geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jinmeil...@apache.org
Subject [17/50] [abbrv] incubator-geode git commit: Integrated client auth support for RegisterInterest, new dunit and refactoring of old dunit.
Date Mon, 27 Jun 2016 21:21:07 GMT
Integrated client auth support for RegisterInterest, new dunit and refactoring of old dunit.


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/46017f93
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/46017f93
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/46017f93

Branch: refs/heads/feature/GEODE-1571
Commit: 46017f938f291140cdf43c02bb01580767510ca4
Parents: a4c2dad
Author: gmeilen <gracemeilen@gmail.com>
Authored: Thu Jun 23 15:08:40 2016 -0700
Committer: gmeilen <gracemeilen@gmail.com>
Committed: Thu Jun 23 15:08:40 2016 -0700

----------------------------------------------------------------------
 .../cache/tier/sockets/BaseCommand.java         |  10 +
 .../tier/sockets/command/RegisterInterest.java  | 175 +++++++++---------
 .../sockets/command/RegisterInterest61.java     | 182 ++++++++++---------
 .../sockets/command/RegisterInterestList.java   |   6 +-
 .../sockets/command/RegisterInterestList66.java |   5 +-
 ...ractIntegratedClientAuthDistributedTest.java |  71 ++++++++
 .../security/IntegratedClientAuthDUnitTest.java |  55 +-----
 ...ientRegisterInterestAuthDistributedTest.java | 134 ++++++++++++++
 8 files changed, 413 insertions(+), 225 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
index bdebb6b..b5bc033 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/BaseCommand.java
@@ -41,8 +41,11 @@ import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
 import com.gemstone.gemfire.internal.logging.LogService;
 import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
 import com.gemstone.gemfire.internal.offheap.OffHeapHelper;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 import com.gemstone.gemfire.internal.sequencelog.EntryLogger;
 import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.security.NotAuthorizedException;
+
 import org.apache.logging.log4j.Logger;
 
 import java.io.*;
@@ -1218,6 +1221,13 @@ public abstract class BaseCommand implements Command {
           }
         }
 
+//        try { // TODO:SECURITY: Swapnil: do we need to throw or continue?
+//          GeodeSecurityUtil.authorizeRegionRead(region.getName(), key.toString());
+//        }
+//        catch (NotAuthorizedException e){
+//          continue;
+//        }
+
         ClientProxyMembershipID id = servConn == null ? null : servConn.getProxyID();
         data = region.get(key, null, true, true, true, id, versionHolder, true);
         versionTag = versionHolder.getVersionTag();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java
index 6defab0..3cf4bf4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest.java
@@ -31,6 +31,7 @@ import com.gemstone.gemfire.cache.DynamicRegionFactory;
 import com.gemstone.gemfire.cache.InterestResultPolicy;
 import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
 import com.gemstone.gemfire.i18n.StringId;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 
 import java.io.IOException;
 
