Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 4D178200C40 for ; Thu, 23 Mar 2017 21:14:50 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 4BBC9160B68; Thu, 23 Mar 2017 20:14:50 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5E992160B84 for ; Thu, 23 Mar 2017 21:14:47 +0100 (CET) Received: (qmail 70640 invoked by uid 500); 23 Mar 2017 20:14:46 -0000 Mailing-List: contact commits-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list commits@geode.apache.org Received: (qmail 70531 invoked by uid 99); 23 Mar 2017 20:14:45 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Mar 2017 20:14:45 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id F137DE0893; Thu, 23 Mar 2017 20:14:44 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jinmeiliao@apache.org To: commits@geode.apache.org Date: Thu, 23 Mar 2017 20:14:46 -0000 Message-Id: <0aae6b4796d7489ba27c9fe625914f5e@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [3/4] geode git commit: GEODE-2395: use random ports when starting the jmx manager and http services archived-at: Thu, 23 Mar 2017 20:14:50 -0000 http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java index 62c0b85..e84cb56 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java @@ -14,13 +14,11 @@ */ package org.apache.geode.management.internal.security; -import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_PORT; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR; import static org.assertj.core.api.Assertions.assertThat; import org.apache.geode.cache.RegionShortcut; -import org.apache.geode.internal.AvailablePortHelper; import org.apache.geode.security.TestPostProcessor; import org.apache.geode.security.TestSecurityManager; import org.apache.geode.test.dunit.rules.ConnectionConfiguration; @@ -34,30 +32,20 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -import java.util.Properties; - @Category({IntegrationTest.class, SecurityTest.class}) public class GfshCommandsPostProcessorTest { - protected static int jmxPort = AvailablePortHelper.getRandomAvailableTCPPort(); - - static Properties properties = new Properties() { - { - setProperty(JMX_MANAGER_PORT, jmxPort + ""); - setProperty(SECURITY_POST_PROCESSOR, TestPostProcessor.class.getName()); - setProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()); - setProperty("security-json", - "org/apache/geode/management/internal/security/cacheServer.json"); - } - }; - - @ClassRule - public static ServerStarterRule serverStarter = new ServerStarterRule().startServer(properties); + public static ServerStarterRule serverStarter = new ServerStarterRule().withJMXManager() + .withProperty(SECURITY_POST_PROCESSOR, TestPostProcessor.class.getName()) + .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty("security-json", + "org/apache/geode/management/internal/security/cacheServer.json") + .startServer(); @Rule - public GfshShellConnectionRule gfshConnection = - new GfshShellConnectionRule(jmxPort, GfshShellConnectionRule.PortType.jmxManger); + public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule( + serverStarter.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger); @BeforeClass public static void beforeClass() throws Exception { http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java index 45d437a..348e2ea 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java @@ -14,8 +14,6 @@ */ package org.apache.geode.management.internal.security; -import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_PORT; -import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_PORT; import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; @@ -24,7 +22,6 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import org.apache.geode.cache.RegionShortcut; -import org.apache.geode.internal.AvailablePortHelper; import org.apache.geode.internal.logging.LogService; import org.apache.geode.management.cli.Result; import org.apache.geode.management.internal.cli.result.CommandResult; @@ -44,41 +41,19 @@ import org.junit.Test; import org.junit.experimental.categories.Category; import java.util.List; -import java.util.Properties; @Category({IntegrationTest.class, SecurityTest.class}) -// @RunWith(Parameterized.class) -// @Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class) public class GfshCommandsSecurityTest { + @ClassRule + public static ServerStarterRule serverStarter = new ServerStarterRule().withJMXManager() + .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty("security-json", + "org/apache/geode/management/internal/security/cacheServer.json") + .startServer(); - protected static int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2); - protected static int jmxPort = ports[0]; - protected static int httpPort = ports[1]; - - // can't do parameterized tests here since useHttp tests needs to be in geode-web project - // @Parameterized.Parameters - // public static Collection data() { - // return Arrays.asList(new Object[] {true, false}); - // } - // - // @Parameterized.Parameter - // public boolean useHttp; - - static Properties properties = new Properties() { - { - setProperty(JMX_MANAGER_PORT, jmxPort + ""); - setProperty(HTTP_SERVICE_PORT, httpPort + ""); - setProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()); - setProperty("security-json", - "org/apache/geode/management/internal/security/cacheServer.json"); - } - }; @Rule - public GfshShellConnectionRule gfshConnection = - new GfshShellConnectionRule(jmxPort, GfshShellConnectionRule.PortType.jmxManger); - - @ClassRule - public static ServerStarterRule serverStarter = new ServerStarterRule().startServer(properties); + public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule( + serverStarter.