Return-Path: X-Original-To: apmail-geode-commits-archive@minotaur.apache.org Delivered-To: apmail-geode-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 212C9197E5 for ; Tue, 29 Mar 2016 19:13:03 +0000 (UTC) Received: (qmail 70764 invoked by uid 500); 29 Mar 2016 19:13:03 -0000 Delivered-To: apmail-geode-commits-archive@geode.apache.org Received: (qmail 70734 invoked by uid 500); 29 Mar 2016 19:13:03 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 70725 invoked by uid 99); 29 Mar 2016 19:13:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Mar 2016 19:13:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 7B0F6C0C6B for ; Tue, 29 Mar 2016 19:13:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.216 X-Spam-Level: X-Spam-Status: No, score=-4.216 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996] autolearn=disabled Received: from mx2-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id hGK_UlSC_x9H for ; Tue, 29 Mar 2016 19:12:58 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with SMTP id 12B915F3F4 for ; Tue, 29 Mar 2016 19:12:55 +0000 (UTC) Received: (qmail 70713 invoked by uid 99); 29 Mar 2016 19:12:55 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Mar 2016 19:12:55 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 12BFEE0BB5; Tue, 29 Mar 2016 19:12:55 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: klund@apache.org To: commits@geode.incubator.apache.org Date: Tue, 29 Mar 2016 19:12:57 -0000 Message-Id: In-Reply-To: <95cf90d5177e4e2bad71600aba4ef125@git.apache.org> References: <95cf90d5177e4e2bad71600aba4ef125@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [3/4] incubator-geode git commit: Cleanup http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c5bc82d4/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java index 7a738f1..69e2843 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java @@ -18,8 +18,13 @@ */ package com.gemstone.gemfire.security; +import static com.gemstone.gemfire.internal.AvailablePort.*; +//import static com.gemstone.gemfire.security.ClientAuthenticationUtils.*; +//import static com.gemstone.gemfire.security.ClientAuthorizationTestBase.*; import static com.gemstone.gemfire.security.SecurityTestUtil.*; import static com.gemstone.gemfire.test.dunit.Assert.*; +import static com.gemstone.gemfire.test.dunit.IgnoredException.*; +import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*; import java.util.ArrayList; import java.util.Iterator; @@ -27,14 +32,11 @@ import java.util.List; import java.util.Properties; import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.internal.AvailablePort; import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator; import com.gemstone.gemfire.security.generator.CredentialGenerator; import com.gemstone.gemfire.security.generator.DummyCredentialGenerator; import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator; import com.gemstone.gemfire.security.templates.UserPasswordAuthInit; -import com.gemstone.gemfire.test.dunit.IgnoredException; -import com.gemstone.gemfire.test.dunit.LogWriterUtils; import com.gemstone.gemfire.test.dunit.VM; import com.gemstone.gemfire.test.junit.categories.DistributedTest; import org.junit.Test; @@ -53,187 +55,51 @@ public class ClientAuthorizationDUnitTest extends ClientAuthorizationTestBase { @Override public final void preTearDownClientAuthorizationTestBase() throws Exception { - // close the clients first - client1.invoke(() -> SecurityTestUtil.closeCache()); - client2.invoke(() -> SecurityTestUtil.closeCache()); - SecurityTestUtil.closeCache(); - // then close the servers - server1.invoke(() -> SecurityTestUtil.closeCache()); - server2.invoke(() -> SecurityTestUtil.closeCache()); + closeCache(); } - private Properties getUserPassword(String userName) { + @Test + public void testAllowPutsGets() { + AuthzCredentialGenerator gen = getXmlAuthzGenerator(); + CredentialGenerator cGen = gen.getCredentialGenerator(); + Properties extraAuthProps = cGen.getSystemProperties(); + Properties javaProps = cGen.getJavaProperties(); + Properties extraAuthzProps = gen.getSystemProperties(); + String authenticator = cGen.getAuthenticator(); + String authInit = cGen.getAuthInit(); + String accessor = gen.getAuthorizationCallback(); - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, userName); - return props; - } + getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit); + getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator); + getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor); - private void executeRIOpBlock(List opBlock, Integer port1, Integer port2, - String authInit, Properties extraAuthProps, Properties extraAuthzProps, - Properties javaProps) throws InterruptedException { + // Start servers with all required properties + Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - Iterator opIter = opBlock.iterator(); - while (opIter.hasNext()) { - // Start client with valid credentials as specified in - // OperationWithAction - OperationWithAction currentOp = (OperationWithAction)opIter.next(); - OperationCode opCode = currentOp.getOperationCode(); - int opFlags = currentOp.getFlags(); - int clientNum = currentOp.getClientNum(); - VM clientVM = null; - boolean useThisVM = false; - switch (clientNum) { - case 1: - clientVM = client1; - break; - case 2: - clientVM = client2; - break; - case 3: - useThisVM = true; - break; - default: - fail("executeRIOpBlock: Unknown client number " + clientNum); - break; - } - LogWriterUtils.getLogWriter().info( - "executeRIOpBlock: performing operation number [" - + currentOp.getOpNum() + "]: " + currentOp); - if ((opFlags & OpFlags.USE_OLDCONN) == 0) { - Properties opCredentials = null; - String currentRegionName = '/' + regionName; - if ((opFlags & OpFlags.USE_SUBREGION) > 0) { - currentRegionName += ('/' + subregionName); - } - String credentialsTypeStr; - OperationCode authOpCode = currentOp.getAuthzOperationCode(); - if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 - || (opFlags & OpFlags.USE_NOTAUTHZ) > 0 - || !authOpCode.equals(opCode)) { - credentialsTypeStr = " unauthorized " + authOpCode; - if (authOpCode.isRegisterInterest()) { - opCredentials = getUserPassword("reader7"); - } - else if (authOpCode.isUnregisterInterest()) { - opCredentials = getUserPassword("reader6"); - } - else { - fail("executeRIOpBlock: cannot determine credentials for" - + credentialsTypeStr); - } - } - else { - credentialsTypeStr = " authorized " + authOpCode; - if (authOpCode.isRegisterInterest() - || authOpCode.isUnregisterInterest()) { - opCredentials = getUserPassword("reader5"); - } - else if (authOpCode.isPut()) { - opCredentials = getUserPassword("writer1"); - } - else if (authOpCode.isGet()) { - opCredentials = getUserPassword("reader1"); - } - else { - fail("executeRIOpBlock: cannot determine credentials for" - + credentialsTypeStr); - } - } - Properties clientProps = SecurityTestUtil - .concatProperties(new Properties[] { opCredentials, extraAuthProps, - extraAuthzProps }); - // Start the client with valid credentials but allowed or disallowed to - // perform an operation - LogWriterUtils.getLogWriter().info( - "executeRIOpBlock: For client" + clientNum + credentialsTypeStr - + " credentials: " + opCredentials); - if (useThisVM) { - SecurityTestUtil.