geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kl...@apache.org
Subject [1/2] incubator-geode git commit: GEODE-1673: fail start if security.json cannot be found
Date Fri, 22 Jul 2016 04:12:38 GMT
Repository: incubator-geode
Updated Branches:
  refs/heads/feature/GEODE-1673-PR-212 603bae8cf -> 6b748eb5f


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
index 712329d..7717bff 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.security;
 
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
@@ -38,6 +37,7 @@ import org.junit.experimental.categories.Category;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class IntegratedSecurityCacheLifecycleIntegrationTest {
+
   private Properties securityProps;
   private Cache cache;
 
@@ -52,7 +52,6 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest {
     props.setProperty(LOCATORS, "");
 
     cache = new CacheFactory(props).create();
-
   }
 
   @After
@@ -81,7 +80,7 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest {
     }
 
     @Override
-    public Principal authenticate(final Properties props) throws AuthenticationFailedException
{
+    public Principal authenticate(final Properties credentials) throws AuthenticationFailedException
{
       return null;
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java
index d6ac3aa..ce090f1 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java
@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.security;
 
 import static org.junit.Assert.*;
@@ -81,7 +80,6 @@ public class IntegratedSecurityNoShowValue1PostProcessorDUnitTest extends
Abstra
       assertTrue(result.contains("value2"));
       assertTrue(result.contains("value3"));
       assertTrue(result.contains("value4"));
-
     });
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java
index f573073..0568659 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java
@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.security;
 
 import static org.junit.Assert.*;
@@ -85,7 +84,6 @@ public class IntegratedSecurityPostProcessorDUnitTest extends AbstractIntegrated
       assertTrue(result.contains("super-user/null/null/value2"));
       assertTrue(result.contains("super-user/null/null/value3"));
       assertTrue(result.contains("super-user/null/null/value4"));
-
     });
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
index b6fd2f7..b428144 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package com.gemstone.gemfire.security;
 
 import java.security.Principal;
@@ -28,9 +27,10 @@ public class NoShowValue1PostProcessor implements PostProcessor {
                                    final String regionName,
                                    final Object key,
                                    final Object value) {
-    if(value.equals("value1"))
+    if (value.equals("value1")) {
       return null;
-    else
+    } else {
       return value;
+    }
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
index b74b054..598242d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
@@ -16,7 +16,6 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-
 package com.gemstone.gemfire.security;
 
 import static com.gemstone.gemfire.cache30.ClientServerTestCase.*;
@@ -90,6 +89,7 @@ import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
 /**
  * Contains utility methods for setting up servers/clients for authentication
  * and authorization tests.
+ *
  * @since GemFire 5.5
  */
 public final class SecurityTestUtils {

