Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7AED3200AED for ; Tue, 3 May 2016 23:52:04 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 795EB1609F5; Tue, 3 May 2016 23:52:04 +0200 (CEST) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id AA0B11609F4 for ; Tue, 3 May 2016 23:52:02 +0200 (CEST) Received: (qmail 99827 invoked by uid 500); 3 May 2016 21:52:01 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 99818 invoked by uid 99); 3 May 2016 21:52:01 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 May 2016 21:52:01 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 63D4F180177 for ; Tue, 3 May 2016 21:52:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -3.221 X-Spam-Level: X-Spam-Status: No, score=-3.221 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id ckp5mmIrjtKI for ; Tue, 3 May 2016 21:51:54 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with SMTP id 73FCE60E51 for ; Tue, 3 May 2016 21:51:52 +0000 (UTC) Received: (qmail 95650 invoked by uid 99); 3 May 2016 21:51:51 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 May 2016 21:51:51 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 41693DFE8C; Tue, 3 May 2016 21:51:51 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: klund@apache.org To: commits@geode.incubator.apache.org Date: Tue, 03 May 2016 21:52:18 -0000 Message-Id: <5383ad911bf746c6ac902c45c1e88a20@git.apache.org> In-Reply-To: <05cb78be368340bf8d7b6fe86e218f29@git.apache.org> References: <05cb78be368340bf8d7b6fe86e218f29@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [29/50] [abbrv] incubator-geode git commit: GEODE-17: move GeodeSecurityUtil and two other classes to internal package archived-at: Tue, 03 May 2016 21:52:04 -0000 GEODE-17: move GeodeSecurityUtil and two other classes to internal package Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/f04b6695 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/f04b6695 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/f04b6695 Branch: refs/heads/feature/GEODE-1255 Commit: f04b66956c8b98909b924f2ed648ba735610bebb Parents: 7c38f0d Author: Jinmei Liao Authored: Fri Apr 29 10:06:12 2016 -0700 Committer: Jinmei Liao Committed: Fri Apr 29 10:06:12 2016 -0700 ---------------------------------------------------------------------- .../internal/security/GeodeSecurityUtil.java | 165 +++++++++++++++++ .../security/shiro/CustomAuthRealm.java | 177 +++++++++++++++++++ .../security/shiro/JMXShiroAuthenticator.java | 69 ++++++++ .../management/internal/ManagementAgent.java | 2 +- .../internal/SystemManagementService.java | 2 +- .../internal/cli/commands/DataCommands.java | 2 +- .../internal/cli/remote/CommandProcessor.java | 2 +- .../internal/security/AccessControlMBean.java | 2 +- .../internal/security/MBeanServerWrapper.java | 2 +- .../controllers/AbstractCommandsController.java | 2 +- .../support/LoginHandlerInterceptor.java | 2 +- .../gemfire/security/CustomAuthRealm.java | 174 ------------------ .../gemfire/security/GeodeSecurityUtil.java | 163 ----------------- .../gemfire/security/JMXShiroAuthenticator.java | 68 ------- .../GeodeSecurityUtilCustomRealmJUnitTest.java | 2 +- .../GeodeSecurityUtilWithIniFileJUnitTest.java | 2 +- .../gemfire/tools/pulse/tests/Server.java | 4 +- 17 files changed, 423 insertions(+), 417 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java new file mode 100644 index 0000000..4fd92ed --- /dev/null +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java @@ -0,0 +1,165 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.gemstone.gemfire.internal.security; + +import java.util.concurrent.Callable; + +import com.gemstone.gemfire.cache.operations.OperationContext; +import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; +import com.gemstone.gemfire.cache.operations.OperationContext.Resource; +import com.gemstone.gemfire.internal.logging.LogService; +import com.gemstone.gemfire.management.internal.security.ResourceOperation; +import com.gemstone.gemfire.management.internal.security.ResourceOperationContext; +import com.gemstone.gemfire.security.AuthenticationFailedException; +import com.gemstone.gemfire.security.GemFireSecurityException; + +import org.apache.commons.lang.StringUtils; +import org.apache.logging.log4j.Logger; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.ShiroException; +import org.apache.shiro.UnavailableSecurityManagerException; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.util.ThreadContext; + +public