geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jinmeil...@apache.org
Subject [37/50] [abbrv] incubator-geode git commit: GEODE-1571: have the integrated security specified by security-manager config
Date Fri, 08 Jul 2016 15:51:57 GMT
GEODE-1571: have the integrated security specified by security-manager config


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/53d5af04
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/53d5af04
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/53d5af04

Branch: refs/heads/develop
Commit: 53d5af04773d5a0833e2be36273b4825568ac278
Parents: 2f841f6
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Tue Jul 5 16:13:54 2016 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Tue Jul 5 16:13:54 2016 -0700

----------------------------------------------------------------------
 .../distributed/ConfigurationProperties.java    |  6 ++
 .../internal/DistributionConfig.java            | 47 +++++++++++---
 .../internal/DistributionConfigImpl.java        | 59 ++++++++++++++---
 .../cache/tier/sockets/AcceptorImpl.java        | 12 ++--
 .../cache/tier/sockets/CacheClientNotifier.java |  3 +-
 .../internal/cache/tier/sockets/HandShake.java  | 23 +++----
 .../internal/security/GeodeSecurityUtil.java    | 16 +++--
 .../management/internal/ManagementAgent.java    | 66 ++++++++++----------
 .../GeodeSecurityUtilCustomRealmJUnitTest.java  | 11 ++--
 .../JsonAuthorizationCacheStartRule.java        |  3 +-
 .../internal/security/MultiUserDUnitTest.java   |  3 +-
 ...ractIntegratedClientAuthDistributedTest.java |  2 +-
 .../security/IntegratedClientAuthDUnitTest.java |  3 -
 ...IntegratedClientSizeAuthDistributedTest.java | 11 +---
 gradle/test.gradle                              | 12 ++++
 gradle/wrapper/gradle-wrapper.properties        |  2 +-
 gradlew                                         |  2 +-
 gradlew.bat                                     |  2 +-
 18 files changed, 180 insertions(+), 103 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
index e74ae05..580f342 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
@@ -1175,6 +1175,12 @@ public interface ConfigurationProperties {
    */
   String SECURITY_CLIENT_AUTH_INIT = SECURITY_PREFIX + "client-auth-init";
   /**
+   * The static String definition of the <i>"security-manager"</i>
+   * property
+   * @since Geode 1.0
+   */
+  String SECURITY_MANAGER = SECURITY_PREFIX + "manager";
+  /**
    * The static String definition of the <i>"security-client-authenticator"</i>
    * property
    */

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
index a26de3f..f80d746 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
@@ -17,6 +17,19 @@
 
 package com.gemstone.gemfire.distributed.internal;
 
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.File;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
 import com.gemstone.gemfire.distributed.ConfigurationProperties;
 import com.gemstone.gemfire.distributed.DistributedSystem;
 import com.gemstone.gemfire.internal.Config;
@@ -26,14 +39,6 @@ import com.gemstone.gemfire.internal.logging.LogConfig;
 import com.gemstone.gemfire.internal.tcp.Connection;
 import com.gemstone.gemfire.memcached.GemFireMemcachedServer;
 
-import java.io.File;
-import java.lang.reflect.Field;
-import java.lang.reflect.Method;
-import java.net.InetAddress;
-import java.util.*;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
 /**
  * Provides accessor (and in some cases mutator) methods for the
  * various GemFire distribution configuration properties.  The
@@ -2090,6 +2095,32 @@ public interface DistributionConfig extends Config, LogConfig {
   String DEFAULT_SECURITY_CLIENT_AUTHENTICATOR = "";
 
   /**
+   * Returns user module name authenticating client credentials in {@link ConfigurationProperties#SECURITY_MANAGER}
+   */
+  @ConfigAttributeGetter(name = SECURITY_MANAGER)
+  String getSecurityManager();
+
+  /**
+   * Sets the user defined method name in {@link ConfigurationProperties#SECURITY_MANAGER}
+   * property.
+   */
+  @ConfigAttributeSetter(name = SECURITY_MANAGER)
+  void setSecurityManager(String attValue);
+
+  /**
+   * The name of factory method for {@link ConfigurationProperties#SECURITY_MANAGER} property
+   */
+  @ConfigAttribute(type = String.class)
+  String SECURITY_MANAGER_NAME = SECURITY_MANAGER;
+
+  /**
+   * The default {@link ConfigurationProperties#SECURITY_MANAGER} method name.
+   * <p> Actual value of this is fully qualified <code>"method name"</code>.
+   */
+  String DEFAULT_SECURITY_MANAGER = "";
+
+
+  /**
    * Returns name of algorithm to use for Diffie-Hellman key exchange {@link ConfigurationProperties#SECURITY_CLIENT_DHALGO}
    */
   @ConfigAttributeGetter(name = SECURITY_CLIENT_DHALGO)