@@ -145,101 +146,105 @@ public class RegisterInterest extends BaseCommand {
       writeChunkedErrorResponse(msg, MessageType.REGISTER_INTEREST_DATA_ERROR,
           message.toLocalizedString(), servConn);
       servConn.setAsTrue(RESPONDED);
+      return;
     }
-    else { // input key not null
-      LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
-      if (region == null) {
-        logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterest_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_REQUEST,
new Object[] {servConn.getName(), regionName}));
-        // writeChunkedErrorResponse(msg,
-        // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
-        // responded = true;
-      }
-      // Register interest
-      try {
-        AuthorizeRequest authzRequest = servConn.getAuthzRequest();
-        if (authzRequest != null) {
-          // TODO SW: This is a workaround for DynamicRegionFactory
-          // registerInterest calls. Remove this when the semantics of
-          // DynamicRegionFactory are cleaned up.
-          if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
-            RegisterInterestOperationContext registerContext = authzRequest
-                .registerInterestAuthorize(regionName, key, interestType,
-                    policy);
-            key = registerContext.getKey();
-          }
+
+    // TODO: add security changes here
+    GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+
+    // input key not null
+    LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
+    if (region == null) {
+      logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterest_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_REQUEST,
new Object[] {servConn.getName(), regionName}));
+      // writeChunkedErrorResponse(msg,
+      // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
+      // responded = true;
+    }
+    // Register interest
+    try {
+      AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+      if (authzRequest != null) {
+        // TODO SW: This is a workaround for DynamicRegionFactory
+        // registerInterest calls. Remove this when the semantics of
+        // DynamicRegionFactory are cleaned up.
+        if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
+          RegisterInterestOperationContext registerContext = authzRequest
+              .registerInterestAuthorize(regionName, key, interestType,
+                  policy);
+          key = registerContext.getKey();
         }
-        servConn.getAcceptor().getCacheClientNotifier().registerClientInterest(
-            regionName, key, servConn.getProxyID(), interestType, isDurable,
-            sendUpdatesAsInvalidates, false, 0, true);
       }
-      catch (Exception e) {
-        // If an interrupted exception is thrown , rethrow it
-        checkForInterrupt(servConn, e);
-        // Otherwise, write an exception message and continue
-        writeChunkedException(msg, e, false, servConn);
-        servConn.setAsTrue(RESPONDED);
-        return;
+      servConn.getAcceptor().getCacheClientNotifier().registerClientInterest(
+          regionName, key, servConn.getProxyID(), interestType, isDurable,
+          sendUpdatesAsInvalidates, false, 0, true);
+    }
+    catch (Exception e) {
+      // If an interrupted exception is thrown , rethrow it
+      checkForInterrupt(servConn, e);
+      // Otherwise, write an exception message and continue
+      writeChunkedException(msg, e, false, servConn);
+      servConn.setAsTrue(RESPONDED);
+      return;
+    }
+
+    // System.out.println("Received register interest for " + regionName);
+
+    // Update the statistics and write the reply
+    // bserverStats.incLong(processDestroyTimeId,
+    // DistributionStats.getStatTime() - start);
+    // start = DistributionStats.getStatTime();
+
+    CacheClientProxy ccp = servConn.getAcceptor().getCacheClientNotifier()
+        .getClientProxy(servConn.getProxyID());
+    if (ccp == null) {
+      // fix for 37593
+      IOException ioex = new IOException(LocalizedStrings.RegisterInterest_CACHECLIENTPROXY_FOR_THIS_CLIENT_IS_NO_LONGER_ON_THE_SERVER_SO_REGISTERINTEREST_OPERATION_IS_UNSUCCESSFUL.toLocalizedString());
+      writeChunkedException(msg, ioex, false, servConn);
+      servConn.setAsTrue(RESPONDED);
+      return;
+    }
+    boolean isPrimary = ccp.isPrimary();
+    ChunkedMessage chunkedResponseMsg = servConn.getRegisterInterestResponseMessage();
+    if (!isPrimary) {
+      chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_SECONDARY);
+      chunkedResponseMsg.setTransactionId(msg.getTransactionId());
+      chunkedResponseMsg.sendHeader();
+      chunkedResponseMsg.setLastChunk(true);
+
+      if (logger.isDebugEnabled()) {
+        logger.debug("{}: Sending register interest response chunk from secondary for region:
{} for key: {} chunk=<{}>", servConn.getName(), regionName, key, chunkedResponseMsg);
       }
+      chunkedResponseMsg.sendChunk(servConn);
+    } // !isPrimary
+    else { // isPrimary
 
-      // System.out.println("Received register interest for " + regionName);
+      // Send header which describes how many chunks will follow
+      chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_PRIMARY);
+      chunkedResponseMsg.setTransactionId(msg.getTransactionId());
+      chunkedResponseMsg.sendHeader();
 