class GeodeSecurityUtil { + + private static Logger logger = LogService.getLogger(); + + public static void login(String username, String password){ + if(!isShiroConfigured()) + return; + + Subject currentUser = SecurityUtils.getSubject(); + + UsernamePasswordToken token = + new UsernamePasswordToken(username, password); + try { + logger.info("Logging in "+username+"/"+password); + currentUser.login(token); + } catch (ShiroException e) { + throw new AuthenticationFailedException(e.getMessage(), e); + } + } + + public static void logout(){ + if(!isShiroConfigured()) + return; + + Subject currentUser = SecurityUtils.getSubject(); + try { + logger.info("Logging out "+currentUser.getPrincipal()); + currentUser.logout(); + } + catch(ShiroException e){ + throw new AuthenticationFailedException(e.getMessage(), e); + } + // clean out Shiro's thread local content + ThreadContext.remove(); + } + + public static Callable associateWith(Callable callable){ + if(!isShiroConfigured()) + return callable; + + Subject currentUser = SecurityUtils.getSubject(); + return currentUser.associateWith(callable); + } + + public static void authorize(ResourceOperation resourceOperation) { + if(resourceOperation==null) + return; + + authorize(resourceOperation.resource().name(), + resourceOperation.operation().name(), + null); + } + + public static void authorizeClusterManage(){ + authorize("CLUSTER", "MANAGE"); + } + + public static void authorizeClusterWrite(){ + authorize("CLUSTER", "WRITE"); + } + + public static void authorizeClusterRead(){ + authorize("CLUSTER", "READ"); + } + + public static void authorizeDataManage(){ + authorize("DATA", "MANAGE"); + } + + public static void authorizeDataWrite(){ + authorize("DATA", "WRITE"); + } + + public static void authorizeDataRead(){ + authorize("DATA", "READ"); + } + + public static void authorizeRegionWrite(String regionName){ + authorize("DATA", "WRITE", regionName); + } + + public static void authorizeRegionRead(String regionName){ + authorize("DATA", "READ", regionName); + } + + public static void authorize(String resource, String operation){ + authorize(resource, operation, null); + } + + private static void authorize(String resource, String operation, String regionName){ + regionName = StringUtils.stripStart(regionName, "/"); + authorize(new ResourceOperationContext(resource, operation, regionName)); + } + + public static void authorize(OperationContext context) { + if(context==null) + return; + + if(context.getResource()== Resource.NULL && context.getOperationCode()== OperationCode.NULL) + return; + + if(!isShiroConfigured()) + return; + + + Subject currentUser = SecurityUtils.getSubject(); + try { + currentUser.checkPermission(context); + } + catch(ShiroException e){ + logger.info(currentUser.getPrincipal() + " not authorized for " + context); + throw new GemFireSecurityException(e.getMessage(), e); + } + } + + private static boolean isShiroConfigured(){ + try{ + SecurityUtils.getSecurityManager(); + } + catch(UnavailableSecurityManagerException e){ + return false; + } + return true; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java new file mode 100644 index 0000000..afc3125 --- /dev/null +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java @@ -0,0 +1,177 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.internal.security.shiro; + +import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*; + +import java.lang.reflect.Method; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.Principal; +import java.util.Properties; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; +import javax.management.remote.JMXPrincipal; +import javax.security.auth.Subject; + +import com.gemstone.gemfire.cache.operations.OperationContext; +import com.gemstone.gemfire.distributed.internal.DistributionConfig; +import com.gemstone.gemfire.internal.ClassLoadUtil; +import com.gemstone.gemfire.internal.i18n.LocalizedStrings; +import com.gemstone.gemfire.internal.lang.StringUtils; +import com.gemstone.gemfire.management.internal.security.ResourceConstants; +import com.gemstone.gemfire.security.AccessControl; +import com.gemstone.gemfire.security.AuthenticationFailedException; +import com.gemstone.gemfire.security.Authenticator; + +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.SimpleAuthenticationInfo; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.Permission; +import org.apache.shiro.realm.AuthorizingRealm; +import