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/org/apache/geode/security/templates/SampleSecurityManagerTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/SampleSecurityManagerTest.java
b/geode-core/src/test/java/org/apache/geode/security/templates/SampleSecurityManagerTest.java
new file mode 100644
index 0000000..c810cb0
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/SampleSecurityManagerTest.java
@@ -0,0 +1,123 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.security.templates;
+
+import static org.assertj.core.api.Assertions.*;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.util.Properties;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TemporaryFolder;
+
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import org.apache.geode.security.templates.SampleSecurityManager.Role;
+import org.apache.geode.security.templates.SampleSecurityManager.User;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
+public class SampleSecurityManagerTest {
+
+  private SampleSecurityManager sampleSecurityManager;
+  private String jsonResource;
+  private File jsonFile;
+  private String json;
+
+  @Rule
+  public TemporaryFolder temporaryFolder = new TemporaryFolder();
+
+  @Before
+  public void setUp() throws Exception {
+    // resource file
+    this.jsonResource = "org/apache/geode/security/templates/security.json";
+    InputStream inputStream = ClassLoader.getSystemResourceAsStream(this.jsonResource);
+
+    assertThat(inputStream).isNotNull();
+
+    // non-resource file
+    this.jsonFile = new File(temporaryFolder.getRoot(), "security.json");
+    IOUtils.copy(inputStream, new FileOutputStream(this.jsonFile));
+
+    // string
+    this.json = FileUtils.readFileToString(this.jsonFile, "UTF-8");
+    this.sampleSecurityManager = new SampleSecurityManager();
+  }
+
+  @Test
+  public void shouldInitializeFromJsonString() throws Exception {
+    this.sampleSecurityManager.initializeFromJson(this.json);
+    verifySecurityManagerState();
+  }
+
+  @Test
+  public void shouldInitializeFromJsonResource() throws Exception {
+    this.sampleSecurityManager.initializeFromJsonResource(this.jsonResource);
+    verifySecurityManagerState();
+  }
+
+  @Test
+  public void shouldInitializeFromJsonFile() throws Exception {
+    this.sampleSecurityManager.initializeFromJsonFile(this.jsonFile);
+    verifySecurityManagerState();
+  }
+
+  @Test
+  public void initShouldUsePropertyAsJsonString() throws Exception {
+    Properties securityProperties = new Properties();
+    securityProperties.setProperty(SampleSecurityManager.SECURITY_JSON, this.json);
+    this.sampleSecurityManager.init(securityProperties);
+    verifySecurityManagerState();
+  }
+
+  @Test
+  public void initShouldUsePropertyAsJsonFile() throws Exception {
+    Properties securityProperties = new Properties();
+    securityProperties.setProperty(SampleSecurityManager.SECURITY_JSON, this.jsonFile.getAbsolutePath());
+    this.sampleSecurityManager.init(securityProperties);
+    verifySecurityManagerState();
+  }
+
+  @Test
+  public void initShouldUsePropertyAsJsonResource() throws Exception {
+    Properties securityProperties = new Properties();
+    securityProperties.setProperty(SampleSecurityManager.SECURITY_JSON, this.jsonResource);
+    this.sampleSecurityManager.init(securityProperties);
+    verifySecurityManagerState();
+  }
+
+  private void verifySecurityManagerState() {
+    User adminUser = this.sampleSecurityManager.getUser("admin");
+    assertThat(adminUser).isNotNull();
+    assertThat(adminUser.name).isEqualTo("admin");
+    assertThat(adminUser.password).isEqualTo("secret");
+    assertThat(adminUser.roles).hasSize(1);
+
+    User guestUser = this.sampleSecurityManager.getUser("guest");
+    assertThat(guestUser).isNotNull();
+    assertThat(guestUser.name).isEqualTo("guest");
+    assertThat(guestUser.password).isEqualTo("guest");
+    assertThat(guestUser.roles).hasSize(1);
+    // TODO: need to do more verification
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/resources/org/apache/geode/security/templates/security.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/templates/security.json
b/geode-core/src/test/resources/org/apache/geode/security/templates/security.json
new file mode 100644
index 0000000..c1ee9fc
--- /dev/null
+++ b/geode-core/src/test/resources/org/apache/geode/security/templates/security.json
@@ -0,0 +1,30 @@
+{
+  "roles": [
+    {
+      "name": "admin",
+      "operationsAllowed": [
+        "CLUSTER:MANAGE",
+        "DATA:MANAGE"
+      ]
+    },
+    {
+      "name": "readRegionA",
+      "operationsAllowed": [
+        "DATA:READ"
+      ],
+      "regions": ["RegionA", "RegionB"]
+    }
+  ],
+  "users": [
+    {
+      "name": "admin",
+      "password": "secret",
+      "roles": ["admin"]
+    },
+    {
+      "name": "guest",
+      "password": "guest",
+      "roles": ["readRegionA"]
+    }
+  ]
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
index 7385e7f..49d8a0c 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
@@ -26,6 +26,7 @@ import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Properties;
 
 import javax.management.InstanceAlreadyExistsException;
 import javax.management.MBeanRegistrationException;
@@ -38,6 +39,7 @@ import javax.management.remote.JMXConnectorServerFactory;
 import javax.management.remote.JMXServiceURL;
 
 import com.vmware.gemfire.tools.pulse.internal.data.PulseConstants;
+import org.apache.geode.security.templates.SampleSecurityManager;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.mgt.DefaultSecurityManager;
 import org.apache.shiro.mgt.SecurityManager;
@@ -46,7 +48,6 @@ import org.apache.shiro.realm.Realm;
 import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
 import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator;
 import com.gemstone.gemfire.management.internal.security.AccessControlMBean;
-import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
 import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
 import com.gemstone.gemfire.management.internal.security.ResourceConstants;
 
@@ -68,11 +69,13 @@ public class Server {
 
     if (jsonAuthFile != null) {
       System.setProperty("spring.profiles.active", "pulse.authentication.gemfire");
-      JSONAuthorization.setUpWithJsonFile(jsonAuthFile);
+
       Map<String, Object> env = new HashMap<String, Object>();
 
       // set up Shiro Security Manager
-      Realm realm = new CustomAuthRealm(JSONAuthorization.class.getName());
+      Properties securityProperties = new Properties();
+      securityProperties.setProperty(SampleSecurityManager.SECURITY_JSON, jsonAuthFile);
+      Realm realm = new CustomAuthRealm(SampleSecurityManager.class.getName(), securityProperties);
       SecurityManager securityManager = new DefaultSecurityManager(realm);
       SecurityUtils.setSecurityManager(securityManager);
 


Mime
View raw message