Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id CB75B200B84 for ; Tue, 20 Sep 2016 19:43:05 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C9DA3160AC5; Tue, 20 Sep 2016 17:43:05 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D474D160AC0 for ; Tue, 20 Sep 2016 19:43:03 +0200 (CEST) Received: (qmail 99043 invoked by uid 500); 20 Sep 2016 17:43:03 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 99034 invoked by uid 99); 20 Sep 2016 17:43:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Sep 2016 17:43:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 7AA451A0AAF for ; Tue, 20 Sep 2016 17:43:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.646 X-Spam-Level: X-Spam-Status: No, score=-4.646 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id 234oBtCpb3Ue for ; Tue, 20 Sep 2016 17:42:52 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id B34EC60CE1 for ; Tue, 20 Sep 2016 17:42:49 +0000 (UTC) Received: (qmail 98774 invoked by uid 99); 20 Sep 2016 17:42:48 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Sep 2016 17:42:48 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id A93E7E008F; Tue, 20 Sep 2016 17:42:48 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jinmeiliao@apache.org To: commits@geode.incubator.apache.org Date: Tue, 20 Sep 2016 17:42:49 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [2/2] incubator-geode git commit: GEODE-1648: commits related to security-enabled-components. archived-at: Tue, 20 Sep 2016 17:43:06 -0000 GEODE-1648: commits related to security-enabled-components. Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/f77f46d4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/f77f46d4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/f77f46d4 Branch: refs/heads/GEODE-1648 Commit: f77f46d40ff512892e1fba04792429745132e030 Parents: efd0117 Author: Jinmei Liao Authored: Tue Sep 20 10:40:31 2016 -0700 Committer: Jinmei Liao Committed: Tue Sep 20 10:40:31 2016 -0700 ---------------------------------------------------------------------- .../client/internal/ConnectionFactoryImpl.java | 11 +- .../distributed/ConfigurationProperties.java | 16 ++ .../internal/AbstractDistributionConfig.java | 26 +++ .../internal/DistributionConfig.java | 29 ++++ .../internal/DistributionConfigImpl.java | 20 +++ .../membership/gms/auth/GMSAuthenticator.java | 2 +- .../membership/gms/fd/GMSHealthMonitor.java | 1 + .../internal/tcpserver/TcpClient.java | 1 + .../internal/tcpserver/TcpServer.java | 1 + .../apache/geode/internal/admin/SSLConfig.java | 1 + .../cache/tier/sockets/AcceptorImpl.java | 4 +- .../geode/internal/net/SocketCreator.java | 1 + .../security/IntegratedSecurityService.java | 145 +++++++++++++++-- .../internal/security/SecurableComponent.java | 55 +++++++ .../internal/security/SecurityService.java | 73 ++------- .../apache/geode/internal/tcp/TCPConduit.java | 1 + .../geode/management/GemFireProperties.java | 1 + .../management/internal/ManagementAgent.java | 13 +- .../geode/security/SecurableComponents.java | 62 +++++++ .../CacheServerSSLConnectionDUnitTest.java | 7 +- .../LocatorLauncherRemoteIntegrationTest.java | 29 ++-- .../ServerLauncherRemoteIntegrationTest.java | 34 ++-- .../AbstractDistributionConfigTest.java | 78 +++++++++ .../internal/DistributionConfigJUnitTest.java | 89 +++++++++- .../security/IntegratedSecurityServiceTest.java | 163 +++++++++++++++++-- .../security/SecurityConfigIntegrationTest.java | 57 +++++++ .../ConnectToLocatorSSLDUnitTest.java | 1 + .../geode/management/JMXMBeanDUnitTest.java | 1 + ...edSecurityCacheLifecycleDistributedTest.java | 14 +- .../security/P2PAuthenticationDUnitTest.java | 32 ++-- .../geode/codeAnalysis/excludedClasses.txt | 1 + 31 files changed, 800 insertions(+), 169 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java index 92b3dae..b6460eb 100644 --- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java +++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/ConnectionFactoryImpl.java @@ -16,10 +16,6 @@ */ package org.apache.geode.cache.client.internal; -import java.util.HashSet; -import java.util.Set; -import java.util.concurrent.ScheduledExecutorService; - import org.apache.geode.CancelCriterion; import org.apache.geode.CancelException; import org.apache.geode.cache.GatewayConfigurationException; @@ -28,6 +24,7 @@ import org.apache.geode.cache.client.internal.ServerBlackList.FailureTracker; import org.apache.geode.cache.wan.GatewaySender; import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.distributed.internal.ServerLocation; +import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.cache.tier.Acceptor; import org.apache.geode.internal.cache.tier.sockets.CacheClientUpdater; import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID; @@ -35,12 +32,16 @@ import org.apache.geode.internal.cache.tier.sockets.HandShake; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.logging.log4j.LocalizedMessage; -import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.net.SocketCreatorFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.security.GemFireSecurityException; import org.apache.logging.log4j.Logger; +import java.util.HashSet; +import java.util.Set; +import java.util.concurrent.ScheduledExecutorService; + /** * Creates connections, using a connection source to determine * which server to connect to. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java index 66b1472..d2dd371 100644 --- a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java @@ -1347,6 +1347,22 @@ public interface ConfigurationProperties { */ String SECURITY_PEER_VERIFY_MEMBER_TIMEOUT = SECURITY_PREFIX + "peer-verifymember-timeout"; /** + * The static String definition of the "security-enabled-components" property + * + *

+ * Description: This setting is a comma delimited list of + * {@link org.apache.geode.security.SecurableComponents} specifying which components will be secured + * by a {@link #SECURITY_MANAGER}. + *

+ * This property has no effect unless a {@link #SECURITY_MANAGER} is + * specified. + *

+ * Options: "all","server","cluster","gateway","http","jmx" + *

+ * Since: Geode 1.0 + */ + String SECURITY_ENABLED_COMPONENTS = SECURITY_PREFIX + "enabled-components"; + /** * The static String definition of the "server-bind-address" property *

* Description: The IP address that this distributed system's http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java index 31fa4f6..727c5ab 100644 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/AbstractDistributionConfig.java @@ -42,6 +42,7 @@ import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.LogWriterImpl; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.memcached.GemFireMemcachedServer; /** @@ -495,6 +496,29 @@ public abstract class AbstractDistributionConfig extends AbstractConfig implemen return value; } + /** + * First check if sslComponents are in the list of valid components. If so, check that no other *-ssl-* properties other than cluster-ssl-* are set. + * This would mean one is mixing the "old" with the "new" + */ + @ConfigAttributeChecker(name = SECURITY_ENABLED_COMPONENTS) + protected String checkSecurityEnabledComponents(String value) { + // value with no commas + // empty value + // null + if (StringUtils.isEmpty(value) || SecurableComponent.NONE.name().equalsIgnoreCase(value)) { + return value; + } + if (!value.contains(",")) { + SecurableComponent.getEnum(value); + return value; + } + StringTokenizer stringTokenizer = new StringTokenizer(value, ","); + while (stringTokenizer.hasMoreTokens()) { + SecurableComponent.getEnum(stringTokenizer.nextToken()); + } + return value; + } + // AbstractConfig overriding methods @Override @@ -950,6 +974,8 @@ public abstract class AbstractDistributionConfig extends AbstractConfig implemen m.put(SECURITY_MANAGER, "User defined fully qualified class name implementing SecurityManager interface for integrated security. Defaults to \"{0}\". Legal values can be any \"class name\" implementing SecurityManager that is present in the classpath."); m.put(SECURITY_POST_PROCESSOR, "User defined fully qualified class name implementing PostProcessor interface for integrated security. Defaults to \"{0}\". Legal values can be any \"class name\" implementing