org.apache.shiro.subject.PrincipalCollection; + +public class CustomAuthRealm extends AuthorizingRealm{ + public static final String REALM_NAME = "CUSTOMAUTHREALM"; + + private static final Logger logger = LogManager.getLogger(CustomAuthRealm.class); + private String authzFactoryName; + private String postAuthzFactoryName; + private String authenticatorFactoryName; + private Properties securityProps = null; + private ConcurrentMap cachedAuthZCallback; + private ConcurrentMap cachedPostAuthZCallback; + + public CustomAuthRealm(Properties securityProps) { + this.securityProps = securityProps; + this.authzFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME); + this.postAuthzFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_PP_NAME); + this.authenticatorFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME); + this.cachedAuthZCallback = new ConcurrentHashMap<>(); + this.cachedPostAuthZCallback = new ConcurrentHashMap<>(); + } + + @Override + protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { + UsernamePasswordToken authToken = (UsernamePasswordToken) token; + String username = authToken.getUsername(); + String password = new String(authToken.getPassword()); + + Properties credentialProps = new Properties(); + credentialProps.put(ResourceConstants.USER_NAME, username); + credentialProps.put(ResourceConstants.PASSWORD, password); + + Principal principal = getAuthenticator(securityProps).authenticate(credentialProps); + + return new SimpleAuthenticationInfo(principal, authToken.getPassword(), REALM_NAME); + } + + + @Override + protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { + // we intercepted the call to this method by overriding the isPermitted call + return null; + } + + @Override + public boolean isPermitted(PrincipalCollection principals, Permission permission) { + OperationContext context =(OperationContext)permission; + Principal principal = (Principal)principals.getPrimaryPrincipal(); + // if no access control is specified, then we allow all + if(StringUtils.isBlank(authzFactoryName)) + return true; + AccessControl accessControl = getAccessControl(principal, false); + return accessControl.authorizeOperation(context.getRegionName(), context); + } + + public AccessControl getAccessControl(Principal principal, boolean isPost) { + if (!isPost) { + if (cachedAuthZCallback.containsKey(principal)) { + return cachedAuthZCallback.get(principal); + } else if (!StringUtils.isBlank(authzFactoryName)) { + try { + Method authzMethod = ClassLoadUtil.methodFromName(authzFactoryName); + AccessControl authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null); + authzCallback.init(principal, null); + cachedAuthZCallback.put(principal, authzCallback); + return authzCallback; + } catch (Exception ex) { + throw new AuthenticationFailedException( + LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex); + } + } + } else { + if (cachedPostAuthZCallback.containsKey(principal)) { + return cachedPostAuthZCallback.get(principal); + } else if (!StringUtils.isBlank(postAuthzFactoryName)) { + try { + Method authzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName); + AccessControl postAuthzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null); + postAuthzCallback.init(principal, null); + cachedPostAuthZCallback.put(principal, postAuthzCallback); + return postAuthzCallback; + } catch (Exception ex) { + throw new AuthenticationFailedException( + LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex); + } + } + } + return null; + } + + private Authenticator getAuthenticator(Properties gfSecurityProperties) throws AuthenticationFailedException { + Authenticator auth; + try { + Method instanceGetter = ClassLoadUtil.methodFromName(this.authenticatorFactoryName); + auth = (Authenticator) instanceGetter.invoke(null, (Object[]) null); + } catch (Exception ex) { + throw new AuthenticationFailedException( + LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex); + } + if (auth == null) { + throw new AuthenticationFailedException( + LocalizedStrings.HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString()); + } + auth.init(gfSecurityProperties); + return auth; + } + + public void postAuthorize(OperationContext context) { + if (StringUtils.isBlank(postAuthzFactoryName)){ + return ; + } + + AccessControlContext acc = AccessController.getContext(); + Subject subject = Subject.getSubject(acc); + Set principals = subject.getPrincipals(JMXPrincipal.class); + if (principals == null || principals.isEmpty()) { + throw new SecurityException(ACCESS_DENIED_MESSAGE); + } + Principal principal = principals.iterator().next(); + AccessControl accessControl = getAccessControl(principal, true); + if (!accessControl.authorizeOperation(null, context)) { + throw new SecurityException(ACCESS_DENIED_MESSAGE); + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/JMXShiroAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/JMXShiroAuthenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/JMXShiroAuthenticator.java new file mode 100644 index 0000000..4a4cc28 --- /dev/null +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/JMXShiroAuthenticator.java @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.internal.security.shiro; + +import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*; + +import java.util.Collections; +import java.util.Properties; +import javax.management.Notification; +import javax.management.NotificationListener; +import javax.management.remote.JMXAuthenticator; +import javax.management.remote.JMXConnectionNotification; +import javax.management.remote.JMXPrincipal; +import javax.security.auth.Subject; + +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; +import com.gemstone.gemfire.management.internal.security.ResourceConstants; + +/** + * this will make JMX authentication to use Shiro for Authentication + */ + +public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener { + + @Override + public Subject authenticate(Object credentials) { + String username = null, password = null; + if (credentials instanceof String[]) { + final String[] aCredentials = (String[]) credentials; + username = aCredentials[0]; + password = aCredentials[1]; + } else if (credentials instanceof Properties) { + username = ((Properties) credentials).getProperty(ResourceConstants.USER_NAME); + password = ((Properties) credentials).getProperty(ResourceConstants.PASSWORD); + } else { + throw new SecurityException(WRONGE_CREDENTIALS_MESSAGE); + } + + GeodeSecurityUtil.login(username, password); + + return new Subject(true, Collections.singleton(new JMXPrincipal(username)), Collections.EMPTY_SET, + Collections.EMPTY_SET); + } + + @Override + public void handleNotification(Notification notification, Object handback) { + if (notification instanceof JMXConnectionNotification) { + JMXConnectionNotification cxNotification = (JMXConnectionNotification) notification; + String type = cxNotification.getType(); + if (JMXConnectionNotification.CLOSED.equals(type)) { + GeodeSecurityUtil.logout(); + } + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java index d6c18df..adc69c4 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java @@ -61,7 +61,7 @@ import com.gemstone.gemfire.management.internal.security.AccessControlMBean; import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper; import com.gemstone.gemfire.management.internal.security.ResourceConstants; import com.gemstone.gemfire.management.internal.unsafe.ReadOpFileAccessController; -import com.gemstone.gemfire.security.JMXShiroAuthenticator; +import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator; import org.apache.logging.log4j.Logger; import org.eclipse.jetty.server.Server; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java index 7fec9b7..dac016e 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java @@ -54,7 +54,7 @@ import com.gemstone.gemfire.management.RegionMXBean; import com.gemstone.gemfire.management.internal.beans.ManagementAdapter; import com.gemstone.gemfire.management.membership.MembershipEvent; import com.gemstone.gemfire.management.membership.MembershipListener; -import com.gemstone.gemfire.security.CustomAuthRealm; +import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm; import org.apache.logging.log4j.Logger; import org.apache.shiro.SecurityUtils; import org.apache.shiro.config.IniSecurityManagerFactory; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java index 61803fe..fafea9a 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java @@ -73,7 +73,7 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder; import com.gemstone.gemfire.management.internal.cli.result.TabularResultData; import com.gemstone.gemfire.management.internal.cli.shell.Gfsh; import com.gemstone.gemfire.management.internal.security.ResourceOperation; -import com.gemstone.gemfire.security.GeodeSecurityUtil; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import