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger); @BeforeClass public static void beforeClass() throws Exception { http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/management/internal/security/JavaRmiServerNameTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/JavaRmiServerNameTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/JavaRmiServerNameTest.java index 070e905..6334e7e 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/JavaRmiServerNameTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/JavaRmiServerNameTest.java @@ -16,44 +16,27 @@ package org.apache.geode.management.internal.security; -import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_PORT; import static org.junit.Assert.assertEquals; -import org.apache.geode.internal.AvailablePort; import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.junit.After; -import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Test; import org.junit.experimental.categories.Category; -import java.util.Properties; - @Category(IntegrationTest.class) public class JavaRmiServerNameTest { private static final String JMX_HOST = "myHostname"; - static Properties properties = new Properties() { - { - setProperty(JMX_MANAGER_PORT, - AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET) + ""); - setProperty("jmx-manager-hostname-for-clients", JMX_HOST); - } - }; - @ClassRule - public static ServerStarterRule serverStarter = new ServerStarterRule(); - - @BeforeClass - public static void beforeClass() throws Exception { - serverStarter.startServer(properties); - } - - + public static ServerStarterRule serverStarter = new ServerStarterRule() + .withProperty("jmx-manager-hostname-for-clients", JMX_HOST).withJMXManager().startServer(); - // https://issues.apache.org/jira/browse/GEODE-1548 + /** + * this is for GEODE-1548 + */ @Test public void testThatJavaRmiServerNameGetsSet() { assertEquals(JMX_HOST, System.getProperty("java.rmi.server.hostname")); http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java index 97b9730..a5a88c2 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java @@ -14,43 +14,45 @@ */ package org.apache.geode.management.internal.security; -import static org.assertj.core.api.Assertions.*; - -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.assertj.core.api.Assertions.assertThatThrownBy; import org.apache.geode.cache.Cache; import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.distributed.internal.locks.DLockService; -import org.apache.geode.internal.AvailablePort; import org.apache.geode.management.LockServiceMXBean; +import org.apache.geode.security.TestSecurityManager; import org.apache.geode.test.dunit.rules.ConnectionConfiguration; import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; @Category({IntegrationTest.class, SecurityTest.class}) public class LockServiceMBeanAuthorizationJUnitTest { - - private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); - private LockServiceMXBean lockServiceMBean; @ClassRule - public static CacheServerStartupRule serverRule = - CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort); + public static ServerStarterRule server = new ServerStarterRule().withJMXManager() + .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/cacheServer.json") + .startServer(); @Rule - public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); + public MBeanServerConnectionRule connectionRule = + new MBeanServerConnectionRule(server.getJmxPort()); @BeforeClass public static void beforeClassSetUp() { - Cache cache = serverRule.getCache(); + Cache cache = server.getCache(); DLockService.create("test-lock-service", (InternalDistributedSystem) cache.getDistributedSystem(), false, true, true); } http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java index 9561111..f97cf2b 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/MBeanSecurityJUnitTest.java @@ -14,12 +14,28 @@ */ package org.apache.geode.management.internal.security; -import static org.assertj.core.api.Assertions.*; -import static org.mockito.Mockito.*; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.mockito.Mockito.mock; + +import org.apache.geode.management.ManagementException; +import org.apache.geode.management.ManagementService; +import org.apache.geode.management.MemberMXBean; +import org.apache.geode.management.internal.MBeanJMXAdapter; +import org.apache.geode.security.TestSecurityManager; +import org.apache.geode.test.dunit.rules.ConnectionConfiguration; +import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; import java.io.IOException; import java.util.Set; - import javax.management.DynamicMBean; import javax.management.MBeanServer; import javax.management.MBeanServerConnection; @@ -28,32 +44,18 @@ import javax.management.ObjectInstance; import javax.management.ObjectName; import javax.management.ReflectionException; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import org.apache.geode.internal.AvailablePort; -import org.apache.geode.management.ManagementException; -import org.apache.geode.management.ManagementService; -import org.apache.geode.management.MemberMXBean; -import org.apache.geode.management.internal.MBeanJMXAdapter; -import org.apache.geode.test.dunit.rules.ConnectionConfiguration; -import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; - @Category({IntegrationTest.class, SecurityTest.class}) public class MBeanSecurityJUnitTest { - - private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); - @ClassRule - public static CacheServerStartupRule serverRule = - CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort); + public static ServerStarterRule server = new ServerStarterRule().withJMXManager() + .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/cacheServer.json") + .startServer(); @Rule - public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); + public MBeanServerConnectionRule connectionRule = + new MBeanServerConnectionRule(server.getJmxPort()); /** * No user can call createBean or unregisterBean of GemFire Domain @@ -112,7 +114,7 @@ public class MBeanSecurityJUnitTest { @ConnectionConfiguration(user = "stranger", password = "1234567") public void testServerSideCalls() { // calls through ManagementService is not going through authorization checks - ManagementService service = ManagementService.getManagementService(serverRule.getCache()); + ManagementService service = ManagementService.getManagementService(server.getCache()); MemberMXBean bean = service.getMemberMXBean(); bean.compactAllDiskStores(); } http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java index e9e29fd..9be9e02 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java @@ -14,13 +14,18 @@ */ package org.apache.geode.management.internal.security; -import static org.assertj.core.api.Assertions.*; -import static org.mockito.Mockito.