Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 0710E200B38 for ; Fri, 8 Jul 2016 17:51:37 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 05C1F160A36; Fri, 8 Jul 2016 15:51:37 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 60352160A5A for ; Fri, 8 Jul 2016 17:51:35 +0200 (CEST) Received: (qmail 57687 invoked by uid 500); 8 Jul 2016 15:51:34 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 57678 invoked by uid 99); 8 Jul 2016 15:51:34 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jul 2016 15:51:34 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 2047B1A526B for ; Fri, 8 Jul 2016 15:51:34 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.646 X-Spam-Level: X-Spam-Status: No, score=-4.646 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id xTT_I3yYPHOF for ; Fri, 8 Jul 2016 15:51:26 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id EDE8F5FBBD for ; Fri, 8 Jul 2016 15:51:22 +0000 (UTC) Received: (qmail 53586 invoked by uid 99); 8 Jul 2016 15:51:22 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jul 2016 15:51:22 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 06AABEAD9A; Fri, 8 Jul 2016 15:51:22 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jinmeiliao@apache.org To: commits@geode.incubator.apache.org Date: Fri, 08 Jul 2016 15:51:57 -0000 Message-Id: In-Reply-To: <0d0976df1fac43289eca21d332ddfa0a@git.apache.org> References: <0d0976df1fac43289eca21d332ddfa0a@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [37/50] [abbrv] incubator-geode git commit: GEODE-1571: have the integrated security specified by security-manager config archived-at: Fri, 08 Jul 2016 15:51:37 -0000 GEODE-1571: have the integrated security specified by security-manager config Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/53d5af04 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/53d5af04 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/53d5af04 Branch: refs/heads/develop Commit: 53d5af04773d5a0833e2be36273b4825568ac278 Parents: 2f841f6 Author: Jinmei Liao Authored: Tue Jul 5 16:13:54 2016 -0700 Committer: Jinmei Liao Committed: Tue Jul 5 16:13:54 2016 -0700 ---------------------------------------------------------------------- .../distributed/ConfigurationProperties.java | 6 ++ .../internal/DistributionConfig.java | 47 +++++++++++--- .../internal/DistributionConfigImpl.java | 59 ++++++++++++++--- .../cache/tier/sockets/AcceptorImpl.java | 12 ++-- .../cache/tier/sockets/CacheClientNotifier.java | 3 +- .../internal/cache/tier/sockets/HandShake.java | 23 +++---- .../internal/security/GeodeSecurityUtil.java | 16 +++-- .../management/internal/ManagementAgent.java | 66 ++++++++++---------- .../GeodeSecurityUtilCustomRealmJUnitTest.java | 11 ++-- .../JsonAuthorizationCacheStartRule.java | 3 +- .../internal/security/MultiUserDUnitTest.java | 3 +- ...ractIntegratedClientAuthDistributedTest.java | 2 +- .../security/IntegratedClientAuthDUnitTest.java | 3 - ...IntegratedClientSizeAuthDistributedTest.java | 11 +--- gradle/test.gradle | 12 ++++ gradle/wrapper/gradle-wrapper.properties | 2 +- gradlew | 2 +- gradlew.bat | 2 +- 18 files changed, 180 insertions(+), 103 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java index e74ae05..580f342 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java @@ -1175,6 +1175,12 @@ public interface ConfigurationProperties { */ String SECURITY_CLIENT_AUTH_INIT = SECURITY_PREFIX + "client-auth-init"; /** + * The static String definition of the "security-manager" + * property + * @since Geode 1.0 + */ + String SECURITY_MANAGER = SECURITY_PREFIX + "manager"; + /** * The static String definition of the "security-client-authenticator" * property */ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java index a26de3f..f80d746 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java @@ -17,6 +17,19 @@ package com.gemstone.gemfire.distributed.internal; +import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; + +import java.io.File; +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.net.InetAddress; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; + import com.gemstone.gemfire.distributed.ConfigurationProperties; import com.gemstone.gemfire.distributed.DistributedSystem; import com.gemstone.gemfire.internal.Config; @@ -26,14 +39,6 @@ import com.gemstone.gemfire.internal.logging.LogConfig; import com.gemstone.gemfire.internal.tcp.Connection; import com.gemstone.gemfire.memcached.GemFireMemcachedServer; -import java.io.File; -import java.lang.reflect.Field; -import java.lang.reflect.Method; -import java.net.InetAddress; -import java.util.