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION); - } - else { - clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, SecurityTestUtil.NO_EXCEPTION)); - } - } - int expectedResult; - if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) { - expectedResult = SecurityTestUtil.NOTAUTHZ_EXCEPTION; - } - else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) { - expectedResult = SecurityTestUtil.OTHER_EXCEPTION; - } - else { - expectedResult = SecurityTestUtil.NO_EXCEPTION; - } + int port1 = createServer1(javaProps, serverProps); + int port2 = createServer2(javaProps, serverProps); - // Perform the operation from selected client - if (useThisVM) { - doOp(new Byte(opCode.toOrdinal()), currentOp.getIndices(), new Integer( - opFlags), new Integer(expectedResult)); - } - else { - byte ordinal = opCode.toOrdinal(); - int[] indices = currentOp.getIndices(); - clientVM.invoke(() -> ClientAuthorizationTestBase.doOp( new Byte(ordinal), - indices, new Integer(opFlags), - new Integer(expectedResult) )); - } - } - } + // Start client1 with valid CREATE credentials + Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1); + javaProps = cGen.getJavaProperties(); - @Test - public void testAllowPutsGets() { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - LogWriterUtils.getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit); - LogWriterUtils.getLogWriter().info( - "testAllowPutsGets: Using authenticator: " + authenticator); - LogWriterUtils.getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, - extraAuthProps, extraAuthzProps); - Integer port1 = createServer1(javaProps, serverProps); - Integer port2 = createServer2(javaProps, serverProps); - - // Start client1 with valid CREATE credentials - Properties createCredentials = gen.getAllowedCredentials( - new OperationCode[] { OperationCode.PUT }, - new String[] { regionName }, 1); - javaProps = cGen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testAllowPutsGets: For first client credentials: " - + createCredentials); - createClient1NoException(javaProps, authInit, port1, port2, - createCredentials); - - // Start client2 with valid GET credentials - Properties getCredentials = gen.getAllowedCredentials( - new OperationCode[] { OperationCode.GET }, - new String[] { regionName }, 2); - javaProps = cGen.getJavaProperties(); - LogWriterUtils.getLogWriter() - .info( - "testAllowPutsGets: For second client credentials: " - + getCredentials); - createClient2NoException(javaProps, authInit, port1, port2, - getCredentials); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( - new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - - // Verify that the gets succeed - client2.invoke(() -> SecurityTestUtil.doGets( - new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) )); + getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials); + + createClient1NoException(javaProps, authInit, port1, port2, createCredentials); + + // Start client2 with valid GET credentials + Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2); + javaProps = cGen.getJavaProperties(); + + getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials); + + createClient2NoException(javaProps, authInit, port1, port2, getCredentials); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(2, NO_EXCEPTION)); + + // Verify that the gets succeed + client2.invoke(() -> doGets(2, NO_EXCEPTION)); } @Test @@ -247,382 +113,228 @@ public class ClientAuthorizationDUnitTest extends ClientAuthorizationTestBase { String authInit = cGen.getAuthInit(); String accessor = gen.getAuthorizationCallback(); - LogWriterUtils.getLogWriter().info("testPutAllWithSecurity: Using authinit: " + authInit); - LogWriterUtils.getLogWriter().info("testPutAllWithSecurity: Using authenticator: " + authenticator); - LogWriterUtils.getLogWriter().info("testPutAllWithSecurity: Using accessor: " + accessor); + getLogWriter().info("testPutAllWithSecurity: Using authinit: " + authInit); + getLogWriter().info("testPutAllWithSecurity: Using authenticator: " + authenticator); + getLogWriter().info("testPutAllWithSecurity: Using accessor: " + accessor); // Start servers with all required properties Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - Integer port1 = createServer1(javaProps, serverProps); - Integer port2 = createServer2(javaProps, serverProps); + + int port1 = createServer1(javaProps, serverProps); + int port2 = createServer2(javaProps, serverProps); // Start client1 with valid CREATE credentials Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUTALL }, new String[] { regionName }, 1); javaProps = cGen.getJavaProperties(); - LogWriterUtils.getLogWriter().info("testPutAllWithSecurity: For first client credentials: " + createCredentials); + + getLogWriter().info("testPutAllWithSecurity: For first client credentials: " + createCredentials); + createClient1NoException(javaProps, authInit, port1, port2, createCredentials); // Perform some put all operations from client1 - client1.invoke(() -> SecurityTestUtil.doPutAllP()); - } - - protected void createClient2NoException(Properties javaProps, String authInit, - Integer port1, Integer port2, Properties getCredentials) { - client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, getCredentials, javaProps, port1, port2, - 0, SecurityTestUtil.NO_EXCEPTION)); + client1.invoke(() -> doPutAllP()); } - protected void createClient1NoException(Properties javaProps, String authInit, - Integer port1, Integer port2, Properties createCredentials) { - client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, createCredentials, javaProps, port1, port2, - 0, SecurityTestUtil.NO_EXCEPTION)); - } + @Test + public void testDisallowPutsGets() { + AuthzCredentialGenerator gen = getXmlAuthzGenerator(); + CredentialGenerator cGen = gen.getCredentialGenerator(); + Properties