org.springframework.shell.core.CommandMarker; import org.springframework.shell.core.annotation.CliAvailabilityIndicator; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java index c3b0b7f..7edc3e4 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/remote/CommandProcessor.java @@ -31,7 +31,7 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder; import com.gemstone.gemfire.management.internal.cli.util.CommentSkipHelper; import com.gemstone.gemfire.management.internal.security.ResourceOperation; import com.gemstone.gemfire.security.GemFireSecurityException; -import com.gemstone.gemfire.security.GeodeSecurityUtil; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import org.springframework.shell.core.Parser; import org.springframework.shell.event.ParseResult; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java index 33b80e2..1a7191b 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMBean.java @@ -17,7 +17,7 @@ package com.gemstone.gemfire.management.internal.security; import com.gemstone.gemfire.security.GemFireSecurityException; -import com.gemstone.gemfire.security.GeodeSecurityUtil; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; /** * AccessControlMBean Implementation. This retrieves JMXPrincipal from AccessController http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java index 8d1031a..99cbe2e 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java @@ -46,7 +46,7 @@ import javax.management.remote.MBeanServerForwarder; import com.gemstone.gemfire.management.internal.ManagementConstants; import com.gemstone.gemfire.security.GemFireSecurityException; -import com.gemstone.gemfire.security.GeodeSecurityUtil; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; /** * This class intercepts all MBean requests for GemFire MBeans and passed it to http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java index 08865b4..c411972 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java @@ -50,7 +50,7 @@ import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder; import com.gemstone.gemfire.management.internal.web.controllers.support.LoginHandlerInterceptor; import com.gemstone.gemfire.management.internal.web.controllers.support.MemberMXBeanAdapter; import com.gemstone.gemfire.management.internal.web.util.UriUtils; -import com.gemstone.gemfire.security.GeodeSecurityUtil; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import org.apache.logging.log4j.Logger; import org.springframework.beans.propertyeditors.StringArrayPropertyEditor; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java index 5465ea3..e6cdbee 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/LoginHandlerInterceptor.java @@ -27,7 +27,7 @@ import com.gemstone.gemfire.cache.Cache; import com.gemstone.gemfire.internal.logging.LogService; import com.gemstone.gemfire.management.internal.security.ResourceConstants; import com.gemstone.gemfire.security.Authenticator; -import com.gemstone.gemfire.security.GeodeSecurityUtil; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import org.apache.logging.log4j.Logger; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/security/CustomAuthRealm.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/security/CustomAuthRealm.java deleted file mode 100644 index 706a7cc..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/CustomAuthRealm.java +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*; - -import java.lang.reflect.Method; -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.Principal; -import java.util.Properties; -import java.util.Set; -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.ConcurrentMap; -import javax.management.remote.JMXPrincipal; -import javax.security.auth.Subject; - -import com.gemstone.gemfire.cache.operations.OperationContext; -import com.gemstone.gemfire.distributed.internal.DistributionConfig; -import com.gemstone.gemfire.internal.ClassLoadUtil; -import com.gemstone.gemfire.internal.i18n.LocalizedStrings; -import com.gemstone.gemfire.internal.lang.StringUtils; -import com.gemstone.gemfire.management.internal.security.ResourceConstants; - -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; -import org.apache.shiro.authc.AuthenticationException; -import org.apache.shiro.authc.AuthenticationInfo; -import org.apache.shiro.authc.AuthenticationToken; -import org.apache.shiro.authc.SimpleAuthenticationInfo; -import org.apache.shiro.authc.UsernamePasswordToken; -import org.apache.shiro.authz.AuthorizationInfo; -import