PostProcessor that is present in the classpath."); + m.put(SECURITY_ENABLED_COMPONENTS, "A comma delimited list of components that should be secured"); + m.put(SSL_ENABLED_COMPONENTS, "A comma delimited list of components that require SSL communications"); m.put(SSL_CIPHERS, "List of available SSL cipher suites that are to be enabled. Defaults to \"" + DEFAULT_SSL_CIPHERS + "\" meaning your provider''s defaults."); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java index 9da08da..692c2b9 100644 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfig.java @@ -4595,6 +4595,35 @@ public interface DistributionConfig extends Config, LogConfig { */ boolean DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION = false; + /** + * Returns the value of the {@link ConfigurationProperties#SECURITY_ENABLED_COMPONENTS} + * property. + * @since Geode 1.0 + */ + @ConfigAttributeGetter(name = SECURITY_ENABLED_COMPONENTS) + String getSecurityEnabledComponents(); + + /** + * Sets the value of the {@link ConfigurationProperties#SECURITY_ENABLED_COMPONENTS} + * property. + * @since Geode 1.0 + */ + @ConfigAttributeSetter(name = SECURITY_ENABLED_COMPONENTS) + void setSecurityEnabledComponents(String securityEnabledComponents); + + /** + * The name of the {@link ConfigurationProperties#SECURITY_ENABLED_COMPONENTS} property + * @since Geode 1.0 + */ + @ConfigAttribute(type = String.class) + String SECURITY_ENABLED_COMPONENTS_NAME = SECURITY_ENABLED_COMPONENTS; + + /** + * The default ssl enabled components + * @since Geode 1.0 + */ + String DEFAULT_SECURITY_ENABLED_COMPONENTS = "all"; + //*************** Initializers to gather all the annotations in this class ************************ Map attributes = new HashMap<>(); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java index 4d3d751..5a3ec27 100644 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/DistributionConfigImpl.java @@ -38,6 +38,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.builder.EqualsBuilder; import org.apache.commons.lang.builder.HashCodeBuilder; import org.apache.geode.redis.GeodeRedisServer; +import org.apache.geode.security.SecurableComponents; import org.apache.geode.GemFireConfigException; import org.apache.geode.GemFireIOException; @@ -49,6 +50,7 @@ import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.process.ProcessLauncherContext; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.memcached.GemFireMemcachedServer; /** @@ -572,6 +574,8 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement protected String userCommandPackages = DEFAULT_USER_COMMAND_PACKAGES; + private String securityEnabledComponents = DEFAULT_SECURITY_ENABLED_COMPONENTS; + /** * "off-heap-memory-size" with value of "" or "[g|m]" */ @@ -763,6 +767,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement this.securityManager = other.getSecurityManager(); this.postProcessor = other.getPostProcessor(); + this.securityEnabledComponents = ((DistributionConfigImpl) other).securityEnabledComponents; this.clusterSSLAlias = other.getClusterSSLAlias(); this.gatewaySSLAlias = other.getGatewaySSLAlias(); this.httpServiceSSLAlias = other.getHTTPServiceSSLAlias(); @@ -2188,6 +2193,9 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement } public Properties getSecurityProps() { + if (security.containsKey(SECURITY_MANAGER) && !security.containsKey(SECURITY_ENABLED_COMPONENTS)) { + security.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL); + } return security; } @@ -2506,6 +2514,16 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement } @Override + public String getSecurityEnabledComponents() { + return securityEnabledComponents; + } + + @Override + public void setSecurityEnabledComponents(final String securityEnabledComponents) { + this.securityEnabledComponents = securityEnabledComponents; + } + + @Override public String getClusterSSLAlias() { return clusterSSLAlias; } @@ -2862,6 +2880,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement .append(sslDefaultAlias, that.sslDefaultAlias) .append(sourceMap, that.sourceMap) .append(userCommandPackages, that.userCommandPackages) + .append(securityEnabledComponents, that.securityEnabledComponents) .append(offHeapMemorySize, that.offHeapMemorySize) .append(shiroInit, that.shiroInit) .isEquals(); @@ -3037,6 +3056,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement .append(sslDefaultAlias) .append(sourceMap) .append(userCommandPackages) + .append(securityEnabledComponents) .append(offHeapMemorySize) .append(lockMemory) .append(shiroInit) http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java index 3f030c9..a448d8c 100755 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java @@ -106,7 +106,7 @@ public class GMSAuthenticator implements Authenticator { * Method is package protected to be used in testing. */ String authenticate(DistributedMember member, Properties credentials, Properties secProps, DistributedMember localMember) throws AuthenticationFailedException { - if (!securityService.isPeerSecurityRequired()) { + if (!this.securityService.isPeerSecurityRequired()) { return null; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java index aafb498..5717c30 100644 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/fd/GMSHealthMonitor.java @@ -66,6 +66,7 @@ import org.apache.geode.internal.ConnectionWatcher; import org.apache.geode.internal.Version; import org.apache.geode.internal.net.SocketCreatorFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; /** * Failure Detection http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java index def631f..495a85b 100644 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java @@ -41,6 +41,7 @@ import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.net.SocketCreatorFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; /** *

Client for the TcpServer component of the Locator. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java index 3c07771..bd6a8f8 100755 --- a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpServer.java @@ -61,6 +61,7 @@ import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.net.SocketCreatorFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; /** * TCP server which listens on a port and delegates requests to a request http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java index 6f0c52f..4b96d55 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java +++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java @@ -23,6 +23,7 @@ import java.util.Properties; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.management.internal.SSLUtil; /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java index 74fca50..5bddfa5 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java @@ -87,6 +87,7 @@ import org.apache.geode.internal.logging.LoggingThreadGroup; import org.apache.geode.internal.logging.log4j.LocalizedMessage; import org.apache.geode.internal.security.IntegratedSecurityService; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.internal.security.SecurityService; import org.apache.geode.internal.net.SocketCreatorFactory; import org.apache.geode.internal.tcp.ConnectionTable; @@ -629,7 +630,8 @@ public class AcceptorImpl extends Acceptor implements Runnable this.hsPool = tmp_hsPool; } - isAuthenticationRequired = this.securityService.isClientSecurityRequired(); + isAuthenticationRequired = (this.isGatewayReceiver && this.securityService.isGatewaySecurityRequired()) || + (! this.isGatewayReceiver && this.securityService.isClientSecurityRequired()); isIntegratedSecurity = this.securityService.isIntegratedSecurity(); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java index bc1e896..c6ad9ce 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java +++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java @@ -97,6 +97,7 @@ import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.LogService; import org.apache.geode.internal.logging.log4j.LocalizedMessage; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.internal.util.PasswordUtil; /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java index a515de5..a328acb 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java @@ -20,6 +20,7 @@ import static org.apache.geode.distributed.ConfigurationProperties.