geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kl...@apache.org
Subject [12/19] incubator-geode git commit: GEODE-17: make geode authorization case-sensitive since our region names are case sensitive
Date Wed, 18 May 2016 17:04:52 GMT
GEODE-17: make geode authorization case-sensitive since our region names are case sensitive

* Specify case sensitive when creating the permission context
* Specify case sensitive when resolving the permission from shiro-ini file
* rename shiro-init to security-shiro-init since it's security related in DistributionConfig
* For DATA operations, a "NULL" regionName is used when regionName couldn't be resolved yet.
Since for permissions,
  DATA:READ is different from DATA:READ:NULL


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/1179c08e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/1179c08e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/1179c08e

Branch: refs/heads/feature/GEODE-1392
Commit: 1179c08eb4f9d1fe1c1ffea337a34a0f1c6c89c7
Parents: 758643c
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Fri May 13 14:04:10 2016 -0700
Committer: Kirk Lund <klund@apache.org>
Committed: Wed May 18 10:04:25 2016 -0700

----------------------------------------------------------------------
 .../cache/operations/OperationContext.java      | 10 ++++-
 .../internal/AbstractDistributionConfig.java    |  2 +-
 .../internal/DistributionConfig.java            | 26 ++++++++-----
 .../gemfire/internal/AbstractConfig.java        |  2 +-
 .../internal/security/GeodeSecurityUtil.java    | 41 ++++++++++++++++++++
 .../security/shiro/GeodePermissionResolver.java | 28 +++++++++++++
 .../internal/SystemManagementService.java       | 29 ++------------
 .../security/ResourceOperationContext.java      | 10 ++++-
 .../CacheServerMBeanShiroJUnitTest.java         |  2 +-
 .../security/DataCommandsSecurityTest.java      |  4 +-
 .../GeodeSecurityUtilCustomRealmJUnitTest.java  | 18 ++-------
 .../GeodeSecurityUtilWithIniFileJUnitTest.java  | 15 ++++---
 .../security/GfshCommandsSecurityTest.java      |  2 +-
 .../ResourceOperationContextJUnitTest.java      | 11 ++++--
 .../internal/security/ShiroCacheStartRule.java  |  2 +-
 .../internal/security/TestCommand.java          | 16 ++++----
 16 files changed, 140 insertions(+), 78 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
index dec716c..b81016d 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
@@ -304,7 +304,7 @@ public abstract class OperationContext extends WildcardPermission{
   }
 
   public String getRegionName(){
-    return "NULL";
+    return null;
   }
 
   /**
@@ -358,4 +358,12 @@ public abstract class OperationContext extends WildcardPermission{
         || opCode.isRegionDestroy() || opCode.isRegionClear());
   }
 
+  @Override
+  public String toString(){
+    if(getRegionName()==null)
+      return getResource()+":"+getOperationCode();
+    else
+      return getResource()+":"+getOperationCode()+":"+getRegionName();
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
index d38e1a9..17e7c2b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
@@ -1125,7 +1125,7 @@ public abstract class AbstractDistributionConfig
     m.put(LOCK_MEMORY_NAME, LocalizedStrings.AbstractDistributionConfig_LOCK_MEMORY.toLocalizedString(DEFAULT_LOCK_MEMORY));
     m.put(DISTRIBUTED_TRANSACTIONS_NAME, "Flag to indicate whether all transactions including
JTA should be distributed transactions.  Default is false, meaning colocated transactions.");
 
-    m.put(SHIRO_INIT_NAME, "The name of the shiro configuration file in the classpath, e.g.
shiro.ini");
+    m.put(SECURITY_SHIRO_INIT_NAME, "The name of the shiro configuration file in the classpath,
e.g. shiro.ini");
 
     dcAttDescriptions = Collections.unmodifiableMap(m);
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
index c0e560c..36ef671 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
@@ -17,6 +17,17 @@
 
 package com.gemstone.gemfire.distributed.internal;
 
+import java.io.File;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
 import com.gemstone.gemfire.distributed.DistributedSystem;
 import com.gemstone.gemfire.internal.Config;
 import com.gemstone.gemfire.internal.ConfigSource;
@@ -25,12 +36,6 @@ import com.gemstone.gemfire.internal.logging.LogConfig;
 import com.gemstone.gemfire.internal.tcp.Connection;
 import com.gemstone.gemfire.memcached.GemFireMemcachedServer;
 