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index d31c739..ac80ee1 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -17,14 +17,7 @@
 
 package com.gemstone.gemfire.distributed.internal;
 
-import com.gemstone.gemfire.GemFireConfigException;
-import com.gemstone.gemfire.GemFireIOException;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.internal.ConfigSource;
-import com.gemstone.gemfire.internal.SocketCreator;
-import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
-import com.gemstone.gemfire.internal.process.ProcessLauncherContext;
-import com.gemstone.gemfire.memcached.GemFireMemcachedServer;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 
 import java.io.File;
 import java.io.IOException;
@@ -32,9 +25,23 @@ import java.io.Serializable;
 import java.net.InetAddress;
 import java.net.URL;
 import java.net.UnknownHostException;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
 
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.GemFireIOException;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.internal.ConfigSource;
+import com.gemstone.gemfire.internal.SocketCreator;
+import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
+import com.gemstone.gemfire.internal.process.ProcessLauncherContext;
+import com.gemstone.gemfire.memcached.GemFireMemcachedServer;
 
 /**
  * Provides an implementation of <code>DistributionConfig</code> that
@@ -206,6 +213,9 @@ public class DistributionConfigImpl
   /** The client authenticating method name*/
   private String securityClientAuthenticator = DEFAULT_SECURITY_CLIENT_AUTHENTICATOR;
 
+  /** The security manager method name*/
+  private String securityManager = DEFAULT_SECURITY_MANAGER;
+
   /** The client Diffie-Hellman method name*/
   private String securityClientDHAlgo = DEFAULT_SECURITY_CLIENT_DHALGO;
 
@@ -571,6 +581,7 @@ public class DistributionConfigImpl
     this.lockMemory = other.getLockMemory();
     this.distributedTransactions = other.getDistributedTransactions();
     this.shiroInit = other.getShiroInit();
+    this.securityManager = other.getSecurityManager();
   }
 
   /**
@@ -1907,6 +1918,10 @@ public class DistributionConfigImpl
     return securityClientAuthenticator;
   }
 
+  public String getSecurityManager() {
+    return securityManager;
+  }
+
   public boolean getEnableNetworkPartitionDetection() {
     return this.enableNetworkPartitionDetection;
   }
@@ -1925,6 +1940,10 @@ public class DistributionConfigImpl
     securityClientAuthenticator = (String)checkAttribute(SECURITY_CLIENT_AUTHENTICATOR, value);
   }
 
+  public void setSecurityManager(String value){
+    securityManager = (String)checkAttribute(SECURITY_MANAGER, value);
+  }
+
   public String getSecurityClientDHAlgo() {
     return securityClientDHAlgo;
   }
@@ -2649,6 +2668,18 @@ public class DistributionConfigImpl
     } else if (!securityClientAuthenticator
         .equals(other.securityClientAuthenticator))
       return false;
+    if (securityManager == null) {
+      if (other.securityManager != null)
+        return false;
+    } else if (!securityManager
+      .equals(other.securityManager))
+      return false;
+    if (shiroInit == null) {
+      if (other.shiroInit != null)
+        return false;
+    } else if (!shiroInit
+      .equals(other.shiroInit))
+      return false;
     if (securityClientDHAlgo == null) {
       if (other.securityClientDHAlgo != null)
         return false;
@@ -2992,6 +3023,14 @@ public class DistributionConfigImpl
         + ((securityClientAuthenticator == null) ? 0
             : securityClientAuthenticator.hashCode());
     result = prime
+             * result
+             + ((securityManager == null) ? 0
+                  : securityManager.hashCode());
+    result = prime
+             * result
+             + ((shiroInit == null) ? 0
+                  : shiroInit.hashCode());
+    result = prime
         * result
         + ((securityClientDHAlgo == null) ? 0 : securityClientDHAlgo.hashCode());
     result = prime * result

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
index 4b015f2..b6d19f9 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
@@ -56,8 +56,11 @@ import java.util.concurrent.ThreadFactory;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
+
 import javax.net.ssl.SSLException;
 
