Repository: incubator-geode Updated Branches: refs/heads/feature/GEM-1032 f1a030749 -> 3bc7bc68e
Reintroduce gemfire.sys.security- props to GMSAuthenticator Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/3bc7bc68 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/3bc7bc68 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/3bc7bc68 Branch: refs/heads/feature/GEM-1032 Commit: 3bc7bc68ed54776476d80d08974e142ce94036e7 Parents: f1a0307 Author: Kirk Lund <kl...@apache.org> Authored: Thu Oct 6 15:55:32 2016 -0700 Committer: Kirk Lund <kl...@apache.org> Committed: Thu Oct 6 15:55:32 2016 -0700 ---------------------------------------------------------------------- .../membership/gms/auth/GMSAuthenticator.java | 18 ++++- .../DistributionConfigGetSecurityPropsTest.java | 77 ++++++++++++++++++-- 2 files changed, 87 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3bc7bc68/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java index 8e4c15d..970ffbf 100755 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java @@ -17,10 +17,12 @@ package org.apache.geode.distributed.internal.membership.gms.auth; import static org.apache.geode.distributed.ConfigurationProperties.*; +import static org.apache.geode.distributed.internal.DistributionConfig.*; import static org.apache.geode.internal.i18n.LocalizedStrings.*; import java.security.Principal; import java.util.Properties; +import java.util.Set; import org.apache.geode.LogWriter; import org.apache.geode.distributed.DistributedMember; @@ -38,6 +40,9 @@ import org.apache.geode.security.GemFireSecurityException; public class GMSAuthenticator implements Authenticator { + private final static String SEC_PREFIX = GEMFIRE_PREFIX + "sys.security-"; + private final static int SYS_PREFIX_LEN = (GEMFIRE_PREFIX + "sys.").length(); + private Services services; private Properties securityProps; private SecurityService securityService = IntegratedSecurityService.getSecurityService(); @@ -45,7 +50,7 @@ public class GMSAuthenticator implements Authenticator { @Override public void init(Services s) { this.services = s; - this.securityProps = this.services.getConfig().getDistributionConfig().getSecurityProps(); + this.securityProps = addSystemSecurityProps(new Properties(this.services.getConfig().getDistributionConfig().getSecurityProps())); } @Override @@ -200,4 +205,15 @@ public class GMSAuthenticator implements Authenticator { @Override public void emergencyClose() { } + + private static Properties addSystemSecurityProps(final Properties props) { + Set keys = System.getProperties().keySet(); + for (Object key: keys) { + String propKey = (String) key; + if (propKey.startsWith(SEC_PREFIX)) { + props.setProperty(propKey.substring(SYS_PREFIX_LEN), System.getProperty(propKey)); + } + } + return props; + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3bc7bc68/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigGetSecurityPropsTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigGetSecurityPropsTest.java b/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigGetSecurityPropsTest.java index 9fe7b29..98dd8b8 100644 --- a/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigGetSecurityPropsTest.java +++ b/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigGetSecurityPropsTest.java @@ -20,6 +20,7 @@ import static org.apache.geode.distributed.ConfigurationProperties.*; import static org.apache.geode.distributed.internal.DistributionConfig.*; import static org.assertj.core.api.Assertions.*; +import java.util.Iterator; import java.util.Map; import java.util.Properties; @@ -29,6 +30,7 @@ import org.junit.Test; import org.junit.experimental.categories.Category; import org.junit.rules.TestName; +import org.apache.geode.internal.logging.GemFireLevel; import org.apache.geode.internal.logging.LogWriterImpl; import org.apache.geode.security.templates.SamplePostProcessor; import org.apache.geode.security.templates.SampleSecurityManager; @@ -115,36 +117,97 @@ public class DistributionConfigGetSecurityPropsTest { props.setProperty(SECURITY_CLIENT_ACCESSOR_PP_NAME, DEFAULT_SECURITY_CLIENT_ACCESSOR_PP); // default props.setProperty(SECURITY_CLIENT_AUTH_INIT_NAME, SECURITY_CLIENT_AUTH_INIT_NAME_VALUE); props.setProperty(SECURITY_CLIENT_AUTHENTICATOR_NAME, SECURITY_CLIENT_AUTHENTICATOR_NAME_VALUE); - //addProperties(getClientExtraProperties(), props); + addProperties(getClientExtraProperties(), props); - //props.setProperty(SECURITY_LOG_FILE_NAME, getSecurityLogFileName(gfd)); - //props.setProperty(SECURITY_LOG_LEVEL_NAME, getLogLevel()); + props.setProperty(SECURITY_LOG_FILE_NAME, SECURITY_LOG_FILE_NAME_VALUE); + props.setProperty(SECURITY_LOG_LEVEL_NAME, SECURITY_LOG_LEVEL_NAME_VALUE); props.setProperty(SECURITY_PEER_AUTH_INIT_NAME, SECURITY_PEER_AUTH_INIT_NAME_VALUE); props.setProperty(SECURITY_PEER_AUTHENTICATOR_NAME, SECURITY_PEER_AUTHENTICATOR_NAME_VALUE); props.setProperty(SECURITY_PEER_VERIFYMEMBER_TIMEOUT_NAME, String.valueOf(DEFAULT_SECURITY_PEER_VERIFYMEMBER_TIMEOUT)); // default - //addProperties(getPeerExtraProperties(), props); + addProperties(getPeerExtraProperties(), props); DistributionConfig config = new DistributionConfigImpl(props); + String logLevelCode = String.valueOf(LogWriterImpl.levelNameToCode(SECURITY_LOG_LEVEL_NAME_VALUE)); + Properties securityProps = config.getSecurityProps(); - assertThat(securityProps).containsOnlyKeys(SECURITY_CLIENT_ACCESSOR_NAME, SECURITY_CLIENT_ACCESSOR_PP_NAME, SECURITY_CLIENT_AUTH_INIT_NAME, SECURITY_CLIENT_AUTHENTICATOR_NAME, SECURITY_PEER_AUTH_INIT_NAME, SECURITY_PEER_AUTHENTICATOR_NAME, SECURITY_PEER_VERIFYMEMBER_TIMEOUT_NAME); + assertThat(securityProps).containsOnlyKeys( + SECURITY_CLIENT_ACCESSOR_NAME, + SECURITY_CLIENT_ACCESSOR_PP_NAME, + SECURITY_CLIENT_AUTH_INIT_NAME, + SECURITY_CLIENT_AUTHENTICATOR_NAME, + SECURITY_LOG_FILE_NAME, + SECURITY_LOG_LEVEL_NAME, + SECURITY_PEER_AUTH_INIT_NAME, + SECURITY_PEER_AUTHENTICATOR_NAME, + SECURITY_PEER_VERIFYMEMBER_TIMEOUT_NAME); assertThat(securityProps.getProperty(SECURITY_CLIENT_ACCESSOR_NAME)).isEqualTo(SECURITY_CLIENT_ACCESSOR_NAME_VALUE); assertThat(securityProps.getProperty(SECURITY_CLIENT_ACCESSOR_PP_NAME)).isEqualTo(DEFAULT_SECURITY_CLIENT_ACCESSOR_PP); assertThat(securityProps.getProperty(SECURITY_CLIENT_AUTH_INIT_NAME)).isEqualTo(SECURITY_CLIENT_AUTH_INIT_NAME_VALUE); assertThat(securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR_NAME)).isEqualTo(SECURITY_CLIENT_AUTHENTICATOR_NAME_VALUE); + assertThat(securityProps.getProperty(SECURITY_LOG_FILE_NAME)).isEqualTo(SECURITY_LOG_FILE_NAME_VALUE); + assertThat(securityProps.getProperty(SECURITY_LOG_LEVEL_NAME)).isEqualTo(logLevelCode); assertThat(securityProps.getProperty(SECURITY_PEER_AUTH_INIT_NAME)).isEqualTo(SECURITY_PEER_AUTH_INIT_NAME_VALUE); assertThat(securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR_NAME)).isEqualTo(SECURITY_PEER_AUTHENTICATOR_NAME_VALUE); assertThat(securityProps.getProperty(SECURITY_PEER_VERIFYMEMBER_TIMEOUT_NAME)).isEqualTo(String.valueOf(DEFAULT_SECURITY_PEER_VERIFYMEMBER_TIMEOUT)); } + private Properties getPeerExtraProperties() { + Properties p = new Properties(); + // TODO: add hydra style peer extra props + //p.setProperty(convertSecurityPrm(key), value); + return p; + } + + private Properties getClientExtraProperties() { + Properties p = new Properties(); + // TODO: add hydra style client extra props + //p.setProperty(convertSecurityPrm(key), value); + return p; + } + + private String convertSecurityPrm(String prmName) { + return DistributionConfig.SECURITY_PREFIX_NAME + convertPrm(prmName); + } + + private String convertPrm(String prmName) { + prmName = prmName.substring(prmName.indexOf("-") + 1, prmName.length()); + StringBuffer buf = new StringBuffer(); + char[] chars = prmName.toCharArray(); + for (int i = 0; i < chars.length; i++) { + if (Character.isUpperCase(chars[i])) { + if (i != 0) { + buf.append("-"); + } + buf.append(Character.toLowerCase(chars[i])); + } else { + buf.append(chars[i]); + } + } + return buf.toString(); + } + + private Properties addProperties(Properties src, Properties dst) { + assertThat(dst).isNotNull(); + if (src == null) { + return dst; + } else { + for (Iterator i = src.keySet().iterator(); i.hasNext();) { + String key = (String)i.next(); + dst.setProperty(key, src.getProperty(key)); + } + } + return dst; + } + private static final String SECURITY_PEER_AUTH_INIT_NAME_VALUE = "org.apache.geode.security.templates.UserPasswordAuthInit.create"; private static final String SECURITY_PEER_AUTHENTICATOR_NAME_VALUE = "org.apache.geode.security.templates.DummyAuthenticator.create"; private static final String SECURITY_CLIENT_AUTH_INIT_NAME_VALUE = "org.apache.geode.security.templates.UserPasswordAuthInit.create"; private static final String SECURITY_CLIENT_AUTHENTICATOR_NAME_VALUE = "org.apache.geode.security.templates.DummyAuthenticator.create"; private static final String SECURITY_PEER_VERIFYMEMBER_TIMEOUT_NAME_VALUE = ""; - private static final String SECURITY_LOG_FILE_NAME_VALUE = ""; - private static final String SECURITY_LOG_LEVEL_NAME_VALUE = ""; + private static final String SECURITY_LOG_FILE_NAME_VALUE = "/security.log"; + private static final String SECURITY_LOG_LEVEL_NAME_VALUE = GemFireLevel.INFO.getName(); private static final String SECURITY_CLIENT_ACCESSOR_NAME_VALUE = "org.apache.geode.security.templates.XmlAuthorization.create"; private static final String SECURITY_CLIENT_ACCESSOR_PP_NAME_VALUE = ""; }