-import java.io.File;
-import java.lang.reflect.Field;
-import java.lang.reflect.Method;
-import java.net.InetAddress;
-import java.util.*;
-
 /**
  * Provides accessor (and in some cases mutator) methods for the
  * various GemFire distribution configuration properties.  The
@@ -47,7 +52,8 @@ import java.util.*;
  *
  * @since 2.1
  */
-public interface DistributionConfig extends Config, LogConfig {
+public interface
+DistributionConfig extends Config, LogConfig {
 
   ////////////////////  Instance Methods  ////////////////////
 
@@ -3739,11 +3745,11 @@ public interface DistributionConfig extends Config, LogConfig {
   public void setLockMemory(boolean value);
 
   @ConfigAttribute(type=String.class)
-  public String SHIRO_INIT_NAME="shiro-init";
+  public String SECURITY_SHIRO_INIT_NAME ="security-shiro-init";
 
-  @ConfigAttributeSetter(name=SHIRO_INIT_NAME)
+  @ConfigAttributeSetter(name= SECURITY_SHIRO_INIT_NAME)
   public void setShiroInit(String value);
-  @ConfigAttributeGetter(name=SHIRO_INIT_NAME)
+  @ConfigAttributeGetter(name= SECURITY_SHIRO_INIT_NAME)
   public String getShiroInit();
 
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/main/java/com/gemstone/gemfire/internal/AbstractConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/AbstractConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/AbstractConfig.java
index a4c2f2f..93cb9b2 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/AbstractConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/AbstractConfig.java
@@ -172,7 +172,7 @@ public abstract class AbstractConfig implements Config {
         }
       }
       // hide the shiro-init configuration for now. Remove after we can allow customer to
specify shiro.ini file
-      if(attName.equals("shiro-init")){
+      if(attName.equals(DistributionConfig.SECURITY_SHIRO_INIT_NAME)){
         continue;
       }
       pw.print(attName);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 6e10f3f..236b00b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -18,13 +18,16 @@
 package com.gemstone.gemfire.internal.security;
 
 import java.security.AccessController;
+import java.util.Properties;
 import java.util.Set;
 import java.util.concurrent.Callable;
 
 import com.gemstone.gemfire.cache.operations.OperationContext;
 import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
 import com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
 import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
 import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal;
 import com.gemstone.gemfire.management.internal.security.ResourceOperation;
 import com.gemstone.gemfire.management.internal.security.ResourceOperationContext;
@@ -37,6 +40,11 @@ import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.ShiroException;
 import org.apache.shiro.UnavailableSecurityManagerException;
 import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.config.Ini.Section;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.realm.Realm;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
 