-      // Update the statistics and write the reply
-      // bserverStats.incLong(processDestroyTimeId,
-      // DistributionStats.getStatTime() - start);
-      // start = DistributionStats.getStatTime();
-
-      CacheClientProxy ccp = servConn.getAcceptor().getCacheClientNotifier()
-          .getClientProxy(servConn.getProxyID());
-      if (ccp == null) {
-        // fix for 37593
-        IOException ioex = new IOException(LocalizedStrings.RegisterInterest_CACHECLIENTPROXY_FOR_THIS_CLIENT_IS_NO_LONGER_ON_THE_SERVER_SO_REGISTERINTEREST_OPERATION_IS_UNSUCCESSFUL.toLocalizedString());
-        writeChunkedException(msg, ioex, false, servConn);
+      // Send chunk response
+      try {
+        fillAndSendRegisterInterestResponseChunks(region, key, interestType,
+            policy, servConn);
+        servConn.setAsTrue(RESPONDED);
+      }
+      catch (Exception e) {
+        writeChunkedException(msg, e, false, servConn, chunkedResponseMsg);
         servConn.setAsTrue(RESPONDED);
         return;
       }
-      boolean isPrimary = ccp.isPrimary();
-      ChunkedMessage chunkedResponseMsg = servConn.getRegisterInterestResponseMessage();
-      if (!isPrimary) {
-        chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_SECONDARY);
-        chunkedResponseMsg.setTransactionId(msg.getTransactionId());
-        chunkedResponseMsg.sendHeader();
-        chunkedResponseMsg.setLastChunk(true);
-
-        if (logger.isDebugEnabled()) {
-          logger.debug("{}: Sending register interest response chunk from secondary for region:
{} for key: {} chunk=<{}>", servConn.getName(), regionName, key, chunkedResponseMsg);
-        }
-        chunkedResponseMsg.sendChunk(servConn);
-      } // !isPrimary
-      else { // isPrimary
-
-        // Send header which describes how many chunks will follow
-        chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_PRIMARY);
-        chunkedResponseMsg.setTransactionId(msg.getTransactionId());
-        chunkedResponseMsg.sendHeader();
-
-        // Send chunk response
-        try {
-          fillAndSendRegisterInterestResponseChunks(region, key, interestType,
-              policy, servConn);
-          servConn.setAsTrue(RESPONDED);
-        }
-        catch (Exception e) {
-          writeChunkedException(msg, e, false, servConn, chunkedResponseMsg);
-          servConn.setAsTrue(RESPONDED);
-          return;
-        }
 
-        if (logger.isDebugEnabled()) {
-          // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
-          // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
-          // region " + regionName + " key " + key);
-          logger.debug("{}: Sent register interest response for region {} key {}", servConn.getName(),
regionName, key);
-        }
-        // bserverStats.incLong(writeDestroyResponseTimeId,
-        // DistributionStats.getStatTime() - start);
-        // bserverStats.incInt(destroyResponsesId, 1);
-      } // isPrimary
-    } // input key not null
+      if (logger.isDebugEnabled()) {
+        // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
+        // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
+        // region " + regionName + " key " + key);
+        logger.debug("{}: Sent register interest response for region {} key {}", servConn.getName(),
regionName, key);
+      }
+      // bserverStats.incLong(writeDestroyResponseTimeId,
+      // DistributionStats.getStatTime() - start);
+      // bserverStats.incInt(destroyResponsesId, 1);
+    } // isPrimary
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
index 5b4109c..a797a6c 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
@@ -23,6 +23,7 @@ import com.gemstone.gemfire.internal.Version;
 import com.gemstone.gemfire.internal.cache.LocalRegion;
 import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
 import com.gemstone.gemfire.internal.cache.tier.Command;
+import com.gemstone.gemfire.internal.cache.tier.InterestType;
 import com.gemstone.gemfire.internal.cache.tier.MessageType;
 import com.gemstone.gemfire.internal.cache.tier.sockets.*;
 import com.gemstone.gemfire.internal.cache.vmotion.VMotionObserver;
@@ -34,6 +35,7 @@ import com.gemstone.gemfire.cache.DynamicRegionFactory;
 import com.gemstone.gemfire.cache.InterestResultPolicy;
 import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
 import com.gemstone.gemfire.i18n.StringId;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 
 import java.io.IOException;
 /**
@@ -179,103 +181,109 @@ public class RegisterInterest61 extends BaseCommand {
           message.toLocalizedString(), servConn);
       servConn.setAsTrue(RESPONDED);
     }
-    else { // input key not null
-      LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
-      if (region == null) {
-        logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterest_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_REQUEST,
new Object[] {servConn.getName(), regionName}));
-        // writeChunkedErrorResponse(msg,
-        // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
-        // responded = true;
-      }
-      // Register interest
-      try {
-        AuthorizeRequest authzRequest = servConn.getAuthzRequest();
-        if (authzRequest != null) {
-          // TODO SW: This is a workaround for DynamicRegionFactory
-          // registerInterest calls. Remove this when the semantics of
-          // DynamicRegionFactory are cleaned up.
-          if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
-            RegisterInterestOperationContext registerContext = authzRequest
-                .registerInterestAuthorize(regionName, key, interestType,
-                    policy);
-            key = registerContext.getKey();
-          }
+
+    if(interestType == InterestType.REGULAR_EXPRESSION)
+      GeodeSecurityUtil.authorizeRegionRead(regionName);
+    else
+      GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+
+    // input key not null
+    LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
+    if (region == null) {
+      logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterest_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_REQUEST,
new Object[] {servConn.getName(), regionName}));
+      // writeChunkedErrorResponse(msg,
+      // MessageType.REGISTER_INTEREST_DATA_ERROR, message);
+      // responded = true;
+    }
+    // Register interest
+    try {
+      AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+      if (authzRequest != null) {
+        // TODO SW: This is a workaround for DynamicRegionFactory
+        // registerInterest calls. Remove this when the semantics of
+        // DynamicRegionFactory are cleaned up.
+        if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
+          RegisterInterestOperationContext registerContext = authzRequest
+              .registerInterestAuthorize(regionName, key, interestType,
+                  policy);
+          key = registerContext.getKey();
         }
-        servConn.getAcceptor().getCacheClientNotifier()
-            .registerClientInterest(regionName, key, servConn.getProxyID(),
-                interestType, isDurable, sendUpdatesAsInvalidates, true,
-                regionDataPolicyPartBytes[0], true);
-      }
-      catch (Exception e) {
-        // If an interrupted exception is thrown , rethrow it
-        checkForInterrupt(servConn, e);
-        // Otherwise, write an exception message and continue
-        writeChunkedException(msg, e, false, servConn);
-        servConn.setAsTrue(RESPONDED);
-        return;
       }
+      servConn.getAcceptor().getCacheClientNotifier()
+          .registerClientInterest(regionName, key, servConn.getProxyID(),
+              interestType, isDurable, sendUpdatesAsInvalidates, true,
+              regionDataPolicyPartBytes[0], true);
+    }
+    catch (Exception e) {
+      // If an interrupted exception is thrown , rethrow it
+      checkForInterrupt(servConn, e);
+      // Otherwise, write an exception message and continue
+      writeChunkedException(msg, e, false, servConn);
+      servConn.setAsTrue(RESPONDED);
+      return;
+    }
 
