Return-Path: <commits-return-11155-archive-asf-public=cust-asf.ponee.io@geode.incubator.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 161E6200B5F
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri,  8 Jul 2016 17:51:31 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 15189160A36; Fri,  8 Jul 2016 15:51:31 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id C71B1160A5A
	for <archive-asf-public@cust-asf.ponee.io>; Fri,  8 Jul 2016 17:51:29 +0200 (CEST)
Received: (qmail 57002 invoked by uid 500); 8 Jul 2016 15:51:29 -0000
Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@geode.incubator.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@geode.incubator.apache.org>
List-Post: <mailto:commits@geode.incubator.apache.org>
List-Id: <commits.geode.incubator.apache.org>
Reply-To: dev@geode.incubator.apache.org
Delivered-To: mailing list commits@geode.incubator.apache.org
Received: (qmail 56754 invoked by uid 99); 8 Jul 2016 15:51:28 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jul 2016 15:51:28 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 591D7C6A53
	for <commits@geode.apache.org>; Fri,  8 Jul 2016 15:51:28 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -4.507
X-Spam-Level: 
X-Spam-Status: No, score=-4.507 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RP_MATCHES_RCVD=-1.287] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id S-CvSyMrOLtl for <commits@geode.apache.org>;
	Fri,  8 Jul 2016 15:51:26 +0000 (UTC)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id 3043660D31
	for <commits@geode.incubator.apache.org>; Fri,  8 Jul 2016 15:51:23 +0000 (UTC)
Received: (qmail 53605 invoked by uid 99); 8 Jul 2016 15:51:22 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jul 2016 15:51:22 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 2C643DFFF8; Fri,  8 Jul 2016 15:51:22 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: jinmeiliao@apache.org
To: commits@geode.incubator.apache.org
Date: Fri, 08 Jul 2016 15:52:07 -0000
Message-Id: <d0813f6d14ba49d2972e8aa1b6fcdde8@git.apache.org>
In-Reply-To: <0d0976df1fac43289eca21d332ddfa0a@git.apache.org>
References: <0d0976df1fac43289eca21d332ddfa0a@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [47/50] [abbrv] incubator-geode git commit: GEODE-1571: rename
 SampleJsonAuthorization to SampleSecurityManager
archived-at: Fri, 08 Jul 2016 15:51:31 -0000

GEODE-1571: rename SampleJsonAuthorization to SampleSecurityManager


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/14dd8dc5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/14dd8dc5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/14dd8dc5

Branch: refs/heads/develop
Commit: 14dd8dc5e4365b6edee27763659897027fed6791
Parents: 374ccf1
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Thu Jul 7 14:13:33 2016 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Thu Jul 7 14:13:33 2016 -0700

