GEODE-17: Fix a logical bug that prevents customers to set both Peer and Client authenticator
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/477806af Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/477806af Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/477806af Branch: refs/heads/feature/GEM-983 Commit: 477806af481fd3228a691edfd8e6edac5f90f851 Parents: f02ea36 Author: Jinmei Liao <jil...@pivotal.io> Authored: Wed Oct 26 10:40:10 2016 -0700 Committer: Jinmei Liao <jil...@pivotal.io> Committed: Wed Oct 26 15:29:21 2016 -0700 ---------------------------------------------------------------------- .../security/IntegratedSecurityService.java | 51 ++++++++++---------- .../security/IntegratedSecurityServiceTest.java | 30 +++++++++--- 2 files changed, 48 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/477806af/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java index 9f4697f..8fc0f11 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java @@ -14,29 +14,14 @@ */ package org.apache.geode.internal.security; -import static org.apache.geode.distributed.ConfigurationProperties.*; - -import java.io.IOException; -import java.io.Serializable; -import java.security.AccessController; -import java.util.Properties; -import java.util.Set; -import java.util.concurrent.Callable; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; import org.apache.commons.lang.SerializationException; import org.apache.commons.lang.StringUtils; -import org.apache.logging.log4j.Logger; -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.ShiroException; -import org.apache.shiro.config.Ini.Section; -import org.apache.shiro.config.IniSecurityManagerFactory; -import org.apache.shiro.mgt.DefaultSecurityManager; -import org.apache.shiro.realm.Realm; -import org.apache.shiro.subject.Subject; -import org.apache.shiro.subject.support.SubjectThreadState; -import org.apache.shiro.util.ThreadContext; -import org.apache.shiro.util.ThreadState; - import org.apache.geode.GemFireIOException; import org.apache.geode.internal.cache.EntryEventImpl; import org.apache.geode.internal.logging.LogService; @@ -54,6 +39,24 @@ import org.apache.geode.security.ResourcePermission; import org.apache.geode.security.ResourcePermission.Operation; import org.apache.geode.security.ResourcePermission.Resource; import org.apache.geode.security.SecurityManager; +import org.apache.logging.log4j.Logger; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.ShiroException; +import org.apache.shiro.config.Ini.Section; +import org.apache.shiro.config.IniSecurityManagerFactory; +import org.apache.shiro.mgt.DefaultSecurityManager; +import org.apache.shiro.realm.Realm; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.subject.support.SubjectThreadState; +import org.apache.shiro.util.ThreadContext; +import org.apache.shiro.util.ThreadState; + +import java.io.IOException; +import java.io.Serializable; +import java.security.AccessController; +import java.util.Properties; +import java.util.Set; +import java.util.concurrent.Callable; public class IntegratedSecurityService implements SecurityService { @@ -325,14 +328,10 @@ public class IntegratedSecurityService implements SecurityService { org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm); SecurityUtils.setSecurityManager(shiroManager); isIntegratedSecurity = true; - } else if (!StringUtils.isBlank(clientAuthenticatorConfig)) { - isClientAuthenticator = true; - } else if (!StringUtils.isBlank(peerAuthenticatorConfig)) { - isPeerAuthenticator = true; } else { isIntegratedSecurity = false; - isClientAuthenticator = false; - isPeerAuthenticator = false; + isClientAuthenticator = !StringUtils.isBlank(clientAuthenticatorConfig); + isPeerAuthenticator = !StringUtils.isBlank(peerAuthenticatorConfig); } // this initializes the post processor http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/477806af/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java index ee76dfc..8c81026 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java @@ -14,19 +14,23 @@ */ package org.apache.geode.internal.security; -import static org.apache.geode.distributed.ConfigurationProperties.*; -import static org.assertj.core.api.Java6Assertions.*; -import static org.junit.Assert.*; - -import java.util.Properties; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT; +import static org.assertj.core.api.Java6Assertions.assertThatThrownBy; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; +import org.apache.geode.security.GemFireSecurityException; import org.apache.geode.security.templates.SampleSecurityManager; +import org.apache.geode.test.junit.categories.UnitTest; import org.junit.Before; import org.junit.Test; import org.junit.experimental.categories.Category; -import org.apache.geode.security.GemFireSecurityException; -import org.apache.geode.test.junit.categories.UnitTest; +import java.util.Properties; @Category(UnitTest.class) public class IntegratedSecurityServiceTest { @@ -129,6 +133,18 @@ public class IntegratedSecurityServiceTest { } @Test + public void testInitWithBothAuthenticator() { + properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test"); + properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test"); + + securityService.initSecurity(properties); + + assertFalse(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); + } + + @Test public void testInitWithShiroAuthenticator() { properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");