-      // System.out.println("Received register interest for " + regionName);
+    // System.out.println("Received register interest for " + regionName);
 
-      // Update the statistics and write the reply
-      // bserverStats.incLong(processDestroyTimeId,
-      // DistributionStats.getStatTime() - start);
-      // start = DistributionStats.getStatTime();
+    // Update the statistics and write the reply
+    // bserverStats.incLong(processDestroyTimeId,
+    // DistributionStats.getStatTime() - start);
+    // start = DistributionStats.getStatTime();
 
-      CacheClientProxy ccp = servConn.getAcceptor().getCacheClientNotifier()
-          .getClientProxy(servConn.getProxyID());
-      if (ccp == null) {
-        // fix for 37593
-        IOException ioex = new IOException(
-            LocalizedStrings.RegisterInterest_CACHECLIENTPROXY_FOR_THIS_CLIENT_IS_NO_LONGER_ON_THE_SERVER_SO_REGISTERINTEREST_OPERATION_IS_UNSUCCESSFUL
-                .toLocalizedString());
-        writeChunkedException(msg, ioex, false, servConn);
-        servConn.setAsTrue(RESPONDED);
-        return;
+    CacheClientProxy ccp = servConn.getAcceptor().getCacheClientNotifier()
+        .getClientProxy(servConn.getProxyID());
+    if (ccp == null) {
+      // fix for 37593
+      IOException ioex = new IOException(
+          LocalizedStrings.RegisterInterest_CACHECLIENTPROXY_FOR_THIS_CLIENT_IS_NO_LONGER_ON_THE_SERVER_SO_REGISTERINTEREST_OPERATION_IS_UNSUCCESSFUL
+              .toLocalizedString());
+      writeChunkedException(msg, ioex, false, servConn);
+      servConn.setAsTrue(RESPONDED);
+      return;
+    }
+    boolean isPrimary = ccp.isPrimary();
+    ChunkedMessage chunkedResponseMsg = servConn.getRegisterInterestResponseMessage();
+    if (!isPrimary) {
+      chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_SECONDARY);
+      chunkedResponseMsg.setTransactionId(msg.getTransactionId());
+      chunkedResponseMsg.sendHeader();
+      chunkedResponseMsg.setLastChunk(true);
+
+      if (logger.isDebugEnabled()) {
+        logger.debug("{}: Sending register interest response chunk from secondary for region:
{} for key: {} chunk=<{}>", servConn.getName(), regionName, key, chunkedResponseMsg);
       }
-      boolean isPrimary = ccp.isPrimary();
-      ChunkedMessage chunkedResponseMsg = servConn.getRegisterInterestResponseMessage();
-      if (!isPrimary) {
-        chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_SECONDARY);
-        chunkedResponseMsg.setTransactionId(msg.getTransactionId());
-        chunkedResponseMsg.sendHeader();
-        chunkedResponseMsg.setLastChunk(true);
+      chunkedResponseMsg.sendChunk(servConn);
+    } // !isPrimary
+    else { // isPrimary
 