*; - -import java.lang.management.ManagementFactory; - -import javax.management.ObjectName; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.mockito.Mockito.mock; +import org.apache.geode.management.ManagerMXBean; +import org.apache.geode.management.internal.beans.ManagerMBean; +import org.apache.geode.security.TestSecurityManager; +import org.apache.geode.test.dunit.rules.ConnectionConfiguration; +import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; import org.junit.Before; import org.junit.BeforeClass; import org.junit.ClassRule; @@ -28,27 +33,23 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -import org.apache.geode.internal.AvailablePort; -import org.apache.geode.management.ManagerMXBean; -import org.apache.geode.management.internal.beans.ManagerMBean; -import org.apache.geode.test.dunit.rules.ConnectionConfiguration; -import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; -import org.apache.geode.test.junit.categories.IntegrationTest; -import org.apache.geode.test.junit.categories.SecurityTest; +import java.lang.management.ManagementFactory; +import javax.management.ObjectName; @Category({IntegrationTest.class, SecurityTest.class}) public class ManagerMBeanAuthorizationJUnitTest { - - private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); - private ManagerMXBean managerMXBean; @ClassRule - public static CacheServerStartupRule serverRule = - CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort); + public static ServerStarterRule server = new ServerStarterRule().withJMXManager() + .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/cacheServer.json") + .startServer(); @Rule - public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); + public MBeanServerConnectionRule connectionRule = + new MBeanServerConnectionRule(server.getJmxPort()); @BeforeClass public static void beforeClassSetup() throws Exception { http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java index 002900c..2ee03e3 100644 --- a/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/MemberMBeanSecurityJUnitTest.java @@ -14,13 +14,14 @@ */ package org.apache.geode.management.internal.security; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; import static org.assertj.core.api.Assertions.assertThatThrownBy; -import org.apache.geode.internal.AvailablePort; import org.apache.geode.management.MemberMXBean; +import org.apache.geode.security.TestSecurityManager; import org.apache.geode.test.dunit.rules.ConnectionConfiguration; import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule; -import org.apache.geode.test.junit.categories.FlakyTest; +import org.apache.geode.test.dunit.rules.ServerStarterRule; import org.apache.geode.test.junit.categories.IntegrationTest; import org.apache.geode.test.junit.categories.SecurityTest; import org.junit.Before; @@ -28,22 +29,20 @@ import org.junit.Rule; import org.junit.Test; import org.junit.experimental.categories.Category; -/** - * GEODE-2496: Flaky -- possibly due to use of AvailablePort - */ -@Category({IntegrationTest.class, SecurityTest.class, FlakyTest.class}) +@Category({IntegrationTest.class, SecurityTest.class}) public class MemberMBeanSecurityJUnitTest { - - private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); - private MemberMXBean bean; - @Rule - public CacheServerStartupRule serverRule = - CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort); + @Rule // do not use a ClassRule since some test will do a shutdownMember + public ServerStarterRule server = new ServerStarterRule().withJMXManager() + .withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/cacheServer.json") + .startServer(); @Rule - public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort); + public MBeanServerConnectionRule connectionRule = + new MBeanServerConnectionRule(server.getJmxPort()); @Before public void setUp() throws Exception { http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/AbstractSecureServerDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/AbstractSecureServerDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/AbstractSecureServerDUnitTest.java deleted file mode 100644 index f8d90db..0000000 --- a/geode-core/src/test/java/org/apache/geode/security/AbstractSecureServerDUnitTest.java +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more contributor license - * agreements. See the NOTICE file distributed with this work for additional information regarding - * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance with the License. You may obtain a - * copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ - -package org.apache.geode.security; - -import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS; -import static org.apache.geode.distributed.ConfigurationProperties.LOG_LEVEL; -import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT; -import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTH_INIT; -import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; -import static org.assertj.core.api.Assertions.assertThatThrownBy; - -import org.apache.geode.cache.Region; -import org.apache.geode.cache.RegionShortcut; -import org.apache.geode.cache.client.ClientCache; -import org.apache.geode.cache.client.ClientCacheFactory; -import org.apache.geode.cache.client.ClientRegionShortcut; -import org.apache.geode.security.templates.UserPasswordAuthInit; -import org.apache.geode.test.dunit.Host; -import org.apache.geode.test.dunit.IgnoredException; -import org.apache.geode.test.dunit.VM; -import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; -import org.apache.geode.test.dunit.rules.ServerStarterRule; -import org.assertj.core.api.ThrowableAssert.ThrowingCallable; -import org.junit.Before; -import org.junit.Rule; - -import java.util.HashMap; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Properties; - -public abstract class AbstractSecureServerDUnitTest extends JUnit4DistributedTestCase { - - protected static final String REGION_NAME = "AuthRegion"; - - protected VM client1 = null; - protected VM client2 = null; - protected VM client3 = null; - protected int serverPort; - protected boolean pdxPersistent = false; - - @Rule - public transient ServerStarterRule serverStarter = - new