*; import java.io.IOException; import java.io.Serializable; +import java.lang.reflect.Method; import java.security.AccessController; import java.util.Properties; import java.util.Set; @@ -27,22 +28,11 @@ import java.util.concurrent.Callable; import org.apache.commons.lang.SerializationException; import org.apache.commons.lang.StringUtils; -import org.apache.geode.GemFireIOException; -import org.apache.geode.internal.cache.EntryEventImpl; -import org.apache.geode.internal.logging.LogService; -import org.apache.geode.internal.security.shiro.CustomAuthRealm; -import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken; -import org.apache.geode.internal.security.shiro.ShiroPrincipal; -import org.apache.geode.internal.util.BlobHelper; -import org.apache.geode.management.internal.security.ResourceConstants; -import org.apache.geode.management.internal.security.ResourceOperation; -import org.apache.geode.security.AuthenticationFailedException; -import org.apache.geode.security.GemFireSecurityException; -import org.apache.geode.security.NotAuthorizedException; import org.apache.geode.security.PostProcessor; import org.apache.geode.security.ResourcePermission; import org.apache.geode.security.ResourcePermission.Operation; import org.apache.geode.security.ResourcePermission.Resource; +import org.apache.geode.security.SecurableComponents; import org.apache.geode.security.SecurityManager; import org.apache.logging.log4j.Logger; import org.apache.shiro.SecurityUtils; @@ -56,6 +46,21 @@ import org.apache.shiro.subject.support.SubjectThreadState; import org.apache.shiro.util.ThreadContext; import org.apache.shiro.util.ThreadState; +import org.apache.geode.GemFireIOException; +import org.apache.geode.distributed.internal.DistributionConfig; +import org.apache.geode.internal.ClassLoadUtil; +import org.apache.geode.internal.cache.EntryEventImpl; +import org.apache.geode.internal.logging.LogService; +import org.apache.geode.internal.security.shiro.CustomAuthRealm; +import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken; +import org.apache.geode.internal.security.shiro.ShiroPrincipal; +import org.apache.geode.internal.util.BlobHelper; +import org.apache.geode.management.internal.security.ResourceConstants; +import org.apache.geode.management.internal.security.ResourceOperation; +import org.apache.geode.security.AuthenticationFailedException; +import org.apache.geode.security.GemFireSecurityException; +import org.apache.geode.security.NotAuthorizedException; + public class IntegratedSecurityService implements SecurityService{ private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME); @@ -77,6 +82,12 @@ public class IntegratedSecurityService implements SecurityService{ private boolean isClientAuthenticator; // is there a SECURITY_CLIENT_AUTHENTICATOR private boolean isPeerAuthenticator; // is there a SECURITY_PEER_AUTHENTICATOR + private boolean isJmxSecurityRequired; + private boolean isHttpSecurityRequired; + private boolean isGatewaySecurityRequired; + private boolean isClusterSecurityRequired; + private boolean isServerSecurityRequired; + /** * It first looks the shiro subject in AccessControlContext since JMX will * use multiple threads to process operations from the same client, then it @@ -311,6 +322,17 @@ public class IntegratedSecurityService implements SecurityService{ return; } + String enabledComponentsString = securityProps.getProperty(SECURITY_ENABLED_COMPONENTS); + if (enabledComponentsString == null) { + enabledComponentsString = DistributionConfig.DEFAULT_SECURITY_ENABLED_COMPONENTS; + } + + boolean isClusterSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.CLUSTER); + boolean isGatewaySecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.GATEWAY); + boolean isHttpSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.HTTP_SERVICE); + boolean isJmxSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.JMX); + boolean isServerSecured = enabledComponentsString.contains(SecurableComponents.ALL) || enabledComponentsString.contains(SecurableComponents.SERVER); + String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT); String securityConfig = securityProps.getProperty(SECURITY_MANAGER); String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR); @@ -332,7 +354,7 @@ public class IntegratedSecurityService implements SecurityService{ } // only set up shiro realm if user has implemented SecurityManager else if (!StringUtils.isBlank(securityConfig)) { - securityManager = SecurityService.getObjectOfTypeFromClassName(securityConfig, SecurityManager.class); + securityManager = getObjectOfTypeFromClassName(securityConfig, SecurityManager.class); securityManager.init(securityProps); Realm realm = new CustomAuthRealm(securityManager); org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm); @@ -351,10 +373,17 @@ public class IntegratedSecurityService implements SecurityService{ isPeerAuthenticator = false; } + isServerSecurityRequired = isClientAuthenticator || (isIntegratedSecurity && isServerSecured); + isClusterSecurityRequired = isPeerAuthenticator || (isIntegratedSecurity && isClusterSecured); + + isGatewaySecurityRequired = isClientAuthenticator || (isIntegratedSecurity && isGatewaySecured); + isHttpSecurityRequired = isIntegratedSecurity && isHttpSecured; + isJmxSecurityRequired = isIntegratedSecurity && isJmxSecured; + // this initializes the post processor String customPostProcessor = securityProps.getProperty(SECURITY_POST_PROCESSOR); if( !StringUtils.isBlank(customPostProcessor)) { - postProcessor = SecurityService.getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class); + postProcessor = getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class); postProcessor.init(securityProps); } else{ @@ -424,6 +453,74 @@ public class IntegratedSecurityService implements SecurityService{ return newValue; } + private static void checkSameClass(Object obj1, Object obj2){ + + } + + /** + * this method would never return null, it either throws an exception or + * returns an object + */ + public static T getObjectOfTypeFromClassName(String className, Class expectedClazz) { + Class actualClass = null; + try { + actualClass = ClassLoadUtil.classFromName(className); + } + catch (Exception ex) { + throw new GemFireSecurityException("Instance could not be obtained, "+ex.toString(), ex); + } + + if(!expectedClazz.isAssignableFrom(actualClass)){ + throw new GemFireSecurityException("Instance could not be obtained. Expecting a "+expectedClazz.getName()+" class."); + } + + T actualObject = null; + try { + actualObject = (T)actualClass.newInstance(); + } catch (Exception e) { + throw new GemFireSecurityException("Instance could not be obtained. Error instantiating "+actualClass.getName(), e); + } + return actualObject; + } + + /** + * this method would never return null, it either throws an exception or + * returns an object + */ + public static T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class expectedClazz){ + T actualObject = null; + try { + Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName); + actualObject = (T)factoryMethod.invoke(null, (Object[])null); + } catch (Exception e) { + throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName, e); + } + + if(actualObject == null){ + throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName); + } + + return actualObject; + } + + /** + * this method would never return null, it either throws an exception or + * returns an object + * + * @return an object of type expectedClazz. This method would never return + * null. It either returns an non-null object or throws exception. + */ + public static T getObjectOfType(String classOrMethod, Class expectedClazz) { + T object = null; + try{ + object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz); + } + catch (Exception e){ + object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz); + } + return object; + } + public SecurityManager getSecurityManager(){ return securityManager; } @@ -436,11 +533,23 @@ public class IntegratedSecurityService implements SecurityService{ return isIntegratedSecurity; } - public boolean isClientSecurityRequired() { - return isClientAuthenticator || isIntegratedSecurity; + public boolean isClientSecurityRequired() { // TODO: rename as isServerSecurityRequired + return isServerSecurityRequired; + } + + public boolean isPeerSecurityRequired() { // TODO: rename as isClusterSecurityRequired + return isClusterSecurityRequired; + } + + public boolean isJmxSecurityRequired() { + return isJmxSecurityRequired; + } + + public boolean isGatewaySecurityRequired() { + return isGatewaySecurityRequired; } - public boolean isPeerSecurityRequired() { - return isPeerAuthenticator || isIntegratedSecurity; + public boolean isHttpSecurityRequired() { + return isHttpSecurityRequired; } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java new file mode 100644 index 0000000..1eac87c --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurableComponent.