Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BBFB8200CA3 for ; Thu, 1 Jun 2017 21:05:35 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id BAB5C160BC4; Thu, 1 Jun 2017 19:05:35 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 16FC6160BE0 for ; Thu, 1 Jun 2017 21:05:32 +0200 (CEST) Received: (qmail 66804 invoked by uid 500); 1 Jun 2017 19:05:32 -0000 Mailing-List: contact commits-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list commits@geode.apache.org Received: (qmail 66684 invoked by uid 99); 1 Jun 2017 19:05:32 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Jun 2017 19:05:32 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 078D5DFFB2; Thu, 1 Jun 2017 19:05:32 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: klund@apache.org To: commits@geode.apache.org Date: Thu, 01 Jun 2017 19:05:34 -0000 Message-Id: In-Reply-To: <5d23070eae474e27b8343fb137befa27@git.apache.org> References: <5d23070eae474e27b8343fb137befa27@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [04/10] geode git commit: milestone archived-at: Thu, 01 Jun 2017 19:05:35 -0000 http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java index bad3bed..9db351d 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java @@ -12,9 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -/** - * - */ package org.apache.geode.internal.cache.tier.sockets.command; import java.io.IOException; @@ -40,6 +37,7 @@ import org.apache.geode.internal.cache.vmotion.VMotionObserverHolder; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.log4j.LocalizedMessage; import org.apache.geode.internal.security.AuthorizeRequest; +import org.apache.geode.internal.security.SecurityService; /** * @since GemFire 6.1 @@ -60,7 +58,7 @@ public class RegisterInterest61 extends BaseCommand { RegisterInterest61() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, InterruptedException { Part regionNamePart = null, keyPart = null; String regionName = null; @@ -186,9 +184,9 @@ public class RegisterInterest61 extends BaseCommand { try { if (interestType == InterestType.REGULAR_EXPRESSION) { - this.securityService.authorizeRegionRead(regionName); + securityService.authorizeRegionRead(regionName); } else { - this.securityService.authorizeRegionRead(regionName, key.toString()); + securityService.authorizeRegionRead(regionName, key.toString()); } AuthorizeRequest authzRequest = serverConnection.getAuthzRequest(); http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java index 5f5fafa..88da7cd 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java @@ -12,32 +12,31 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -/** - * - */ package org.apache.geode.internal.cache.tier.sockets.command; +import org.apache.geode.cache.DynamicRegionFactory; +import org.apache.geode.cache.InterestResultPolicy; +import org.apache.geode.cache.operations.RegisterInterestOperationContext; +import org.apache.geode.i18n.StringId; import org.apache.geode.internal.cache.LocalRegion; import org.apache.geode.internal.cache.tier.CachedRegionHelper; import org.apache.geode.internal.cache.tier.Command; import org.apache.geode.internal.cache.tier.InterestType; import org.apache.geode.internal.cache.tier.MessageType; -import org.apache.geode.internal.cache.tier.sockets.*; +import org.apache.geode.internal.cache.tier.sockets.BaseCommand; +import org.apache.geode.internal.cache.tier.sockets.ChunkedMessage; +import org.apache.geode.internal.cache.tier.sockets.Message; +import org.apache.geode.internal.cache.tier.sockets.Part; +import org.apache.geode.internal.cache.tier.sockets.ServerConnection; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.log4j.LocalizedMessage; import org.apache.geode.internal.security.AuthorizeRequest; -import org.apache.geode.cache.DynamicRegionFactory; -import org.apache.geode.cache.InterestResultPolicy; -import org.apache.geode.cache.operations.RegisterInterestOperationContext; -import org.apache.geode.i18n.StringId; +import org.apache.geode.internal.security.SecurityService; import java.io.IOException; import java.util.ArrayList; import java.util.List; -/** - * - */ public class RegisterInterestList extends BaseCommand { private final static RegisterInterestList singleton = new RegisterInterestList(); @@ -49,7 +48,7 @@ public class RegisterInterestList extends BaseCommand { RegisterInterestList() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, InterruptedException { Part regionNamePart = null, keyPart = null, numberOfKeysPart = null; String regionName = null; @@ -172,7 +171,7 @@ public class RegisterInterestList extends BaseCommand { // responded = true; } // else { // region not null try { - this.securityService.authorizeRegionRead(regionName); + securityService.authorizeRegionRead(regionName); AuthorizeRequest authzRequest = serverConnection.getAuthzRequest(); if (authzRequest != null) { if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) { http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java index 40a3c25..4e81536 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java @@ -12,24 +12,26 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -/** - * - */ package org.apache.geode.internal.cache.tier.sockets.command; +import org.apache.geode.cache.DynamicRegionFactory; +import org.apache.geode.cache.InterestResultPolicy; +import org.apache.geode.cache.operations.RegisterInterestOperationContext; +import org.apache.geode.i18n.StringId; import org.apache.geode.internal.cache.LocalRegion; import org.apache.geode.internal.cache.tier.CachedRegionHelper; import org.apache.geode.internal.cache.tier.Command; import org.apache.geode.internal.cache.tier.InterestType; import org.apache.geode.internal.cache.tier.MessageType; -import org.apache.geode.internal.cache.tier.sockets.*; +import org.apache.geode.internal.cache.tier.sockets.BaseCommand; +import org.apache.geode.internal.cache.tier.sockets.ChunkedMessage; +import org.apache.geode.internal.cache.tier.sockets.Message; +import org.apache.geode.internal.cache.tier.sockets.Part; +import org.apache.geode.internal.cache.tier.sockets.ServerConnection; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.log4j.LocalizedMessage; import org.apache.geode.internal.security.AuthorizeRequest; -import org.apache.geode.cache.DynamicRegionFactory; -import org.apache.geode.cache.InterestResultPolicy; -import org.apache.geode.cache.operations.RegisterInterestOperationContext; -import org.apache.geode.i18n.StringId; +import org.apache.geode.internal.security.SecurityService; import java.io.IOException; import java.util.ArrayList; @@ -49,7 +51,7 @@ public class RegisterInterestList61 extends BaseCommand { RegisterInterestList61() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, InterruptedException { Part regionNamePart = null, keyPart = null, numberOfKeysPart = null; String regionName = null; @@ -171,7 +173,6 @@ public class RegisterInterestList61 extends BaseCommand { return; } - LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName); if (region == null) { logger.info(LocalizedMessage.create( @@ -182,7 +183,7 @@ public class RegisterInterestList61 extends BaseCommand { // responded = true; } // else { // region not null try { - this.securityService.authorizeRegionRead(regionName); + securityService.authorizeRegionRead(regionName); AuthorizeRequest authzRequest = serverConnection.getAuthzRequest(); if (authzRequest != null) { if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) { http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java index 6a2ad95..55cc4bf 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java @@ -12,36 +12,36 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -/** - * - */ package org.apache.geode.internal.cache.tier.sockets.command; +import org.apache.geode.cache.DynamicRegionFactory; +import org.apache.geode.cache.InterestResultPolicy; +import org.apache.geode.cache.operations.RegisterInterestOperationContext; +import org.apache.geode.i18n.StringId; import org.apache.geode.internal.Version; import org.apache.geode.internal.cache.LocalRegion; import org.apache.geode.internal.cache.tier.CachedRegionHelper; import org.apache.geode.internal.cache.tier.Command; import org.apache.geode.internal.cache.tier.InterestType; import org.apache.geode.internal.cache.tier.MessageType; -import org.apache.geode.internal.cache.tier.sockets.*; +import org.apache.geode.internal.cache.tier.sockets.BaseCommand; +import org.apache.geode.internal.cache.tier.sockets.ChunkedMessage; +import org.apache.geode.internal.cache.tier.sockets.Message; +import org.apache.geode.internal.cache.tier.sockets.Part; +import org.apache.geode.internal.cache.tier.sockets.ServerConnection; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.log4j.LocalizedMessage; import org.apache.geode.internal.security.AuthorizeRequest; -import org.apache.geode.cache.DynamicRegionFactory; -import org.apache.geode.cache.InterestResultPolicy; -import org.apache.geode.cache.operations.RegisterInterestOperationContext; -import org.apache.geode.i18n.StringId; +import org.apache.geode.internal.security.SecurityService; import java.io.IOException; import java.util.List; /** - * * All keys of the register interest list are being sent as a single part since 6.6. There is no * need to send no keys as a separate part.In earlier versions {@link RegisterInterestList61} number * of keys & each individual key was sent as a separate part. - * - * + * * @since GemFire 6.6 */ public class RegisterInterestList66 extends BaseCommand { @@ -55,9 +55,9 @@ public class RegisterInterestList66 extends BaseCommand { RegisterInterestList66() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, InterruptedException { - Part regionNamePart = null, keyPart = null;// numberOfKeysPart = null; + Part regionNamePart = null, keyPart = null; String regionName = null; Object key = null; InterestResultPolicy policy; @@ -68,10 +68,6 @@ public class RegisterInterestList66 extends BaseCommand { serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE); ChunkedMessage chunkedResponseMsg = serverConnection.getRegisterInterestResponseMessage(); - // bserverStats.incLong(readDestroyRequestTimeId, - // DistributionStats.getStatTime() - start); - // bserverStats.incInt(destroyRequestsId, 1); - // start = DistributionStats.getStatTime(); // Retrieve the data from the message parts regionNamePart = clientMessage.getPart(0); regionName = regionNamePart.getString(); @@ -139,18 +135,6 @@ public class RegisterInterestList66 extends BaseCommand { serverConnection.getSocketString(), numberOfKeys, regionName, keys); } - /* - * AcceptorImpl acceptor = servConn.getAcceptor(); - * - * // Check if the Server is running in NotifyBySubscription=true mode. if - * (!acceptor.getCacheClientNotifier().getNotifyBySubscription()) { // This should have been - * taken care at the client. String err = LocalizedStrings. - * RegisterInterest_INTEREST_REGISTRATION_IS_SUPPORTED_ONLY_FOR_SERVERS_WITH_NOTIFYBYSUBSCRIPTION_SET_TO_TRUE - * .toLocalizedString(); writeChunkedErrorResponse(msg, - * MessageType.REGISTER_INTEREST_DATA_ERROR, err, servConn); servConn.setAsTrue(RESPONDED); - * return; } - */ - // Process the register interest request if (keys.isEmpty() || regionName == null) { StringId errMessage = null; @@ -177,12 +161,9 @@ public class RegisterInterestList66 extends BaseCommand { logger.info(LocalizedMessage.create( LocalizedStrings.RegisterInterestList_0_REGION_NAMED_1_WAS_NOT_FOUND_DURING_REGISTER_INTEREST_LIST_REQUEST, new Object[] {serverConnection.getName(), regionName})); - // writeChunkedErrorResponse(msg, - // MessageType.REGISTER_INTEREST_DATA_ERROR, message); - // responded = true; - } // else { // region not null + } try { - this.securityService.authorizeRegionRead(regionName); + securityService.authorizeRegionRead(regionName); AuthorizeRequest authzRequest = serverConnection.getAuthzRequest(); if (authzRequest != null) { if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) { @@ -204,11 +185,6 @@ public class RegisterInterestList66 extends BaseCommand { return; } - // Update the statistics and write the reply - // bserverStats.incLong(processDestroyTimeId, - // DistributionStats.getStatTime() - start); - // start = DistributionStats.getStatTime(); - boolean isPrimary = serverConnection.getAcceptor().getCacheClientNotifier() .getClientProxy(serverConnection.getProxyID()).isPrimary(); if (!isPrimary) { @@ -244,18 +220,11 @@ public class RegisterInterestList66 extends BaseCommand { } if (logger.isDebugEnabled()) { - // logger.debug(getName() + ": Sent chunk (1 of 1) of register interest - // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for - // region " + regionName + " key " + key); logger.debug( "{}: Sent register interest response for the following {} keys in region {}: {}", serverConnection.getName(), numberOfKeys, regionName, keys); } - // bserverStats.incLong(writeDestroyResponseTimeId, - // DistributionStats.getStatTime() - start); - // bserverStats.incInt(destroyResponsesId, 1); } // isPrimary - // } // region not null } } http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java index a295c54..8425bdc 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java @@ -12,11 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -/** - * Author: dschneider - * - * @since GemFire 8.1 - */ package org.apache.geode.internal.cache.tier.sockets.command; import java.io.IOException; @@ -48,6 +43,7 @@ import org.apache.geode.internal.cache.versions.VersionTag; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.log4j.LocalizedMessage; import org.apache.geode.internal.security.AuthorizeRequest; +import org.apache.geode.internal.security.SecurityService; import org.apache.geode.internal.util.Breadcrumbs; public class RemoveAll extends BaseCommand { @@ -61,7 +57,7 @@ public class RemoveAll extends BaseCommand { protected RemoveAll() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long startp) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long