ServerStarterRule().startServer(getProperties(), 0, pdxPersistent); - - // overwrite this in child classes - public Properties getProperties() { - return new Properties() { - { - setProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()); - setProperty(TestSecurityManager.SECURITY_JSON, - "org/apache/geode/management/internal/security/clientServer.json"); - } - }; - } - - // overwrite this if you want a different set of initial data - public Map getData() { - Map data = new HashMap(); - for (int i = 0; i < 5; i++) { - data.put("key" + i, "value" + i); - } - return data; - } - - @Before - public void before() throws Exception { - serverPort = serverStarter.getServer().getPort(); - Region region = - serverStarter.getCache().createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME); - for (Entry entry : getData().entrySet()) { - region.put(entry.getKey(), entry.getValue()); - } - - IgnoredException.addIgnoredException("No longer connected to localhost"); - IgnoredException.addIgnoredException(AuthenticationFailedException.class.getName()); - final Host host = Host.getHost(0); - this.client1 = host.getVM(1); - this.client2 = host.getVM(2); - this.client3 = host.getVM(3); - } - - public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) { - assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString); - } - - public static Properties createClientProperties(String userName, String password) { - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, password); - props.setProperty(LOG_LEVEL, "fine"); - props.setProperty(LOCATORS, ""); - props.setProperty(MCAST_PORT, "0"); - props.setProperty(SECURITY_CLIENT_AUTH_INIT, UserPasswordAuthInit.class.getName()); - return props; - } - - public static ClientCache createClientCache(String username, String password, int serverPort) { - ClientCache cache = new ClientCacheFactory(createClientProperties(username, password)) - .setPoolSubscriptionEnabled(true).addPoolServer("localhost", serverPort).create(); - - cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); - return cache; - } - -} http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientAuthDUnitTest.java new file mode 100644 index 0000000..27b002b --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientAuthDUnitTest.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.IgnoredException; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientAuthDUnitTest extends JUnit4DistributedTestCase { + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + @Rule + public ServerStarterRule server = new ServerStarterRule() + .withProperty(SECURITY_MANAGER, SimpleTestSecurityManager.class.getName()).startServer(); + + @Test + public void authWithCorrectPasswordShouldPass() { + client1.invoke("logging in super-user with correct password", () -> { + SecurityTestUtil.createClientCache("test", "test", server.getPort()); + }); + } + + @Test + public void authWithIncorrectPasswordShouldFail() { + IgnoredException.addIgnoredException(AuthenticationFailedException.class.getName()); + client2.invoke("logging in super-user with wrong password", () -> { + assertThatThrownBy( + () -> SecurityTestUtil.createClientCache("test", "wrong", server.getPort())) + .isInstanceOf(AuthenticationFailedException.class); + }); + } +} + + http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientContainsKeyAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientContainsKeyAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientContainsKeyAuthDUnitTest.java new file mode 100644 index 0000000..f2398bf --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientContainsKeyAuthDUnitTest.java @@ -0,0 +1,82 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; +import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; +import static org.junit.Assert.assertTrue; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.test.dunit.AsyncInvocation; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientContainsKeyAuthDUnitTest extends JUnit4DistributedTestCase { + private static String REGION_NAME = "AuthRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer(); + + @Before + public void before() throws Exception { + Region region = + server.getCache().createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME); + for (int i = 0; i < 5; i++) { + region.put("key" + i, "value" + i); + } + } + + @Test + public void testContainsKey() throws Exception { + AsyncInvocation ai1 = client1.invokeAsync(() -> { + ClientCache cache = createClientCache("key1User", "1234567", server.getPort()); + final Region region = createProxyRegion(cache, REGION_NAME); + assertTrue(region.containsKeyOnServer("key1")); + SecurityTestUtil.assertNotAuthorized(() -> region.containsKeyOnServer("key3"), + "DATA:READ:AuthRegion:key3"); + }); + + AsyncInvocation ai2 = client2.invokeAsync(() -> { + ClientCache cache = createClientCache("authRegionReader", "1234567", server.getPort()); + final Region region = createProxyRegion(cache, REGION_NAME); + region.containsKeyOnServer("key3"); + assertTrue(region.containsKeyOnServer("key1")); + }); + + ai1.await(); + ai2.await(); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientDestroyInvalidateAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientDestroyInvalidateAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientDestroyInvalidateAuthDUnitTest.java new file mode 100644 index 0000000..a25900e --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientDestroyInvalidateAuthDUnitTest.java @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.junit.Assert.