SelectExecStep extends CLIMultiStepHelper.RemoteStep { + private static final Logger logger = LogService.getLogger(); + + private static final long serialVersionUID = 1L; + + public SelectExecStep(Object[] arguments) { + super(DataCommandFunction.SELECT_STEP_EXEC, arguments); + } + + @Override + public Result exec() { + String remainingQuery = (String) commandArguments[0]; + boolean interactive = (Boolean) commandArguments[2]; + DataCommandResult result = _select(remainingQuery); + int endCount = 0; + DataCommandFunction.cachedResult = result; + if (interactive) { + endCount = DataCommandFunction.getPageSize(); + } else { + if (result.getSelectResult() != null) { + endCount = result.getSelectResult().size(); + } + } + if (interactive) { + return result.pageResult(0, endCount, DataCommandFunction.SELECT_STEP_DISPLAY); + } else { + return CLIMultiStepHelper.createBannerResult(new String[] {}, new Object[] {}, + DataCommandFunction.SELECT_STEP_END); + } + } + + public DataCommandResult _select(String query) { + InternalCache cache = (InternalCache) CacheFactory.getAnyInstance(); + DataCommandResult dataResult; + + if (StringUtils.isEmpty(query)) { + dataResult = DataCommandResult.createSelectInfoResult(null, null, -1, null, + CliStrings.QUERY__MSG__QUERY_EMPTY, false); + return dataResult; + } + + Object array[] = DataCommands.replaceGfshEnvVar(query, CommandExecutionContext.getShellEnv()); + query = (String) array[1]; + query = addLimit(query); + + @SuppressWarnings("deprecation") + QCompiler compiler = new QCompiler(); + Set<String> regionsInQuery; + try { + CompiledValue compiledQuery = compiler.compileQuery(query); + Set<String> regions = new HashSet<>(); + compiledQuery.getRegionsInQuery(regions, null); + + // authorize data read on these regions + for (String region : regions) { + cache.getSecurityService().authorizeRegionRead(region); + } + + regionsInQuery = Collections.unmodifiableSet(regions); + if (regionsInQuery.size() > 0) { + Set<DistributedMember> members = + DataCommands.getQueryRegionsAssociatedMembers(regionsInQuery, cache, false); + if (members != null && members.size() > 0) { + DataCommandFunction function = new DataCommandFunction(); + DataCommandRequest request = new DataCommandRequest(); + request.setCommand(CliStrings.QUERY); + request.setQuery(query); + Subject subject = cache.getSecurityService().getSubject(); + if (subject != null) { + request.setPrincipal(subject.getPrincipal()); + } + dataResult = DataCommands.callFunctionForRegion(request, function, members); + dataResult.setInputQuery(query); + return dataResult; + } else { + return DataCommandResult.createSelectInfoResult(null, null, -1, null, CliStrings.format( + CliStrings.QUERY__MSG__REGIONS_NOT_FOUND, regionsInQuery.toString()), false); + } + } else { + return DataCommandResult.createSelectInfoResult(null, null, -1, null, + CliStrings.format(CliStrings.QUERY__MSG__INVALID_QUERY, + "Region mentioned in query probably missing /"), + false); + } + } catch (QueryInvalidException qe) { + logger.error("{} Failed Error {}", query, qe.getMessage(), qe); + return DataCommandResult.createSelectInfoResult(null, null, -1, null, + CliStrings.format(CliStrings.QUERY__MSG__INVALID_QUERY, qe.getMessage()), false); + } + } + + private String addLimit(String query) { + if (StringUtils.containsIgnoreCase(query, " limit") + || StringUtils.containsIgnoreCase(query, " count(")) { + return query; + } + return query + " limit " + DataCommandFunction.getFetchSize(); + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java index c2c6e14..f7d78cc 100755 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java @@ -14,6 +14,7 @@ */ package org.apache.geode.management.internal.cli.remote; +import org.apache.geode.internal.security.DisabledSecurityService; import org.apache.geode.internal.security.IntegratedSecurityService; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.management.cli.CommandProcessingException; @@ -49,16 +50,17 @@ public class CommandProcessor { private volatile boolean isStopped = false; - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); + private final SecurityService securityService; public CommandProcessor() throws ClassNotFoundException, IOException { - this(null); + this(null, new DisabledSecurityService()); } - public CommandProcessor(Properties cacheProperties) throws ClassNotFoundException, IOException { + public CommandProcessor(Properties cacheProperties, SecurityService securityService) throws ClassNotFoundException, IOException { this.gfshParser = new GfshParser(cacheProperties); this.executionStrategy = new RemoteExecutionStrategy(); this.logWrapper = LogWrapper.getInstance(); + this.securityService = securityService; } protected RemoteExecutionStrategy getExecutionStrategy() { http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java index a19c5cb..1d7494e 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java @@ -18,6 +18,7 @@ import java.io.IOException; import java.util.Map; import