geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dschnei...@apache.org
Subject [94/98] [abbrv] incubator-geode git commit: GEODE-2030: security support for SDG
Date Fri, 28 Oct 2016 21:41:48 GMT
GEODE-2030: security support for SDG


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/6ec3f884
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/6ec3f884
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/6ec3f884

Branch: refs/heads/feature/GEM-983
Commit: 6ec3f884c953b48c357bf127a5a37ba88dedee8c
Parents: c4e3b15
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Mon Oct 24 10:54:36 2016 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Fri Oct 28 08:48:57 2016 -0700

----------------------------------------------------------------------
 .../org/apache/geode/cache/CacheFactory.java    |  34 ++++++
 .../geode/internal/cache/CacheConfig.java       |  22 +++-
 .../geode/internal/cache/GemFireCacheImpl.java  | 121 ++++++++++---------
 .../security/IntegratedSecurityService.java     |  69 ++++++++---
 .../internal/security/SecurityService.java      |  17 +--
 .../security/IntegratedSecurityServiceTest.java |  51 +++++++-
 .../CacheFactoryWithSecurityObjectTest.java     |  90 ++++++++++++++
 7 files changed, 320 insertions(+), 84 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java b/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java
index b62feac..15557bb 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/CacheFactory.java
@@ -28,6 +28,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.internal.jndi.JNDIInvoker;
 import org.apache.geode.pdx.PdxInstance;
 import org.apache.geode.pdx.PdxSerializer;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.SecurityManager;
 
 
 /**
@@ -326,6 +328,38 @@ public class CacheFactory {
   }
 
   /**
+   * sets the securityManager for the cache. If this securityManager is set. It will override
the
+   * security-manager property you set in your gemfire system properties.
+   *
+   * This is provided mostly for container to inject an already initialized securityManager.
An
+   * object provided this way is expected to be initialized already. We are not calling the
init
+   * method on this object
+   *
+   * @param securityManager
+   * @return
+   */
+  public CacheFactory setSecurityManager(SecurityManager securityManager) {
+    this.cacheConfig.setSecurityManager(securityManager);
+    return this;
+  }
+
+  /**
+   * sets the postProcessor for the cache. If this postProcessor is set. It will override
thie
+   * security-post-processor setting in the gemfire system properties.
+   *
+   * This is provided mostly for container to inject an already initialized post processor.
An
+   * object provided this way is expected to be initialized already. We are not calling the
init
+   * method on this object
+   * 
+   * @param postProcessor
+   * @return
+   */
+  public CacheFactory setPostProcessor(PostProcessor postProcessor) {
+    this.cacheConfig.setPostProcessor(postProcessor);
+    return this;
+  }
+
+  /**
    * Set the PDX serializer for the cache. If this serializer is set, it will be consulted
to see if
    * it can serialize any domain classes which are added to the cache in portable data exchange
    * format.

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java b/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java
index 91ae333..45b6a6c 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/CacheConfig.java
@@ -14,13 +14,14 @@
  */
 package org.apache.geode.internal.cache;
 
-import java.util.List;
-
 import org.apache.geode.internal.cache.xmlcache.CacheServerCreation;
 import org.apache.geode.internal.i18n.LocalizedStrings;
 import org.apache.geode.pdx.PdxSerializer;
 import org.apache.geode.pdx.ReflectionBasedAutoSerializer;
-import org.apache.geode.pdx.internal.AutoSerializableManager;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.SecurityManager;
+
+import java.util.List;
 
 /**
  * This is helper class used by CacheFactory to pass the cache configuration values to cache
@@ -35,6 +36,9 @@ public class CacheConfig {
   public static boolean DEFAULT_PDX_PERSISTENT = false;
   public static boolean DEFAULT_PDX_IGNORE_UNREAD_FIELDS = false;
 
+  private static SecurityManager securityManager = null;
+  private static PostProcessor postProcessor = null;
+
   public boolean pdxReadSerialized = DEFAULT_PDX_READ_SERIALIZED;
 