+import org.apache.logging.log4j.Logger;
+
 import com.gemstone.gemfire.CancelException;
 import com.gemstone.gemfire.SystemFailure;
 import com.gemstone.gemfire.ToDataException;
@@ -91,8 +94,6 @@ import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
 import com.gemstone.gemfire.internal.tcp.ConnectionTable;
 import com.gemstone.gemfire.internal.util.ArrayUtils;
 
-import org.apache.logging.log4j.Logger;
-
 /**
  * Implements the acceptor thread on the bridge server. Accepts connections from
  * the edge and starts up threads to process requests from these.
@@ -637,12 +638,9 @@ public class AcceptorImpl extends Acceptor implements Runnable
       this.hsPool = tmp_hsPool;
     }
 
-    String authenticator = this.cache.getDistributedSystem().getProperties()
-        .getProperty(SECURITY_CLIENT_AUTHENTICATOR);
-    isAuthenticationRequired = (authenticator != null && authenticator.length() >
0) ? true
-        : false;
+    isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired(this.cache.getDistributedSystem().getSecurityProperties());
 
-    isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity(authenticator);
+    isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity(this.cache.getDistributedSystem().getSecurityProperties());
 
     String postAuthzFactoryName = this.cache.getDistributedSystem()
         .getProperties().getProperty(SECURITY_CLIENT_ACCESSOR_PP);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
index c5b742c..d351569 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
@@ -400,8 +400,7 @@ public class CacheClientNotifier {
         clientVersion, acceptorId, notifyBySubscription);
       
       //TODO:hitesh
-      Properties credentials = HandShake.readCredentials(dis, dos,
-          authenticator, system);
+      Properties credentials = HandShake.readCredentials(dis, dos, system);
       if (credentials != null && proxy!=null) {
         if (securityLogWriter.fineEnabled()) {
           securityLogWriter.fine("CacheClientNotifier: verifying credentials for proxyID:
" + proxyID);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
index 89a3fa8..5bceff9 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
@@ -280,8 +280,6 @@ public class HandShake implements ClientHandShake
           this.id = ClientProxyMembershipID.readCanonicalized(dis);
           // Note: credentials should always be the last piece in handshake for
           // Diffie-Hellman key exchange to work
-          String authenticator = this.system.getProperties().getProperty(
-              SECURITY_CLIENT_AUTHENTICATOR);
           if (clientVersion.compareTo(Version.GFE_603) >= 0) {
             setOverrides(new byte[] { dis.readByte() });
           } else {
@@ -290,10 +288,9 @@ public class HandShake implements ClientHandShake
           //Hitesh
           if (this.clientVersion.compareTo(Version.GFE_65) < 0
               || communicationMode == Acceptor.GATEWAY_TO_GATEWAY) {
-            this.credentials = readCredentials(dis, dos, authenticator, sys);
+            this.credentials = readCredentials(dis, dos, sys);
           } else {
-            this.credentials = this
-                .readCredential(dis, dos, authenticator, sys);
+            this.credentials = this.readCredential(dis, dos, sys);
           }
         } catch(IOException ioe) {
           this.code = -2;
@@ -898,13 +895,11 @@ public class HandShake implements ClientHandShake
   }
   
 //This assumes that authentication is the last piece of info in handshake
-  public Properties readCredential(DataInputStream dis,
-      DataOutputStream dos, String authenticator, DistributedSystem system)
+  public Properties readCredential(DataInputStream dis, DataOutputStream dos, DistributedSystem
system)
       throws GemFireSecurityException, IOException {
 
     Properties credentials = null;
-    boolean requireAuthentication = (authenticator != null && authenticator
-        .length() > 0);
+    boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties());
     try {
       byte secureMode = dis.readByte();
       if (secureMode == CREDENTIALS_NONE) {
@@ -1641,12 +1636,11 @@ public class HandShake implements ClientHandShake
 
   // This assumes that authentication is the last piece of info in handshake
   public static Properties readCredentials(DataInputStream dis,
-      DataOutputStream dos, String authenticator, DistributedSystem system)
+      DataOutputStream dos, DistributedSystem system)
       throws GemFireSecurityException, IOException {
 
+    boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties());
     Properties credentials = null;
-    boolean requireAuthentication = (authenticator != null && authenticator
-        .length() > 0);
     try {
       byte secureMode = dis.readByte();
       if (secureMode == CREDENTIALS_NONE) {
@@ -1806,7 +1800,7 @@ public class HandShake implements ClientHandShake
       InternalLogWriter securityLogWriter, DistributedMember member)
       throws AuthenticationRequiredException, AuthenticationFailedException {
 