org.apache.geode.cache.Cache; +import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.management.cli.CommandService; import org.apache.geode.management.cli.CommandServiceException; import org.apache.geode.management.cli.CommandStatement; @@ -28,10 +29,10 @@ import org.apache.geode.management.cli.Result; public class MemberCommandService extends CommandService { private final Object modLock = new Object(); - private Cache cache; + private InternalCache cache; private CommandProcessor commandProcessor; - public MemberCommandService(Cache cache) throws CommandServiceException { + public MemberCommandService(InternalCache cache) throws CommandServiceException { this.cache = cache; try { this.commandProcessor = new CommandProcessor(cache.getDistributedSystem().getProperties()); http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java b/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java index 6514a33..dbc6c6b 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java @@ -26,7 +26,11 @@ import org.apache.geode.security.GemFireSecurityException; */ public class AccessControlMBean implements AccessControlMXBean { - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); + private final SecurityService securityService; + + public AccessControlMBean(SecurityService securityService) { + this.securityService = securityService; + } @Override public boolean authorize(String resource, String permission) { http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java b/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java index fe79efb..345d688 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java @@ -14,6 +14,11 @@ */ package org.apache.geode.management.internal.security; +import org.apache.geode.internal.security.SecurityService; +import org.apache.geode.management.internal.ManagementConstants; +import org.apache.geode.security.GemFireSecurityException; +import org.apache.geode.security.ResourcePermission; + import java.io.ObjectInputStream; import java.util.Set; import javax.management.Attribute; @@ -42,25 +47,22 @@ import javax.management.ReflectionException; import javax.management.loading.ClassLoaderRepository; import javax.management.remote.MBeanServerForwarder; -import org.apache.geode.internal.security.IntegratedSecurityService; -import org.apache.geode.internal.security.SecurityService; -import org.apache.geode.management.internal.ManagementConstants; -import org.apache.geode.security.GemFireSecurityException; -import org.apache.geode.security.ResourcePermission; - /** * This class intercepts all MBean requests for GemFire MBeans and passed it to * ManagementInterceptor for authorization * * @since Geode 1.0 - * */ public class MBeanServerWrapper implements MBeanServerForwarder { + + // TODO: make volatile or verify this is thread-safe private MBeanServer mbs; - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); + private final SecurityService securityService; - public MBeanServerWrapper() {} + public MBeanServerWrapper(SecurityService securityService) { + this.securityService = securityService; + } private void checkDomain(ObjectName name) { if (ManagementConstants.OBJECTNAME__DEFAULTDOMAIN.equals(name.getDomain())) http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java index 54c29f8..0a18ec5 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java @@ -12,7 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ - package org.apache.geode.management.internal.web.controllers; import org.apache.geode.internal.cache.GemFireCacheImpl; @@ -20,8 +19,6 @@ import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.lang.StringUtils; import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.logging.log4j.LogMarker; -import org.apache.geode.internal.security.IntegratedSecurityService; -import org.apache.geode.internal.security.SecurityService; import org.apache.geode.internal.util.ArrayUtils; import org.apache.geode.management.DistributedSystemMXBean; import org.apache.geode.management.ManagementService; @@ -85,8 +82,6 @@ public abstract class AbstractCommandsController { private MemberMXBean managingMemberMXBeanProxy; - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); - private Class accessControlKlass; private InternalCache getCache() { @@ -576,10 +571,9 @@ public abstract class AbstractCommandsController { return new ResponseEntity<String>(result, HttpStatus.OK); } }; - return this.securityService.associateWith(callable); + return getCache().getSecurityService().associateWith(callable); } - /** * Executes the specified command as entered by the user using the GemFire Shell (Gfsh). Note, * Gfsh performs validation of the command during parsing before sending the command to the http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java index 56d9b9e..ffe1895 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java @@ -14,10 +14,11 @@ */ package org.apache.geode.management.internal.web.controllers.support; -import org.apache.geode.cache.Cache; import