*; - -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; - /** * Provides accessor (and in some cases mutator) methods for the * various GemFire distribution configuration properties. The @@ -2090,6 +2095,32 @@ public interface DistributionConfig extends Config, LogConfig { String DEFAULT_SECURITY_CLIENT_AUTHENTICATOR = ""; /** + * Returns user module name authenticating client credentials in {@link ConfigurationProperties#SECURITY_MANAGER} + */ + @ConfigAttributeGetter(name = SECURITY_MANAGER) + String getSecurityManager(); + + /** + * Sets the user defined method name in {@link ConfigurationProperties#SECURITY_MANAGER} + * property. + */ + @ConfigAttributeSetter(name = SECURITY_MANAGER) + void setSecurityManager(String attValue); + + /** + * The name of factory method for {@link ConfigurationProperties#SECURITY_MANAGER} property + */ + @ConfigAttribute(type = String.class) + String SECURITY_MANAGER_NAME = SECURITY_MANAGER; + + /** + * The default {@link ConfigurationProperties#SECURITY_MANAGER} method name. + *

Actual value of this is fully qualified "method name". + */ + String DEFAULT_SECURITY_MANAGER = ""; + + + /** * Returns name of algorithm to use for Diffie-Hellman key exchange {@link ConfigurationProperties#SECURITY_CLIENT_DHALGO} */ @ConfigAttributeGetter(name = SECURITY_CLIENT_DHALGO) http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java index d31c739..ac80ee1 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java @@ -17,14 +17,7 @@ package com.gemstone.gemfire.distributed.internal; -import com.gemstone.gemfire.GemFireConfigException; -import com.gemstone.gemfire.GemFireIOException; -import com.gemstone.gemfire.distributed.DistributedSystem; -import com.gemstone.gemfire.internal.ConfigSource; -import com.gemstone.gemfire.internal.SocketCreator; -import com.gemstone.gemfire.internal.i18n.LocalizedStrings; -import com.gemstone.gemfire.internal.process.ProcessLauncherContext; -import com.gemstone.gemfire.memcached.GemFireMemcachedServer; +import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; import java.io.File; import java.io.IOException; @@ -32,9 +25,23 @@ import java.io.Serializable; import java.net.InetAddress; import java.net.URL; import java.net.UnknownHostException; -import java.util.*; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Map; +import java.util.Properties; +import java.util.Set; -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import com.gemstone.gemfire.GemFireConfigException; +import com.gemstone.gemfire.GemFireIOException; +import com.gemstone.gemfire.distributed.DistributedSystem; +import com.gemstone.gemfire.internal.ConfigSource; +import com.gemstone.gemfire.internal.SocketCreator; +import com.gemstone.gemfire.internal.i18n.LocalizedStrings; +import com.gemstone.gemfire.internal.process.ProcessLauncherContext; +import com.gemstone.gemfire.memcached.GemFireMemcachedServer; /** * Provides an implementation of DistributionConfig that @@ -206,6 +213,9 @@ public class DistributionConfigImpl /** The client authenticating method name*/ private String securityClientAuthenticator = DEFAULT_SECURITY_CLIENT_AUTHENTICATOR; + /** The security manager method name*/ + private String securityManager = DEFAULT_SECURITY_MANAGER; + /** The client Diffie-Hellman method name*/ private String securityClientDHAlgo = DEFAULT_SECURITY_CLIENT_DHALGO; @@ -571,6 +581,7 @@ public class DistributionConfigImpl this.lockMemory = other.getLockMemory(); this.distributedTransactions = other.getDistributedTransactions(); this.shiroInit = other.getShiroInit(); + this.securityManager = other.getSecurityManager(); } /** @@ -1907,6 +1918,10 @@ public class DistributionConfigImpl return securityClientAuthenticator; } + public String getSecurityManager() { + return securityManager; + } + public boolean getEnableNetworkPartitionDetection() { return this.enableNetworkPartitionDetection; } @@ -1925,6 +1940,10 @@ public class DistributionConfigImpl securityClientAuthenticator = (String)checkAttribute(SECURITY_CLIENT_AUTHENTICATOR, value); } + public void setSecurityManager(String value){ + securityManager = (String)checkAttribute(SECURITY_MANAGER, value); + } + public String getSecurityClientDHAlgo() { return securityClientDHAlgo; } @@ -2649,6 +2668,18 @@ public class DistributionConfigImpl } else if (!securityClientAuthenticator .equals(other.securityClientAuthenticator)) return false; + if (securityManager == null) { + if (other.securityManager != null) + return false; + } else if (!securityManager + .equals(other.securityManager)) + return false; + if (shiroInit == null) { + if (other.shiroInit != null) + return false; + } else if (!shiroInit + .equals(other.shiroInit)) + return false; if (securityClientDHAlgo == null) { if (other.securityClientDHAlgo != null) return false; @@ -2992,6 +3023,14 @@ public class DistributionConfigImpl + ((securityClientAuthenticator == null) ? 0 : securityClientAuthenticator.hashCode()); result = prime + * result + + ((securityManager == null) ? 0 + : securityManager.hashCode()); + result = prime + * result + + ((shiroInit == null) ? 0 + : shiroInit.hashCode()); + result = prime * result + ((securityClientDHAlgo == null) ? 0 : securityClientDHAlgo.hashCode()); result = prime * result http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java index 4b015f2..b6d19f9 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java @@ -56,8 +56,11 @@ import java.util.concurrent.ThreadFactory; import java.util.concurrent.ThreadPoolExecutor; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; + import javax.net.ssl.SSLException; +import org.apache.logging.log4j.Logger; + import com.gemstone.gemfire.CancelException; import com.gemstone.gemfire.SystemFailure; import com.gemstone.gemfire.ToDataException; @@ -91,8 +94,6 @@ import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; import com.gemstone.gemfire.internal.tcp.ConnectionTable; import com.gemstone.gemfire.internal.util.ArrayUtils; -import org.apache.logging.log4j.Logger; - /** * Implements the acceptor thread on the bridge server. Accepts connections from * the edge and starts up threads to process requests from these. @@ -637,12 +638,9 @@ public class AcceptorImpl extends Acceptor implements Runnable this.hsPool = tmp_hsPool; } - String authenticator = this.cache.getDistributedSystem().getProperties() - .getProperty(SECURITY_CLIENT_AUTHENTICATOR); - isAuthenticationRequired = (authenticator != null && authenticator.length() > 0) ? true - : false; + isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired(this.cache.getDistributedSystem().getSecurityProperties()); - isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity(authenticator); + isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity(this.cache.getDistributedSystem().getSecurityProperties()); String postAuthzFactoryName = this.cache.getDistributedSystem() .getProperties().getProperty(SECURITY_CLIENT_ACCESSOR_PP); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java index c5b742c..d351569 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java @@ -400,8 +400,7 @@ public class CacheClientNotifier { clientVersion, acceptorId, notifyBySubscription); //TODO:hitesh - Properties credentials = HandShake.readCredentials(dis, dos, - authenticator, system); + Properties credentials = HandShake.readCredentials(dis, dos, system); if (credentials != null && proxy!