Return-Path: X-Original-To: apmail-geode-commits-archive@minotaur.apache.org Delivered-To: apmail-geode-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C7B5919525 for ; Wed, 16 Mar 2016 01:34:35 +0000 (UTC) Received: (qmail 16325 invoked by uid 500); 16 Mar 2016 01:34:35 -0000 Delivered-To: apmail-geode-commits-archive@geode.apache.org Received: (qmail 16294 invoked by uid 500); 16 Mar 2016 01:34:35 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 16284 invoked by uid 99); 16 Mar 2016 01:34:35 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Mar 2016 01:34:35 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 3D06A1801A9 for ; Wed, 16 Mar 2016 01:34:35 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -3.549 X-Spam-Level: X-Spam-Status: No, score=-3.549 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.329] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id XYBR00ckC1cq for ; Wed, 16 Mar 2016 01:34:33 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with SMTP id 154205F572 for ; Wed, 16 Mar 2016 01:34:32 +0000 (UTC) Received: (qmail 15562 invoked by uid 99); 16 Mar 2016 01:34:32 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Mar 2016 01:34:32 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 5EF86DFB86; Wed, 16 Mar 2016 01:34:32 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jensdeppe@apache.org To: commits@geode.incubator.apache.org Message-Id: <10ebba02df3345b0b9d6ed85439ac3a8@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: incubator-geode git commit: GEODE-17: Added LockServiceMXBean authorization test Date: Wed, 16 Mar 2016 01:34:32 +0000 (UTC) Repository: incubator-geode Updated Branches: refs/heads/feature/GEODE-17-2 374e20cef -> 91378b543 GEODE-17: Added LockServiceMXBean authorization test Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/91378b54 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/91378b54 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/91378b54 Branch: refs/heads/feature/GEODE-17-2 Commit: 91378b543d8a90891906d41b665b19781b274256 Parents: 374e20c Author: Jens Deppe Authored: Tue Mar 15 18:33:02 2016 -0700 Committer: Jens Deppe Committed: Tue Mar 15 18:33:02 2016 -0700 ---------------------------------------------------------------------- .../LockServiceMBeanAuthorizationJUnitTest.java | 86 ++++++++++++++++++++ .../security/MBeanServerConnectionRule.java | 8 +- .../internal/security/cacheServer.json | 3 +- 3 files changed, 92 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/91378b54/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java new file mode 100644 index 0000000..9803083 --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.management.internal.security; + +import com.gemstone.gemfire.cache.Cache; +import com.gemstone.gemfire.cache.CacheFactory; +import com.gemstone.gemfire.distributed.DistributedLockService; +import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem; +import com.gemstone.gemfire.distributed.internal.locks.DLockService; +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.management.CacheServerMXBean; +import com.gemstone.gemfire.management.LockServiceMXBean; +import com.gemstone.gemfire.test.dunit.Host; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +@Category(IntegrationTest.class) +public class LockServiceMBeanAuthorizationJUnitTest { + private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); + + private LockServiceMXBean lockServiceMBean; + + @ClassRule + public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule( + jmxManagerPort, "cacheServer.json"); + + @Rule + public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); + + @BeforeClass + public static void beforeClassSetUp() { + Cache cache = CacheFactory.getAnyInstance(); + DLockService.create("test-lock-service", (InternalDistributedSystem) cache.getDistributedSystem(), false, true, true); + } + + @Before + public void setUp() throws Exception { + lockServiceMBean = connectionRule.getProxyMBean(LockServiceMXBean.class); + } + + @AfterClass + public static void afterClassTeardown() { + DLockService.destroyAll(); + } + + @Test + @JMXConnectionConfiguration(user = "superuser", password = "1234567") + public void testAllAccess() throws Exception { + lockServiceMBean.becomeLockGrantor(); // "INDEX:DESTROY", + } + + @Test + @JMXConnectionConfiguration(user = "user", password = "1234567") + public void testSomeAccess() throws Exception { + assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class); + lockServiceMBean.getMemberCount(); + } + + @Test + @JMXConnectionConfiguration(user = "stranger", password = "1234567") + public void testNoAccess() throws Exception { + assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class); + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/91378b54/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java index 5b1ca3c..2f8342e 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java @@ -34,6 +34,8 @@ import java.util.HashMap; import java.util.Map; import java.util.Set; +import static org.junit.Assert.assertEquals; + /** * Class which eases the creation of MBeans for security testing. When combined with {@link JMXConnectionConfiguration} * it allows for the creation of per-test connections with different user/password combinations. @@ -73,10 +75,8 @@ public class MBeanServerConnectionRule extends DescribedExternalResource { } Set beans = con.queryMBeans(name, query); - if (beans.size() != 1) { - throw new RuntimeException( - "failed to find only one instance of " + proxyClass.getName() + " with name " + beanQueryName); - } + assertEquals("failed to find only one instance of type " + proxyClass.getName() + " with name " + beanQueryName, 1, beans.size()); + return JMX.newMXBeanProxy(con, ((ObjectInstance) beans.toArray()[0]).getObjectName(), proxyClass); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/91378b54/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json ---------------------------------------------------------------------- diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json index dd7f830..be2d8f5 100644 --- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json +++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json @@ -18,7 +18,8 @@ "REGION:IMPORT", "REGION:PUT", "REGION:GET", - "REGION:DELETE" + "REGION:DELETE", + "LOCK_SERVICE:BECOME_LOCK_GRANTOR" ] }, {