org.apache.geode.distributed.internal.DistributionConfig; +import org.apache.geode.internal.cache.GemFireCacheImpl; +import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.logging.LogService; -import org.apache.geode.internal.security.IntegratedSecurityService; +import org.apache.geode.internal.security.DisabledSecurityService; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.management.internal.cli.multistep.CLIMultiStepHelper; import org.apache.geode.management.internal.security.ResourceConstants; @@ -48,9 +49,7 @@ public class LoginHandlerInterceptor extends HandlerInterceptorAdapter { private static final Logger logger = LogService.getLogger(); - private Cache cache; - - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); + private final SecurityService securityService; private static final ThreadLocal<Map<String, String>> ENV = new ThreadLocal<Map<String, String>>() { @@ -65,10 +64,26 @@ public class LoginHandlerInterceptor extends HandlerInterceptorAdapter { protected static final String SECURITY_VARIABLE_REQUEST_HEADER_PREFIX = DistributionConfig.SECURITY_PREFIX_NAME; + public LoginHandlerInterceptor() { + this(findSecurityService()); + } + + LoginHandlerInterceptor(SecurityService securityService) { + this.securityService = securityService; + } + public static Map<String, String> getEnvironment() { return ENV.get(); } + private static SecurityService findSecurityService() { + InternalCache cache = GemFireCacheImpl.getInstance(); + if (cache != null) { + return cache.getSecurityService(); + } + return new DisabledSecurityService(); + } + @Override public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) throws Exception { @@ -104,11 +119,6 @@ public class LoginHandlerInterceptor extends HandlerInterceptorAdapter { return true; } - public void setSecurityService(SecurityService securityService) { - this.securityService = securityService; - } - - @Override public void afterCompletion(final HttpServletRequest request, final HttpServletResponse response, final Object handler, final Exception ex) throws Exception { http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java index 707e3cf..bad58d8 100644 --- a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java +++ b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java @@ -28,7 +28,7 @@ public interface PostProcessor { * Given the security props of the server, properly initialize the post processor for the server. * Initialized at cache creation * - * @param securityProps + * @param securityProps security properties */ default void init(Properties securityProps) {} http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java index d0f5793..ee8b6fa 100755 --- a/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java @@ -390,7 +390,8 @@ public class BlockingHARegionJUnitTest { } } catch (Exception e) { exceptionOccurred = true; - exceptionString.append(" Exception occurred due to " + e); + exceptionString.append(" Exception occurred due to ").append(e); + break; } } } @@ -414,9 +415,13 @@ public class BlockingHARegionJUnitTest { for (int i = 0; i < numberOfTakes; i++) { try { assertNotNull(this.regionQueue.take()); + if (Thread.currentThread().isInterrupted()) { + break; + } } catch (Exception e) { exceptionOccurred = true; - exceptionString.append(" Exception occurred due to " + e); + exceptionString.append(" Exception occurred due to ").append(e); + break; } } } http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java index 3a6c2a3..5b71065 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java +++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java @@ -100,7 +100,7 @@ public class ContainsKey66Test { public void noSecurityShouldSucceed() throws Exception { when(this.securityService.isClientSecurityRequired()).thenReturn(false); - this.containsKey66.cmdExecute(this.message, this.serverConnection, 0); + this.containsKey66.cmdExecute(, this.message, 0); verify(this.responseMessage).send(this.serverConnection); } @@ -110,7 +110,7 @@ public class ContainsKey66Test { when(this.securityService.isClientSecurityRequired()).thenReturn(true); when(this.securityService.isIntegratedSecurity()).thenReturn(true); - this.containsKey66.cmdExecute(this.message, this.serverConnection, 0); + this.containsKey66.cmdExecute(, this.message, 0); verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY)); verify(this.responseMessage).send(this.serverConnection); @@ -123,7 +123,7 @@ public class ContainsKey66Test { doThrow(new NotAuthorizedException("")).when(this.securityService) .authorizeRegionRead(eq(REGION_NAME), eq(KEY)); - this.containsKey66.cmdExecute(this.message, this.serverConnection, 0); + this.containsKey66.cmdExecute(, this.message, 0); verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY)); verify(this.errorResponseMessage).send(eq(this.serverConnection)); @@ -134,7 +134,7 @@ public class ContainsKey66Test { when(this.securityService.isClientSecurityRequired()).thenReturn(true); when(this.securityService.isIntegratedSecurity()).thenReturn(false); - this.containsKey66.cmdExecute(this.message, this.serverConnection, 