=null) { if (securityLogWriter.fineEnabled()) { securityLogWriter.fine("CacheClientNotifier: verifying credentials for proxyID: " + proxyID); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java index 89a3fa8..5bceff9 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java @@ -280,8 +280,6 @@ public class HandShake implements ClientHandShake this.id = ClientProxyMembershipID.readCanonicalized(dis); // Note: credentials should always be the last piece in handshake for // Diffie-Hellman key exchange to work - String authenticator = this.system.getProperties().getProperty( - SECURITY_CLIENT_AUTHENTICATOR); if (clientVersion.compareTo(Version.GFE_603) >= 0) { setOverrides(new byte[] { dis.readByte() }); } else { @@ -290,10 +288,9 @@ public class HandShake implements ClientHandShake //Hitesh if (this.clientVersion.compareTo(Version.GFE_65) < 0 || communicationMode == Acceptor.GATEWAY_TO_GATEWAY) { - this.credentials = readCredentials(dis, dos, authenticator, sys); + this.credentials = readCredentials(dis, dos, sys); } else { - this.credentials = this - .readCredential(dis, dos, authenticator, sys); + this.credentials = this.readCredential(dis, dos, sys); } } catch(IOException ioe) { this.code = -2; @@ -898,13 +895,11 @@ public class HandShake implements ClientHandShake } //This assumes that authentication is the last piece of info in handshake - public Properties readCredential(DataInputStream dis, - DataOutputStream dos, String authenticator, DistributedSystem system) + public Properties readCredential(DataInputStream dis, DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException { Properties credentials = null; - boolean requireAuthentication = (authenticator != null && authenticator - .length() > 0); + boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties()); try { byte secureMode = dis.readByte(); if (secureMode == CREDENTIALS_NONE) { @@ -1641,12 +1636,11 @@ public class HandShake implements ClientHandShake // This assumes that authentication is the last piece of info in handshake public static Properties readCredentials(DataInputStream dis, - DataOutputStream dos, String authenticator, DistributedSystem system) + DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException { + boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties()); Properties credentials = null; - boolean requireAuthentication = (authenticator != null && authenticator - .length() > 0); try { byte secureMode = dis.readByte(); if (secureMode == CREDENTIALS_NONE) { @@ -1806,7 +1800,7 @@ public class HandShake implements ClientHandShake InternalLogWriter securityLogWriter, DistributedMember member) throws AuthenticationRequiredException, AuthenticationFailedException { - if (authenticatorMethod == null || authenticatorMethod.length() == 0) { + if (!AcceptorImpl.isAuthenticationRequired()) { return null; } @@ -1870,8 +1864,7 @@ public class HandShake implements ClientHandShake } String authenticator = this.system.getProperties().getProperty( SECURITY_CLIENT_AUTHENTICATOR); - Properties peerWanProps = readCredentials(dis, dos, authenticator, - this.system); + Properties peerWanProps = readCredentials(dis, dos, this.system); verifyCredentials(authenticator, peerWanProps, this.system .getSecurityProperties(), (InternalLogWriter)this.system.getLogWriter(), (InternalLogWriter)this.system .getSecurityLogWriter(), member); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java index ce7eff3..048b8ba 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java @@ -48,13 +48,13 @@ import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal; import com.gemstone.gemfire.management.internal.security.ResourceOperation; import com.gemstone.gemfire.security.AuthenticationFailedException; import com.gemstone.gemfire.security.AuthenticationRequiredException; -import com.gemstone.gemfire.security.SecurityManager; import com.gemstone.gemfire.security.GemFireSecurityException; import com.gemstone.gemfire.security.GeodePermission; import com.gemstone.gemfire.security.GeodePermission.Operation; import com.gemstone.gemfire.security.GeodePermission.Resource; import com.gemstone.gemfire.security.NotAuthorizedException; import com.gemstone.gemfire.security.PostProcessor; +import com.gemstone.gemfire.security.SecurityManager; public class GeodeSecurityUtil { @@ -295,7 +295,7 @@ public class GeodeSecurityUtil { } String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT); - String