extraAuthProps = cGen.getSystemProperties(); + Properties javaProps = cGen.getJavaProperties(); + Properties extraAuthzProps = gen.getSystemProperties(); + String authenticator = cGen.getAuthenticator(); + String authInit = cGen.getAuthInit(); + String accessor = gen.getAuthorizationCallback(); - protected Integer createServer2(Properties javaProps, - Properties serverProps) { - Integer port2 = ((Integer)server2.invoke(() -> ClientAuthorizationTestBase.createCacheServer( - SecurityTestUtil.getLocatorPort(), serverProps, javaProps ))); - return port2; - } + getLogWriter().info("testDisallowPutsGets: Using authinit: " + authInit); + getLogWriter().info("testDisallowPutsGets: Using authenticator: " + authenticator); + getLogWriter().info("testDisallowPutsGets: Using accessor: " + accessor); - protected Integer createServer1(Properties javaProps, - Properties serverProps) { - Integer port1 = ((Integer)server1.invoke(() -> ClientAuthorizationTestBase.createCacheServer( - SecurityTestUtil.getLocatorPort(), serverProps, javaProps ))); - return port1; - } + // Check that we indeed can obtain valid credentials not allowed to do gets + Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1); + Properties createJavaProps = cGen.getJavaProperties(); - @Test - public void testDisallowPutsGets() { + getLogWriter().info("testDisallowPutsGets: For first client credentials: " + createCredentials); + + Properties getCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2); + Properties getJavaProps = cGen.getJavaProperties(); + + getLogWriter().info("testDisallowPutsGets: For second client disallowed GET credentials: " + getCredentials); + + // Start servers with all required properties + Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); + + int port1 = createServer1(javaProps, serverProps); + int port2 = createServer2(javaProps, serverProps); + + createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials); + + createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(2, NO_EXCEPTION)); - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - LogWriterUtils.getLogWriter().info("testDisallowPutsGets: Using authinit: " + authInit); - LogWriterUtils.getLogWriter().info( - "testDisallowPutsGets: Using authenticator: " + authenticator); - LogWriterUtils.getLogWriter().info("testDisallowPutsGets: Using accessor: " + accessor); - - // Check that we indeed can obtain valid credentials not allowed to do - // gets - Properties createCredentials = gen.getAllowedCredentials( - new OperationCode[] { OperationCode.PUT }, - new String[] { regionName }, 1); - Properties createJavaProps = cGen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testDisallowPutsGets: For first client credentials: " - + createCredentials); - Properties getCredentials = gen.getDisallowedCredentials( - new OperationCode[] { OperationCode.GET }, - new String[] { regionName }, 2); - Properties getJavaProps = cGen.getJavaProperties(); - - LogWriterUtils.getLogWriter().info( - "testDisallowPutsGets: For second client disallowed GET credentials: " - + getCredentials); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, - extraAuthProps, extraAuthzProps); - Integer port1 = createServer1(javaProps, serverProps); - Integer port2 = createServer2(javaProps, serverProps); - - createClient1NoException(createJavaProps, authInit, port1, port2, - createCredentials); - - createClient2NoException(getJavaProps, authInit, port1, port2, - getCredentials); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( - new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - - // Gets as normal user should throw exception - client2.invoke(() -> SecurityTestUtil.doGets( - new Integer(2), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) )); - - // Try to connect client2 with reader credentials - getCredentials = gen.getAllowedCredentials( - new OperationCode[] { OperationCode.GET }, - new String[] { regionName }, 5); - getJavaProps = cGen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testDisallowPutsGets: For second client with GET credentials: " - + getCredentials); - createClient2NoException(getJavaProps, authInit, port1, port2, - getCredentials); - - // Verify that the gets succeed - client2.invoke(() -> SecurityTestUtil.doGets( - new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - - // Verify that the puts throw exception - client2.invoke(() -> SecurityTestUtil.doNPuts( - new Integer(2), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) )); + // Gets as normal user should throw exception + client2.invoke(() -> doGets(2, NOTAUTHZ_EXCEPTION)); + + // Try to connect client2 with reader credentials + getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5); + getJavaProps = cGen.getJavaProperties(); + + getLogWriter().info("testDisallowPutsGets: For second client with GET credentials: " + getCredentials); + + createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); + + // Verify that the gets succeed + client2.invoke(() -> doGets(2, NO_EXCEPTION)); + + // Verify that the puts throw exception + client2.invoke(() -> doNPuts(2, NOTAUTHZ_EXCEPTION)); } @Test public void testInvalidAccessor() { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - LogWriterUtils.getLogWriter().info("testInvalidAccessor: Using authinit: " + authInit); - LogWriterUtils.getLogWriter().info( - "testInvalidAccessor: Using authenticator: " + authenticator); - - // Start server1 with invalid accessor - Properties serverProps = buildProperties(authenticator, - "com.gemstone.none", false, extraAuthProps, extraAuthzProps); - Integer port1 = createServer1(javaProps, serverProps); - Integer port2 = new Integer(AvailablePort - .getRandomAvailablePort(AvailablePort.SOCKET)); - - // Client creation should throw exceptions - Properties createCredentials = gen.getAllowedCredentials( - new OperationCode[] { OperationCode.PUT }, - new String[] { regionName }, 3); - Properties createJavaProps = cGen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testInvalidAccessor: For first client CREATE credentials: " - + createCredentials); - Properties getCredentials = gen.getAllowedCredentials( - new OperationCode[] { OperationCode.GET }, - new String[] { regionName }, 7); - Properties getJavaProps = cGen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testInvalidAccessor: For second client GET credentials: " - + getCredentials); - client1.invoke(() -> ClientAuthenticationUtils.createCacheClient( authInit, createCredentials, createJavaProps, port1, - port2, 