org.apache.shiro.authz.Permission; -import org.apache.shiro.realm.AuthorizingRealm; -import org.apache.shiro.subject.PrincipalCollection; - -public class CustomAuthRealm extends AuthorizingRealm{ - public static final String REALM_NAME = "CUSTOMAUTHREALM"; - - private static final Logger logger = LogManager.getLogger(CustomAuthRealm.class); - private String authzFactoryName; - private String postAuthzFactoryName; - private String authenticatorFactoryName; - private Properties securityProps = null; - private ConcurrentMap cachedAuthZCallback; - private ConcurrentMap cachedPostAuthZCallback; - - public CustomAuthRealm(Properties securityProps) { - this.securityProps = securityProps; - this.authzFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME); - this.postAuthzFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_PP_NAME); - this.authenticatorFactoryName = securityProps.getProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME); - this.cachedAuthZCallback = new ConcurrentHashMap<>(); - this.cachedPostAuthZCallback = new ConcurrentHashMap<>(); - } - - @Override - protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { - UsernamePasswordToken authToken = (UsernamePasswordToken) token; - String username = authToken.getUsername(); - String password = new String(authToken.getPassword()); - - Properties credentialProps = new Properties(); - credentialProps.put(ResourceConstants.USER_NAME, username); - credentialProps.put(ResourceConstants.PASSWORD, password); - - Principal principal = getAuthenticator(securityProps).authenticate(credentialProps); - - return new SimpleAuthenticationInfo(principal, authToken.getPassword(), REALM_NAME); - } - - - @Override - protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - // we intercepted the call to this method by overriding the isPermitted call - return null; - } - - @Override - public boolean isPermitted(PrincipalCollection principals, Permission permission) { - OperationContext context =(OperationContext)permission; - Principal principal = (Principal)principals.getPrimaryPrincipal(); - // if no access control is specified, then we allow all - if(StringUtils.isBlank(authzFactoryName)) - return true; - AccessControl accessControl = getAccessControl(principal, false); - return accessControl.authorizeOperation(context.getRegionName(), context); - } - - public AccessControl getAccessControl(Principal principal, boolean isPost) { - if (!isPost) { - if (cachedAuthZCallback.containsKey(principal)) { - return cachedAuthZCallback.get(principal); - } else if (!StringUtils.isBlank(authzFactoryName)) { - try { - Method authzMethod = ClassLoadUtil.methodFromName(authzFactoryName); - AccessControl authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null); - authzCallback.init(principal, null); - cachedAuthZCallback.put(principal, authzCallback); - return authzCallback; - } catch (Exception ex) { - throw new AuthenticationFailedException( - LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex); - } - } - } else { - if (cachedPostAuthZCallback.containsKey(principal)) { - return cachedPostAuthZCallback.get(principal); - } else if (!StringUtils.isBlank(postAuthzFactoryName)) { - try { - Method authzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName); - AccessControl postAuthzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null); - postAuthzCallback.init(principal, null); - cachedPostAuthZCallback.put(principal, postAuthzCallback); - return postAuthzCallback; - } catch (Exception ex) { - throw new AuthenticationFailedException( - LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex); - } - } - } - return null; - } - - private Authenticator getAuthenticator(Properties gfSecurityProperties) throws AuthenticationFailedException { - Authenticator auth; - try { - Method instanceGetter = ClassLoadUtil.methodFromName(this.authenticatorFactoryName); - auth = (Authenticator) instanceGetter.invoke(null, (Object[]) null); - } catch (Exception ex) { - throw new AuthenticationFailedException( - LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex); - } - if (auth == null) { - throw new AuthenticationFailedException( - LocalizedStrings.HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString()); - } - auth.init(gfSecurityProperties); - return auth; - } - - public void postAuthorize(OperationContext context) { - if (StringUtils.isBlank(postAuthzFactoryName)){ - return ; - } - - AccessControlContext acc = AccessController.getContext(); - Subject subject = Subject.getSubject(acc); - Set principals = subject.getPrincipals(JMXPrincipal.class); - if (principals == null || principals.isEmpty()) { - throw new SecurityException(ACCESS_DENIED_MESSAGE); - } - Principal principal = principals.iterator().next(); - AccessControl accessControl = getAccessControl(principal, true); - if (!accessControl.authorizeOperation(null, context)) { - throw new SecurityException(ACCESS_DENIED_MESSAGE); - } - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/security/GeodeSecurityUtil.