-    if (authenticatorMethod == null || authenticatorMethod.length() == 0) {
+    if (!AcceptorImpl.isAuthenticationRequired()) {
       return null;
     }
 
@@ -1870,8 +1864,7 @@ public class HandShake implements ClientHandShake
     }
     String authenticator = this.system.getProperties().getProperty(
         SECURITY_CLIENT_AUTHENTICATOR);
-    Properties peerWanProps = readCredentials(dis, dos, authenticator,
-        this.system);
+    Properties peerWanProps = readCredentials(dis, dos, this.system);
     verifyCredentials(authenticator, peerWanProps, this.system
         .getSecurityProperties(), (InternalLogWriter)this.system.getLogWriter(), (InternalLogWriter)this.system
         .getSecurityLogWriter(), member);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index ce7eff3..048b8ba 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -48,13 +48,13 @@ import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal;
 import com.gemstone.gemfire.management.internal.security.ResourceOperation;
 import com.gemstone.gemfire.security.AuthenticationFailedException;
 import com.gemstone.gemfire.security.AuthenticationRequiredException;
-import com.gemstone.gemfire.security.SecurityManager;
 import com.gemstone.gemfire.security.GemFireSecurityException;
 import com.gemstone.gemfire.security.GeodePermission;
 import com.gemstone.gemfire.security.GeodePermission.Operation;
 import com.gemstone.gemfire.security.GeodePermission.Resource;
 import com.gemstone.gemfire.security.NotAuthorizedException;
 import com.gemstone.gemfire.security.PostProcessor;
+import com.gemstone.gemfire.security.SecurityManager;
 
 public class GeodeSecurityUtil {
 
@@ -295,7 +295,7 @@ public class GeodeSecurityUtil {
     }
 
     String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
-    String customAuthenticator = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
+    String customAuthenticator = securityProps.getProperty(SECURITY_MANAGER);
 
     Object authenticatorObject = getObject(customAuthenticator);
     if (!com.gemstone.gemfire.internal.lang.StringUtils.isBlank(shiroConfig)) {
@@ -363,9 +363,15 @@ public class GeodeSecurityUtil {
     }
   }
 
-  public static boolean isIntegratedSecurity(String authenticatorFactoryName) {
-    Object auth = getObject(authenticatorFactoryName);
-    return (auth instanceof SecurityManager);
+  public static boolean isSecurityRequired(Properties securityProps){
+    String authenticator = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
+    String securityManager = securityProps.getProperty(SECURITY_MANAGER);
+    return !StringUtils.isEmpty(authenticator) || !StringUtils.isEmpty(securityManager);
+  }
+
+  public static boolean isIntegratedSecurity(Properties securityProps){
+    String securityManager = securityProps.getProperty(SECURITY_MANAGER);
+    return !StringUtils.isEmpty(securityManager);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
index 9807456..cbe8868 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
@@ -16,6 +16,39 @@
  */
 package com.gemstone.gemfire.management.internal;
 
+import java.io.IOException;
+import java.io.Serializable;
+import java.lang.management.ManagementFactory;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.rmi.AlreadyBoundException;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+import java.rmi.server.RMIClientSocketFactory;
+import java.rmi.server.RMIServerSocketFactory;
+import java.rmi.server.UnicastRemoteObject;
+import java.util.HashMap;
+import java.util.Set;
+
+import javax.management.InstanceAlreadyExistsException;
+import javax.management.MBeanRegistrationException;
+import javax.management.MBeanServer;
+import javax.management.MalformedObjectNameException;
+import javax.management.NotCompliantMBeanException;
+import javax.management.ObjectName;
+import javax.management.remote.JMXConnectorServer;
+import javax.management.remote.JMXServiceURL;
+import javax.management.remote.rmi.RMIConnectorServer;
+import javax.management.remote.rmi.RMIJRMPServerImpl;
+import javax.management.remote.rmi.RMIServerImpl;
+import javax.rmi.ssl.SslRMIClientSocketFactory;
+
+import org.apache.logging.log4j.Logger;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+
 import com.gemstone.gemfire.GemFireConfigException;
 import com.gemstone.gemfire.cache.CacheFactory;
 import com.gemstone.gemfire.distributed.internal.DistributionConfig;
@@ -34,32 +67,6 @@ import com.gemstone.gemfire.management.internal.security.AccessControlMBean;
 import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
 import com.gemstone.gemfire.management.internal.security.ResourceConstants;
 import com.gemstone.gemfire.management.internal.unsafe.ReadOpFileAccessController;
-import org.apache.logging.log4j.Logger;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.ServerConnector;
-
-import javax.management.*;
-import javax.management.remote.JMXConnectorServer;
-import javax.management.remote.JMXServiceURL;
-import javax.management.remote.rmi.RMIConnectorServer;
-import javax.management.remote.rmi.RMIJRMPServerImpl;
-import javax.management.remote.rmi.RMIServerImpl;
-import javax.rmi.ssl.SslRMIClientSocketFactory;
-import java.io.IOException;
-import java.io.Serializable;
-import java.lang.management.ManagementFactory;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
-import java.net.UnknownHostException;
-import java.rmi.AlreadyBoundException;
-import java.rmi.registry.LocateRegistry;
-import java.rmi.registry.Registry;
-import java.rmi.server.RMIClientSocketFactory;
-import java.rmi.server.RMIServerSocketFactory;
-import java.rmi.server.UnicastRemoteObject;
-import java.util.HashMap;
-import java.util.Set;
 