0, Boolean.FALSE, Boolean.FALSE, - Integer.valueOf(SecurityTestUtil.NO_EXCEPTION) )); - client1.invoke(() -> SecurityTestUtil.doPuts( - new Integer(1), new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) )); - client2.invoke(() -> ClientAuthenticationUtils.createCacheClient( authInit, getCredentials, getJavaProps, port1, port2, - 0, Boolean.FALSE, Boolean.FALSE, - Integer.valueOf(SecurityTestUtil.NO_EXCEPTION) )); - client2.invoke(() -> SecurityTestUtil.doPuts( - new Integer(1), new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) )); - - // Now start server2 that has valid accessor - LogWriterUtils.getLogWriter().info("testInvalidAccessor: Using accessor: " + accessor); - serverProps = buildProperties(authenticator, accessor, false, - extraAuthProps, extraAuthzProps); - createServer2(javaProps, serverProps, port2); - server1.invoke(() -> SecurityTestUtil.closeCache()); - - createClient1NoException(createJavaProps, authInit, port1, port2, - createCredentials); - createClient2NoException(getJavaProps, authInit, port1, port2, - getCredentials); - - // Now perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( - new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - - // Verify that the gets succeed - client2.invoke(() -> SecurityTestUtil.doGets( - new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - } + AuthzCredentialGenerator gen = getXmlAuthzGenerator(); + CredentialGenerator cGen = gen.getCredentialGenerator(); + Properties extraAuthProps = cGen.getSystemProperties(); + Properties javaProps = cGen.getJavaProperties(); + Properties extraAuthzProps = gen.getSystemProperties(); + String authenticator = cGen.getAuthenticator(); + String authInit = cGen.getAuthInit(); + String accessor = gen.getAuthorizationCallback(); + + getLogWriter().info("testInvalidAccessor: Using authinit: " + authInit); + getLogWriter().info("testInvalidAccessor: Using authenticator: " + authenticator); + + // Start server1 with invalid accessor + Properties serverProps = buildProperties(authenticator, "com.gemstone.none", false, extraAuthProps, extraAuthzProps); + + int port1 = createServer1(javaProps, serverProps); + int port2 = getRandomAvailablePort(SOCKET); + + // Client creation should throw exceptions + Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 3); + Properties createJavaProps = cGen.getJavaProperties(); + + getLogWriter().info("testInvalidAccessor: For first client CREATE credentials: " + createCredentials); + + Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 7); + Properties getJavaProps = cGen.getJavaProperties(); - protected void createServer2(Properties javaProps, Properties serverProps, - Integer port2) { - server2.invoke(() -> ClientAuthorizationTestBase.createCacheServer( SecurityTestUtil.getLocatorPort(), port2, serverProps, - javaProps )); + getLogWriter().info("testInvalidAccessor: For second client GET credentials: " + getCredentials); + + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient( authInit, createCredentials, createJavaProps, port1, port2, 0, false, false, NO_EXCEPTION)); + client1.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION)); + + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient( authInit, getCredentials, getJavaProps, port1, port2, 0, false, false, NO_EXCEPTION)); + client2.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION)); + + // Now start server2 that has valid accessor + getLogWriter().info("testInvalidAccessor: Using accessor: " + accessor); + serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); + createServer2(javaProps, serverProps, port2); + server1.invoke(() -> closeCache()); + + createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials); + createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); + + // Now perform some put operations from client1 + client1.invoke(() -> doPuts(4, NO_EXCEPTION)); + + // Verify that the gets succeed + client2.invoke(() -> doGets(4, NO_EXCEPTION)); } @Test public void testPutsGetsWithFailover() { - AuthzCredentialGenerator gen = getXmlAuthzGenerator(); - CredentialGenerator cGen = gen.getCredentialGenerator(); - Properties extraAuthProps = cGen.getSystemProperties(); - Properties javaProps = cGen.getJavaProperties(); - Properties extraAuthzProps = gen.getSystemProperties(); - String authenticator = cGen.getAuthenticator(); - String authInit = cGen.getAuthInit(); - String accessor = gen.getAuthorizationCallback(); - - LogWriterUtils.getLogWriter().info( - "testPutsGetsWithFailover: Using authinit: " + authInit); - LogWriterUtils.getLogWriter().info( - "testPutsGetsWithFailover: Using authenticator: " + authenticator); - LogWriterUtils.getLogWriter().info( - "testPutsGetsWithFailover: Using accessor: " + accessor); - - // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, - extraAuthProps, extraAuthzProps); - Integer port1 = createServer1(javaProps, serverProps); - // Get a port for second server but do not start it - // This forces the clients to connect to the first server - Integer port2 = new Integer(AvailablePort - .getRandomAvailablePort(AvailablePort.SOCKET)); - - // Start client1 with valid CREATE credentials - Properties createCredentials = gen.getAllowedCredentials( - new OperationCode[] { OperationCode.PUT }, - new String[] { regionName }, 1); - Properties createJavaProps = cGen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testPutsGetsWithFailover: For first client credentials: " - + createCredentials); - createClient1NoException(createJavaProps, authInit, port1, port2, - createCredentials); - - // Start client2 with valid GET credentials - Properties getCredentials = gen.getAllowedCredentials( - new OperationCode[] { OperationCode.GET }, - new String[] { regionName }, 5); - Properties getJavaProps = cGen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testPutsGetsWithFailover: For second client credentials: " - + getCredentials); - createClient2NoException(getJavaProps, authInit, port1, port2, - getCredentials); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( - new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - // Verify that the puts succeeded - client2.invoke(() -> SecurityTestUtil.doGets( - new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - - createServer2(javaProps, serverProps, port2); - server1.invoke(() -> SecurityTestUtil.closeCache()); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doNPuts( - new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - // Verify that the puts succeeded - client2.invoke(() -> SecurityTestUtil.doNGets( - new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - - // Now