@@ -211,4 +219,37 @@ public class GeodeSecurityUtil {
     return true;
   }
 
+  /**
+   * initialize Shiro's Security Manager and Security Utilities
+   * @param securityProps
+   */
+  public static void initSecurity(Properties securityProps){
+    if(securityProps==null)
+      return;
+
+    String shiroConfig = securityProps.getProperty(DistributionConfig.SECURITY_SHIRO_INIT_NAME);
+    String customAuthenticator =securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME);
+    if (!com.gemstone.gemfire.internal.lang.StringUtils.isBlank(shiroConfig)) {
+      IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:"+shiroConfig);
+
+      // we will need to make sure that shiro uses a case sensitive permission resolver
+      Section main = factory.getIni().addSection("main");
+      main.put("geodePermissionResolver", "com.gemstone.gemfire.internal.security.shiro.GeodePermissionResolver");
+      if(!main.containsKey("iniRealm.permissionResolver")) {
+        main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
+      }
+
+      SecurityManager securityManager = factory.getInstance();
+      SecurityUtils.setSecurityManager(securityManager);
+    }
+    else if (!com.gemstone.gemfire.internal.lang.StringUtils.isBlank(customAuthenticator))
{
+      Realm realm = new CustomAuthRealm(securityProps);
+      SecurityManager securityManager = new DefaultSecurityManager(realm);
+      SecurityUtils.setSecurityManager(securityManager);
+    }
+    else{
+      SecurityUtils.setSecurityManager(null);
+    }
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/GeodePermissionResolver.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/GeodePermissionResolver.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/GeodePermissionResolver.java
new file mode 100644
index 0000000..d170756
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/GeodePermissionResolver.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.internal.security.shiro;
+
+import org.apache.shiro.authz.Permission;
+import org.apache.shiro.authz.permission.PermissionResolver;
+import org.apache.shiro.authz.permission.WildcardPermission;
+
+public class GeodePermissionResolver implements PermissionResolver {
+  @Override public Permission resolvePermission(final String permissionString) {
+    return new WildcardPermission(permissionString, true);
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
index fd2a834..b773b94 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
@@ -28,14 +28,13 @@ import com.gemstone.gemfire.cache.Cache;
 import com.gemstone.gemfire.cache.execute.FunctionService;
 import com.gemstone.gemfire.distributed.DistributedMember;
 import com.gemstone.gemfire.distributed.DistributedSystemDisconnectedException;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
 import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
 import com.gemstone.gemfire.distributed.internal.ResourceEvent;
 import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
 import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
 import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
-import com.gemstone.gemfire.internal.lang.StringUtils;
 import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 import com.gemstone.gemfire.management.AlreadyRunningException;
 import com.gemstone.gemfire.management.AsyncEventQueueMXBean;
 import com.gemstone.gemfire.management.CacheServerMXBean;
@@ -54,13 +53,8 @@ import com.gemstone.gemfire.management.RegionMXBean;
 import com.gemstone.gemfire.management.internal.beans.ManagementAdapter;
 import com.gemstone.gemfire.management.membership.MembershipEvent;
 import com.gemstone.gemfire.management.membership.MembershipListener;
-import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
+
 import org.apache.logging.log4j.Logger;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.config.IniSecurityManagerFactory;
-import org.apache.shiro.mgt.DefaultSecurityManager;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.realm.Realm;
 import org.apache.shiro.util.ThreadContext;
 
 /**
@@ -157,24 +151,7 @@ public final class SystemManagementService extends BaseManagementService
{
     this.jmxAdapter = new MBeanJMXAdapter();      
     this.repo = new ManagementResourceRepo();
 
-    DistributionConfig config = system.getConfig();
-
-    // setup shiro for authentication and authorization if it's desired
-    String shiroConfig = config.getShiroInit();
-    String customAuthenticator = config.getSecurityClientAuthenticator();
-    if (!StringUtils.isBlank(shiroConfig)) {
-      IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:"+shiroConfig);
-      SecurityManager securityManager = factory.getInstance();
-      SecurityUtils.setSecurityManager(securityManager);
-    }
-    else if (!StringUtils.isBlank(customAuthenticator)) {
-      Realm realm = new CustomAuthRealm(config.getSecurityProps());
-      SecurityManager securityManager = new DefaultSecurityManager(realm);
-      SecurityUtils.setSecurityManager(securityManager);
-    }
-    else{
-      SecurityUtils.setSecurityManager(null);
-    }
+    GeodeSecurityUtil.initSecurity(system.getConfig().getSecurityProps());
 
     this.notificationHub = new NotificationHub(repo);
     if (system.getConfig().getJmxManager()) {

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
index 2e46104..ab49270 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
@@ -43,7 +43,15 @@ public class ResourceOperationContext extends OperationContext {
     if (operation != null) this.operation = OperationCode.valueOf(operation);
     if (regionName !=null ) this.regionName = regionName;
 
-    setParts(this.resource.name()+":"+this.operation.name()+":"+this.regionName);
+    //for DATA resource, when we construct the lock to guard the operations, there should
always be a 3rd part (regionName),
+    // if no regionName is specified, we need to add "NULL" to it.
+    // this means, for general data operations, or operations that we can't put a regionName
on yet, like backup diskstore, query data, create regions
+    // it will require DATA:REAT/WRITE:NULL role
+    if(this.resource==Resource.DATA && this.regionName==null){
+      this.regionName = "NULL";
+    }
+
+    setParts(this.resource.name()+":"+this.operation.name()+":"+this.regionName, true);
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
index 85a55a7..1c8586f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
@@ -83,7 +83,7 @@ public class CacheServerMBeanShiroJUnitTest {
 