   /**
@@ -88,14 +92,26 @@ public class CacheConfig {
     return pdxSerializer;
   }
 
+  public SecurityManager getSecurityManager() {
+    return securityManager;
+  }
 
+  public void setSecurityManager(SecurityManager securityManager) {
+    CacheConfig.securityManager = securityManager;
+  }
 
   public void setPdxSerializer(PdxSerializer pdxSerializer) {
     pdxSerializerUserSet = true;
     this.pdxSerializer = pdxSerializer;
   }
 
+  public PostProcessor getPostProcessor() {
+    return postProcessor;
+  }
 
+  public void setPostProcessor(PostProcessor postProcessor) {
+    CacheConfig.postProcessor = postProcessor;
+  }
 
   public String getPdxDiskStore() {
     return pdxDiskStore;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
index d9d572c..ba4f1f4 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
@@ -15,65 +15,9 @@
 
 package org.apache.geode.internal.cache;
 
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.PrintStream;
-import java.io.Reader;
-import java.io.StringBufferInputStream;
-import java.io.StringWriter;
-import java.io.Writer;
-import java.net.InetSocketAddress;
-import java.net.URL;
-import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Properties;
-import java.util.ServiceLoader;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.concurrent.ArrayBlockingQueue;
-import java.util.concurrent.CancellationException;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.CopyOnWriteArrayList;
-import java.util.concurrent.CopyOnWriteArraySet;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Executor;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
-import java.util.concurrent.LinkedBlockingQueue;
-import java.util.concurrent.RejectedExecutionException;
-import java.util.concurrent.ThreadFactory;
-import java.util.concurrent.ThreadPoolExecutor;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicInteger;
-import java.util.concurrent.atomic.AtomicReference;
-
-import javax.naming.Context;
-
 import com.sun.jna.Native;
 import com.sun.jna.Platform;
 import org.apache.commons.lang.StringUtils;
-import org.apache.logging.log4j.Logger;
-
 import org.apache.geode.CancelCriterion;
 import org.apache.geode.CancelException;
 import org.apache.geode.ForcedDisconnectException;
@@ -229,6 +173,60 @@ import org.apache.geode.pdx.internal.PdxInstanceFactoryImpl;
 import org.apache.geode.pdx.internal.PdxInstanceImpl;
 import org.apache.geode.pdx.internal.TypeRegistry;
 import org.apache.geode.redis.GeodeRedisServer;
+import org.apache.logging.log4j.Logger;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.PrintStream;
+import java.io.Reader;
+import java.io.StringBufferInputStream;
+import java.io.StringWriter;
+import java.io.Writer;
+import java.net.InetSocketAddress;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.ServiceLoader;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.CancellationException;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.concurrent.CopyOnWriteArraySet;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.RejectedExecutionException;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicReference;
+import javax.naming.Context;
 
 // @todo somebody Come up with more reasonable values for {@link #DEFAULT_LOCK_TIMEOUT},
etc.
 /**
@@ -1203,7 +1201,18 @@ public class GemFireCacheImpl
     // apply the cluster's properties configuration and initialize security using that configuration
     ClusterConfigurationLoader.applyClusterPropertiesConfiguration(this, configurationResponse,
         system.getConfig());
+
+    // first initialize the security service using the security properties
     securityService.initSecurity(system.getConfig().getSecurityProps());
+    // secondly if cacheConfig has a securityManager, use that instead
+    if (cacheConfig.getSecurityManager() != null) {
+      securityService.setSecurityManager(cacheConfig.getSecurityManager());
+    }
+    // if cacheConfig has a postProcessor, use that instead
+    if (cacheConfig.getPostProcessor() != null) {
+      securityService.setPostProcessor(cacheConfig.getPostProcessor());
+    }
+
 