re-connect with credentials not allowed to do gets - Properties noGetCredentials = gen.getDisallowedCredentials( - new OperationCode[] { OperationCode.GET }, - new String[] { regionName }, 9); - getJavaProps = cGen.getJavaProperties(); - - LogWriterUtils.getLogWriter().info( - "testPutsGetsWithFailover: For second client disallowed GET credentials: " - + noGetCredentials); - - createClient2NoException(getJavaProps, authInit, port1, port2, - noGetCredentials); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( - new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - // Gets as normal user should throw exception - client2.invoke(() -> SecurityTestUtil.doGets( - new Integer(4), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) )); - - // force a failover and do the drill again - server1.invoke(() -> ClientAuthorizationTestBase.createCacheServer( SecurityTestUtil.getLocatorPort(), port1, serverProps, - javaProps )); - server2.invoke(() -> SecurityTestUtil.closeCache()); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doNPuts( - new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - // Gets as normal user should throw exception - client2.invoke(() -> SecurityTestUtil.doNGets( - new Integer(4), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) )); - - createClient2NoException(getJavaProps, authInit, port1, port2, - getCredentials); - - // Verify that the gets succeed - client2.invoke(() -> SecurityTestUtil.doNGets( - new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) )); - - // Verify that the puts throw exception - client2.invoke(() -> SecurityTestUtil.doPuts( - new Integer(4), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) )); - } + AuthzCredentialGenerator gen = getXmlAuthzGenerator(); + CredentialGenerator cGen = gen.getCredentialGenerator(); + Properties extraAuthProps = cGen.getSystemProperties(); + Properties javaProps = cGen.getJavaProperties(); + Properties extraAuthzProps = gen.getSystemProperties(); + String authenticator = cGen.getAuthenticator(); + String authInit = cGen.getAuthInit(); + String accessor = gen.getAuthorizationCallback(); - @Test - public void testUnregisterInterestWithFailover() throws InterruptedException { + getLogWriter().info("testPutsGetsWithFailover: Using authinit: " + authInit); + getLogWriter().info("testPutsGetsWithFailover: Using authenticator: " + authenticator); + getLogWriter().info("testPutsGetsWithFailover: Using accessor: " + accessor); - OperationWithAction[] unregisterOps = { - // Register interest in all KEYS using one key at a time - new OperationWithAction(OperationCode.REGISTER_INTEREST, - OperationCode.UNREGISTER_INTEREST, 3, OpFlags.NONE, 4), - new OperationWithAction(OperationCode.REGISTER_INTEREST, 2), - // UPDATE and test with GET - new OperationWithAction(OperationCode.PUT), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN - | OpFlags.LOCAL_OP, 4), + // Start servers with all required properties + Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); - // Unregister interest in all KEYS using one key at a time - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, - OpFlags.USE_OLDCONN | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, - OpFlags.USE_OLDCONN, 4), - // UPDATE and test with GET for no updates - new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN - | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN - | OpFlags.LOCAL_OP, 4), + int port1 = createServer1(javaProps, serverProps); - OperationWithAction.OPBLOCK_END, + // Get a port for second server but do not start it. This forces the clients to connect to the first server + int port2 = getRandomAvailablePort(SOCKET); - // Register interest in all KEYS using list - new OperationWithAction(OperationCode.REGISTER_INTEREST, - OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_LIST, 4), - new OperationWithAction(OperationCode.REGISTER_INTEREST, 1, - OpFlags.USE_LIST, 4), - // UPDATE and test with GET - new OperationWithAction(OperationCode.PUT, 2), - new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN - | OpFlags.LOCAL_OP, 4), + // Start client1 with valid CREATE credentials + Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1); + Properties createJavaProps = cGen.getJavaProperties(); - // Unregister interest in all KEYS using list - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, - OpFlags.USE_OLDCONN | OpFlags.USE_LIST | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 1, - OpFlags.USE_OLDCONN | OpFlags.USE_LIST, 4), - // UPDATE and test with GET for no updates - new OperationWithAction(OperationCode.PUT, 2, OpFlags.USE_OLDCONN - | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN - | OpFlags.LOCAL_OP, 4), + getLogWriter().info("testPutsGetsWithFailover: For first client credentials: " + createCredentials); - OperationWithAction.OPBLOCK_END, + createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials); - // Register interest in all KEYS using regular expression - new OperationWithAction(OperationCode.REGISTER_INTEREST, - OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_REGEX, 4), - new OperationWithAction(OperationCode.REGISTER_INTEREST, 2, - OpFlags.USE_REGEX, 4), - // UPDATE and test with GET - new OperationWithAction(OperationCode.PUT), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN - | OpFlags.LOCAL_OP, 4), + // Start client2 with valid GET credentials + Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5); + Properties getJavaProps = cGen.getJavaProperties(); - // Unregister interest in all KEYS using regular expression - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, - OpFlags.USE_OLDCONN | OpFlags.USE_REGEX | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, - OpFlags.USE_OLDCONN | OpFlags.USE_REGEX, 4), - // UPDATE and test with GET for no updates - new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN - | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN - | OpFlags.LOCAL_OP, 4), + getLogWriter().info("testPutsGetsWithFailover: For second client credentials: " + getCredentials); - OperationWithAction.OPBLOCK_END }; + createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(2, NO_EXCEPTION)); + + // Verify that the puts succeeded + client2.invoke(() -> doGets(2, NO_EXCEPTION)); + + createServer2(javaProps, serverProps, port2); + server1.invoke(() -> closeCache()); + + // Perform some put operations from client1 + client1.invoke(() -> doNPuts(4, NO_EXCEPTION)); + + // Verify that the puts succeeded + client2.invoke(() -> doNGets(4, NO_EXCEPTION)); + + // Now re-connect with credentials not