*; + +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.cache.client.ClientRegionShortcut; +import org.apache.geode.test.dunit.AsyncInvocation; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientDestroyInvalidateAuthDUnitTest extends JUnit4DistributedTestCase { + private static String REGION_NAME = "testRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer(); + + @Before + public void before() throws Exception { + Region region = + server.getCache().createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME); + for (int i = 0; i < 5; i++) { + region.put("key" + i, "value" + i); + } + } + + @Test + public void testDestroyInvalidate() throws Exception { + + // Delete one key and invalidate another key with an authorized user. + AsyncInvocation ai1 = client1.invokeAsync(() -> { + ClientCache cache = + SecurityTestUtil.createClientCache("dataUser", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + assertTrue(region.containsKeyOnServer("key1")); + + // Destroy key1 + region.destroy("key1"); + assertFalse(region.containsKeyOnServer("key1")); + + // Invalidate key2 + assertNotNull("Value of key2 should not be null", region.get("key2")); + region.invalidate("key2"); + assertNull("Value of key2 should have been null", region.get("key2")); + + }); + + // Delete one key and invalidate another key with an unauthorized user. + AsyncInvocation ai2 = client2.invokeAsync(() -> { + ClientCache cache = + SecurityTestUtil.createClientCache("authRegionReader", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + + assertTrue(region.containsKeyOnServer("key3")); + + // Destroy key1 + SecurityTestUtil.assertNotAuthorized(() -> region.destroy("key3"), "DATA:WRITE:AuthRegion"); + assertTrue(region.containsKeyOnServer("key3")); + + // Invalidate key2 + assertNotNull("Value of key4 should not be null", region.get("key4")); + SecurityTestUtil.assertNotAuthorized(() -> region.invalidate("key4"), + "DATA:WRITE:AuthRegion"); + assertNotNull("Value of key4 should not be null", region.get("key4")); + }); + + ai1.await(); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientDestroyRegionAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientDestroyRegionAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientDestroyRegionAuthDUnitTest.java new file mode 100644 index 0000000..33c8d62 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientDestroyRegionAuthDUnitTest.java @@ -0,0 +1,81 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.assertj.core.api.Assertions.assertThat; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.cache.client.ClientRegionShortcut; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientDestroyRegionAuthDUnitTest extends JUnit4DistributedTestCase { + private static String REGION_NAME = "testRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + final VM client3 = host.getVM(3); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer().createRegion(RegionShortcut.REPLICATE, REGION_NAME); + + @Test + public void testDestroyRegion() throws InterruptedException { + client1.invoke(() -> { + ClientCache cache = + SecurityTestUtil.createClientCache("dataWriter", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + SecurityTestUtil.assertNotAuthorized(() -> region.destroyRegion(), "DATA:MANAGE"); + }); + + client2.invoke(() -> { + ClientCache cache = + SecurityTestUtil.createClientCache("authRegionManager", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + SecurityTestUtil.assertNotAuthorized(() -> region.destroyRegion(), "DATA:MANAGE"); + }); + + client3.invoke(() -> { + ClientCache cache = + SecurityTestUtil.createClientCache("super-user", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + region.destroyRegion(); + assertThat(region.isDestroyed()).isTrue(); + }); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientExecuteFunctionAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientExecuteFunctionAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientExecuteFunctionAuthDUnitTest.java new file mode 100644 index 0000000..adc66d0 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientExecuteFunctionAuthDUnitTest.java @@ -0,0 +1,91 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; + +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.cache.execute.Function; +import org.apache.geode.cache.execute.FunctionService; +import org.apache.geode.cache.execute.ResultCollector; +import org.apache.geode.internal.cache.functions.TestFunction; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientExecuteFunctionAuthDUnitTest extends JUnit4DistributedTestCase { + + private static String REGION_NAME = "testRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + private final static Function function = new TestFunction(true, TestFunction.TEST_FUNCTION1); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer().createRegion(RegionShortcut.REPLICATE, REGION_NAME); + + @Test + public void testExecuteRegionFunctionWithClientRegistration() { + + FunctionService.registerFunction(function); + client1.invoke("logging in with dataReader", () -> { + ClientCache cache = createClientCache("dataReader", "1234567", server.getPort()); + + FunctionService.registerFunction(function); + + assertNotAuthorized(() -> FunctionService.onServer(cache.getDefaultPool()) + .withArgs(Boolean.TRUE).execute(function.getId()), "DATA:WRITE"); + }); + + client2.invoke("logging in with super-user", () -> { + ClientCache cache = createClientCache("super-user", "1234567", server.getPort()); + + FunctionService.registerFunction(function); + ResultCollector rc = FunctionService.onServer(cache.getDefaultPool()).withArgs(Boolean.TRUE) + .execute(function.getId()); + rc.getResult(); + }); + } + + @Test + // this would trigger the client to send a GetFunctionAttribute command before executing it + public void testExecuteRegionFunctionWithOutClientRegistration() { + FunctionService.registerFunction(function); + client1.invoke("logging in with dataReader", () -> { + ClientCache cache = createClientCache("dataReader", "1234567", server.getPort()); + assertNotAuthorized(() -> FunctionService.onServer(cache.getDefaultPool()) + .withArgs(Boolean.TRUE).execute(function.getId()), "DATA:WRITE"); + }); + } +} + + http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientExecuteRegionFunctionAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientExecuteRegionFunctionAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientExecuteRegionFunctionAuthDUnitTest.java new file mode 100644 index 0000000..1f88161 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientExecuteRegionFunctionAuthDUnitTest.