----------------------------------------------------------------------
 .../templates/SampleJsonAuthorization.java      | 260 -------------------
 .../templates/SampleSecurityManager.java        |   6 +-
 .../internal/security/JSONAuthorization.java    |   8 +-
 3 files changed, 6 insertions(+), 268 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/14dd8dc5/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java b/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
deleted file mode 100644
index f34dfd8..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
+++ /dev/null
@@ -1,260 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.stream.Collectors;
-import java.util.stream.StreamSupport;
-
-import javax.management.remote.JMXPrincipal;
-
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.commons.io.IOUtils;
-import org.apache.shiro.authz.Permission;
-
-import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-import com.gemstone.gemfire.security.AccessControl;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.Authenticator;
-import com.gemstone.gemfire.security.SecurityManager;
-import com.gemstone.gemfire.security.GeodePermission;
-import com.gemstone.gemfire.security.NotAuthorizedException;
-
-/**
- * This class provides a sample implementation for authentication and authorization via the {@link AccessControl}
- * and {@link Authenticator} interfaces.
- *
- * In order to use it, a Geode member must be started with the following properties:
- * <p/>
- * <code>
- *   security-client-authenticator = com.gemstone.gemfire.security.examples.SampleJsonAuthorization.create
- *   security-client-accessor = com.gemstone.gemfire.security.examples.SampleJsonAuthorization.create
- * </code>
- * <p/>
- * The class is initialized with a JSON file called {@code security.json}. This file must exist on the classpath,
- * so members should be started with an appropriate {@code --classpath} option.
- * <p/>
- * The format of the file is as follows:
- * <pre>
- * {
- *   "roles": [
- *     {
- *       "name": "admin",
- *       "operationsAllowed": [
- *         "CLUSTER:MANAGE",
- *         "DATA:MANAGE"
- *       ]
- *     },
- *     {
- *       "name": "readRegionA",
- *       "operationsAllowed": [
- *         "DATA:READ"
- *       ],
- *       "regions": ["RegionA", "RegionB"]
- *     }
- *   ]
- *   "users": [
- *     {
- *       "name": "admin",
- *       "password": "secret".
- *       "roles": ["admin"]
- *     },
- *     {
- *       "name": "guest",
- *       "password": "guest",
- *       "roles": ["readRegionA"]
- *     }
- *   ]
- * }
- * </pre>
- */
-public class SampleJsonAuthorization implements SecurityManager {
-
-  public static class Role {
-    List<GeodePermission> permissions = new ArrayList<>();
-    String name;
-    String serverGroup;
-  }
-
-  public static class User {
-    String name;
-    Set<Role> roles = new HashSet<>();
-    String pwd;
-  }
-
-  private static Map<String, User> acl = null;
-
-  public static SampleJsonAuthorization create() throws IOException {
-    if (acl == null) {
-      setUpWithJsonFile("security.json");
-    }
-    return new SampleJsonAuthorization();
-  }
-
-  public static void setUpWithJsonFile(String jsonFileName) throws IOException {
-    InputStream input = ClassLoader.getSystemResourceAsStream(jsonFileName);
-    if (input == null) {
-      throw new RuntimeException("Could not find the required JSON security file on the classpath: " + jsonFileName);
-    }
-
-    StringWriter writer = new StringWriter();
-    IOUtils.copy(input, writer, "UTF-8");
-    String json = writer.toString();
-    readSecurityDescriptor(json);
-  }
-
-  protected static void readSecurityDescriptor(String json) throws IOException {
-    ObjectMapper mapper = new ObjectMapper();
-    JsonNode jsonNode = mapper.readTree(json);
-    acl = new HashMap<>();
-    Map<String, Role> roleMap = readRoles(jsonNode);
-    readUsers(acl, jsonNode, roleMap);
-  }
-
-  private static void readUsers(Map<String, User> acl, JsonNode node, Map<String, Role> roleMap) {
-    for (JsonNode u : node.get("users")) {
-      User user = new User();
-      user.name = u.get("name").asText();
-
-      if (u.has("password")) {
-        user.pwd = u.get("password").asText();
-      } else {
-        user.pwd = user.name;
-      }
-
-      for (JsonNode r : u.get("roles")) {
-        user.roles.add(roleMap.get(r.asText()));
-      }
-
-      acl.put(user.name, user);
-    }
-  }
-
-  private static Map<String, Role> readRoles(JsonNode jsonNode) {
-    Map<String, Role> roleMap = new HashMap<>();
-    for (JsonNode r : jsonNode.get("roles")) {
-      Role role = new Role();
-      role.name = r.get("name").asText();
-      String regionNames = null;
-      String keys = null;
-
-      JsonNode regions = r.get("regions");
-      if (regions != null) {
-        if (regions.isArray()) {
