geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jinmeil...@apache.org
Subject incubator-geode git commit: GEODE-17 - use null instead of "NULL" for regionName
Date Tue, 03 May 2016 17:14:16 GMT
Repository: incubator-geode
Updated Branches:
  refs/heads/develop 51e4e71ef -> b8fc3c706


GEODE-17 - use null instead of "NULL" for regionName

* create an example JSONAuthorization that initialize with a default security.json file.


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/b8fc3c70
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/b8fc3c70
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/b8fc3c70

Branch: refs/heads/develop
Commit: b8fc3c706ef672c48a04f7c6ec4bf593414c6494
Parents: 51e4e71
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Mon May 2 07:26:27 2016 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Tue May 3 07:55:25 2016 -0700

----------------------------------------------------------------------
 .../security/ResourceOperationContext.java      |   9 +-
 .../security/ExampleJSONAuthorization.java      | 197 +++++++++++++++++++
 .../internal/security/JSONAuthorization.java    |   5 +-
 .../ResourceOperationContextJUnitTest.java      |   8 +-
 4 files changed, 203 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/b8fc3c70/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
index 7f6f72e..2e46104 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
@@ -18,8 +18,6 @@ package com.gemstone.gemfire.management.internal.security;
 
 import com.gemstone.gemfire.cache.operations.OperationContext;
 
-import org.apache.shiro.authz.Permission;
-
 /**
  * This is base class for OperationContext for resource (JMX and CLI) operations
  */
@@ -30,7 +28,7 @@ public class ResourceOperationContext extends OperationContext {
   private Resource resource = Resource.NULL;
   private OperationCode operation = OperationCode.NULL;
 
-  private String regionName = "NULL";
+  private String regionName = null;
 
   public ResourceOperationContext() {
     this(null, null, null);
@@ -81,9 +79,4 @@ public class ResourceOperationContext extends OperationContext {
   public Object getOperationResult() {
     return this.opResult;
   }
-
-  @Override
-  public boolean implies(Permission p){
-    return super.implies(p);
-  }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/b8fc3c70/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ExampleJSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ExampleJSONAuthorization.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ExampleJSONAuthorization.java
new file mode 100644
index 0000000..f34be0b
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ExampleJSONAuthorization.java
@@ -0,0 +1,197 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import javax.management.remote.JMXPrincipal;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.Authenticator;
+import com.gemstone.gemfire.security.NotAuthorizedException;
+
+import org.apache.commons.io.IOUtils;
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+public class ExampleJSONAuthorization implements AccessControl, Authenticator {
+
+  public static class Role {
+    List<OperationContext> permissions = new ArrayList<>();
+    String name;
+    String serverGroup;
+  }
+
+  public static class User {
+    String name;
+    Set<Role> roles = new HashSet<>();
+    String pwd;
+  }
+
+  private static Map<String, User> acl = null;
+
+  public static ExampleJSONAuthorization create() throws IOException, JSONException {
+    return new ExampleJSONAuthorization();
+  }
+
+  public ExampleJSONAuthorization() throws IOException, JSONException {
+    setUpWithJsonFile("security.json");
+  }
+
+  public static void setUpWithJsonFile(String jsonFileName) throws IOException, JSONException
{
+    InputStream input = ExampleJSONAuthorization.class.getResourceAsStream(jsonFileName);
+    if(input==null){
+      throw new RuntimeException("Could not find resource " + jsonFileName);
+    }
+
+    StringWriter writer = new StringWriter();
+    IOUtils.copy(input, writer, "UTF-8");
+    String json = writer.toString();
+    readSecurityDescriptor(json);
+  }
+
+  private static void readSecurityDescriptor(String json) throws IOException, JSONException
{
+    JSONObject jsonBean = new JSONObject(json);
+    acl = new HashMap<>();
+    Map<String, Role> roleMap = readRoles(jsonBean);
+    readUsers(acl, jsonBean, roleMap);
+  }
+
+  private static void readUsers(Map<String, User> acl, JSONObject jsonBean, Map<String,
Role> roleMap)
+      throws JSONException {
+    JSONArray array = jsonBean.getJSONArray("users");
+    for (int i = 0; i < array.length(); i++) {
+      JSONObject obj = array.getJSONObject(i);
+      User user = new User();
+      user.name = obj.getString("name");
+      if (obj.has("password")) {
+        user.pwd = obj.getString("password");
+      } else {
+        user.pwd = user.name;
+      }
+
+      JSONArray ops = obj.getJSONArray("roles");
+      for (int j = 0; j < ops.length(); j++) {
+        String roleName = ops.getString(j);
+        user.roles.add(roleMap.get(roleName));
+      }
+      acl.put(user.name, user);
+    }
+  }
+
+  private static Map<String, Role> readRoles(JSONObject jsonBean) throws JSONException
{
+    Map<String, Role> roleMap = new HashMap<>();
+    JSONArray array = jsonBean.getJSONArray("roles");
+    for (int i = 0; i < array.length(); i++) {
+      JSONObject obj = array.getJSONObject(i);
+      Role role = new Role();
+      role.name = obj.getString("name");
+      String regionNames = null;
+      if(obj.has("regions")) {
+        regionNames = obj.getString("regions");
+      }
+      JSONArray ops = obj.getJSONArray("operationsAllowed");
+      for (int j = 0; j < ops.length(); j++) {
+        String[] parts = ops.getString(j).split(":");
+        if(regionNames!=null) {
+          role.permissions.add(new ResourceOperationContext(parts[0], parts[1], regionNames));
+        }
+        else
+          role.permissions.add(new ResourceOperationContext(parts[0], parts[1], "*"));
+      }
+
+      roleMap.put(role.name, role);
+
+      if (obj.has("serverGroup")) {
+        role.serverGroup = obj.getString("serverGroup");
+      }
+    }
+
+    return roleMap;
+  }
+
+  public static Map<String, User> getAcl() {
+    return acl;
+  }
+
+  private Principal principal = null;
+
+  @Override
+  public void close() {
+
+  }
+
+  @Override
+  public boolean authorizeOperation(String region, OperationContext context) {
+    if (principal == null)
+      return false;
+
+    User user = acl.get(principal.getName());
+    if(user == null)
+      return false; // this user is not authorized to do anything
+
+    // check if the user has this permission defined in the context
+    for(Role role:acl.get(user.name).roles) {
+      for (OperationContext permitted : role.permissions) {
+        if (permitted.implies(context)) {
+          return true;
+        }
+      }
+    }
+
+    return false;
+  }
+
+  @Override
+  public void init(Principal principal, DistributedMember arg1, Cache arg2) throws NotAuthorizedException
{
+    this.principal = principal;
+  }
+
+  @Override
+  public Principal authenticate(Properties props, DistributedMember arg1) throws AuthenticationFailedException
{
+    String user = props.getProperty(ResourceConstants.USER_NAME);
+    String pwd = props.getProperty(ResourceConstants.PASSWORD);
+    User userObj = acl.get(user);
+    if (userObj == null) throw new AuthenticationFailedException("Wrong username/password");
+    LogService.getLogger().info("User=" + user + " pwd=" + pwd);
+    if (user != null && !userObj.pwd.equals(pwd) && !"".equals(user))
+      throw new AuthenticationFailedException("Wrong username/password");
+    return new JMXPrincipal(user);
+  }
+
+  @Override
+  public void init(Properties arg0, LogWriter arg1, LogWriter arg2) throws AuthenticationFailedException
{
+
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/b8fc3c70/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
index 7f1d2bf..e14d1de 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
@@ -64,10 +64,7 @@ public class JSONAuthorization implements AccessControl, Authenticator
{
     return new JSONAuthorization();
   }
 