0); + this.containsKey66.cmdExecute(, this.message, 0); verify(this.authzRequest).containsKeyAuthorize(eq(REGION_NAME), eq(KEY)); verify(this.responseMessage).send(this.serverConnection); @@ -147,7 +147,7 @@ public class ContainsKey66Test { doThrow(new NotAuthorizedException("")).when(this.authzRequest) .containsKeyAuthorize(eq(REGION_NAME), eq(KEY)); - this.containsKey66.cmdExecute(this.message, this.serverConnection, 0); + this.containsKey66.cmdExecute(, this.message, 0); verify(this.authzRequest).containsKeyAuthorize(eq(REGION_NAME), eq(KEY)); verify(this.errorResponseMessage).send(eq(this.serverConnection)); http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java index bc1be3e..625d37a 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java @@ -88,7 +88,7 @@ public class ContainsKeyTest { public void noSecurityShouldSucceed() throws Exception { when(this.securityService.isClientSecurityRequired()).thenReturn(false); - containsKey.cmdExecute(this.message, this.serverConnection, 0); + containsKey.cmdExecute(, this.message, 0); verify(this.replyMessage).send(this.serverConnection); } @@ -98,7 +98,7 @@ public class ContainsKeyTest { when(this.securityService.isClientSecurityRequired()).thenReturn(true); when(this.securityService.isIntegratedSecurity()).thenReturn(true); - containsKey.cmdExecute(this.message, this.serverConnection, 0); + containsKey.cmdExecute(, this.message, 0); verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY)); verify(this.replyMessage).send(this.serverConnection); @@ -111,7 +111,7 @@ public class ContainsKeyTest { doThrow(new NotAuthorizedException("")).when(this.securityService) .authorizeRegionRead(eq(REGION_NAME), eq(KEY)); - containsKey.cmdExecute(this.message, this.serverConnection, 0); + containsKey.cmdExecute(, this.message, 0); verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY)); verify(this.errorResponseMessage).send(eq(this.serverConnection)); @@ -123,7 +123,7 @@ public class ContainsKeyTest { when(this.securityService.isIntegratedSecurity()).thenReturn(false); - containsKey.cmdExecute(this.message, this.serverConnection, 0); + containsKey.cmdExecute(, this.message, 0); verify(this.authzRequest).containsKeyAuthorize(eq(REGION_NAME), eq(KEY)); verify(this.replyMessage).send(this.serverConnection); @@ -136,7 +136,7 @@ public class ContainsKeyTest { doThrow(new NotAuthorizedException("")).when(this.authzRequest) .containsKeyAuthorize(eq(REGION_NAME), eq(KEY)); - containsKey.cmdExecute(this.message, this.serverConnection, 0); + containsKey.cmdExecute(, this.message, 0); verify(this.authzRequest).containsKeyAuthorize(eq(REGION_NAME), eq(KEY)); verify(this.errorResponseMessage).send(eq(this.serverConnection)); http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java index c946e8a..3d8f264 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java @@ -98,7 +98,7 @@ public class CreateRegionTest { public void noSecurityShouldSucceed() throws Exception { when(this.securityService.isClientSecurityRequired()).thenReturn(false); - this.createRegion.cmdExecute(this.message, this.serverConnection, 0); + this.createRegion.cmdExecute(, this.message, 0); verify(this.responseMessage).send(this.serverConnection); } @@ -110,7 +110,7 @@ public class CreateRegionTest { when(this.securityService.isIntegratedSecurity()).thenReturn(true); // act - this.createRegion.cmdExecute(this.message, this.serverConnection, 0); + this.createRegion.cmdExecute(, this.message, 0); // assert verify(this.securityService).authorizeDataManage(); @@ -123,7 +123,7 @@ public class CreateRegionTest { when(this.securityService.isIntegratedSecurity()).thenReturn(true); doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataManage(); - this.createRegion.cmdExecute(this.message, this.serverConnection, 0); + this.createRegion.cmdExecute(, this.message, 0); verify(this.securityService).authorizeDataManage(); verify(this.errorResponseMessage).send(eq(this.serverConnection)); @@ -134,7 +134,7 @@ public class CreateRegionTest { when(this.securityService.isClientSecurityRequired()).thenReturn(true); when(this.securityService.isIntegratedSecurity()).thenReturn(false); - this.createRegion.cmdExecute(this.message, this.serverConnection, 0); + this.createRegion.cmdExecute(, this.message, 0); verify(this.authzRequest).createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME)); verify(this.responseMessage).send(this.serverConnection); @@ -147,7 +147,7 @@ public class CreateRegionTest { doThrow(new NotAuthorizedException("")).when(this.authzRequest) .createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME)); - this.createRegion.cmdExecute(this.message, this.serverConnection, 0); + this.createRegion.cmdExecute(, this.message, 0); verify(this.authzRequest).createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME)); verify(this.errorResponseMessage).send(eq(this.serverConnection));