   @Test
   @JMXConnectionConfiguration(user = "dataReader", password = "12345")
-  public void testDataRead() throws Exception{
+  public void ztestDataRead() throws Exception{
     assertThatThrownBy(() -> bean.removeIndex("foo")).hasMessageContaining(TestCommand.dataManage.toString());
     assertThatThrownBy(() -> bean.fetchLoadProbe()).hasMessageContaining(TestCommand.clusterRead.toString());
     assertThatThrownBy(() -> bean.getActiveCQCount()).hasMessageContaining(TestCommand.clusterRead.toString());

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
index 97260d8..9c9b4fc 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
@@ -74,10 +74,10 @@ public class DataCommandsSecurityTest {
     assertThatThrownBy(() -> bean.processCommand("import data --region=region2 --file=foo.txt
--member=value")).isInstanceOf(GemFireSecurityException.class);
 
     assertThatThrownBy(() -> bean.processCommand("put --key=key1 --value=value1 --region=region2")).isInstanceOf(GemFireSecurityException.class)
-        .hasMessageContaining("[data]:[write]:[region2]");
+        .hasMessageContaining("DATA:WRITE:region2");
 
     assertThatThrownBy(() -> bean.processCommand("get --key=key1 --region=region2")).isInstanceOf(GemFireSecurityException.class)
-        .hasMessageContaining("[data]:[read]:[region2]");
+        .hasMessageContaining("DATA:READ:region2");
     }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
index 0bf3cab..52f37e6 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
@@ -17,16 +17,10 @@
 
 package com.gemstone.gemfire.management.internal.security;
 
-import java.util.Properties;
-
 import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 import com.gemstone.gemfire.test.junit.categories.UnitTest;
 
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.mgt.DefaultSecurityManager;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.realm.Realm;
 import org.junit.BeforeClass;
 import org.junit.experimental.categories.Category;
 
@@ -39,14 +33,10 @@ import org.junit.experimental.categories.Category;
 public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWithIniFileJUnitTest
{
   @BeforeClass
   public static void beforeClass() throws Exception{
-    Properties properties = new Properties();
-    properties.put(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, JSONAuthorization.class.getName()
+ ".create");
-    properties.put(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME, JSONAuthorization.class.getName()
+ ".create");
+    props.put(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, JSONAuthorization.class.getName()
+ ".create");
+    props.put(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME, JSONAuthorization.class.getName()
+ ".create");
     JSONAuthorization.setUpWithJsonFile("shiro-ini.json");
-
-    Realm realm = new CustomAuthRealm(properties);
-    SecurityManager securityManager = new DefaultSecurityManager(realm);
-    SecurityUtils.setSecurityManager(securityManager);
+    GeodeSecurityUtil.initSecurity(props);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
index fe80180..63bf447 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
@@ -19,14 +19,14 @@ package com.gemstone.gemfire.management.internal.security;
 
 import static org.assertj.core.api.Assertions.*;
 
+import java.util.Properties;
+
 import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
 import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.security.GemFireSecurityException;
 import com.gemstone.gemfire.test.junit.categories.UnitTest;
 
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.config.IniSecurityManagerFactory;
-import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.util.ThreadContext;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
@@ -39,12 +39,11 @@ import org.junit.experimental.categories.Category;
  */
 @Category(UnitTest.class)
 public class GeodeSecurityUtilWithIniFileJUnitTest {
+  protected static Properties props = new Properties();
   @BeforeClass
   public static void beforeClass() throws Exception{
-    ThreadContext.remove();
-    IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
-    SecurityManager securityManager = factory.getInstance();
-    SecurityUtils.setSecurityManager(securityManager);
+    props.setProperty(DistributionConfig.SECURITY_SHIRO_INIT_NAME, "shiro.ini");
+    GeodeSecurityUtil.initSecurity(props);
   }
 