startp) throws IOException, InterruptedException { long start = startp; // copy this since we need to modify it Part regionNamePart = null, numberOfKeysPart = null, keyPart = null; @@ -72,7 +68,7 @@ public class RemoveAll extends BaseCommand { boolean replyWithMetaData = false; VersionedObjectList response = null; - StringBuffer errMessage = new StringBuffer(); + StringBuilder errMessage = new StringBuilder(); CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper(); CacheServerStats stats = serverConnection.getCacheServerStats(); @@ -190,7 +186,7 @@ public class RemoveAll extends BaseCommand { serverConnection.setRequestSpecificTimeout(timeout); } - this.securityService.authorizeRegionWrite(regionName); + securityService.authorizeRegionWrite(regionName); AuthorizeRequest authzRequest = serverConnection.getAuthzRequest(); if (authzRequest != null) { http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java index cc42e0d..446f581 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveUserAuth.java @@ -22,6 +22,7 @@ import org.apache.geode.internal.cache.tier.sockets.Message; import org.apache.geode.internal.cache.tier.sockets.Part; import org.apache.geode.internal.cache.tier.sockets.ServerConnection; import org.apache.geode.internal.i18n.LocalizedStrings; +import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.GemFireSecurityException; public class RemoveUserAuth extends BaseCommand { @@ -33,7 +34,7 @@ public class RemoveUserAuth extends BaseCommand { } @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, ClassNotFoundException, InterruptedException { boolean isSecureMode = clientMessage.isSecureMode(); http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java index 6f97d31..2926844 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java @@ -12,9 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -/** - * - */ package org.apache.geode.internal.cache.tier.sockets.command; import java.io.IOException; @@ -38,6 +35,7 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.security.AuthorizeRequest; import org.apache.geode.internal.security.AuthorizeRequestPP; +import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.NotAuthorizedException; import org.apache.geode.i18n.StringId; @@ -52,7 +50,7 @@ public class Request extends BaseCommand { Request() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException { Part regionNamePart = null, keyPart = null, valuePart = null; String regionName = null; @@ -126,7 +124,7 @@ public class Request extends BaseCommand { GetOperationContext getContext = null; try { - this.securityService.authorizeRegionRead(regionName, key.toString()); + securityService.authorizeRegionRead(regionName, key.toString()); AuthorizeRequest authzRequest = serverConnection.getAuthzRequest(); if (authzRequest != null) { getContext = authzRequest.getAuthorize(regionName, key, callbackArg); http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java index a6d6578..2432035 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RequestEventValue.java @@ -32,6 +32,7 @@ import org.apache.geode.internal.cache.tier.sockets.Part; import org.apache.geode.internal.cache.tier.sockets.ServerConnection; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.log4j.LocalizedMessage; +import org.apache.geode.internal.security.SecurityService; /** * Represents a request for (full) value of a given event from ha container @@ -49,7 +50,7 @@ public class RequestEventValue extends BaseCommand { private RequestEventValue() {} - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException { Part eventIDPart = null, valuePart = null; EventID event = null; http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java index cd12ea7..9df6972 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RollbackCommand.java @@ -24,6 +24,7 @@ import org.apache.geode.internal.cache.tier.Command; import org.apache.geode.internal.cache.tier.sockets.BaseCommand; import org.apache.geode.internal.cache.tier.sockets.Message; import org.apache.geode.internal.cache.tier.sockets.ServerConnection; +import org.apache.geode.internal.security.SecurityService; /** * Command for performing Rollback on the server @@ -39,7 +40,7 @@ public class RollbackCommand extends BaseCommand { private RollbackCommand() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, ClassNotFoundException, InterruptedException { serverConnection.setAsTrue(REQUIRES_RESPONSE); TXManagerImpl txMgr = (TXManagerImpl) serverConnection.getCache().getCacheTransactionManager(); http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java index c4515ab..3bc4b01 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java @@ -12,9 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -/** - * - */ package org.apache.geode.internal.cache.tier.sockets.command; import java.io.IOException; @@ -32,9 +29,9 @@ import org.apache.geode.internal.cache.tier.sockets.Part; import org.apache.geode.internal.cache.tier.sockets.ServerConnection; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.logging.log4j.LocalizedMessage; +import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.GemFireSecurityException; - public class Size extends BaseCommand { private final static Size singleton = new Size(); @@ -56,7 +53,7 @@ public class Size extends BaseCommand { } @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, InterruptedException { StringBuilder errMessage = new StringBuilder(); CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper(); @@ -93,7 +90,7 @@ public class Size extends BaseCommand { // Size the entry try { - this.securityService.authorizeRegionRead(regionName); + securityService.authorizeRegionRead(regionName); writeSizeResponse(region.size(), clientMessage, serverConnection); } catch (RegionDestroyedException rde) { writeException(clientMessage, rde, false, serverConnection); http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java index 9fc3fd1..0fc57bb 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXFailoverCommand.java @@ -33,6 +33,7 @@ import org.apache.geode.internal.cache.tier.Command; import org.apache.geode.internal.cache.tier.sockets.BaseCommand; import org.apache.geode.internal.cache.tier.sockets.Message; import org.apache.geode.internal.cache.tier.sockets.ServerConnection; +import org.apache.geode.internal.security.SecurityService; /** * Used for bootstrapping txState/PeerTXStateStub on the server. This command is send when in client @@ -49,7 +50,7 @@ public class TXFailoverCommand extends BaseCommand { private TXFailoverCommand() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, ClassNotFoundException, InterruptedException { serverConnection.setAsTrue(REQUIRES_RESPONSE); // Build the TXId for the transaction http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java index 03270d6..3a9974b 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/TXSynchronizationCommand.java @@ -30,6 +30,7 @@ import org.apache.geode.internal.cache.tier.sockets.Message; import org.apache.geode.internal.cache.tier.sockets.MessageTooLargeException; import org.apache.geode.internal.cache.tier.sockets.Part; import org.apache.geode.internal.cache.tier.sockets.ServerConnection; +import org.apache.geode.internal.security.SecurityService; import java.io.IOException; import java.util.concurrent.Executor; @@ -68,8 +69,7 @@ public class TXSynchronizationCommand extends BaseCommand { * long) */ @Override - public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, - long start) throws IOException, ClassNotFoundException, InterruptedException { + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, ClassNotFoundException, InterruptedException { serverConnection.setAsTrue(REQUIRES_RESPONSE); http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java index 199ac18..5435dba 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java @@ -12,9 +12,6 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -/** - * - */ package org.apache.geode.internal.cache.tier.sockets.command; import java.io.IOException; @@ -31,9 +28,9 @@ import org.apache.geode.internal.cache.tier.sockets.Part; import org.apache.geode.internal.cache.tier.sockets.ServerConnection; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.security.AuthorizeRequest; +import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.NotAuthorizedException; - public class UnregisterInterest extends BaseCommand { private final static UnregisterInterest singleton = new UnregisterInterest(); @@ -45,7 +42,7 @@ public class UnregisterInterest extends BaseCommand { UnregisterInterest() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws ClassNotFoundException, IOException { Part regionNamePart = null, keyPart = null; String regionName = null; @@ -105,9 +102,9 @@ public class UnregisterInterest extends BaseCommand { try { if (interestType == InterestType.REGULAR_EXPRESSION) { - this.securityService.authorizeRegionRead(regionName); + securityService.authorizeRegionRead(regionName); } else { - this.securityService.authorizeRegionRead(regionName, key.toString()); + securityService.authorizeRegionRead(regionName, key.toString()); } } catch (NotAuthorizedException ex) { writeException(clientMessage, ex, false, serverConnection); http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java index 1968bff..48c2ee3 