Mailing-List: contact commits-help@geode.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@geode.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: jinmeiliao@apache.org
To: commits@geode.apache.org
Message-Id: <c9f2b8d48eba49bcaf3b3a1a4c30b12e@git.apache.org>
Subject: geode git commit: GEODE-2775: Corrected setting of Pulse SSL Manager
 flag from System properties instead of pulse.properties when running in
 embedded mode.
Date: Mon, 17 Apr 2017 15:06:54 +0000 (UTC)
archived-at: Mon, 17 Apr 2017 15:06:56 -0000

Repository: geode
Updated Branches:
  refs/heads/develop 3a3077094 -> 3423f6f5a


GEODE-2775: Corrected setting of Pulse SSL Manager flag from System properties instead of pulse.properties when running in embedded mode.

* this closes #454


Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/3423f6f5
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/3423f6f5
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/3423f6f5

Branch: refs/heads/develop
Commit: 3423f6f5a9102859fdae8a95c7715dfd64dacc75
Parents: 3a30770
Author: Patrick Rhomberg <prhomberg@pivotal.io>
Authored: Wed Apr 12 11:39:11 2017 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Mon Apr 17 08:06:01 2017 -0700

----------------------------------------------------------------------
 .../tools/pulse/PulseSecurityWithSSLTest.java   | 83 ++++++++++++++++++++
 .../management/internal/ManagementAgent.java    | 16 ++--
 .../tools/pulse/internal/PulseAppListener.java  |  4 +
 3 files changed, 95 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode/blob/3423f6f5/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java b/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
new file mode 100644
index 0000000..3b9cd72
--- /dev/null
+++ b/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.tools.pulse;
+
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.util.test.TestUtil.getResourcePath;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.apache.geode.security.SecurableCommunicationChannels;
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.test.dunit.rules.HttpClientRule;
+import org.apache.geode.test.dunit.rules.LocatorStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.http.HttpResponse;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.io.File;
+import java.util.Properties;
+
+
+@Category(IntegrationTest.class)
+public class PulseSecurityWithSSLTest {
+
+  private static File jks =
+      new File(getResourcePath(PulseSecurityWithSSLTest.class, "/ssl/trusted.keystore"));
+
+  @ClassRule
+  public static LocatorStarterRule locator = new LocatorStarterRule();
+
+  @BeforeClass
+  public static void beforeClass() throws Exception {
+    Properties securityProps = new Properties();
+    securityProps.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannels.JMX);
+    securityProps.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
+    securityProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
+    // securityProps.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+    securityProps.setProperty(SSL_TRUSTSTORE, jks.getCanonicalPath());
+    securityProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
+    securityProps.setProperty(SSL_PROTOCOLS, "TLSv1.2");
+    securityProps.setProperty(SSL_CIPHERS, "any");
+
+    locator.withSecurityManager(SimpleTestSecurityManager.class).withProperties(securityProps)
+        .startLocator();
+  }
+
+  @Rule
+  public HttpClientRule client = new HttpClientRule(locator::getHttpPort);
+
+
+  @Test
+  public void loginWithIncorrectPassword() throws Exception {
+    HttpResponse response = client.loginToPulse("data", "wrongPassword");
+    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(302);
+    assertThat(response.getFirstHeader("Location").getValue())
+        .contains("/pulse/login.html?error=BAD_CREDS");
+
+    client.loginToPulseAndVerify("data", "data");
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/3423f6f5/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index 025e5e5..5cbb990 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -100,6 +100,7 @@ public class ManagementAgent {
    */
   private static final String PULSE_EMBEDDED_PROP = "pulse.embedded";
   private static final String PULSE_PORT_PROP = "pulse.port";
+  private static final String PULSE_USESSL_MANAGER = "pulse.useSSL.manager";
 
   public ManagementAgent(DistributionConfig config) {
     this.config = config;
@@ -269,6 +270,10 @@ public class ManagementAgent {
           System.setProperty(PULSE_EMBEDDED_PROP, "true");
           System.setProperty(PULSE_PORT_PROP, "" + config.getJmxManagerPort());
 
+          final SocketCreator socketCreator =
+              SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX);
+          System.setProperty(PULSE_USESSL_MANAGER, socketCreator.useSSL() + "");
+
           this.httpServer = JettyHelper.startJetty(this.httpServer);
 
           // now, that Tomcat has been started, we can set the URL used by web
@@ -504,14 +509,9 @@ public class ManagementAgent {
       if (names.isEmpty()) {
         try {
           platformMBeanServer.registerMBean(acc, accessControlMBeanON);
-          logger.info("Registered AccessContorlMBean on " + accessControlMBeanON);
-        } catch (InstanceAlreadyExistsException e) {
-          throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource",
-              e);
-        } catch (MBeanRegistrationException e) {
-          throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource",
-              e);
-        } catch (NotCompliantMBeanException e) {
+          logger.info("Registered AccessControlMBean on " + accessControlMBeanON);
+        } catch (InstanceAlreadyExistsException | MBeanRegistrationException
+            | NotCompliantMBeanException e) {
           throw new GemFireConfigException("Error while configuring accesscontrol for jmx resource",
               e);
         }

http://git-wip-us.apache.org/repos/asf/geode/blob/3423f6f5/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java b/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
index 75bcc98..35f494b 100644
--- a/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
+++ b/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
@@ -169,6 +169,10 @@ public class PulseAppListener implements ServletContextListener {
 
     // set SSL info
     initializeSSL();
+    if (sysIsEmbedded) {
+      sysPulseUseSSLManager = Boolean
+          .parseBoolean(System.getProperty(PulseConstants.SYSTEM_PROPERTY_PULSE_USESSL_MANAGER));
+    }
     repository.setUseSSLLocator(sysPulseUseSSLLocator);
     repository.setUseSSLManager(sysPulseUseSSLManager);