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; +import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.cache.execute.Function; +import org.apache.geode.cache.execute.FunctionService; +import org.apache.geode.cache.execute.ResultCollector; +import org.apache.geode.internal.cache.functions.TestFunction; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientExecuteRegionFunctionAuthDUnitTest extends JUnit4DistributedTestCase { + + private static String REGION_NAME = "AuthRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + private final static Function function = new TestFunction(true, TestFunction.TEST_FUNCTION1); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer().createRegion(RegionShortcut.REPLICATE, REGION_NAME); + + @Test + public void testExecuteRegionFunction() { + + FunctionService.registerFunction(function); + + client1.invoke("logging in with dataReader", () -> { + ClientCache cache = createClientCache("dataReader", "1234567", server.getPort()); + + Region region = createProxyRegion(cache, REGION_NAME); + FunctionService.registerFunction(function); + assertNotAuthorized( + () -> FunctionService.onRegion(region).withArgs(Boolean.TRUE).execute(function.getId()), + "DATA:WRITE"); + }); + + client2.invoke("logging in with super-user", () -> { + ClientCache cache = createClientCache("super-user", "1234567", server.getPort()); + + Region region = createProxyRegion(cache, REGION_NAME); + FunctionService.registerFunction(function); + ResultCollector rc = + FunctionService.onRegion(region).withArgs(Boolean.TRUE).execute(function.getId()); + rc.getResult(); + }); + } +} + + http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientGetAllAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientGetAllAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientGetAllAuthDUnitTest.java new file mode 100644 index 0000000..8963ee2 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientGetAllAuthDUnitTest.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.internal.Assert.assertTrue; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; +import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; +import static org.jgroups.util.Util.assertEquals; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import java.util.Arrays; +import java.util.Map; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientGetAllAuthDUnitTest extends JUnit4DistributedTestCase { + + private static String REGION_NAME = "AuthRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer().createRegion(RegionShortcut.REPLICATE, REGION_NAME); + + @Test + public void testGetAll() { + client1.invoke("logging in Stranger", () -> { + ClientCache cache = createClientCache("stranger", "1234567", server.getPort()); + + Region region = createProxyRegion(cache, REGION_NAME); + Map emptyMap = region.getAll(Arrays.asList("key1", "key2", "key3", "key4")); + assertTrue(emptyMap.isEmpty()); + }); + + client2.invoke("logging in authRegionReader", () -> { + ClientCache cache = createClientCache("authRegionReader", "1234567", server.getPort()); + + Region region = createProxyRegion(cache, REGION_NAME); + Map filledMap = region.getAll(Arrays.asList("key1", "key2", "key3", "key4")); + assertEquals("Map should contain 4 entries", 4, filledMap.size()); + assertTrue(filledMap.containsKey("key1")); + }); + } +} + + http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientGetEntryAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientGetEntryAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientGetEntryAuthDUnitTest.java new file mode 100644 index 0000000..0f41cc6 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientGetEntryAuthDUnitTest.java @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; +import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; + +import org.apache.geode.cache.CacheTransactionManager; +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.test.dunit.AsyncInvocation; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientGetEntryAuthDUnitTest extends JUnit4DistributedTestCase { + + private static String REGION_NAME = "AuthRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer(); + + @Before + public void before() throws Exception { + Region region = + server.getCache().createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME); + for (int i = 0; i < 5; i++) { + region.put("key" + i, "value" + i); + } + } + + @Test + public void testGetEntry() throws Exception { + // client1 connects to server as a user not authorized to do any operations + AsyncInvocation ai1 = client1.invokeAsync(() -> { + ClientCache cache = createClientCache("stranger", "1234567", server.getPort()); + + CacheTransactionManager transactionManager = cache.getCacheTransactionManager(); + transactionManager.begin(); + try { + Region region = createProxyRegion(cache, REGION_NAME); + assertNotAuthorized(() -> region.getEntry("key3"), "DATA:READ:AuthRegion:key3"); + } finally { + transactionManager.commit(); + } + + }); + + AsyncInvocation ai2 = client2.invokeAsync(() -> { + ClientCache cache = createClientCache("authRegionReader", "1234567", server.getPort()); + + CacheTransactionManager transactionManager = cache.getCacheTransactionManager(); + transactionManager.begin(); + try { + Region region = createProxyRegion(cache, REGION_NAME); + region.getEntry("key3"); + } finally { + transactionManager.commit(); + } + + }); + + ai1.await(); + ai2.await(); + + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientGetPutAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientGetPutAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientGetPutAuthDUnitTest.java new file mode 100644 index 0000000..8f63301 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientGetPutAuthDUnitTest.java @@ -0,0 +1,146 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; +import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; +import static org.junit.Assert.assertEquals; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.test.dunit.AsyncInvocation; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientGetPutAuthDUnitTest extends JUnit4DistributedTestCase { + + private static String REGION_NAME = "AuthRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + final VM client3 = host.getVM(3); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer(); + + @Before + public void before() throws Exception { + Region region = + server.getCache().createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME); + for (int i = 0; i < 5; i++) { + region.put("key" + i, "value" + i); + } + } + + @Test + public void testGetPutAuthorization() throws InterruptedException { + Map allValues = new HashMap(); + allValues.put("key1", "value1"); + allValues.put("key2", "value2"); + + List keys = new ArrayList<>(); + keys.add("key1"); + keys.add("key2"); + + // client1 connects to server as a user not authorized to do any operations + AsyncInvocation ai1 = client1.invokeAsync(() -> { + ClientCache cache = createClientCache("stranger", "1234567", server.getPort()); + Region region = createProxyRegion(cache, REGION_NAME); + + assertNotAuthorized(() -> region.put("key3", "value3"), "DATA:WRITE:AuthRegion:key3"); + assertNotAuthorized(() -> region.get("key3"), "DATA:READ:AuthRegion:key3"); + + // putall + assertNotAuthorized(() -> region.putAll(allValues), "DATA:WRITE:AuthRegion"); + + // not authorized for either keys, get no record back + Map keyValues = region.getAll(keys); + assertEquals(0, keyValues.size()); + + assertNotAuthorized(() -> region.keySetOnServer(), "DATA:READ:AuthRegion"); + }); + + + // client2 connects to user as a user authorized to use AuthRegion region + AsyncInvocation ai2 = client2.invokeAsync(() -> { + ClientCache cache = createClientCache("authRegionUser", "1234567", server.getPort()); + Region region = createProxyRegion(cache, REGION_NAME); + + region.put("key3", "value3"); + assertEquals("value3", region.get("key3")); + + // put all + region.putAll(allValues); + + // get all + Map keyValues = region.getAll(keys); + assertEquals(2, keyValues.size()); + + // keyset + Set keySet = region.keySetOnServer(); + assertEquals(5, keySet.size()); + }); + + // client3 connects to user as a user authorized to use key1 in AuthRegion region + AsyncInvocation ai3 = client3.invokeAsync(() -> { + ClientCache cache = createClientCache("key1User", "1234567", server.getPort()); + Region region = createProxyRegion(cache, REGION_NAME); + + assertNotAuthorized(() -> region.put("key2", "value1"), "DATA:WRITE:AuthRegion:key2"); + assertNotAuthorized(() -> region.get("key2"), "DATA:READ:AuthRegion:key2"); + + assertNotAuthorized(() -> region.putAll(allValues), "DATA:WRITE:AuthRegion"); + + // only authorized for one recrod + Map keyValues = region.getAll(keys); + assertEquals(1, keyValues.size()); + + // keyset + assertNotAuthorized(() -> region.keySetOnServer(), "DATA:READ:AuthRegion"); + }); + + ai1.join(); + ai2.join(); + ai3.join(); + + ai1.checkException(); + ai2.checkException(); + ai3.checkException(); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientRegionClearAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientRegionClearAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientRegionClearAuthDUnitTest.java new file mode 100644 index 0000000..7eae441 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientRegionClearAuthDUnitTest.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; +import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.SerializableRunnable; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientRegionClearAuthDUnitTest extends JUnit4DistributedTestCase { + + private static String REGION_NAME = "AuthRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer().createRegion(RegionShortcut.REPLICATE, REGION_NAME); + + @Test + public void testRegionClear() throws InterruptedException { + // Verify that an unauthorized user can't clear the region + SerializableRunnable clearUnauthorized = new SerializableRunnable() { + @Override + public void run() { + ClientCache cache = createClientCache("stranger", "1234567", server.getPort()); + Region region = createProxyRegion(cache, REGION_NAME); + assertNotAuthorized(() -> region.clear(), "DATA:WRITE:AuthRegion"); + } + }; + client1.invoke(clearUnauthorized); + + // Verify that an authorized user can clear the region + SerializableRunnable clearAuthorized = new SerializableRunnable() { + @Override + public void run() { + ClientCache cache = createClientCache("authRegionUser", "1234567", server.getPort()); + Region region = createProxyRegion(cache, REGION_NAME); + region.clear(); + } + }; + client2.invoke(clearAuthorized); + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientRegisterInterestAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientRegisterInterestAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientRegisterInterestAuthDUnitTest.java new file mode 100644 index 0000000..fcd2697 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientRegisterInterestAuthDUnitTest.java @@ -0,0 +1,158 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; +import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.cache.client.ClientRegionShortcut; +import org.apache.geode.test.dunit.AsyncInvocation; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import java.util.ArrayList; +import java.util.List; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientRegisterInterestAuthDUnitTest extends JUnit4DistributedTestCase { + + private static String REGION_NAME = "AuthRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + final VM client3 = host.getVM(3); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer().createRegion(RegionShortcut.REPLICATE, REGION_NAME); + + @Test + public void testRegisterInterest() throws Exception { + // client1 connects to server as a user not authorized to do any operations + AsyncInvocation ai1 = client1.invokeAsync(() -> { + ClientCache cache = createClientCache("stranger", "1234567", server.getPort()); + Region region = createProxyRegion(cache, REGION_NAME); + assertNotAuthorized(() -> region.registerInterest("key3"), "DATA:READ:AuthRegion:key3"); + }); + + // client2 connects to user as a user authorized to use AuthRegion region + AsyncInvocation ai2 = client2.invokeAsync(() -> { + ClientCache cache = createClientCache("authRegionUser", "1234567", server.getPort()); + Region region = createProxyRegion(cache, REGION_NAME); + region.registerInterest("key3"); // DATA:READ:AuthRegion:key3; + }); + + // client3 connects to user as a user authorized to use key1 in AuthRegion region + AsyncInvocation ai3 = client3.invokeAsync(() -> { + ClientCache cache = createClientCache("key1User", "1234567", server.getPort()); + Region region = createProxyRegion(cache, REGION_NAME); + assertNotAuthorized(() -> region.registerInterest("key2"), "DATA:READ:AuthRegion:key2"); + }); + + ai1.await(); + ai2.await(); + ai3.await(); + } + + @Test + public void testRegisterInterestRegex() throws Exception { + // client1 connects to server as a user not authorized to do any operations + AsyncInvocation ai1 = client1.invokeAsync(() -> { + ClientCache cache = createClientCache("stranger", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + assertNotAuthorized(() -> region.registerInterestRegex("key.