   @AfterClass

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
index 8eaaf6a..377ab77 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
@@ -112,7 +112,7 @@ public class GfshCommandsSecurityTest {
 
 
   private void runCommandsWithAndWithout(String permission) throws Exception{
-    List<TestCommand> permitted = TestCommand.getPermittedCommands(new WildcardPermission(permission));
+    List<TestCommand> permitted = TestCommand.getPermittedCommands(new WildcardPermission(permission,
true));
     for(TestCommand clusterRead:permitted) {
       LogService.getLogger().info("Processing authorized command: "+clusterRead.getCommand());gfsh.executeCommand(clusterRead.getCommand());
       CommandResult result = (CommandResult) gfsh.getResult();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
index 9e2e41a..ec89aaa 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
@@ -61,6 +61,11 @@ public class ResourceOperationContextJUnitTest {
     context = new ResourceOperationContext("DATA", null, null);
     assertEquals(Resource.DATA, context.getResource());
     assertEquals(OperationCode.NULL, context.getOperationCode());
+    assertEquals("NULL", context.getRegionName());
+
+    context = new ResourceOperationContext("CLUSTER", null, null);
+    assertEquals(Resource.CLUSTER, context.getResource());
+    assertEquals(OperationCode.NULL, context.getOperationCode());
     assertEquals(null, context.getRegionName());
 
     context = new ResourceOperationContext(null, "MANAGE", "REGIONA");
@@ -77,12 +82,12 @@ public class ResourceOperationContextJUnitTest {
   @Test
   public void testToString(){
     context = new ResourceOperationContext();
-    assertEquals("[null]:[null]:[null]", context.toString());
+    assertEquals("NULL:NULL", context.toString());
 
     context = new ResourceOperationContext("DATA", "MANAGE");
-    assertEquals("[data]:[manage]:[null]", context.toString());
+    assertEquals("DATA:MANAGE:NULL", context.toString());
 
     context = new ResourceOperationContext("DATA", "MANAGE", "REGIONA");
-    assertEquals("[data]:[manage]:[regiona]", context.toString());
+    assertEquals("DATA:MANAGE:REGIONA", context.toString());
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShiroCacheStartRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShiroCacheStartRule.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShiroCacheStartRule.java
index 7d683f3..f4c2e06 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShiroCacheStartRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShiroCacheStartRule.java
@@ -43,7 +43,7 @@ public class ShiroCacheStartRule extends ExternalResource {
     properties.put(DistributionConfig.JMX_MANAGER_START_NAME, "true");
     properties.put(DistributionConfig.JMX_MANAGER_PORT_NAME, String.valueOf(jmxManagerPort));
     properties.put(DistributionConfig.HTTP_SERVICE_PORT_NAME, "0");
-    properties.put(DistributionConfig.SHIRO_INIT_NAME, shiroFile);
+    properties.put(DistributionConfig.SECURITY_SHIRO_INIT_NAME, shiroFile);
 
     cache = new CacheFactory(properties).create();
     cache.addCacheServer().start();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1179c08e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
index 56eeeec..667330c 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
@@ -96,14 +96,14 @@ public class TestCommand {
     createTestCommand("destroy region --name=value", dataManage);
 
     //Data Commands
-    createTestCommand("rebalance --include-region=regionA", dataManage);
-    createTestCommand("export data --region=regionA --file=export.txt --member=exportMember",
regionARead);
-    createTestCommand("import data --region=regionA --file=import.txt --member=importMember",
regionAWrite);
-    createTestCommand("put --key=key1 --value=value1 --region=regionA", regionAWrite);
-    createTestCommand("get --key=key1 --region=regionA", regionARead);
-    createTestCommand("remove --region=regionA", dataManage);
-    createTestCommand("query --query='SELECT * FROM /region1'", dataRead);
-    createTestCommand("locate entry --key=k1 --region=regionA", regionARead);
+    createTestCommand("rebalance --include-region=RegionA", dataManage);
+    createTestCommand("export data --region=RegionA --file=export.txt --member=exportMember",
regionARead);
+    createTestCommand("import data --region=RegionA --file=import.txt --member=importMember",
regionAWrite);
+    createTestCommand("put --key=key1 --value=value1 --region=RegionA", regionAWrite);
+    createTestCommand("get --key=key1 --region=RegionA", regionARead);
+    createTestCommand("remove --region=RegionA", dataManage);
+    createTestCommand("query --query='SELECT * FROM /RegionA'", dataRead);
+    createTestCommand("locate entry --key=k1 --region=RegionA", regionARead);
 
     // Deploy commands
     //createTestCommand("deploy --jar=group1_functions.jar --group=Group1", dataManage);
// TODO: this command will fail in GfshCommandsSecurityTest at interceptor for jar file checking


Mime
View raw message