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GeodeSecurityUtil.java deleted file mode 100644 index 148a963..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/GeodeSecurityUtil.java +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.gemstone.gemfire.security; - -import java.util.concurrent.Callable; - -import com.gemstone.gemfire.cache.operations.OperationContext; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.cache.operations.OperationContext.Resource; -import com.gemstone.gemfire.internal.logging.LogService; -import com.gemstone.gemfire.management.internal.security.ResourceOperation; -import com.gemstone.gemfire.management.internal.security.ResourceOperationContext; - -import org.apache.commons.lang.StringUtils; -import org.apache.logging.log4j.Logger; -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.ShiroException; -import org.apache.shiro.UnavailableSecurityManagerException; -import org.apache.shiro.authc.UsernamePasswordToken; -import org.apache.shiro.subject.Subject; -import org.apache.shiro.util.ThreadContext; - -public class GeodeSecurityUtil { - - private static Logger logger = LogService.getLogger(); - - public static void login(String username, String password){ - if(!isShiroConfigured()) - return; - - Subject currentUser = SecurityUtils.getSubject(); - - UsernamePasswordToken token = - new UsernamePasswordToken(username, password); - try { - logger.info("Logging in "+username+"/"+password); - currentUser.login(token); - } catch (ShiroException e) { - throw new AuthenticationFailedException(e.getMessage(), e); - } - } - - public static void logout(){ - if(!isShiroConfigured()) - return; - - Subject currentUser = SecurityUtils.getSubject(); - try { - logger.info("Logging out "+currentUser.getPrincipal()); - currentUser.logout(); - } - catch(ShiroException e){ - throw new AuthenticationFailedException(e.getMessage(), e); - } - // clean out Shiro's thread local content - ThreadContext.remove(); - } - - public static Callable associateWith(Callable callable){ - if(!isShiroConfigured()) - return callable; - - Subject currentUser = SecurityUtils.getSubject(); - return currentUser.associateWith(callable); - } - - public static void authorize(ResourceOperation resourceOperation) { - if(resourceOperation==null) - return; - - authorize(resourceOperation.resource().name(), - resourceOperation.operation().name(), - null); - } - - public static void authorizeClusterManage(){ - authorize("CLUSTER", "MANAGE"); - } - - public static void authorizeClusterWrite(){ - authorize("CLUSTER", "WRITE"); - } - - public static void authorizeClusterRead(){ - authorize("CLUSTER", "READ"); - } - - public static void authorizeDataManage(){ - authorize("DATA", "MANAGE"); - } - - public static void authorizeDataWrite(){ - authorize("DATA", "WRITE"); - } - - public static void authorizeDataRead(){ - authorize("DATA", "READ"); - } - - public static void authorizeRegionWrite(String regionName){ - authorize("DATA", "WRITE", regionName); - } - - public static void authorizeRegionRead(String regionName){ - authorize("DATA", "READ", regionName); - } - - public static void authorize(String resource, String operation){ - authorize(resource, operation, null); - } - - private static void authorize(String resource, String operation, String regionName){ - regionName = StringUtils.stripStart(regionName, "/"); - authorize(new ResourceOperationContext(resource, operation, regionName)); - } - - public static void authorize(OperationContext context) { - if(context==null) - return; - - if(context.getResource()== Resource.NULL && context.getOperationCode()== OperationCode.NULL) - return; - - if(!isShiroConfigured()) - return; - - - Subject currentUser = SecurityUtils.getSubject(); - try { - currentUser.checkPermission(context); - } - catch(ShiroException e){ - logger.info(currentUser.getPrincipal() + " not authorized for " + context); - throw new GemFireSecurityException(e.getMessage(), e); - } - } - - private static boolean isShiroConfigured(){ - try{ - SecurityUtils.getSecurityManager(); - } - catch(UnavailableSecurityManagerException e){ - return false; - } - return true; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/main/java/com/gemstone/gemfire/security/JMXShiroAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/JMXShiroAuthenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/security/JMXShiroAuthenticator.java deleted file mode 100644 index c55e700..0000000 --- a/geode-core/src/main/java/com/gemstone/gemfire/security/JMXShiroAuthenticator.