     SystemMemberCacheEventProcessor.send(this, Operation.CACHE_CREATE);
     this.resourceAdvisor.initializationGate();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
index 8fc0f11..7a898d1 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
@@ -42,6 +42,7 @@ import org.apache.geode.security.SecurityManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.ShiroException;
+import org.apache.shiro.UnavailableSecurityManagerException;
 import org.apache.shiro.config.Ini.Section;
 import org.apache.shiro.config.IniSecurityManagerFactory;
 import org.apache.shiro.mgt.DefaultSecurityManager;
@@ -73,7 +74,7 @@ public class IntegratedSecurityService implements SecurityService {
   private PostProcessor postProcessor;
   private SecurityManager securityManager;
 
-  private boolean isIntegratedSecurity;
+  private Boolean isIntegratedSecurity;
 
   private boolean isClientAuthenticator; // is there a SECURITY_CLIENT_AUTHENTICATOR
   private boolean isPeerAuthenticator; // is there a SECURITY_PEER_AUTHENTICATOR
@@ -85,7 +86,7 @@ public class IntegratedSecurityService implements SecurityService {
    * @return the shiro subject, null if security is not enabled
    */
   public Subject getSubject() {
-    if (!isIntegratedSecurity) {
+    if (!isIntegratedSecurity()) {
       return null;
     }
 
@@ -133,7 +134,7 @@ public class IntegratedSecurityService implements SecurityService {
    * @return null if security is not enabled, otherwise return a shiro subject
    */
   public Subject login(Properties credentials) {
-    if (!isIntegratedSecurity) {
+    if (!isIntegratedSecurity()) {
       return null;
     }
 
@@ -300,7 +301,7 @@ public class IntegratedSecurityService implements SecurityService {
     }
 
     String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
-    String securityConfig = securityProps.getProperty(SECURITY_MANAGER);
+    String securityManagerConfig = securityProps.getProperty(SECURITY_MANAGER);
     String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
     String peerAuthenticatorConfig = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
 
@@ -318,18 +319,17 @@ public class IntegratedSecurityService implements SecurityService {
       org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
       SecurityUtils.setSecurityManager(securityManager);
       isIntegratedSecurity = true;
+      isClientAuthenticator = false;
+      isPeerAuthenticator = false;
     }
     // only set up shiro realm if user has implemented SecurityManager
-    else if (!StringUtils.isBlank(securityConfig)) {
-      securityManager =
-          SecurityService.getObjectOfTypeFromClassName(securityConfig, SecurityManager.class);
+    else if (!StringUtils.isBlank(securityManagerConfig)) {
+      SecurityManager securityManager = SecurityService
+          .getObjectOfTypeFromClassName(securityManagerConfig, SecurityManager.class);
       securityManager.init(securityProps);
-      Realm realm = new CustomAuthRealm(securityManager);
-      org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm);
-      SecurityUtils.setSecurityManager(shiroManager);
-      isIntegratedSecurity = true;
+      this.setSecurityManager(securityManager);
     } else {
-      isIntegratedSecurity = false;
+      isIntegratedSecurity = null;
       isClientAuthenticator = !StringUtils.isBlank(clientAuthenticatorConfig);
       isPeerAuthenticator = !StringUtils.isBlank(peerAuthenticatorConfig);
     }
@@ -356,7 +356,8 @@ public class IntegratedSecurityService implements SecurityService {
       postProcessor = null;
     }
     ThreadContext.remove();
-    isIntegratedSecurity = false;
+    SecurityUtils.setSecurityManager(null);
+    isIntegratedSecurity = null;
     isClientAuthenticator = false;
     isPeerAuthenticator = false;
   }
@@ -367,7 +368,7 @@ public class IntegratedSecurityService implements SecurityService {
    * bypass it entirely, call this first.
    */
   public boolean needPostProcess() {
-    return (isIntegratedSecurity && postProcessor != null);
+    return (isIntegratedSecurity() && postProcessor != null);
   }
 
   public Object postProcess(String regionPath, Object key, Object value,
@@ -412,19 +413,55 @@ public class IntegratedSecurityService implements SecurityService {
     return securityManager;
   }
 