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import org.apache.geode.GemFireConfigException; +import org.apache.geode.security.SecurableComponents; + +public enum SecurableComponent { + ALL(SecurableComponents.ALL), + CLUSTER(SecurableComponents.CLUSTER), + SERVER(SecurableComponents.SERVER), + JMX(SecurableComponents.JMX), + HTTP_SERVICE(SecurableComponents.HTTP_SERVICE), + GATEWAY(SecurableComponents.GATEWAY), + LOCATOR(SecurableComponents.LOCATOR), + NONE("NO_COMPONENT"); + + private final String constant; + + SecurableComponent(final String constant) { + this.constant = constant; + } + + public static SecurableComponent getEnum(String enumString) { + for (SecurableComponent securableComponent : SecurableComponent.values()) { + if (securableComponent.constant.equalsIgnoreCase(enumString)) { + return securableComponent; + } + } + throw new GemFireConfigException("There is no registered component for the name: " + enumString); + } + + public String getConstant() { + return constant; + } + + @Override + public String toString() { + return constant; + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java index d645bbf..4d4fcfa 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java @@ -16,14 +16,11 @@ */ package org.apache.geode.internal.security; -import java.lang.reflect.Method; import java.util.Properties; import java.util.concurrent.Callable; -import org.apache.geode.internal.ClassLoadUtil; import org.apache.geode.management.internal.security.ResourceConstants; import org.apache.geode.management.internal.security.ResourceOperation; -import org.apache.geode.security.GemFireSecurityException; import org.apache.geode.security.PostProcessor; import org.apache.geode.security.ResourcePermission; import org.apache.geode.security.SecurityManager; @@ -59,73 +56,24 @@ public interface SecurityService { Object postProcess(String regionPath, Object key, Object value, boolean valueIsSerialized); Object postProcess(Object principal, String regionPath, Object key, Object value, boolean valueIsSerialized); boolean isClientSecurityRequired(); - boolean isIntegratedSecurity(); + boolean isJmxSecurityRequired(); + boolean isGatewaySecurityRequired(); + boolean isHttpSecurityRequired(); boolean isPeerSecurityRequired(); + boolean isIntegratedSecurity(); SecurityManager getSecurityManager(); PostProcessor getPostProcessor(); - /** - * this method would never return null, it either throws an exception or - * returns an object - */ - public static T getObjectOfTypeFromClassName(String className, Class expectedClazz) { - Class actualClass = null; - try { - actualClass = ClassLoadUtil.classFromName(className); - } - catch (Exception ex) { - throw new GemFireSecurityException("Instance could not be obtained, " + ex.toString(), ex); - } - - if(!expectedClazz.isAssignableFrom(actualClass)){ - throw new GemFireSecurityException("Instance could not be obtained. Expecting a "+expectedClazz.getName()+" class."); - } - - T actualObject = null; - try { - actualObject = (T)actualClass.newInstance(); - } catch (Exception e) { - throw new GemFireSecurityException("Instance could not be obtained. Error instantiating "+actualClass.getName(), e); - } - return actualObject; + static T getObjectOfType(String factoryName, Class clazz) { + return IntegratedSecurityService.getObjectOfType(factoryName, clazz); } - /** - * this method would never return null, it either throws an exception or - * returns an object - */ - public static T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class expectedClazz){ - T actualObject = null; - try { - Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName); - actualObject = (T)factoryMethod.invoke(null, (Object[])null); - } catch (Exception e) { - throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName, e); - } - - if(actualObject == null){ - throw new GemFireSecurityException("Instance could not be obtained from " + factoryMethodName); - } - - return actualObject; + static T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class expectedClazz) { + return IntegratedSecurityService.getObjectOfTypeFromFactoryMethod(factoryMethodName, expectedClazz); } - /** - * this method would never return null, it either throws an exception or - * returns an object - * - * @return an object of type expectedClazz. This method would never return - * null. It either returns an non-null object or throws exception. - */ - public static T getObjectOfType(String classOrMethod, Class expectedClazz) { - T object = null; - try{ - object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz); - } - catch (Exception e){ - object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz); - } - return object; + static T getObjectOfTypeFromClassName(String className, Class expectedClazz) { + return IntegratedSecurityService.getObjectOfTypeFromClassName(className, expectedClazz); } public static Properties getCredentials(Properties securityProps){ @@ -141,5 +89,4 @@ public interface SecurityService { static SecurityService getSecurityService(){ return IntegratedSecurityService.getSecurityService(); } - } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java b/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java index 08f4e10..20083cf 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java +++ b/geode-core/src/main/java/org/apache/geode/internal/tcp/TCPConduit.java @@ -62,6 +62,7 @@ import org.apache.geode.internal.logging.log4j.LogMarker; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.net.SocketCreatorFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; /** *

TCPConduit manages a server socket and a collection of connections to http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java b/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java index 2b2c1a6..592bfdd 100644 --- a/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java +++ b/geode-core/src/main/java/org/apache/geode/management/GemFireProperties.java @@ -18,6 +18,7 @@ package org.apache.geode.management; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; /** * Composite Data type to be used by member to depict gemfire properties in key value manner http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java index f1daa78..ad4b3b7 100755 --- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java @@ -56,7 +56,7 @@ import org.apache.geode.internal.GemFireVersion; import org.apache.geode.internal.cache.GemFireCacheImpl; import org.apache.geode.internal.lang.StringUtils; import org.apache.geode.internal.logging.LogService; -import org.apache.geode.internal.security.SecurityService; +import org.apache.geode.internal.security.IntegratedSecurityService; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.net.SocketCreatorFactory; @@ -95,7 +95,7 @@ public class ManagementAgent { private JMXConnectorServer jmxConnectorServer; private JMXShiroAuthenticator shiroAuthenticator; private final DistributionConfig config; - private SecurityService securityService = SecurityService.getSecurityService(); + // TODO: add this -- private boolean isSecured; private boolean isHttpServiceRunning = false; /** @@ -205,7 +205,7 @@ public class ManagementAgent { if (logger.isDebugEnabled()) { logger.debug(message); } - } else if (securityService.isIntegratedSecurity()) { + } else if (isIntegratedSecurity()) { System.setProperty("spring.profiles.active", "pulse.authentication.gemfire"); } @@ -437,7 +437,7 @@ public class ManagementAgent { } }; - if (securityService.isIntegratedSecurity()) { + if (isIntegratedSecurity()) { shiroAuthenticator = new JMXShiroAuthenticator(); env.put(JMXConnectorServer.AUTHENTICATOR, shiroAuthenticator); jmxConnectorServer.addNotificationListener(shiroAuthenticator, null, jmxConnectorServer.getAttributes()); @@ -494,6 +494,11 @@ public class ManagementAgent { } } + + private boolean isIntegratedSecurity() { + return IntegratedSecurityService.getSecurityService().isJmxSecurityRequired(); + } + private static class GemFireRMIClientSocketFactory implements RMIClientSocketFactory, Serializable { private static final long serialVersionUID = -7604285019188827617L; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java b/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java new file mode 100644 index 0000000..beb5600 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/security/SecurableComponents.java @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.security; + +import org.apache.geode.distributed.ConfigurationProperties; + +/** + * This class defines all the static definitions for the {@link ConfigurationProperties#SECURITY_ENABLED_COMPONENTS} + * Since: Geode 1.0 + */ +public interface SecurableComponents { + + /** + * This determines that all components will be secured. + * Since: Geode 1.0 + */ + String ALL = "all"; + /** + * This determines that the client-server communication will be secured. + * Since: Geode 1.0 + */ + String SERVER = "server"; + /** + * This determines that the inter-server (or server-to-server) communication will be secured. + * Since: Geode 1.0 + */ + String CLUSTER = "cluster"; + /** + * This determines that test jmx communication will be secured. + * Since: Geode 1.0 + */ + String JMX = "jmx"; + /** + * This determines that the http service communication will be secured. + * Since: Geode 1.0 + */ + String HTTP_SERVICE = "http"; + /** + * This determines that the gateway communication will be secured. + * Since: Geode 1.0 + */ + String GATEWAY = "gateway"; + /** + * This determines that the locator communication will be secured. + * Since: Geode 1.0 + */ + String LOCATOR = "locator"; +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java b/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java index 9d53265..e1ee4b1 100644 --- a/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/cache/client/internal/CacheServerSSLConnectionDUnitTest.java @@ -24,6 +24,9 @@ import java.io.PrintWriter; import java.io.StringWriter; import java.util.Properties; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.cache.Cache; import org.apache.geode.cache.CacheFactory; import org.apache.geode.cache.Region; @@ -34,7 +37,9 @@ import org.apache.geode.cache.client.ClientCacheFactory; import org.apache.geode.cache.client.ClientRegionFactory; import org.apache.geode.cache.client.ClientRegionShortcut; import org.apache.geode.cache.server.CacheServer; +import org.apache.geode.internal.net.SocketCreatorFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.security.AuthenticationRequiredException; import org.apache.geode.test.dunit.Host; import org.apache.geode.test.dunit.IgnoredException; @@ -42,8 +47,6 @@ import org.apache.geode.test.dunit.VM; import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; import org.apache.geode.test.junit.categories.DistributedTest; import org.apache.geode.util.test.TestUtil; -import org.junit.Test; -import org.junit.experimental.categories.Category; /** * Tests cacheserver ssl support added. See https://svn.gemstone.com/trac/gemfire/ticket/48995 for details http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java index 312ca56..2aa0c7d 100755 --- a/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java +++ b/geode-core/src/test/java/org/apache/geode/distributed/LocatorLauncherRemoteIntegrationTest.java @@ -16,20 +16,6 @@ */ package org.apache.geode.distributed; -import static org.apache.geode.distributed.ConfigurationProperties.*; -import static org.hamcrest.CoreMatchers.*; -import static org.junit.Assert.*; - -import java.io.File; -import java.io.FileNotFoundException; -import java.io.FileOutputStream; -import java.io.PrintStream; -import java.lang.management.ManagementFactory; -import java.net.InetAddress; -import java.util.ArrayList; -import java.util.List; -import java.util.concurrent.atomic.AtomicBoolean; - import org.apache.geode.distributed.AbstractLauncher.Status; import org.apache.geode.distributed.LocatorLauncher.Builder; import org.apache.geode.distributed.LocatorLauncher.LocatorState; @@ -44,6 +30,7 @@ import org.apache.geode.internal.process.ProcessControllerFactory; import org.apache.geode.internal.process.ProcessStreamReader; import org.apache.geode.internal.process.ProcessType; import org.apache.geode.internal.process.ProcessUtils; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.test.junit.categories.FlakyTest; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory; @@ -55,6 +42,20 @@ import org.junit.experimental.categories.Category; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.PrintStream; +import java.lang.management.ManagementFactory; +import java.net.InetAddress; +import java.util.ArrayList; +import java.util.List; +import java.util.concurrent.atomic.AtomicBoolean; + +import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT; +import static org.hamcrest.CoreMatchers.*; +import static org.junit.Assert.*; + /** * Integration tests for launching a Locator in a forked process. * http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java index 3b3d11e..98ee86f 100755 --- a/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java +++ b/geode-core/src/test/java/org/apache/geode/distributed/ServerLauncherRemoteIntegrationTest.java @@ -16,22 +16,6 @@ */ package org.apache.geode.distributed; -import static org.apache.geode.distributed.ConfigurationProperties.*; -import static org.hamcrest.CoreMatchers.*; -import static org.junit.Assert.*; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.FileWriter; -import java.io.IOException; -import java.io.PrintStream; -import java.io.PrintWriter; -import java.lang.management.ManagementFactory; -import java.net.InetAddress; -import java.util.ArrayList; -import java.util.List; -import java.util.concurrent.atomic.AtomicBoolean; - import org.apache.geode.cache.DataPolicy; import org.apache.geode.cache.Scope; import org.apache.geode.distributed.AbstractLauncher.Status; @@ -48,11 +32,8 @@ import org.apache.geode.internal.cache.xmlcache.RegionAttributesCreation; import org.apache.geode.internal.logging.InternalLogWriter; import org.apache.geode.internal.logging.LocalLogWriter; import org.apache.geode.internal.net.SocketCreatorFactory; -import org.apache.geode.internal.process.PidUnavailableException; -import org.apache.geode.internal.process.ProcessControllerFactory; -import org.apache.geode.internal.process.ProcessStreamReader; -import org.apache.geode.internal.process.ProcessType; -import org.apache.geode.internal.process.ProcessUtils; +import org.apache.geode.internal.process.*; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.test.junit.categories.FlakyTest; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.process.ProcessWrapper; @@ -60,6 +41,17 @@ import org.junit.Ignore; import org.junit.Test; import org.junit.experimental.categories.Category; +import java.io.*; +import java.lang.management.ManagementFactory; +import java.net.InetAddress; +import java.util.ArrayList; +import java.util.List; +import java.util.concurrent.atomic.AtomicBoolean; + +import static org.apache.geode.distributed.ConfigurationProperties.*; +import static org.hamcrest.CoreMatchers.*; +import static org.junit.Assert.*; + /** * Integration tests for launching a Server in a forked process. * http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java b/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java new file mode 100644 index 0000000..293cbd2 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/distributed/internal/AbstractDistributionConfigTest.java @@ -0,0 +1,78 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.distributed.internal; + +import static org.assertj.core.api.Assertions.*; +import static org.mockito.Answers.