*"), "DATA:READ:AuthRegion"); + }); + + // client2 connects to user as a user authorized to use AuthRegion region + AsyncInvocation ai2 = client2.invokeAsync(() -> { + ClientCache cache = createClientCache("authRegionUser", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + region.registerInterestRegex("key[0-9]+"); // DATA:READ:AuthRegion:key3; + }); + + // client3 connects to user as a user authorized to use key1 in AuthRegion region + AsyncInvocation ai3 = client3.invokeAsync(() -> { + ClientCache cache = createClientCache("key1User", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + assertNotAuthorized(() -> region.registerInterestRegex("key[0-9]+"), "DATA:READ:AuthRegion"); + assertNotAuthorized(() -> region.registerInterestRegex("key1"), "DATA:READ:AuthRegion"); + }); + + ai1.await(); + ai2.await(); + ai3.await(); + } + + @Test + public void testRegisterInterestList() throws Exception { + List keys = new ArrayList<>(); + keys.add("key1"); + keys.add("key2"); + + // client1 connects to server as a user not authorized to do any operations + AsyncInvocation ai1 = client1.invokeAsync(() -> { + ClientCache cache = createClientCache("stranger", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + assertNotAuthorized(() -> region.registerInterest(keys), "DATA:READ:AuthRegion"); + }); + + // client2 connects to user as a user authorized to use AuthRegion region + AsyncInvocation ai2 = client2.invokeAsync(() -> { + ClientCache cache = createClientCache("authRegionUser", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + region.registerInterest(keys); // DATA:READ:AuthRegion; + }); + + // client3 connects to user as a user authorized to use key1 in AuthRegion region + AsyncInvocation ai3 = client3.invokeAsync(() -> { + ClientCache cache = createClientCache("key1User", "1234567", server.getPort()); + + Region region = + cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + assertNotAuthorized(() -> region.registerInterest(keys), "DATA:READ:AuthRegion"); + }); + + ai1.await(); + ai2.await(); + ai3.await(); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientRemoveAllAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientRemoveAllAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientRemoveAllAuthDUnitTest.java new file mode 100644 index 0000000..b649d7f --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientRemoveAllAuthDUnitTest.java @@ -0,0 +1,78 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; +import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; +import static org.junit.Assert.assertFalse; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.test.dunit.AsyncInvocation; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import java.util.Arrays; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientRemoveAllAuthDUnitTest extends JUnit4DistributedTestCase { + + private static String REGION_NAME = "AuthRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer().createRegion(RegionShortcut.REPLICATE, REGION_NAME); + + @Test + public void testRemoveAll() throws Exception { + + AsyncInvocation ai1 = client1.invokeAsync(() -> { + ClientCache cache = createClientCache("authRegionReader", "1234567", server.getPort()); + + Region region = createProxyRegion(cache, REGION_NAME); + assertNotAuthorized(() -> region.removeAll(Arrays.asList("key1", "key2", "key3", "key4")), + "DATA:WRITE:AuthRegion"); + }); + + AsyncInvocation ai2 = client2.invokeAsync(() -> { + ClientCache cache = createClientCache("authRegionWriter", "1234567", server.getPort()); + + Region region = createProxyRegion(cache, REGION_NAME); + region.removeAll(Arrays.asList("key1", "key2", "key3", "key4")); + assertFalse(region.containsKey("key1")); + assertNotAuthorized(() -> region.containsKeyOnServer("key1"), "DATA:READ:AuthRegion:key1"); + }); + ai1.await(); + ai2.await(); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/d44db8b8/geode-core/src/test/java/org/apache/geode/security/ClientUnregisterInterestAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientUnregisterInterestAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientUnregisterInterestAuthDUnitTest.java new file mode 100644 index 0000000..4802c80 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/security/ClientUnregisterInterestAuthDUnitTest.java @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.security; + +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.security.SecurityTestUtil.createClientCache; +import static org.apache.geode.security.SecurityTestUtil.createProxyRegion; + +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.client.ClientCache; +import org.apache.geode.test.dunit.AsyncInvocation; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category({DistributedTest.class, SecurityTest.class}) +public class ClientUnregisterInterestAuthDUnitTest extends JUnit4DistributedTestCase { + + private static String REGION_NAME = "AuthRegion"; + + final Host host = Host.getHost(0); + final VM client1 = host.getVM(1); + final VM client2 = host.getVM(2); + + @Rule + public ServerStarterRule server = + new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName()) + .withProperty(TestSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json") + .startServer().createRegion(RegionShortcut.REPLICATE, REGION_NAME); + + @Test + public void testUnregisterInterest() throws Exception { + // client2 connects to user as a user authorized to use AuthRegion region + AsyncInvocation ai1 = client2.invokeAsync(() -> { + ClientCache cache = createClientCache("authRegionUser", "1234567", server.getPort()); + + Region region = createProxyRegion(cache, REGION_NAME); + region.registerInterest("key3"); + region.unregisterInterest("key3"); // DATA:READ:AuthRegion:key3; + }); + ai1.await(); + } +}