+  public void setSecurityManager(SecurityManager securityManager) {
+    if (securityManager == null) {
+      return;
+    }
+
+    this.securityManager = securityManager;
+    Realm realm = new CustomAuthRealm(securityManager);
+    org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm);
+    SecurityUtils.setSecurityManager(shiroManager);
+    isIntegratedSecurity = true;
+    isClientAuthenticator = false;
+    isPeerAuthenticator = false;
+  }
+
   public PostProcessor getPostProcessor() {
     return postProcessor;
   }
 
+  public void setPostProcessor(PostProcessor postProcessor) {
+    if (postProcessor == null) {
+      return;
+    }
+
+    this.postProcessor = postProcessor;
+  }
+
+  /**
+   * If Shiro's security manager is configured, then return true, otherwise, return false;
+   * 
+   * @return
+   */
   public boolean isIntegratedSecurity() {
+    if (isIntegratedSecurity != null) {
+      return isIntegratedSecurity;
+    }
+
+    try {
+      isIntegratedSecurity = (SecurityUtils.getSecurityManager() != null);
+    } catch (UnavailableSecurityManagerException e) {
+      isIntegratedSecurity = false;
+    }
     return isIntegratedSecurity;
   }
 
   public boolean isClientSecurityRequired() {
-    return isClientAuthenticator || isIntegratedSecurity;
+    return isClientAuthenticator || isIntegratedSecurity();
   }
 
   public boolean isPeerSecurityRequired() {
-    return isPeerAuthenticator || isIntegratedSecurity;
+    return isPeerAuthenticator || isIntegratedSecurity();
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
index 41b08d5..727a1ce 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
@@ -14,13 +14,6 @@
  */
 package org.apache.geode.internal.security;
 
-import java.lang.reflect.Method;
-import java.util.Properties;
-import java.util.concurrent.Callable;
-
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.ThreadState;
-
 import org.apache.geode.internal.ClassLoadUtil;
 import org.apache.geode.management.internal.security.ResourceConstants;
 import org.apache.geode.management.internal.security.ResourceOperation;
@@ -28,6 +21,12 @@ import org.apache.geode.security.GemFireSecurityException;
 import org.apache.geode.security.PostProcessor;
 import org.apache.geode.security.ResourcePermission;
 import org.apache.geode.security.SecurityManager;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadState;
+
+import java.lang.reflect.Method;
+import java.util.Properties;
+import java.util.concurrent.Callable;
 
 public interface SecurityService {
 
@@ -96,8 +95,12 @@ public interface SecurityService {
 
   SecurityManager getSecurityManager();
 
+  void setSecurityManager(SecurityManager securityManager);
+
   PostProcessor getPostProcessor();
 
+  void setPostProcessor(PostProcessor postProcessor);
+
   /**
    * this method would never return null, it either throws an exception or returns an object
    */

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
index 8c81026..1a8e601 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/security/IntegratedSecurityServiceTest.java
@@ -18,14 +18,19 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIE
 import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR;
 import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT;
-import static org.assertj.core.api.Java6Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.templates.SamplePostProcessor;
 import org.apache.geode.security.templates.SampleSecurityManager;
+import org.apache.geode.security.templates.SimpleSecurityManager;
 import org.apache.geode.test.junit.categories.UnitTest;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
@@ -133,7 +138,7 @@ public class IntegratedSecurityServiceTest {
   }
 
   @Test
-  public void testInitWithBothAuthenticator() {
+  public void testInitWithAuthenticators() {
     properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test");
     properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test");
 
@@ -155,6 +160,48 @@ public class IntegratedSecurityServiceTest {
     assertTrue(securityService.isPeerSecurityRequired());
   }
 