*; + +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.runners.MockitoJUnitRunner; + +import org.apache.geode.GemFireConfigException; +import org.apache.geode.security.SecurableComponents; +import org.apache.geode.test.junit.categories.UnitTest; + +@Category(UnitTest.class) +@RunWith(MockitoJUnitRunner.class) +public class AbstractDistributionConfigTest { + + @Mock(answer = CALLS_REAL_METHODS) + private AbstractDistributionConfig abstractDistributionConfig; + + @Test + public void testNoCommaInvalidStringThrows() { + assertThatThrownBy(() -> abstractDistributionConfig.checkSecurityEnabledComponents("This has no commas in it")).isExactlyInstanceOf(GemFireConfigException.class); + } + + @Test + public void testOneSecurityEnabledComponents() { + String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents(SecurableComponents.JMX); + assertThat(returnValue).isEqualTo(SecurableComponents.JMX); + } + + @Test + public void testEmptySecurityEnabledComponents() { + String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents(""); + assertThat(returnValue).isEqualTo(""); + } + + @Test + public void testNoneSecurityEnabledComponents() { + String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents("none"); + assertThat(returnValue).isEqualTo("none"); + } + + @Test + public void testNullSecurityEnabledComponents() { + String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents(null); + assertThat(returnValue).isEqualTo(null); + } + + @Test + public void testTwoSecurityEnabledComponents() { + String returnValue = abstractDistributionConfig.checkSecurityEnabledComponents(SecurableComponents.JMX + "," + SecurableComponents.SERVER); + assertThat(returnValue).isEqualTo(SecurableComponents.JMX + "," + SecurableComponents.SERVER); + } + + @Test + public void testOneValidSecurityEnabledComponentAndOneInvalid() { + assertThatThrownBy(() -> abstractDistributionConfig.checkSecurityEnabledComponents(SecurableComponents.JMX + "," + SecurableComponents.SERVER + "," + "this should throw")).isExactlyInstanceOf(GemFireConfigException.class); + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java index 04bfad6..978a0d0 100644 --- a/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/distributed/internal/DistributionConfigJUnitTest.java @@ -17,6 +17,7 @@ package org.apache.geode.distributed.internal; import static org.apache.geode.distributed.ConfigurationProperties.*; +import static org.assertj.core.api.Assertions.*; import static org.junit.Assert.*; import static org.mockito.Matchers.any; import static org.mockito.Mockito.*; @@ -30,16 +31,19 @@ import java.util.List; import java.util.Map; import java.util.Properties; -import org.apache.geode.InternalGemFireException; -import org.apache.geode.UnmodifiableException; -import org.apache.geode.internal.ConfigSource; import org.apache.geode.security.templates.SamplePostProcessor; import org.apache.geode.security.templates.SampleSecurityManager; -import org.apache.geode.test.junit.categories.UnitTest; import org.junit.Before; import org.junit.Test; import org.junit.experimental.categories.Category; +import org.apache.geode.GemFireConfigException; +import org.apache.geode.InternalGemFireException; +import org.apache.geode.UnmodifiableException; +import org.apache.geode.security.SecurableComponents; +import org.apache.geode.internal.ConfigSource; +import org.apache.geode.test.junit.categories.UnitTest; + @Category(UnitTest.class) public class DistributionConfigJUnitTest { @@ -77,7 +81,7 @@ public class DistributionConfigJUnitTest { @Test public void testGetAttributeNames() { String[] attNames = AbstractDistributionConfig._getAttNames(); - assertEquals(attNames.length, 156); + assertEquals(attNames.length, 157); List boolList = new ArrayList(); List intList = new ArrayList(); @@ -112,7 +116,7 @@ public class DistributionConfigJUnitTest { //TODO - This makes no sense. One has no idea what the correct expected number of attributes are. assertEquals(29, boolList.size()); assertEquals(33, intList.size()); - assertEquals(85, stringList.size()); + assertEquals(86, stringList.size()); assertEquals(5, fileList.size()); assertEquals(4, otherList.size()); } @@ -339,7 +343,7 @@ public class DistributionConfigJUnitTest { DistributionConfig config = new DistributionConfigImpl(props); // SECURITY_ENABLED_COMPONENTS is automatically added to getSecurityProps - assertEquals(config.getSecurityProps().size(), 3); + assertEquals(config.getSecurityProps().size(), 4); } @Test @@ -354,7 +358,76 @@ public class DistributionConfigJUnitTest { DistributionConfig config = new DistributionConfigImpl(props); // SECURITY_ENABLED_COMPONENTS is automatically added to getSecurityProps - assertEquals(config.getSecurityProps().size(), 4); + assertEquals(config.getSecurityProps().size(), 5); + } + + @Test + public void securityEnabledComponentsDefaultShouldBeAll() throws Exception { + Properties props = new Properties(); + props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName()); + + DistributionConfig config = new DistributionConfigImpl(props); + + assertThat(config.getSecurityEnabledComponents()).contains(SecurableComponents.ALL); + } + + @Test + public void oneSecurityEnabledComponent() throws Exception { + Properties props = new Properties(); + props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName()); + props.put(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX); + + DistributionConfig config = new DistributionConfigImpl(props); + + assertThat(config.getSecurityEnabledComponents()) + .doesNotContain(SecurableComponents.ALL) + .doesNotContain(SecurableComponents.GATEWAY) + .doesNotContain(SecurableComponents.SERVER) + .doesNotContain(SecurableComponents.HTTP_SERVICE) + .doesNotContain(SecurableComponents.CLUSTER) + .contains(SecurableComponents.JMX); + } + + @Test + public void twoSecurityEnabledComponents() throws Exception { + Properties props = new Properties(); + props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName()); + props.put(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.CLUSTER); + + DistributionConfig config = new DistributionConfigImpl(props); + + assertThat(config.getSecurityEnabledComponents()) + .doesNotContain(SecurableComponents.ALL) + .doesNotContain(SecurableComponents.GATEWAY) + .doesNotContain(SecurableComponents.SERVER) + .doesNotContain(SecurableComponents.HTTP_SERVICE) + .contains(SecurableComponents.CLUSTER) + .contains(SecurableComponents.JMX); + } + + @Test + public void multipleSecurityEnabledComponents() throws Exception { + Properties props = new Properties(); + props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName()); + props.put(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.CLUSTER+ "," + SecurableComponents.HTTP_SERVICE); + + DistributionConfig config = new DistributionConfigImpl(props); + + assertThat(config.getSecurityEnabledComponents()) + .doesNotContain(SecurableComponents.ALL) + .doesNotContain(SecurableComponents.GATEWAY) + .doesNotContain(SecurableComponents.SERVER) + .contains(SecurableComponents.HTTP_SERVICE) + .contains(SecurableComponents.CLUSTER) + .contains(SecurableComponents.JMX); + } + + @Test + public void nonExistentSecurityEnabledComponentShouldThrow() throws Exception { + Properties props = new Properties(); + props.put(SECURITY_ENABLED_COMPONENTS, "notapplicable"); + + assertThatThrownBy(() -> new DistributionConfigImpl(props)).isExactlyInstanceOf(GemFireConfigException.class); } @Test http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java index e3e140e..333875e 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java @@ -27,6 +27,7 @@ import org.junit.Before; import org.junit.Test; import org.junit.experimental.categories.Category; +import org.apache.geode.security.SecurableComponents; import org.apache.geode.security.GemFireSecurityException; import org.apache.geode.test.junit.categories.UnitTest; @@ -45,42 +46,47 @@ public class IntegratedSecurityServiceTest { @Test public void testGetObjectFromConstructor() { - String string = SecurityService.getObjectOfType(String.class.getName(), String.class); + String string = IntegratedSecurityService.getObjectOfType(String.class.getName(), String.class); assertNotNull(string); - CharSequence charSequence = SecurityService.getObjectOfType(String.class.getName(), CharSequence.class); + CharSequence charSequence = IntegratedSecurityService.getObjectOfType(String.class.getName(), CharSequence.class); assertNotNull(charSequence); - assertThatThrownBy(() -> SecurityService.getObjectOfType("com.abc.testString", String.class)).isInstanceOf(GemFireSecurityException.class); + assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType("com.abc.testString", String.class)).isInstanceOf(GemFireSecurityException.class); - assertThatThrownBy(() -> SecurityService.getObjectOfType(String.class.getName(), Boolean.class)).isInstanceOf(GemFireSecurityException.class); + assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(String.class.getName(), Boolean.class)).isInstanceOf(GemFireSecurityException.class); - assertThatThrownBy(() -> SecurityService.getObjectOfType("", String.class)).isInstanceOf(GemFireSecurityException.class); + assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType("", String.class)).isInstanceOf(GemFireSecurityException.class); - assertThatThrownBy(() -> SecurityService.getObjectOfType(null, String.class)).isInstanceOf(GemFireSecurityException.class); + assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(null, String.class)).isInstanceOf(GemFireSecurityException.class); - assertThatThrownBy(() -> SecurityService.getObjectOfType(" ", String.class)).isInstanceOf(GemFireSecurityException.class); + assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(" ", String.class)).isInstanceOf(GemFireSecurityException.class); } @Test public void testGetObjectFromFactoryMethod() { - String string = SecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class); + String string = IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class); assertNotNull(string); - CharSequence charSequence = SecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class); + CharSequence charSequence = IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getString", String.class); assertNotNull(charSequence); - assertThatThrownBy(() -> SecurityService.getObjectOfType(Factories.class.getName() + ".getStringNonStatic", String.class)) + assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getStringNonStatic", String.class)) .isInstanceOf(GemFireSecurityException.class); - assertThatThrownBy(() -> SecurityService.getObjectOfType(Factories.class.getName() + ".getNullString", String.class)) + assertThatThrownBy(() -> IntegratedSecurityService.getObjectOfType(Factories.class.getName() + ".getNullString", String.class)) .isInstanceOf(GemFireSecurityException.class); } + @Test public void testInitialSecurityFlags() { // initial state of IntegratedSecurityService assertFalse(securityService.isIntegratedSecurity()); + assertFalse(securityService.isClientSecurityRequired()); + assertFalse(securityService.isGatewaySecurityRequired()); + assertFalse(securityService.isHttpSecurityRequired()); + assertFalse(securityService.isJmxSecurityRequired()); assertFalse(securityService.isPeerSecurityRequired()); } @@ -92,7 +98,11 @@ public class IntegratedSecurityServiceTest { securityService.initSecurity(properties); assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isGatewaySecurityRequired()); + assertTrue(securityService.isHttpSecurityRequired()); + assertTrue(securityService.isJmxSecurityRequired()); assertTrue(securityService.isPeerSecurityRequired()); } @@ -101,8 +111,14 @@ public class IntegratedSecurityServiceTest { properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test"); securityService.initSecurity(properties); + assertFalse(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isGatewaySecurityRequired()); + + assertFalse(securityService.isHttpSecurityRequired()); + assertFalse(securityService.isJmxSecurityRequired()); assertFalse(securityService.isPeerSecurityRequired()); } @@ -113,7 +129,11 @@ public class IntegratedSecurityServiceTest { securityService.initSecurity(properties); assertFalse(securityService.isIntegratedSecurity()); + assertFalse(securityService.isClientSecurityRequired()); + assertFalse(securityService.isGatewaySecurityRequired()); + assertFalse(securityService.isHttpSecurityRequired()); + assertFalse(securityService.isJmxSecurityRequired()); assertTrue(securityService.isPeerSecurityRequired()); } @@ -124,7 +144,128 @@ public class IntegratedSecurityServiceTest { securityService.initSecurity(properties); assertTrue(securityService.isIntegratedSecurity()); + + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isGatewaySecurityRequired()); + assertTrue(securityService.isHttpSecurityRequired()); + assertTrue(securityService.isJmxSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); + } + + @Test + public void allEnabledWithSecurityManager() { + properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager"); + properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json"); + properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL); + + securityService.initSecurity(properties); + + assertTrue(securityService.isIntegratedSecurity()); + + assertTrue(securityService.isClientSecurityRequired()); + assertTrue(securityService.isGatewaySecurityRequired()); + assertTrue(securityService.isHttpSecurityRequired()); + assertTrue(securityService.isJmxSecurityRequired()); + assertTrue(securityService.isPeerSecurityRequired()); + } + + @Test + public void emptyEnabledWithSecurityManager() { + properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager"); + properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json"); + properties.setProperty(SECURITY_ENABLED_COMPONENTS,""); + + securityService.initSecurity(properties); + + assertTrue(securityService.isIntegratedSecurity()); + + assertFalse(securityService.isClientSecurityRequired()); + assertFalse(securityService.isGatewaySecurityRequired()); + assertFalse(securityService.isHttpSecurityRequired()); + assertFalse(securityService.isJmxSecurityRequired()); + assertFalse(securityService.isPeerSecurityRequired()); + } + + @Test + public void noneEnabledWithSecurityManager() { + properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager"); + properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json"); + properties.setProperty(SECURITY_ENABLED_COMPONENTS,"none"); + + securityService.initSecurity(properties); + + assertTrue(securityService.isIntegratedSecurity()); + + assertFalse(securityService.isClientSecurityRequired()); + assertFalse(securityService.isGatewaySecurityRequired()); + assertFalse(securityService.isHttpSecurityRequired()); + assertFalse(securityService.isJmxSecurityRequired()); + assertFalse(securityService.isPeerSecurityRequired()); + } + + @Test + public void allSecurableComponentsWithoutAnySecurity() { + properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.ALL); + + securityService.initSecurity(properties); + + assertFalse(securityService.isIntegratedSecurity()); + + assertFalse(securityService.isClientSecurityRequired()); + assertFalse(securityService.isGatewaySecurityRequired()); + assertFalse(securityService.isHttpSecurityRequired()); + assertFalse(securityService.isJmxSecurityRequired()); + assertFalse(securityService.isPeerSecurityRequired()); + } + + @Test + public void oneSecurableComponentEnabledWithSecurityManager() { + properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager"); + properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json"); + properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX); + + securityService.initSecurity(properties); + + assertTrue(securityService.isIntegratedSecurity()); + + assertFalse(securityService.isClientSecurityRequired()); + assertFalse(securityService.isGatewaySecurityRequired()); + assertFalse(securityService.isHttpSecurityRequired()); + assertTrue(securityService.isJmxSecurityRequired()); + assertFalse(securityService.isPeerSecurityRequired()); + } + + @Test + public void twoSecurableComponentEnabledWithSecurityManager() { + properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager"); + properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json"); + properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.SERVER); + + securityService.initSecurity(properties); + + assertTrue(securityService.isIntegratedSecurity()); + + assertTrue(securityService.isClientSecurityRequired()); + assertFalse(securityService.isGatewaySecurityRequired()); + assertFalse(securityService.isHttpSecurityRequired()); + assertTrue(securityService.isJmxSecurityRequired()); + assertFalse(securityService.isPeerSecurityRequired()); + } + + @Test + public void manySecurableComponentEnabledWithSecurityManager() { + properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager"); + properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json"); + properties.setProperty(SECURITY_ENABLED_COMPONENTS, SecurableComponents.JMX + "," + SecurableComponents.SERVER + "," + SecurableComponents.CLUSTER); + + securityService.initSecurity(properties); + + assertTrue(securityService.isIntegratedSecurity()); + assertTrue(securityService.isClientSecurityRequired()); + assertFalse(securityService.isGatewaySecurityRequired()); + assertFalse(securityService.isHttpSecurityRequired()); + assertTrue(securityService.isJmxSecurityRequired()); assertTrue(securityService.isPeerSecurityRequired()); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java new file mode 100644 index 0000000..aab934e --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/internal/security/SecurityConfigIntegrationTest.java @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import static org.apache.geode.distributed.ConfigurationProperties.