Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 66830200B5B for ; Fri, 22 Jul 2016 06:12:44 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 650A7160A7C; Fri, 22 Jul 2016 04:12:44 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 623A2160A73 for ; Fri, 22 Jul 2016 06:12:43 +0200 (CEST) Received: (qmail 29620 invoked by uid 500); 22 Jul 2016 04:12:42 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 29611 invoked by uid 99); 22 Jul 2016 04:12:42 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jul 2016 04:12:42 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 18C1A185DB8 for ; Fri, 22 Jul 2016 04:12:42 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.646 X-Spam-Level: X-Spam-Status: No, score=-4.646 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id SSt0X4dqHIB0 for ; Fri, 22 Jul 2016 04:12:40 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with SMTP id 53565611FD for ; Fri, 22 Jul 2016 04:12:39 +0000 (UTC) Received: (qmail 29599 invoked by uid 99); 22 Jul 2016 04:12:38 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jul 2016 04:12:38 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 6EF55E2C1A; Fri, 22 Jul 2016 04:12:38 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: klund@apache.org To: commits@geode.incubator.apache.org Date: Fri, 22 Jul 2016 04:12:38 -0000 Message-Id: <53a092ba3d0c46eeb988c9a9210b7929@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/2] incubator-geode git commit: GEODE-1673: fail start if security.json cannot be found archived-at: Fri, 22 Jul 2016 04:12:44 -0000 Repository: incubator-geode Updated Branches: refs/heads/feature/GEODE-1673-PR-212 603bae8cf -> 6b748eb5f http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java index 712329d..7717bff 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.security; import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; @@ -38,6 +37,7 @@ import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class IntegratedSecurityCacheLifecycleIntegrationTest { + private Properties securityProps; private Cache cache; @@ -52,7 +52,6 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest { props.setProperty(LOCATORS, ""); cache = new CacheFactory(props).create(); - } @After @@ -81,7 +80,7 @@ public class IntegratedSecurityCacheLifecycleIntegrationTest { } @Override - public Principal authenticate(final Properties props) throws AuthenticationFailedException { + public Principal authenticate(final Properties credentials) throws AuthenticationFailedException { return null; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java index d6ac3aa..ce090f1 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityNoShowValue1PostProcessorDUnitTest.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.security; import static org.junit.Assert.*; @@ -81,7 +80,6 @@ public class IntegratedSecurityNoShowValue1PostProcessorDUnitTest extends Abstra assertTrue(result.contains("value2")); assertTrue(result.contains("value3")); assertTrue(result.contains("value4")); - }); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java index f573073..0568659 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPostProcessorDUnitTest.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.security; import static org.junit.Assert.*; @@ -85,7 +84,6 @@ public class IntegratedSecurityPostProcessorDUnitTest extends AbstractIntegrated assertTrue(result.contains("super-user/null/null/value2")); assertTrue(result.contains("super-user/null/null/value3")); assertTrue(result.contains("super-user/null/null/value4")); - }); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java index b6fd2f7..b428144 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package com.gemstone.gemfire.security; import java.security.Principal; @@ -28,9 +27,10 @@ public class NoShowValue1PostProcessor implements PostProcessor { final String regionName, final Object key, final Object value) { - if(value.equals("value1")) + if (value.equals("value1")) { return null; - else + } else { return value; + } } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java index b74b054..598242d 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java @@ -16,7 +16,6 @@ * specific language governing permissions and limitations * under the License. */ - package com.gemstone.gemfire.security; import static com.gemstone.gemfire.cache30.ClientServerTestCase.*; @@ -90,6 +89,7 @@ import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase; /** * Contains utility methods for setting up servers/clients for authentication * and authorization tests. + * * @since GemFire 5.5 */ public final class SecurityTestUtils { http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/java/org/apache/geode/security/templates/SampleSecurityManagerTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/SampleSecurityManagerTest.java b/geode-core/src/test/java/org/apache/geode/security/templates/SampleSecurityManagerTest.java new file mode 100644 index 0000000..c810cb0 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/templates/SampleSecurityManagerTest.java @@ -0,0 +1,123 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.security.templates; + +import static org.assertj.core.api.Assertions.*; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.util.Properties; + +import org.apache.commons.io.FileUtils; +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.rules.TemporaryFolder; + +import com.gemstone.gemfire.test.junit.categories.SecurityTest; +import com.gemstone.gemfire.test.junit.categories.IntegrationTest; +import org.apache.geode.security.templates.SampleSecurityManager.Role; +import org.apache.geode.security.templates.SampleSecurityManager.User; + +@Category({ IntegrationTest.class, SecurityTest.class }) +public class SampleSecurityManagerTest { + + private SampleSecurityManager sampleSecurityManager; + private String jsonResource; + private File jsonFile; + private String json; + + @Rule + public TemporaryFolder temporaryFolder = new TemporaryFolder(); + + @Before + public void setUp() throws Exception { + // resource file + this.jsonResource = "org/apache/geode/security/templates/security.json"; + InputStream inputStream = ClassLoader.getSystemResourceAsStream(this.jsonResource); + + assertThat(inputStream).isNotNull(); + + // non-resource file + this.jsonFile = new File(temporaryFolder.getRoot(), "security.json"); + IOUtils.copy(inputStream, new FileOutputStream(this.jsonFile)); + + // string + this.json = FileUtils.readFileToString(this.jsonFile, "UTF-8"); + this.sampleSecurityManager = new SampleSecurityManager(); + } + + @Test + public void shouldInitializeFromJsonString() throws Exception { + this.sampleSecurityManager.initializeFromJson(this.json); + verifySecurityManagerState(); + } + + @Test + public void shouldInitializeFromJsonResource() throws Exception { + this.sampleSecurityManager.initializeFromJsonResource(this.jsonResource); + verifySecurityManagerState(); + } + + @Test + public void shouldInitializeFromJsonFile() throws Exception { + this.sampleSecurityManager.initializeFromJsonFile(this.jsonFile); + verifySecurityManagerState(); + } + + @Test + public void initShouldUsePropertyAsJsonString() throws Exception { + Properties securityProperties = new Properties(); + securityProperties.setProperty(SampleSecurityManager.SECURITY_JSON, this.json); + this.sampleSecurityManager.init(securityProperties); + verifySecurityManagerState(); + } + + @Test + public void initShouldUsePropertyAsJsonFile() throws Exception { + Properties securityProperties = new Properties(); + securityProperties.setProperty(SampleSecurityManager.SECURITY_JSON, this.jsonFile.getAbsolutePath()); + this.sampleSecurityManager.init(securityProperties); + verifySecurityManagerState(); + } + + @Test + public void initShouldUsePropertyAsJsonResource() throws Exception { + Properties securityProperties = new Properties(); + securityProperties.setProperty(SampleSecurityManager.SECURITY_JSON, this.jsonResource); + this.sampleSecurityManager.init(securityProperties); + verifySecurityManagerState(); + } + + private void verifySecurityManagerState() { + User adminUser = this.sampleSecurityManager.getUser("admin"); + assertThat(adminUser).isNotNull(); + assertThat(adminUser.name).isEqualTo("admin"); + assertThat(adminUser.password).isEqualTo("secret"); + assertThat(adminUser.roles).hasSize(1); + + User guestUser = this.sampleSecurityManager.getUser("guest"); + assertThat(guestUser).isNotNull(); + assertThat(guestUser.name).isEqualTo("guest"); + assertThat(guestUser.password).isEqualTo("guest"); + assertThat(guestUser.roles).hasSize(1); + // TODO: need to do more verification + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-core/src/test/resources/org/apache/geode/security/templates/security.json ---------------------------------------------------------------------- diff --git a/geode-core/src/test/resources/org/apache/geode/security/templates/security.json b/geode-core/src/test/resources/org/apache/geode/security/templates/security.json new file mode 100644 index 0000000..c1ee9fc --- /dev/null +++ b/geode-core/src/test/resources/org/apache/geode/security/templates/security.json @@ -0,0 +1,30 @@ +{ + "roles": [ + { + "name": "admin", + "operationsAllowed": [ + "CLUSTER:MANAGE", + "DATA:MANAGE" + ] + }, + { + "name": "readRegionA", + "operationsAllowed": [ + "DATA:READ" + ], + "regions": ["RegionA", "RegionB"] + } + ], + "users": [ + { + "name": "admin", + "password": "secret", + "roles": ["admin"] + }, + { + "name": "guest", + "password": "guest", + "roles": ["readRegionA"] + } + ] +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6b748eb5/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java ---------------------------------------------------------------------- diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java index 7385e7f..49d8a0c 100644 --- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java +++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java @@ -26,6 +26,7 @@ import java.net.InetAddress; import java.net.UnknownHostException; import java.util.HashMap; import java.util.Map; +import java.util.Properties; import javax.management.InstanceAlreadyExistsException; import javax.management.MBeanRegistrationException; @@ -38,6 +39,7 @@ import javax.management.remote.JMXConnectorServerFactory; import javax.management.remote.JMXServiceURL; import com.vmware.gemfire.tools.pulse.internal.data.PulseConstants; +import org.apache.geode.security.templates.SampleSecurityManager; import org.apache.shiro.SecurityUtils; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.mgt.SecurityManager; @@ -46,7 +48,6 @@ import org.apache.shiro.realm.Realm; import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm; import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator; import com.gemstone.gemfire.management.internal.security.AccessControlMBean; -import com.gemstone.gemfire.management.internal.security.JSONAuthorization; import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper; import com.gemstone.gemfire.management.internal.security.ResourceConstants; @@ -68,11 +69,13 @@ public class Server { if (jsonAuthFile != null) { System.setProperty("spring.profiles.active", "pulse.authentication.gemfire"); - JSONAuthorization.setUpWithJsonFile(jsonAuthFile); + Map env = new HashMap(); // set up Shiro Security Manager - Realm realm = new CustomAuthRealm(JSONAuthorization.class.getName()); + Properties securityProperties = new Properties(); + securityProperties.setProperty(SampleSecurityManager.SECURITY_JSON, jsonAuthFile); + Realm realm = new CustomAuthRealm(SampleSecurityManager.class.getName(), securityProperties); SecurityManager securityManager = new DefaultSecurityManager(realm); SecurityUtils.setSecurityManager(securityManager);