+  @Test
+  public void testNoInit() {
+    assertFalse(securityService.isIntegratedSecurity());
+  }
+
+  @Test
+  public void testInitWithOutsideShiroSecurityManager() {
+    SecurityUtils.setSecurityManager(new DefaultSecurityManager());
+    securityService.initSecurity(properties);
+    assertTrue(securityService.isIntegratedSecurity());
+  }
+
+  @Test
+  public void testSetSecurityManager() {
+    // initially
+    assertFalse(securityService.isIntegratedSecurity());
+
+    // init with client authenticator
+    properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test");
+    securityService.initSecurity(properties);
+    assertFalse(securityService.isIntegratedSecurity());
+    assertTrue(securityService.isClientSecurityRequired());
+    assertFalse(securityService.isPeerSecurityRequired());
+
+    // set a security manager
+    securityService.setSecurityManager(new SimpleSecurityManager());
+    assertTrue(securityService.isIntegratedSecurity());
+    assertTrue(securityService.isClientSecurityRequired());
+    assertTrue(securityService.isPeerSecurityRequired());
+    assertFalse(securityService.needPostProcess());
+
+    // set a post processor
+    securityService.setPostProcessor(new SamplePostProcessor());
+    assertTrue(securityService.isIntegratedSecurity());
+    assertTrue(securityService.needPostProcess());
+  }
+
+  @After
+  public void after() {
+    securityService.close();
+  }
+
   private static class Factories {
 
     public static String getString() {

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6ec3f884/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java
b/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java
new file mode 100644
index 0000000..742167c
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/CacheFactoryWithSecurityObjectTest.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information
regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version
2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain
a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express
+ * or implied. See the License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+
+package org.apache.geode.security;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import org.apache.geode.cache.Cache;
+import org.apache.geode.cache.CacheFactory;
+import org.apache.geode.distributed.ConfigurationProperties;
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.templates.DummyAuthenticator;
+import org.apache.geode.security.templates.SamplePostProcessor;
+import org.apache.geode.security.templates.SimpleSecurityManager;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.util.Properties;
+
+@Category({IntegrationTest.class, SecurityTest.class})
+public class CacheFactoryWithSecurityObjectTest {
+
+  private SecurityService securityService;
+  private SecurityManager simpleSecurityManager;
+  private Properties properties = new Properties();
+  Cache cache;
+
+  @Before
+  public void before() throws Exception {
+    securityService = SecurityService.getSecurityService();
+    simpleSecurityManager = new SimpleSecurityManager();
+    properties.setProperty("mcast-port", "0");
+  }
+
+  @Test
+  public void testCreateCacheWithSecurityManager() throws Exception {
+    cache = new CacheFactory(properties).setSecurityManager(simpleSecurityManager)
+        .setPostProcessor(null).create();
+    assertTrue(securityService.isIntegratedSecurity());
+    assertFalse(securityService.needPostProcess());
+    assertNotNull(securityService.getSecurityManager());
+  }
+
+  @Test
+  public void testCreateCacheWithPostProcessor() throws Exception {
+    cache = new CacheFactory(properties).setPostProcessor(new SamplePostProcessor())
+        .setSecurityManager(null).create();
+    assertFalse(securityService.isIntegratedSecurity());
+    assertFalse(securityService.needPostProcess());
+    assertNotNull(securityService.getPostProcessor());
+  }
+
+  @Test
+  public void testOverride() throws Exception {
+    properties.setProperty(ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR,
+        DummyAuthenticator.class.getName());
+
+    cache = new CacheFactory(properties).setSecurityManager(simpleSecurityManager)
+        .setPostProcessor(new SamplePostProcessor()).create();
+
+    assertTrue(securityService.isIntegratedSecurity());
+    assertTrue(securityService.isClientSecurityRequired());
+    assertTrue(securityService.needPostProcess());
+    assertNotNull(securityService.getSecurityManager());
+  }
+
+  @After
+  public void after() {
+    cache.close();
+  }
+
+}


Mime
View raw message