*; +import static org.assertj.core.api.Assertions.*; + +import java.util.Properties; + +import org.apache.geode.security.templates.SampleSecurityManager; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import org.apache.geode.security.SecurableComponents; +import org.apache.geode.distributed.internal.DistributionConfig; +import org.apache.geode.distributed.internal.DistributionConfigImpl; +import org.apache.geode.test.junit.categories.IntegrationTest; + +@Category(IntegrationTest.class) +public class SecurityConfigIntegrationTest { + + @Test + public void securityEnabledComponentsDefaultShouldBeAll() throws Exception { + SecurityService securityService = SecurityService.getSecurityService(); + Properties props = new Properties(); + props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName()); + props.put(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json"); + + DistributionConfig config = new DistributionConfigImpl(props); + Properties securityProps = config.getSecurityProps(); + + assertThat(securityProps).containsKeys(SECURITY_MANAGER, SECURITY_ENABLED_COMPONENTS); + assertThat(securityProps.getProperty(SECURITY_ENABLED_COMPONENTS)).isEqualTo(SecurableComponents.ALL); + + securityService.initSecurity(securityProps); + + assertThat(securityService.isClientSecurityRequired()); + assertThat(securityService.isGatewaySecurityRequired()); + assertThat(securityService.isPeerSecurityRequired()); + assertThat(securityService.isJmxSecurityRequired()); + assertThat(securityService.isHttpSecurityRequired()); + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java index 41ffa48..1bf1056 100644 --- a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java @@ -37,6 +37,7 @@ import org.junit.rules.TemporaryFolder; import org.apache.geode.distributed.Locator; import org.apache.geode.internal.AvailablePortHelper; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.management.cli.Result.Status; import org.apache.geode.management.internal.cli.CliUtil; import org.apache.geode.management.internal.cli.HeadlessGfsh; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java index ffa024f..05c9022 100644 --- a/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/JMXMBeanDUnitTest.java @@ -41,6 +41,7 @@ import org.junit.experimental.categories.Category; import org.apache.geode.distributed.LocatorLauncher; import org.apache.geode.internal.AvailablePortHelper; import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.security.SecurableComponent; import org.apache.geode.test.dunit.DistributedTestCase; import org.apache.geode.test.dunit.DistributedTestUtils; import org.apache.geode.test.dunit.Host; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java index 040bbf0..494c4d4 100644 --- a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java @@ -22,12 +22,17 @@ import static org.assertj.core.api.Assertions.*; import java.io.IOException; import java.util.Properties; +import org.apache.geode.security.templates.SampleSecurityManager; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.cache.server.CacheServer; -import org.apache.geode.internal.AvailablePortHelper; +import org.apache.geode.internal.AvailablePort; import org.apache.geode.internal.security.IntegratedSecurityService; import org.apache.geode.internal.security.SecurityService; +import org.apache.geode.internal.AvailablePortHelper; import org.apache.geode.management.ManagementService; -import org.apache.geode.security.templates.SampleSecurityManager; import org.apache.geode.test.dunit.DistributedTestUtils; import org.apache.geode.test.dunit.Host; import org.apache.geode.test.dunit.NetworkUtils; @@ -35,9 +40,6 @@ import org.apache.geode.test.dunit.VM; import org.apache.geode.test.dunit.cache.internal.JUnit4CacheTestCase; import org.apache.geode.test.junit.categories.DistributedTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.experimental.categories.Category; @Ignore("This is broken but fixed on feature/GEODE-1673") @Category({DistributedTest.class, SecurityTest.class}) @@ -67,6 +69,7 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/management/internal/security/clientServer.json"); properties.setProperty(LOCATORS, locators); properties.setProperty(MCAST_PORT, "0"); + properties.setProperty(SECURITY_ENABLED_COMPONENTS, ""); properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()); properties.setProperty(START_LOCATOR, locators); properties.setProperty(JMX_MANAGER, "true"); @@ -104,6 +107,7 @@ public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4Cache properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/management/internal/security/clientServer.json"); properties.setProperty(LOCATORS, locators); properties.setProperty(MCAST_PORT, "0"); + properties.setProperty(SECURITY_ENABLED_COMPONENTS, ""); properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName()); properties.setProperty(USE_CLUSTER_CONFIGURATION, "false"); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f77f46d4/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java index 9fcf4cd..ba4cb59 100644 --- a/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java @@ -18,6 +18,22 @@ */ package org.apache.geode.security; +import static org.apache.geode.distributed.ConfigurationProperties.*; +import static org.apache.geode.internal.AvailablePort.*; +import static org.apache.geode.security.SecurityTestUtils.*; +import static org.apache.geode.test.dunit.Assert.*; +import static org.apache.geode.test.dunit.IgnoredException.*; +import static org.apache.geode.test.dunit.NetworkUtils.*; +import static org.apache.geode.test.dunit.Wait.*; + +import java.util.Properties; + +import javax.net.ssl.SSLHandshakeException; + +import org.junit.Ignore; +import org.junit.Test; +import org.junit.experimental.categories.Category; + import org.apache.geode.distributed.ConfigurationProperties; import org.apache.geode.distributed.DistributedSystem; import org.apache.geode.distributed.Locator; @@ -36,22 +52,6 @@ import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; import org.apache.geode.test.junit.categories.DistributedTest; import org.apache.geode.test.junit.categories.FlakyTest; import org.apache.geode.test.junit.categories.SecurityTest; -import org.junit.Ignore; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import javax.net.ssl.SSLHandshakeException; -import java.util.Properties; - -import static org.apache.geode.distributed.ConfigurationProperties.*; -import static org.apache.geode.internal.AvailablePort.SOCKET; -import static org.apache.geode.internal.AvailablePort.getRandomAvailablePort; -import static org.apache.geode.security.SecurityTestUtils.startLocator; -import static org.apache.geode.security.SecurityTestUtils.stopLocator; -import static org.apache.geode.test.dunit.Assert.*; -import static org.apache.geode.test.dunit.IgnoredException.addIgnoredException; -import static org.apache.geode.test.dunit.NetworkUtils.getIPLiteral; -import static org.apache.geode.test.dunit.Wait.pause; /** * Tests peer to peer authentication in Gemfire