-          regionNames = StreamSupport.stream(regions.spliterator(), false)
-              .map(JsonNode::asText)
-              .collect(Collectors.joining(","));
-        } else {
-          regionNames = regions.asText();
-        }
-      }
-
-      for (JsonNode op : r.get("operationsAllowed")) {
-        String[] parts = op.asText().split(":");
-        String resourcePart = (parts.length > 0) ? parts[0] : null;
-        String operationPart = (parts.length > 1) ? parts[1] : null;
-        if(parts.length>2){
-          regionNames = parts[2];
-        }
-        if(parts.length>3){
-          keys = parts[3];
-        }
-        String regionPart = (regionNames != null) ? regionNames : "*";
-        String keyPart = (keys !=null) ? keys : "*";
-
-        role.permissions.add(new GeodePermission(resourcePart, operationPart, regionPart, keyPart));
-      }
-
-      roleMap.put(role.name, role);
-
-      if (r.has("serverGroup")) {
-        role.serverGroup = r.get("serverGroup").asText();
-      }
-    }
-
-    return roleMap;
-  }
-  public static Map<String, User> getAcl() {
-    return acl;
-  }
-
-  private Principal principal = null;
-
-
-  @Override
-  public boolean authorize(Principal principal, GeodePermission context) {
-    if (principal == null) return false;
-
-    User user = acl.get(principal.getName());
-    if (user == null) return false; // this user is not authorized to do anything
-
-    // check if the user has this permission defined in the context
-    for (Role role : acl.get(user.name).roles) {
-      for (Permission permitted : role.permissions) {
-        if (permitted.implies(context)) {
-          return true;
-        }
-      }
-    }
-
-    return false;
-  }
-
-  @Override
-  public void init(Properties props) throws NotAuthorizedException {
-  }
-
-  @Override
-  public Principal authenticate(Properties props) throws AuthenticationFailedException {
-    String user = props.getProperty(ResourceConstants.USER_NAME);
-    String pwd = props.getProperty(ResourceConstants.PASSWORD);
-
-    User userObj = acl.get(user);
-    if (userObj == null) {
-      throw new AuthenticationFailedException("Wrong username/password");
-    }
-
-    if (user != null && !userObj.pwd.equals(pwd) && !"".equals(user)) {
-      throw new AuthenticationFailedException("Wrong username/password");
-    }
-
-    return new JMXPrincipal(user);
-  }
-
-  protected static String readFile(String name) throws IOException {
-    File file = new File(name);
-    FileReader reader = new FileReader(file);
-    char[] buffer = new char[(int) file.length()];
-    reader.read(buffer);
-    String json = new String(buffer);
-    reader.close();
-    return json;
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/14dd8dc5/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleSecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleSecurityManager.java b/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleSecurityManager.java
index a80782d..59b15a6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleSecurityManager.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleSecurityManager.java
@@ -54,8 +54,7 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
  * In order to use it, a Geode member must be started with the following properties:
  * <p/>
  * <code>
- *   security-client-authenticator = com.gemstone.gemfire.security.examples.SampleSecurityManager.create
- *   security-client-accessor = com.gemstone.gemfire.security.examples.SampleSecurityManager.create
+ *   security-manager = com.gemstone.gemfire.security.examples.SampleSecurityManager.create
  * </code>
  * <p/>
  * The class is initialized with a JSON file called {@code security.json}. This file must exist on the classpath,
@@ -95,8 +94,7 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
  * }
  * </pre>
  */
-public class SampleSecurityManager
-  implements SecurityManager {
+public class SampleSecurityManager implements SecurityManager {
 
   public static class Role {
     List<GeodePermission> permissions = new ArrayList<>();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/14dd8dc5/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
index 4df8a27..31cb03e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
@@ -16,12 +16,12 @@
  */
 package com.gemstone.gemfire.management.internal.security;
 
-import com.gemstone.gemfire.security.templates.SampleJsonAuthorization;
-import com.gemstone.gemfire.util.test.TestUtil;
-
 import java.io.IOException;
 
-public class JSONAuthorization extends SampleJsonAuthorization {
+import com.gemstone.gemfire.security.templates.SampleSecurityManager;
+import com.gemstone.gemfire.util.test.TestUtil;
+
+public class JSONAuthorization extends SampleSecurityManager {
 
   public static JSONAuthorization create() throws IOException {
     return new JSONAuthorization();