-        if (logger.isDebugEnabled()) {
-          logger.debug("{}: Sending register interest response chunk from secondary for region:
{} for key: {} chunk=<{}>", servConn.getName(), regionName, key, chunkedResponseMsg);
-        }
-        chunkedResponseMsg.sendChunk(servConn);
-      } // !isPrimary
-      else { // isPrimary
+      // Send header which describes how many chunks will follow
+      chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_PRIMARY);
+      chunkedResponseMsg.setTransactionId(msg.getTransactionId());
+      chunkedResponseMsg.sendHeader();
 
-        // Send header which describes how many chunks will follow
-        chunkedResponseMsg.setMessageType(MessageType.RESPONSE_FROM_PRIMARY);
-        chunkedResponseMsg.setTransactionId(msg.getTransactionId());
-        chunkedResponseMsg.sendHeader();
+      // Send chunk response
+      try {
+        fillAndSendRegisterInterestResponseChunks(region, key, interestType,
+            serializeValues, policy, servConn);
+        servConn.setAsTrue(RESPONDED);
+      }
+      catch (Exception e) {
+        writeChunkedException(msg, e, false, servConn, chunkedResponseMsg);
+        servConn.setAsTrue(RESPONDED);
+        return;
+      }
 
-        // Send chunk response
-        try {
-          fillAndSendRegisterInterestResponseChunks(region, key, interestType,
-              serializeValues, policy, servConn);
-          servConn.setAsTrue(RESPONDED);
-        }
-        catch (Exception e) {
-          writeChunkedException(msg, e, false, servConn, chunkedResponseMsg);
-          servConn.setAsTrue(RESPONDED);
-          return;
-        }
+      if (logger.isDebugEnabled()) {
+        // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
+        // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
+        // region " + regionName + " key " + key);
+        logger.debug("{}: Sent register interest response for region {} key {}", servConn.getName(),
regionName, key);
+      }
+      // bserverStats.incLong(writeDestroyResponseTimeId,
+      // DistributionStats.getStatTime() - start);
+      // bserverStats.incInt(destroyResponsesId, 1);
+    } // isPrimary
 
-        if (logger.isDebugEnabled()) {
-          // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest
-          // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
-          // region " + regionName + " key " + key);
-          logger.debug("{}: Sent register interest response for region {} key {}", servConn.getName(),
regionName, key);
-        }
-        // bserverStats.incLong(writeDestroyResponseTimeId,
-        // DistributionStats.getStatTime() - start);
-        // bserverStats.incInt(destroyResponsesId, 1);
-      } // isPrimary
-    } // input key not null
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java
index c43c28e..71b29fe 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList.java
@@ -32,6 +32,7 @@ import com.gemstone.gemfire.cache.DynamicRegionFactory;
 import com.gemstone.gemfire.cache.InterestResultPolicy;
 import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
 import com.gemstone.gemfire.i18n.StringId;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -161,8 +162,10 @@ public class RegisterInterestList extends BaseCommand {
           s, servConn);
       servConn.setAsTrue(RESPONDED);
     }
-    else { // key not null
 
+    GeodeSecurityUtil.authorizeRegionRead(regionName);
+
+    // key not null
       LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
       if (region == null) {
         logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterestList_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_LIST_REQUEST,
new Object[]{servConn.getName(), regionName}));
@@ -246,7 +249,6 @@ public class RegisterInterestList extends BaseCommand {
         // bserverStats.incInt(destroyResponsesId, 1);
       } // isPrimary
       // } // region not null
-    } // key not null
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java
index 862e58b..264f1fb 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterestList66.java
@@ -33,6 +33,7 @@ import com.gemstone.gemfire.cache.DynamicRegionFactory;
 import com.gemstone.gemfire.cache.InterestResultPolicy;
 import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
 import com.gemstone.gemfire.i18n.StringId;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 
 import java.io.IOException;
 import java.util.List;
@@ -174,8 +175,9 @@ public class RegisterInterestList66 extends BaseCommand {
           s, servConn);
       servConn.setAsTrue(RESPONDED);
     }
-    else { // key not null
+    GeodeSecurityUtil.authorizeRegionRead(regionName);
 