 /**
  * Agent implementation that controls the JMX server end points for JMX clients
@@ -502,12 +509,7 @@ public class ManagementAgent {
 
 
   private boolean isCustomAuthenticator() {
-    String factoryName = config.getSecurityClientAuthenticator();
-    return factoryName != null && !factoryName.isEmpty();
-  }
-
-  private boolean isCustomAuthorizer() {
-    String factoryName = config.getSecurityClientAccessor();
+    String factoryName = config.getSecurityManager();
     return factoryName != null && !factoryName.isEmpty();
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
index fcd5b96..8b174a4 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
@@ -17,11 +17,13 @@
 
 package com.gemstone.gemfire.management.internal.security;
 
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
 import org.junit.BeforeClass;
 import org.junit.experimental.categories.Category;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
 
 /**
  * this test and ShiroUtilWithIniFileJunitTest uses the same test body, but initialize the
SecurityUtils differently.
@@ -32,8 +34,7 @@ import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWithIniFileJUnitTest
{
   @BeforeClass
   public static void beforeClass() throws Exception{
-    props.put(SECURITY_CLIENT_AUTHENTICATOR, JSONAuthorization.class.getName() + ".create");
-    props.put(SECURITY_CLIENT_ACCESSOR, JSONAuthorization.class.getName() + ".create");
+    props.put(SECURITY_MANAGER, JSONAuthorization.class.getName() + ".create");
     JSONAuthorization.setUpWithJsonFile("shiro-ini.json");
     GeodeSecurityUtil.initSecurity(props);
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
index 00a9d7f..78ba970 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
@@ -59,7 +59,7 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
     properties.put(JMX_MANAGER_START, "true");
     properties.put(JMX_MANAGER_PORT, String.valueOf(jmxManagerPort));
     properties.put(HTTP_SERVICE_PORT, String.valueOf(httpPort));
-    properties.put(SECURITY_CLIENT_AUTHENTICATOR,
+    properties.put(SECURITY_MANAGER,
         JSONAuthorization.class.getName() + ".create");
 
     if(postProcessor!=null){
@@ -70,6 +70,7 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
 
     cache = new CacheFactory(properties).create();
     cache.addCacheServer().start();
+    cache.createRegionFactory().create("region1");
   }
 
   public Cache getCache(){

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
index 644e9f8..e645373 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
@@ -51,8 +51,7 @@ public class MultiUserDUnitTest extends CliCommandTestBase {
   public void testMultiUser() throws IOException, JSONException, InterruptedException {
     Properties properties = new Properties();
     properties.put(NAME, MultiUserDUnitTest.class.getSimpleName());
-    properties.put(SECURITY_CLIENT_AUTHENTICATOR, JSONAuthorization.class.getName() + ".create");
-    properties.put(SECURITY_CLIENT_ACCESSOR, JSONAuthorization.class.getName() + ".create");
+    properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName() + ".create");
 
     // set up vm_0 the secure jmx manager
     Object[] results = setUpJMXManagerOnVM(0, properties, "cacheServer.json");

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
index 50d33ef..45ecfe0 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java
@@ -59,7 +59,7 @@ public class AbstractIntegratedClientAuthDistributedTest extends JUnit4CacheTest
     JSONAuthorization.setUpWithJsonFile("clientServer.json");
 