-  public JSONAuthorization() throws IOException, JSONException {
-    // initialize with a default json file
-    //setUpWithJsonFile("shiro-ini.json");
-  }
+  public JSONAuthorization() throws IOException, JSONException {}
 
   public JSONAuthorization(String jsonFileName) throws IOException, JSONException {
     setUpWithJsonFile(jsonFileName);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/b8fc3c70/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
index 318d327..9e2e41a 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
@@ -37,7 +37,7 @@ public class ResourceOperationContextJUnitTest {
     context = new ResourceOperationContext();
     assertEquals(Resource.NULL, context.getResource());
     assertEquals(OperationCode.NULL, context.getOperationCode());
-    assertEquals("NULL", context.getRegionName());
+    assertEquals(null, context.getRegionName());
   }
 
   @Test
@@ -51,17 +51,17 @@ public class ResourceOperationContextJUnitTest {
     context = new ResourceOperationContext(null, null, null);
     assertEquals(Resource.NULL, context.getResource());
     assertEquals(OperationCode.NULL, context.getOperationCode());
-    assertEquals("NULL", context.getRegionName());
+    assertEquals(null, context.getRegionName());
 
     context = new ResourceOperationContext(null, null);
     assertEquals(Resource.NULL, context.getResource());
     assertEquals(OperationCode.NULL, context.getOperationCode());
-    assertEquals("NULL", context.getRegionName());
+    assertEquals(null, context.getRegionName());
 
     context = new ResourceOperationContext("DATA", null, null);
     assertEquals(Resource.DATA, context.getResource());
     assertEquals(OperationCode.NULL, context.getOperationCode());
-    assertEquals("NULL", context.getRegionName());
+    assertEquals(null, context.getRegionName());
 
     context = new ResourceOperationContext(null, "MANAGE", "REGIONA");
     assertEquals(Resource.NULL, context.getResource());


Mime
View raw message