+   // key not null
       LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
       if (region == null) {
         logger.info(LocalizedMessage.create(LocalizedStrings.RegisterInterestList_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_LIST_REQUEST,
new Object[]{servConn.getName(), regionName}));
@@ -260,7 +262,6 @@ public class RegisterInterestList66 extends BaseCommand {
         // bserverStats.incInt(destroyResponsesId, 1);
       } // isPrimary
       // } // region not null
-    } // key not null
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
new file mode 100644
index 0000000..4a2db57
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static org.assertj.core.api.Assertions.*;
+import static org.junit.Assert.*;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+
+import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
+import org.junit.After;
+import org.junit.Before;
+
+public class AbstractIntegratedClientAuthDistributedTest extends JUnit4DistributedTestCase
{
+
+  protected VM client1 = null;
+  protected VM client2 = null;
+  protected VM client3 = null;
+  protected int serverPort;
+
+  @Before
+  public void before() throws Exception{
+    final Host host = Host.getHost(0);
+    client1 = host.getVM(1);
+    client2 = host.getVM(2);
+    client3 = host.getVM(3);
+
+    JSONAuthorization.setUpWithJsonFile("clientServer.json");
+    serverPort =  SecurityTestUtils.createCacheServer(JSONAuthorization.class.getName()+".create");
+    Region region = getCache().getRegion(SecurityTestUtils.REGION_NAME);
+    assertEquals(0, region.size());
+    for (int i = 0; i < 5; i++) {
+      String key = "key" + i;
+      String value = "value" + i;
+      region.put(key, value);
+    }
+    assertEquals(5, region.size());
+  }
+
+  @After
+  public void after(){
+    client1.invoke(() -> closeCache());
+    client2.invoke(() -> closeCache());
+    client3.invoke(() -> closeCache());
+    closeCache();
+  }
+
+  public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString)
{
+    assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
index 212c9c9..506a171 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
@@ -17,8 +17,6 @@
 
 package com.gemstone.gemfire.security;
 
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static org.assertj.core.api.Assertions.*;
 import static org.junit.Assert.*;
 
 import java.util.ArrayList;
@@ -27,55 +25,17 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
 import com.gemstone.gemfire.cache.Cache;
 import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
 import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.dunit.Host;
 import com.gemstone.gemfire.test.dunit.SerializableRunnable;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
 import com.gemstone.gemfire.test.junit.categories.DistributedTest;
 
-@Category(DistributedTest.class)
-public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
-  private VM client1 = null;
-  private VM client2 = null;
-  private VM client3 = null;
-  private int serverPort;
-
-  @Before
-  public void before() throws Exception{
-    final Host host = Host.getHost(0);
-    client1 = host.getVM(1);
-    client2 = host.getVM(2);
-    client3 = host.getVM(3);
-
-    JSONAuthorization.setUpWithJsonFile("clientServer.json");
-    serverPort =  SecurityTestUtils.createCacheServer(JSONAuthorization.class.getName()+".create");
-    Region region = getCache().getRegion(SecurityTestUtils.REGION_NAME);
-    assertEquals(0, region.size());
-    for (int i = 0; i < 5; i++) {
-      String key = "key" + i;
-      String value = "value" + i;
-      region.put(key, value);
-    }
-    assertEquals(5, region.size());
-  }
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
 
-  @After
-  public void after(){
-    client1.invoke(() -> closeCache());
-    client2.invoke(() -> closeCache());
-    client3.invoke(() -> closeCache());
-    closeCache();
-  }
+@Category(DistributedTest.class)
+public class IntegratedClientAuthDUnitTest extends AbstractIntegratedClientAuthDistributedTest
{
 
   @Test
   public void testAuthentication(){
@@ -218,10 +178,6 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase
{
     ai2.checkException();
   }
 
-  public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString)
{
-    assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
-  }
-
   @Test
   public void testRegionClear() throws InterruptedException {
     // Verify that an unauthorized user can't clear the region
@@ -246,5 +202,6 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase
{
     };
     client2.invoke(clearAuthorized);
   }
-
 }
+
+