customAuthenticator = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR); + String customAuthenticator = securityProps.getProperty(SECURITY_MANAGER); Object authenticatorObject = getObject(customAuthenticator); if (!com.gemstone.gemfire.internal.lang.StringUtils.isBlank(shiroConfig)) { @@ -363,9 +363,15 @@ public class GeodeSecurityUtil { } } - public static boolean isIntegratedSecurity(String authenticatorFactoryName) { - Object auth = getObject(authenticatorFactoryName); - return (auth instanceof SecurityManager); + public static boolean isSecurityRequired(Properties securityProps){ + String authenticator = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR); + String securityManager = securityProps.getProperty(SECURITY_MANAGER); + return !StringUtils.isEmpty(authenticator) || !StringUtils.isEmpty(securityManager); + } + + public static boolean isIntegratedSecurity(Properties securityProps){ + String securityManager = securityProps.getProperty(SECURITY_MANAGER); + return !StringUtils.isEmpty(securityManager); } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java index 9807456..cbe8868 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java @@ -16,6 +16,39 @@ */ package com.gemstone.gemfire.management.internal; +import java.io.IOException; +import java.io.Serializable; +import java.lang.management.ManagementFactory; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.net.Socket; +import java.net.UnknownHostException; +import java.rmi.AlreadyBoundException; +import java.rmi.registry.LocateRegistry; +import java.rmi.registry.Registry; +import java.rmi.server.RMIClientSocketFactory; +import java.rmi.server.RMIServerSocketFactory; +import java.rmi.server.UnicastRemoteObject; +import java.util.HashMap; +import java.util.Set; + +import javax.management.InstanceAlreadyExistsException; +import javax.management.MBeanRegistrationException; +import javax.management.MBeanServer; +import javax.management.MalformedObjectNameException; +import javax.management.NotCompliantMBeanException; +import javax.management.ObjectName; +import javax.management.remote.JMXConnectorServer; +import javax.management.remote.JMXServiceURL; +import javax.management.remote.rmi.RMIConnectorServer; +import javax.management.remote.rmi.RMIJRMPServerImpl; +import javax.management.remote.rmi.RMIServerImpl; +import javax.rmi.ssl.SslRMIClientSocketFactory; + +import org.apache.logging.log4j.Logger; +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.ServerConnector; + import com.gemstone.gemfire.GemFireConfigException; import com.gemstone.gemfire.cache.CacheFactory; import com.gemstone.gemfire.distributed.internal.DistributionConfig; @@ -34,32 +67,6 @@ import com.gemstone.gemfire.management.internal.security.AccessControlMBean; import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper; import com.gemstone.gemfire.management.internal.security.ResourceConstants; import com.gemstone.gemfire.management.internal.unsafe.ReadOpFileAccessController; -import org.apache.logging.log4j.Logger; -import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.server.ServerConnector; - -import javax.management.*; -import javax.management.remote.JMXConnectorServer; -import javax.management.remote.JMXServiceURL; -import javax.management.remote.rmi.RMIConnectorServer; -import javax.management.remote.rmi.RMIJRMPServerImpl; -import javax.management.remote.rmi.RMIServerImpl; -import javax.rmi.ssl.SslRMIClientSocketFactory; -import java.io.IOException; -import java.io.Serializable; -import java.lang.management.ManagementFactory; -import java.net.InetAddress; -import java.net.ServerSocket; -import java.net.Socket; -import java.net.UnknownHostException; -import java.rmi.AlreadyBoundException; -import java.rmi.registry.LocateRegistry; -import java.rmi.registry.Registry; -import java.rmi.server.RMIClientSocketFactory; -import java.rmi.server.RMIServerSocketFactory; -import java.rmi.server.UnicastRemoteObject; -import java.util.HashMap; -import java.util.Set; /** * Agent implementation that controls the JMX server end points for JMX clients @@ -502,12 +509,7 @@ public class ManagementAgent { private boolean isCustomAuthenticator() { - String factoryName = config.getSecurityClientAuthenticator(); - return factoryName != null && !factoryName.isEmpty(); - } - - private boolean isCustomAuthorizer() { - String factoryName = config.getSecurityClientAccessor(); + String factoryName = config.getSecurityManager(); return factoryName != null && !factoryName.isEmpty(); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java index fcd5b96..8b174a4 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java @@ -17,11 +17,13 @@ package com.gemstone.gemfire.management.internal.security; -import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; -import com.gemstone.gemfire.test.junit.categories.UnitTest; +import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; + import org.junit.BeforeClass; import org.junit.experimental.categories.Category; -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; + +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; +import com.gemstone.gemfire.test.junit.categories.UnitTest; /** * this test and ShiroUtilWithIniFileJunitTest uses the same test body, but initialize the SecurityUtils differently. @@ -32,8 +34,7 @@ import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWithIniFileJUnitTest { @BeforeClass public static void beforeClass() throws Exception{ - props.put(SECURITY_CLIENT_AUTHENTICATOR, JSONAuthorization.class.getName() + ".create"); - props.put(SECURITY_CLIENT_ACCESSOR, JSONAuthorization.class.getName() + ".create"); + props.put(SECURITY_MANAGER, JSONAuthorization.class.getName() + ".create"); JSONAuthorization.setUpWithJsonFile("shiro-ini.json"); GeodeSecurityUtil.initSecurity(props); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java index 00a9d7f..78ba970 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java @@ -59,7 +59,7 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource { properties.put(JMX_MANAGER_START, "true"); properties.put(JMX_MANAGER_PORT, String.valueOf(jmxManagerPort)); properties.put(HTTP_SERVICE_PORT, String.valueOf(httpPort)); - properties.put(SECURITY_CLIENT_AUTHENTICATOR, + properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName() + ".create"); if(postProcessor!=null){ @@ -70,6 +70,7 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource { cache = new CacheFactory(properties).create(); cache.addCacheServer().start(); + cache.createRegionFactory().create("region1"); } public Cache getCache(){ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java index 644e9f8..e645373 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java @@ -51,8 +51,7 @@ public class MultiUserDUnitTest extends CliCommandTestBase { public void testMultiUser() throws IOException, JSONException, InterruptedException { Properties properties = new Properties(); properties.put(NAME, MultiUserDUnitTest.class.getSimpleName()); - properties.put(SECURITY_CLIENT_AUTHENTICATOR, JSONAuthorization.class.getName() + ".create"); - properties.put(SECURITY_CLIENT_ACCESSOR, JSONAuthorization.class.getName() + ".create"); + properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName() + ".create"); // set up vm_0 the secure jmx manager Object[] results = setUpJMXManagerOnVM(0, properties, "cacheServer.json"); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java index 50d33ef..45ecfe0 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractIntegratedClientAuthDistributedTest.java @@ -59,7 +59,7 @@ public class AbstractIntegratedClientAuthDistributedTest extends JUnit4CacheTest JSONAuthorization.setUpWithJsonFile("clientServer.json"); Properties props = new Properties(); - props.setProperty(SECURITY_CLIENT_AUTHENTICATOR, JSONAuthorization.class.getName()+".create"); + props.setProperty(SECURITY_MANAGER, JSONAuthorization.class.getName()+".create"); if(postProcessor!