allowed to do gets + Properties noGetCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 9); + getJavaProps = cGen.getJavaProperties(); + + getLogWriter().info("testPutsGetsWithFailover: For second client disallowed GET credentials: " + noGetCredentials); + + createClient2NoException(getJavaProps, authInit, port1, port2, noGetCredentials); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(4, NO_EXCEPTION)); + + // Gets as normal user should throw exception + client2.invoke(() -> doGets(4, NOTAUTHZ_EXCEPTION)); + + // force a failover and do the drill again + server1.invoke(() -> ClientAuthorizationTestBase.createCacheServer( getLocatorPort(), port1, serverProps, javaProps )); + server2.invoke(() -> closeCache()); + + // Perform some put operations from client1 + client1.invoke(() -> doNPuts(4, NO_EXCEPTION)); + + // Gets as normal user should throw exception + client2.invoke(() -> doNGets(4, NOTAUTHZ_EXCEPTION)); + + createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials); + + // Verify that the gets succeed + client2.invoke(() -> doNGets(4, NO_EXCEPTION)); + + // Verify that the puts throw exception + client2.invoke(() -> doPuts(4, NOTAUTHZ_EXCEPTION)); + } + + @Test + public void testUnregisterInterestWithFailover() throws InterruptedException { + OperationWithAction[] unregisterOps = unregisterOpsForTestUnregisterInterestWithFailover(); AuthzCredentialGenerator gen = new XmlAuthzCredentialGenerator(); CredentialGenerator cGen = new DummyCredentialGenerator(); @@ -635,48 +347,43 @@ public class ClientAuthorizationDUnitTest extends ClientAuthorizationTestBase { String authInit = cGen.getAuthInit(); String accessor = gen.getAuthorizationCallback(); - LogWriterUtils.getLogWriter().info("testAllOpsWithFailover: Using authinit: " + authInit); - LogWriterUtils.getLogWriter().info( - "testAllOpsWithFailover: Using authenticator: " + authenticator); - LogWriterUtils.getLogWriter().info("testAllOpsWithFailover: Using accessor: " + accessor); + getLogWriter().info("testAllOpsWithFailover: Using authinit: " + authInit); + getLogWriter().info("testAllOpsWithFailover: Using authenticator: " + authenticator); + getLogWriter().info("testAllOpsWithFailover: Using accessor: " + accessor); // Start servers with all required properties - Properties serverProps = buildProperties(authenticator, accessor, false, - extraAuthProps, extraAuthzProps); + Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); + // Get ports for the servers - Integer port1 = new Integer(AvailablePort - .getRandomAvailablePort(AvailablePort.SOCKET)); - Integer port2 = new Integer(AvailablePort - .getRandomAvailablePort(AvailablePort.SOCKET)); + int port1 = getRandomAvailablePort(SOCKET); + int port2 = getRandomAvailablePort(SOCKET); // Perform all the ops on the clients List opBlock = new ArrayList(); for (int opNum = 0; opNum < unregisterOps.length; ++opNum) { - // Start client with valid credentials as specified in - // OperationWithAction + + // Start client with valid credentials as specified in OperationWithAction OperationWithAction currentOp = unregisterOps[opNum]; - if (currentOp.equals(OperationWithAction.OPBLOCK_END) - || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) { - // End of current operation block; execute all the operations - // on the servers with/without failover + if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) { + + // End of current operation block; execute all the operations on the servers with/without failover if (opBlock.size() > 0) { // Start the first server and execute the operation block - server1.invoke(() -> ClientAuthorizationTestBase.createCacheServer( - SecurityTestUtil.getLocatorPort(), port1, serverProps, - javaProps )); - server2.invoke(() -> SecurityTestUtil.closeCache()); - executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, - extraAuthzProps, javaProps); + server1.invoke(() -> ClientAuthorizationTestBase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps)); + server2.invoke(() -> closeCache()); + + executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, javaProps); + if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) { createServer2(javaProps, serverProps, port2); - server1.invoke(() -> SecurityTestUtil.closeCache()); - executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, - extraAuthzProps, javaProps); + server1.invoke(() -> closeCache()); + + executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, javaProps); } opBlock.clear(); } - } - else { + + } else { currentOp.setOpNum(opNum); opBlock.add(currentOp); } @@ -685,104 +392,255 @@ public class ClientAuthorizationDUnitTest extends ClientAuthorizationTestBase { @Test public void testAllOpsWithFailover() throws InterruptedException { - IgnoredException.addIgnoredException("Read timed out"); + addIgnoredException("Read timed out"); + runOpsWithFailover(allOpsForAllOpsWithFailover(), "testAllOpsWithFailover"); + } + + private OperationWithAction[] unregisterOpsForTestUnregisterInterestWithFailover() { + return new OperationWithAction[] { + // Register interest in all KEYS using one key at a time + new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.NONE, 4), + new OperationWithAction(OperationCode.REGISTER_INTEREST, 2), + // UPDATE and test with GET + new OperationWithAction(OperationCode.PUT), + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), + + // Unregister interest in all KEYS using one key at a time + new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN, 4), + // UPDATE and test with GET for no updates + new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), + + OperationWithAction.OPBLOCK_END, - OperationWithAction[] allOps = { + // Register interest in all KEYS using list + new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_LIST, 4), + new OperationWithAction(OperationCode.REGISTER_INTEREST, 1, OpFlags.USE_LIST, 4), + // UPDATE and test with GET + new OperationWithAction(OperationCode.PUT, 2), + new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), + + // Unregister interest in all KEYS using list + new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.USE_LIST | OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 1, OpFlags.USE_OLDCONN | OpFlags.USE_LIST, 4), + // UPDATE and test with GET for no updates + new OperationWithAction(OperationCode.PUT, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), + new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), + + OperationWithAction.OPBLOCK_END, + + // Register interest in all KEYS using regular expression + new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_REGEX, 4), + new OperationWithAction(OperationCode.REGISTER_INTEREST, 2, OpFlags.USE_REGEX, 4), + // UPDATE and test with GET + new OperationWithAction(OperationCode.PUT), + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), + + // Unregister interest in all KEYS using regular expression + new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.USE_REGEX | OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN | OpFlags.USE_REGEX, 4), + // UPDATE and test with GET for no updates + new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), + + OperationWithAction.OPBLOCK_END + }; + } + + private OperationWithAction[] allOpsForAllOpsWithFailover() { + return new OperationWithAction[] { // Test CREATE and verify with a GET new OperationWithAction(OperationCode.PUT, 3, OpFlags.CHECK_NOTAUTHZ, 4), new OperationWithAction(OperationCode.PUT), - new OperationWithAction(OperationCode.GET, 3, OpFlags.CHECK_NOKEY - | OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.GET, 3, OpFlags.CHECK_NOKEY | OpFlags.CHECK_NOTAUTHZ, 4), new OperationWithAction(OperationCode.GET, 2, OpFlags.CHECK_NOKEY, 4), - // OPBLOCK_END indicates end of an operation block; the above block of - // three operations will be first executed on server1 and then on - // server2 after failover + // OPBLOCK_END indicates end of an operation block; the above block of three operations will be first executed on server1 and then on server2 after failover OperationWithAction.OPBLOCK_END, // Test PUTALL and verify with GETs - new OperationWithAction(OperationCode.PUTALL, 3, OpFlags.USE_NEWVAL - | OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.PUTALL, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4), new OperationWithAction(OperationCode.PUTALL, 1, OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN - | OpFlags.USE_NEWVAL, 4), + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), OperationWithAction.OPBLOCK_END, - + // Test UPDATE and verify with a GET - new OperationWithAction(OperationCode.PUT, 3, OpFlags.USE_NEWVAL - | OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.PUT, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4), new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN - | OpFlags.USE_NEWVAL, 4), + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), OperationWithAction.OPBLOCK_END, // Test DESTROY and verify with a GET and that key should not exist - new OperationWithAction(OperationCode.DESTROY, 3, OpFlags.USE_NEWVAL - | OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.DESTROY, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4), new OperationWithAction(OperationCode.DESTROY), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN - | OpFlags.CHECK_FAIL, 4), // bruce: added check_nokey because we now bring tombstones to the client in 8.0 + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4), // bruce: added check_nokey because we now bring tombstones to the client in 8.0 // Repopulate the region new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4), OperationWithAction.OPBLOCK_END, // Check CONTAINS_KEY - new OperationWithAction(OperationCode.CONTAINS_KEY, 3, - OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.CONTAINS_KEY, 3, OpFlags.CHECK_NOTAUTHZ, 4), new OperationWithAction(OperationCode.CONTAINS_KEY), // Destroy the KEYS and check for failure in CONTAINS_KEY new OperationWithAction(OperationCode.DESTROY, 2), - new OperationWithAction(OperationCode.CONTAINS_KEY, 3, - OpFlags.CHECK_FAIL | OpFlags.CHECK_NOTAUTHZ, 4), - new OperationWithAction(OperationCode.CONTAINS_KEY, 1, - OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4), + new OperationWithAction(OperationCode.CONTAINS_KEY, 3, OpFlags.CHECK_FAIL | OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.CONTAINS_KEY, 1, OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4), // Repopulate the region new OperationWithAction(OperationCode.PUT), OperationWithAction.OPBLOCK_END, // Check KEY_SET - new OperationWithAction(OperationCode.KEY_SET, 3, - OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.KEY_SET, 3, OpFlags.CHECK_NOTAUTHZ, 4), new OperationWithAction(OperationCode.KEY_SET, 2), OperationWithAction.OPBLOCK_END, // Check QUERY - new OperationWithAction(OperationCode.QUERY, 3, OpFlags.CHECK_NOTAUTHZ, - 4), + new OperationWithAction(OperationCode.QUERY, 3, OpFlags.CHECK_NOTAUTHZ, 4), new OperationWithAction(OperationCode.QUERY), OperationWithAction.OPBLOCK_END, // Register interest in all KEYS using one key at a time - new OperationWithAction(OperationCode.REGISTER_INTEREST, 3, - OpFlags.CHECK_NOTAUTHZ, 4), + new OperationWithAction(OperationCode.REGISTER_INTEREST, 3, OpFlags.CHECK_NOTAUTHZ, 4), new OperationWithAction(OperationCode.REGISTER_INTEREST, 2), // UPDATE and test with GET new OperationWithAction(OperationCode.PUT), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN - | OpFlags.LOCAL_OP, 4), + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), // Unregister interest in all KEYS using one key at a time - new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, - OpFlags.USE_OLDCONN, 4), + new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN, 4), // UPDATE and test with GET for no updates - new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN - | OpFlags.USE_NEWVAL, 4), - new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN - | OpFlags.LOCAL_OP, 4), + new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4), + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4), OperationWithAction.OPBLOCK_END, // Test GET_ENTRY inside a TX, see #49951 - new OperationWithAction(OperationCode.GET, 2, - OpFlags.USE_GET_ENTRY_IN_TX | OpFlags.CHECK_FAIL, 4), + new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_GET_ENTRY_IN_TX | OpFlags.CHECK_FAIL, 4), OperationWithAction.OPBLOCK_END }; + } + + private Properties getUserPassword(final String userName) { + Properties props = new Properties(); + props.setProperty(UserPasswordAuthInit.USER_NAME, userName); + props.setProperty(UserPasswordAuthInit.PASSWORD, userName); + return props; + } + + private void executeRIOpBlock(final List opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final Properties javaProps) throws InterruptedException { + for (Iterator opIter = opBlock.iterator(); opIter.hasNext();) { + // Start client with valid credentials as specified in OperationWithAction + OperationWithAction currentOp = (OperationWithAction)opIter.next(); + OperationCode opCode = currentOp.getOperationCode(); + int opFlags = currentOp.getFlags(); + int clientNum = currentOp.getClientNum(); + VM clientVM = null; + boolean useThisVM = false; + + switch (clientNum) { + case 1: + clientVM = client1; + break; + case 2: + clientVM = client2; + break; + case 3: + useThisVM = true; + break; + default: + fail("executeRIOpBlock: Unknown client number " + clientNum); + break; + } + + getLogWriter().info( "executeRIOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp); + if ((opFlags & OpFlags.USE_OLDCONN) == 0) { + Properties opCredentials = null; + String currentRegionName = '/' + regionName; + if ((opFlags & OpFlags.USE_SUBREGION) > 0) { + currentRegionName += ('/' + subregionName); + } + String credentialsTypeStr; + OperationCode authOpCode = currentOp.getAuthzOperationCode(); + + if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0 || !authOpCode.equals(opCode)) { + credentialsTypeStr = " unauthorized " + authOpCode; + if (authOpCode.isRegisterInterest()) { + opCredentials = getUserPassword("reader7"); + } else if (authOpCode.isUnregisterInterest()) { + opCredentials = getUserPassword("reader6"); + } else { + fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr); + } + + } else { + credentialsTypeStr = " authorized " + authOpCode; + if (authOpCode.isRegisterInterest() || authOpCode.isUnregisterInterest()) { + opCredentials = getUserPassword("reader5"); + } else if (authOpCode.isPut()) { + opCredentials = getUserPassword("writer1"); + } else if (authOpCode.isGet()) { + opCredentials = getUserPassword("reader1"); + } else { + fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr); + } + } + + Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps }); + + // Start the client with valid credentials but allowed or disallowed to perform an operation + getLogWriter().info("executeRIOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials); + if (useThisVM) { + createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION); + } else { + clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION)); + } + + } + + int expectedResult; + if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) { + expectedResult = NOTAUTHZ_EXCEPTION; + } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) { + expectedResult = OTHER_EXCEPTION; + } else { + expectedResult = NO_EXCEPTION; + } + + // Perform the operation from selected client + if (useThisVM) { + doOp(new Byte(opCode.toOrdinal()), currentOp.getIndices(), opFlags, expectedResult); + + } else { + byte ordinal = opCode.toOrdinal(); + int[] indices = currentOp.getIndices(); + clientVM.invoke(() -> ClientAuthorizationTestBase.doOp(ordinal, indices, opFlags, expectedResult)); + } + } + } + + private void createClient2NoException(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties getCredentials) { + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, getCredentials, javaProps, port1, port2, 0, NO_EXCEPTION)); + } + + private void createClient1NoException(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties createCredentials) { + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, createCredentials, javaProps, port1, port2, 0, NO_EXCEPTION)); + } + + private int createServer2(final Properties javaProps, final Properties serverProps) { + return server2.invoke(() -> ClientAuthorizationTestBase.createCacheServer(getLocatorPort(), serverProps, javaProps)); + } + + private int createServer1(final Properties javaProps, final Properties serverProps) { + return server1.invoke(() -> ClientAuthorizationTestBase.createCacheServer(getLocatorPort(), serverProps, javaProps)); + } - runOpsWithFailover(allOps, "testAllOpsWithFailover"); + private void createServer2(Properties javaProps, Properties serverProps, int port2) { + server2.invoke(() -> ClientAuthorizationTestBase.createCacheServer(getLocatorPort(), port2, serverProps, javaProps)); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c5bc82d4/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java index c67a823..0f32306 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java @@ -18,6 +18,7 @@ */ package com.gemstone.gemfire.security; +import static com.gemstone.gemfire.internal.AvailablePort.*; import static com.gemstone.gemfire.security.SecurityTestUtil.*; import static com.gemstone.gemfire.test.dunit.Assert.*; import static com.gemstone.gemfire.test.dunit.Host.*; @@ -53,7 +54,6 @@ import com.gemstone.gemfire.cache.query.QueryService; import com.gemstone.gemfire.cache.query.SelectResults; import com.gemstone.gemfire.cache.query.Struct; import com.gemstone.gemfire.distributed.internal.DistributionConfig; -import com.gemstone.gemfire.internal.AvailablePort; import com.gemstone.gemfire.internal.AvailablePort.Keeper; import com.gemstone.gemfire.internal.cache.AbstractRegionEntry; import com.gemstone.gemfire.internal.cache.LocalRegion; @@ -199,14 +199,14 @@ public class ClientAuthorizationTestBase extends JUnit4DistributedTestCase { protected static Integer createCacheServer(int locatorPort, Properties authProps, Properties javaProps) { if (locatorPort == 0) { - locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); + locatorPort = getRandomAvailablePort(SOCKET); } return SecurityTestUtil.createCacheServer(authProps, javaProps, locatorPort, null, 0, true, NO_EXCEPTION); } protected static int createCacheServer(int locatorPort, int serverPort, Properties authProps, Properties javaProps) { if (locatorPort == 0) { - locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); + locatorPort = getRandomAvailablePort(SOCKET); } return SecurityTestUtil.createCacheServer(authProps, javaProps, locatorPort, null, serverPort, true, NO_EXCEPTION); } @@ -839,10 +839,10 @@ public class ClientAuthorizationTestBase extends JUnit4DistributedTestCase { Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps); // Get ports for the servers - Keeper locator1PortKeeper = AvailablePort.getRandomAvailablePortKeeper(AvailablePort.SOCKET); - Keeper locator2PortKeeper = AvailablePort.getRandomAvailablePortKeeper(AvailablePort.SOCKET); - Keeper port1Keeper = AvailablePort.getRandomAvailablePortKeeper(AvailablePort.SOCKET); - Keeper port2Keeper = AvailablePort.getRandomAvailablePortKeeper(AvailablePort.SOCKET); + Keeper locator1PortKeeper = getRandomAvailablePortKeeper(SOCKET); + Keeper locator2PortKeeper = getRandomAvailablePortKeeper(SOCKET); + Keeper port1Keeper = getRandomAvailablePortKeeper(SOCKET); + Keeper port2Keeper = getRandomAvailablePortKeeper(SOCKET); int locator1Port = locator1PortKeeper.getPort(); int locator2Port = locator2PortKeeper.getPort(); int port1 = port1Keeper.getPort();