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/46017f93/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
new file mode 100644
index 0000000..d533a20
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(DistributedTest.class)
+public class IntegratedClientRegisterInterestAuthDistributedTest extends AbstractIntegratedClientAuthDistributedTest
{
+
+  @Test
+  public void testRegisterInterest() throws InterruptedException {
+    // client1 connects to server as a user not authorized to do any operations
+    AsyncInvocation ai1 =  client1.invokeAsync(()->{
+      Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort,
SecurityTestUtils.NO_EXCEPTION);
+      final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+      assertNotAuthorized(()->region.registerInterest("key3"), "DATA:READ:AuthRegion:key3");
+    });
+
+    // client2 connects to user as a user authorized to use AuthRegion region
+    AsyncInvocation ai2 =  client2.invokeAsync(()->{
+      Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort,
SecurityTestUtils.NO_EXCEPTION);
+      final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+      region.registerInterest("key3");  //  DATA:READ:AuthRegion:key3;
+    });
+
+    // client3 connects to user as a user authorized to use key1 in AuthRegion region
+    AsyncInvocation ai3 =  client3.invokeAsync(()->{
+      Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", serverPort,
SecurityTestUtils.NO_EXCEPTION);
+      final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+      assertNotAuthorized(()->region.registerInterest("key2"), "DATA:READ:AuthRegion:key2");
+    });
+
+    ai1.join();
+    ai2.join();
+    ai3.join();
+
+    ai1.checkException();
+    ai2.checkException();
+    ai3.checkException();
+  }
+
+  @Test
+  public void testRegisterInterestRegex() throws InterruptedException {
+    //client1 connects to server as a user not authorized to do any operations
+    AsyncInvocation ai1 =  client1.invokeAsync(()->{
+      Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort,
SecurityTestUtils.NO_EXCEPTION);
+      final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+      assertNotAuthorized(()->region.registerInterestRegex("key.*"), "DATA:READ:AuthRegion");
+    });
+
+    // client2 connects to user as a user authorized to use AuthRegion region
+    AsyncInvocation ai2 =  client2.invokeAsync(()->{
+      Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort,
SecurityTestUtils.NO_EXCEPTION);
+      final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+      region.registerInterestRegex("key[0-9]+");  //  DATA:READ:AuthRegion:key3;
+    });
+
+    // client3 connects to user as a user authorized to use key1 in AuthRegion region
+    AsyncInvocation ai3 =  client3.invokeAsync(()->{
+      Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", serverPort,
SecurityTestUtils.NO_EXCEPTION);
+      final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+      assertNotAuthorized(()->region.registerInterestRegex("key[0-9]+"), "DATA:READ:AuthRegion");
+      assertNotAuthorized(()->region.registerInterestRegex("key1"), "DATA:READ:AuthRegion");
+    });
+
+    ai1.join();
+    ai2.join();
+    ai3.join();
+
+    ai1.checkException();
+    ai2.checkException();
+    ai3.checkException();
+  }
+
+  @Test
+  public void testRegisterInterestList() throws InterruptedException {
+    List<String> keys = new ArrayList<>();
+    keys.add("key1");
+    keys.add("key2");
+
+    //client1 connects to server as a user not authorized to do any operations
+    AsyncInvocation ai1 =  client1.invokeAsync(()->{
+      Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort,
SecurityTestUtils.NO_EXCEPTION);
+      final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+      assertNotAuthorized(()->region.registerInterest(keys), "DATA:READ:AuthRegion");
+    });
+
+    // client2 connects to user as a user authorized to use AuthRegion region
+    AsyncInvocation ai2 =  client2.invokeAsync(()->{
+      Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort,
SecurityTestUtils.NO_EXCEPTION);
+      final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+      region.registerInterest(keys);  //  DATA:READ:AuthRegion;
+    });
+
+    // client3 connects to user as a user authorized to use key1 in AuthRegion region
+    AsyncInvocation ai3 =  client3.invokeAsync(()->{
+      Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", serverPort,
SecurityTestUtils.NO_EXCEPTION);
+      final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+      assertNotAuthorized(()->region.registerInterest(keys), "DATA:READ:AuthRegion");
+    });
+
+    ai1.join();
+    ai2.join();
+    ai3.join();
+
+    ai1.checkException();
+    ai2.checkException();
+    ai3.checkException();
+  }
+
+}



Mime
View raw message