Return-Path: 
 <commits-return-6683-apmail-geode-commits-archive=geode.apache.org@geode.incubator.apache.org>
X-Original-To: apmail-geode-commits-archive@minotaur.apache.org
Delivered-To: apmail-geode-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6B94E19BE2
	for <apmail-geode-commits-archive@minotaur.apache.org>;
 Wed, 16 Mar 2016 17:36:15 +0000 (UTC)
Received: (qmail 42591 invoked by uid 500); 16 Mar 2016 17:36:15 -0000
Delivered-To: apmail-geode-commits-archive@geode.apache.org
Received: (qmail 42553 invoked by uid 500); 16 Mar 2016 17:36:15 -0000
Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@geode.incubator.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@geode.incubator.apache.org>
List-Post: <mailto:commits@geode.incubator.apache.org>
List-Id: <commits.geode.incubator.apache.org>
Reply-To: dev@geode.incubator.apache.org
Delivered-To: mailing list commits@geode.incubator.apache.org
Received: (qmail 42536 invoked by uid 99); 16 Mar 2016 17:36:15 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO
 spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Mar 2016 17:36:15 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org)
 with ESMTP id CD3441A0A09
	for <commits@geode.apache.org>; Wed, 16 Mar 2016 17:36:14 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -3.549
X-Spam-Level: 
X-Spam-Status: No, score=-3.549 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RP_MATCHES_RCVD=-0.329] autolearn=disabled
Received: from mx2-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new,
 port 10024)
	with ESMTP id BDyPm6kjvREu for <commits@geode.apache.org>;
	Wed, 16 Mar 2016 17:36:13 +0000 (UTC)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with SMTP
 id ECC9B5F1EC
	for <commits@geode.incubator.apache.org>;
 Wed, 16 Mar 2016 17:36:12 +0000 (UTC)
Received: (qmail 42421 invoked by uid 99); 16 Mar 2016 17:36:12 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Mar 2016 17:36:12 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 5C2DBDFB8A; Wed, 16 Mar 2016 17:36:12 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: jinmeiliao@apache.org
To: commits@geode.incubator.apache.org
Message-Id: <26888cca11b04f21870af321e71a7c37@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: incubator-geode git commit: GEODE-17: add GatewayReceiverMXBean
 security test
Date: Wed, 16 Mar 2016 17:36:12 +0000 (UTC)

Repository: incubator-geode
Updated Branches:
  refs/heads/feature/GEODE-17-2 2f709ffea -> 3c562c8b6


GEODE-17:  add GatewayReceiverMXBean security test


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/3c562c8b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/3c562c8b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/3c562c8b

Branch: refs/heads/feature/GEODE-17-2
Commit: 3c562c8b693097008edd17790802c3faab74e4f1
Parents: 2f709ff
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Wed Mar 16 10:35:54 2016 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Wed Mar 16 10:35:54 2016 -0700

----------------------------------------------------------------------
 .../GatewayReceiverMBeanSecurityTest.java       | 89 ++++++++++++++++++++
 .../internal/security/cacheServer.json          |  4 +-
 2 files changed, 92 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3c562c8b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
new file mode 100644
index 0000000..a191eda
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.GatewayReceiverMXBean;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import javax.management.ObjectName;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.mock;
+
+@Category(IntegrationTest.class)
+public class GatewayReceiverMBeanSecurityTest {
+  private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+
+  private GatewayReceiverMXBean bean;
+  private static GatewayReceiverMXBean mock = mock(GatewayReceiverMXBean.class);
+  private static ObjectName mockBeanName = null;
+  private static ManagementService service = null;
+
+  @ClassRule
+  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
+      jmxManagerPort, "cacheServer.json");
+
+  @Rule
+  public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
+
+  @BeforeClass
+  public static void beforeClass() throws Exception{
+    // the server does not have a GAtewayReceiverMXBean registered initially, has to register a mock one.
+    service = ManagementService.getManagementService(serverRule.getCache());
+    mockBeanName = ObjectName.getInstance("GemFire", "key", "value");
+    service.registerMBean(mock, mockBeanName);
+  }
+
+  @AfterClass
+  public static void afterClass(){
+    service.unregisterMBean(mockBeanName);
+  }
+
+  @Before
+  public void before() throws Exception {
+    bean = connectionRule.getProxyMBean(GatewayReceiverMXBean.class);
+  }
+
+  @Test
+  @JMXConnectionConfiguration(user = "superuser", password = "1234567")
+  public void testAllAccess() throws Exception {
+    bean.getAverageBatchProcessingTime();
+    bean.getBindAddress();
+    bean.getTotalConnectionsTimedOut();
+    bean.isRunning();
+    bean.start();
+    bean.stop();
+  }
+
+  @Test
+  @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+  public void testNoAccess() throws Exception {
+    assertThatThrownBy(() -> bean.getTotalConnectionsTimedOut()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
+    assertThatThrownBy(() -> bean.start()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_RECEIVER:START");
+    assertThatThrownBy(() -> bean.stop()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_RECEIVER:STOP");
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3c562c8b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
index 99a0ba3..648ffb0 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
@@ -25,7 +25,9 @@
         "GATEWAY_SENDER:REBALANCE",
         "GATEWAY_SENDER:RESUME",
         "GATEWAY_SENDER:START",
-        "GATEWAY_SENDER:STOP"
+        "GATEWAY_SENDER:STOP",
+        "GATEWAY_RECEIVER:START",
+        "GATEWAY_RECEIVER:STOP"
       ]
     },
     {