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security; - -import static com.gemstone.gemfire.management.internal.security.ResourceConstants.*; - -import java.util.Collections; -import java.util.Properties; -import javax.management.Notification; -import javax.management.NotificationListener; -import javax.management.remote.JMXAuthenticator; -import javax.management.remote.JMXConnectionNotification; -import javax.management.remote.JMXPrincipal; -import javax.security.auth.Subject; - -import com.gemstone.gemfire.management.internal.security.ResourceConstants; - -/** - * this will make JMX authentication to use Shiro for Authentication - */ - -public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener { - - @Override - public Subject authenticate(Object credentials) { - String username = null, password = null; - if (credentials instanceof String[]) { - final String[] aCredentials = (String[]) credentials; - username = aCredentials[0]; - password = aCredentials[1]; - } else if (credentials instanceof Properties) { - username = ((Properties) credentials).getProperty(ResourceConstants.USER_NAME); - password = ((Properties) credentials).getProperty(ResourceConstants.PASSWORD); - } else { - throw new SecurityException(WRONGE_CREDENTIALS_MESSAGE); - } - - GeodeSecurityUtil.login(username, password); - - return new Subject(true, Collections.singleton(new JMXPrincipal(username)), Collections.EMPTY_SET, - Collections.EMPTY_SET); - } - - @Override - public void handleNotification(Notification notification, Object handback) { - if (notification instanceof JMXConnectionNotification) { - JMXConnectionNotification cxNotification = (JMXConnectionNotification) notification; - String type = cxNotification.getType(); - if (JMXConnectionNotification.CLOSED.equals(type)) { - GeodeSecurityUtil.logout(); - } - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java index cc6af0e..0bf3cab 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java @@ -20,7 +20,7 @@ package com.gemstone.gemfire.management.internal.security; import java.util.Properties; import com.gemstone.gemfire.distributed.internal.DistributionConfig; -import com.gemstone.gemfire.security.CustomAuthRealm; +import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm; import com.gemstone.gemfire.test.junit.categories.UnitTest; import org.apache.shiro.SecurityUtils; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java index 4ad390d..fe80180 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java @@ -21,7 +21,7 @@ import static org.assertj.core.api.Assertions.*; import com.gemstone.gemfire.cache.operations.OperationContext; import com.gemstone.gemfire.security.GemFireSecurityException; -import com.gemstone.gemfire.security.GeodeSecurityUtil; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import com.gemstone.gemfire.test.junit.categories.UnitTest; import org.apache.shiro.SecurityUtils; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f04b6695/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java index 0ae5d26..3759895 100644 --- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java +++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java @@ -42,8 +42,8 @@ import com.gemstone.gemfire.management.internal.security.AccessControlMBean; import com.gemstone.gemfire.management.internal.security.JSONAuthorization; import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper; import com.gemstone.gemfire.management.internal.security.ResourceConstants; -import com.gemstone.gemfire.security.CustomAuthRealm; -import com.gemstone.gemfire.security.JMXShiroAuthenticator; +import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm; +import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator; import com.vmware.gemfire.tools.pulse.internal.data.PulseConstants; import org.apache.shiro.SecurityUtils;