     Properties props = new Properties();
-    props.setProperty(SECURITY_CLIENT_AUTHENTICATOR, JSONAuthorization.class.getName()+".create");
+    props.setProperty(SECURITY_MANAGER, JSONAuthorization.class.getName()+".create");
     if(postProcessor!=null){
       props.setProperty(SECURITY_CLIENT_ACCESSOR_PP, postProcessor.getName()+".create");
     }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
index 9eb12c4..e6e7f13 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
@@ -56,9 +56,6 @@ public class IntegratedClientAuthDUnitTest extends AbstractIntegratedClientAuthD
       catchException(new ClientCacheFactory(createClientProperties("super-user", "wrong")).setPoolSubscriptionEnabled(true)
                                                                                         
 .addPoolServer("localhost", serverPort))
         .create();
-
-      //throw caughtException(); // TODO: gemfire-mm review as team
-
       assertThat((Throwable) caughtException()).hasCause(expected);
     });
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java
index b1c1258..e302177 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java
@@ -21,7 +21,6 @@ import org.junit.Test;
 import org.junit.experimental.categories.Category;
 
 import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
 import com.gemstone.gemfire.cache.client.internal.InternalPool;
 import com.gemstone.gemfire.cache.client.internal.SizeOp;
 import com.gemstone.gemfire.test.dunit.AsyncInvocation;
@@ -35,18 +34,12 @@ public class IntegratedClientSizeAuthDistributedTest extends AbstractIntegratedC
   public void testSize() throws InterruptedException {
 
     AsyncInvocation ai1 = client1.invokeAsync(() -> {
-      ClientCache cache = new ClientCacheFactory(createClientProperties("dataWriter", "1234567")).setPoolSubscriptionEnabled(true)
-                                                                                        
        .addPoolServer("localhost", serverPort)
-                                                                                        
        .create();
-
+      ClientCache cache = createClientCache("dataWriter", "1234567", serverPort);
       assertNotAuthorized(() -> SizeOp.execute((InternalPool) cache.getDefaultPool(),
REGION_NAME), "DATA:READ:AuthRegion");
     });
 
     AsyncInvocation ai2 = client2.invokeAsync(() -> {
-      ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionReader",
"1234567")).setPoolSubscriptionEnabled(true)
-                                                                                        
              .addPoolServer("localhost", serverPort)
-                                                                                        
              .create();
-
+      ClientCache cache = createClientCache("authRegionReader", "1234567", serverPort);
       SizeOp.execute((InternalPool) cache.getDefaultPool(), REGION_NAME);
     });
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/gradle/test.gradle
----------------------------------------------------------------------
diff --git a/gradle/test.gradle b/gradle/test.gradle
index 5651124..96ea88d 100644
--- a/gradle/test.gradle
+++ b/gradle/test.gradle
@@ -145,7 +145,19 @@ subprojects {
     reports.junitXml.destination = file "$buildDir/test-reports-flaky"
     
   }
+  task securityTest(type:Test) {
+    useJUnit {
+      includeCategories 'com.gemstone.gemfire.test.junit.categories.SecurityTest'
+    }
 
+    forkEvery 1
+    doFirst {
+      writeTestProperties(buildDir, name)
+    }
+
+    reports.junitXml.destination = file "$buildDir/test-reports-security"
+
+  }
   // By proving a file with an arbitrary list of test classes, we can select only those
   // tests to run. Activated using -Dcustom.tests=<file> customTest
   def customTestList = []

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/gradle/wrapper/gradle-wrapper.properties
----------------------------------------------------------------------
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 72f7318..ec27a39 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,4 +1,4 @@
-#Mon Oct 26 08:38:10 PDT 2015
+#Tue Jul 05 14:26:44 PDT 2016
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/gradlew
----------------------------------------------------------------------
diff --git a/gradlew b/gradlew
index 40e878b..9d82f78 100755
--- a/gradlew
+++ b/gradlew
@@ -9,7 +9,7 @@
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options
to this script.
 DEFAULT_JVM_OPTS=""
 
-APP_NAME="Apache Geode (incubating)"
+APP_NAME="Gradle"
 APP_BASE_NAME=`basename "$0"`
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/gradlew.bat
----------------------------------------------------------------------
diff --git a/gradlew.bat b/gradlew.bat
index aec9973..72d362d 100644
--- a/gradlew.bat
+++ b/gradlew.bat
@@ -46,7 +46,7 @@ echo location of your Java installation.
 goto fail
 
 :init
-@rem Get command-line arguments, handling Windowz variants
+@rem Get command-line arguments, handling Windows variants
 
 if not "%OS%" == "Windows_NT" goto win9xME_args
 if "%@eval[2+2]" == "4" goto 4NT_args



Mime
View raw message