=null){ props.setProperty(SECURITY_CLIENT_ACCESSOR_PP, postProcessor.getName()+".create"); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java index 9eb12c4..e6e7f13 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java @@ -56,9 +56,6 @@ public class IntegratedClientAuthDUnitTest extends AbstractIntegratedClientAuthD catchException(new ClientCacheFactory(createClientProperties("super-user", "wrong")).setPoolSubscriptionEnabled(true) .addPoolServer("localhost", serverPort)) .create(); - - //throw caughtException(); // TODO: gemfire-mm review as team - assertThat((Throwable) caughtException()).hasCause(expected); }); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java index b1c1258..e302177 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java @@ -21,7 +21,6 @@ import org.junit.Test; import org.junit.experimental.categories.Category; import com.gemstone.gemfire.cache.client.ClientCache; -import com.gemstone.gemfire.cache.client.ClientCacheFactory; import com.gemstone.gemfire.cache.client.internal.InternalPool; import com.gemstone.gemfire.cache.client.internal.SizeOp; import com.gemstone.gemfire.test.dunit.AsyncInvocation; @@ -35,18 +34,12 @@ public class IntegratedClientSizeAuthDistributedTest extends AbstractIntegratedC public void testSize() throws InterruptedException { AsyncInvocation ai1 = client1.invokeAsync(() -> { - ClientCache cache = new ClientCacheFactory(createClientProperties("dataWriter", "1234567")).setPoolSubscriptionEnabled(true) - .addPoolServer("localhost", serverPort) - .create(); - + ClientCache cache = createClientCache("dataWriter", "1234567", serverPort); assertNotAuthorized(() -> SizeOp.execute((InternalPool) cache.getDefaultPool(), REGION_NAME), "DATA:READ:AuthRegion"); }); AsyncInvocation ai2 = client2.invokeAsync(() -> { - ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionReader", "1234567")).setPoolSubscriptionEnabled(true) - .addPoolServer("localhost", serverPort) - .create(); - + ClientCache cache = createClientCache("authRegionReader", "1234567", serverPort); SizeOp.execute((InternalPool) cache.getDefaultPool(), REGION_NAME); }); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/gradle/test.gradle ---------------------------------------------------------------------- diff --git a/gradle/test.gradle b/gradle/test.gradle index 5651124..96ea88d 100644 --- a/gradle/test.gradle +++ b/gradle/test.gradle @@ -145,7 +145,19 @@ subprojects { reports.junitXml.destination = file "$buildDir/test-reports-flaky" } + task securityTest(type:Test) { + useJUnit { + includeCategories 'com.gemstone.gemfire.test.junit.categories.SecurityTest' + } + forkEvery 1 + doFirst { + writeTestProperties(buildDir, name) + } + + reports.junitXml.destination = file "$buildDir/test-reports-security" + + } // By proving a file with an arbitrary list of test classes, we can select only those // tests to run. Activated using -Dcustom.tests= customTest def customTestList = [] http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/gradle/wrapper/gradle-wrapper.properties ---------------------------------------------------------------------- diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 72f7318..ec27a39 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,4 +1,4 @@ -#Mon Oct 26 08:38:10 PDT 2015 +#Tue Jul 05 14:26:44 PDT 2016 distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists zipStoreBase=GRADLE_USER_HOME http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/gradlew ---------------------------------------------------------------------- diff --git a/gradlew b/gradlew index 40e878b..9d82f78 100755 --- a/gradlew +++ b/gradlew @@ -9,7 +9,7 @@ # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS="" -APP_NAME="Apache Geode (incubating)" +APP_NAME="Gradle" APP_BASE_NAME=`basename "$0"` # Use the maximum available, or set MAX_FD != -1 to use that value. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/53d5af04/gradlew.bat ---------------------------------------------------------------------- diff --git a/gradlew.bat b/gradlew.bat index aec9973..72d362d 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -46,7 +46,7 @@ echo location of your Java installation. goto fail :init -@rem Get command-line arguments, handling Windowz variants +@rem Get command-line arguments, handling Windows variants if not "%OS%" == "Windows_NT" goto win9xME_args if "%@eval[2+2]" == "4" goto 4NT_args