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java @@ -32,6 +32,7 @@ import org.apache.geode.internal.cache.tier.sockets.Part; import org.apache.geode.internal.cache.tier.sockets.ServerConnection; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.internal.security.AuthorizeRequest; +import org.apache.geode.internal.security.SecurityService; import org.apache.geode.security.NotAuthorizedException; @@ -46,7 +47,7 @@ public class UnregisterInterestList extends BaseCommand { private UnregisterInterestList() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException, ClassNotFoundException { Part regionNamePart = null, keyPart = null, numberOfKeysPart = null; String regionName = null; @@ -121,7 +122,7 @@ public class UnregisterInterestList extends BaseCommand { } try { - this.securityService.authorizeRegionRead(regionName); + securityService.authorizeRegionRead(regionName); } catch (NotAuthorizedException ex) { writeException(clientMessage, ex, false, serverConnection); serverConnection.setAsTrue(RESPONDED); http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java index 2f434fb..7a2eb86 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UpdateClientNotification.java @@ -20,6 +20,7 @@ package org.apache.geode.internal.cache.tier.sockets.command; import org.apache.geode.internal.cache.tier.Command; import org.apache.geode.internal.cache.tier.sockets.*; import org.apache.geode.distributed.internal.DistributionStats; +import org.apache.geode.internal.security.SecurityService; import java.io.IOException; @@ -35,7 +36,7 @@ public class UpdateClientNotification extends BaseCommand { private UpdateClientNotification() {} @Override - public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) + public void cmdExecute(final Message clientMessage, final ServerConnection serverConnection, final SecurityService securityService, long start) throws IOException { CacheServerStats stats = serverConnection.getCacheServerStats(); { http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java index 7f623c7..21c3f19 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java +++ b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java @@ -144,6 +144,8 @@ import org.apache.geode.internal.logging.InternalLogWriter; import org.apache.geode.internal.logging.LocalLogWriter; import org.apache.geode.internal.logging.LogWriterFactory; import org.apache.geode.internal.offheap.MemoryAllocator; +import org.apache.geode.internal.security.DisabledSecurityService; +import org.apache.geode.internal.security.SecurityService; import org.apache.geode.management.internal.JmxManagerAdvisor; import org.apache.geode.management.internal.RestAgent; import org.apache.geode.pdx.PdxInstance; @@ -1039,6 +1041,11 @@ public class CacheCreation implements InternalCache { throw new UnsupportedOperationException(LocalizedStrings.SHOULDNT_INVOKE.toLocalizedString()); } + @Override + public SecurityService getSecurityService() { + return new DisabledSecurityService(); + } + void addDeclarableProperties(final Declarable declarable, final Properties properties) { this.declarablePropertiesMap.put(declarable, properties); } http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java b/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java index 2037371..3c0384d 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java +++ b/geode-core/src/main/java/org/apache/geode/internal/lang/Initializer.java @@ -15,7 +15,7 @@ package org.apache.geode.internal.lang; /** - * The Initializer class is a utility class to identify Initable objects and initialize them by + * The ConfigInitialization class is a utility class to identify Initable objects and initialize them by * calling their init method. *

* http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java new file mode 100644 index 0000000..e7b0a51 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/CustomSecurityService.java @@ -0,0 +1,205 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import java.util.Properties; +import java.util.concurrent.Callable; + +import org.apache.shiro.subject.Subject; +import org.apache.shiro.util.ThreadState; + +import org.apache.geode.management.internal.security.ResourceOperation; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.security.SecurityManager; + +public class CustomSecurityService implements SecurityService { + + CustomSecurityService() { + // nothing + } + + @Override + public void initSecurity(final Properties securityProps) { + + } + + @Override + public void setSecurityManager(final SecurityManager securityManager) { + + } + + @Override + public void setPostProcessor(final PostProcessor postProcessor) { + + } + + @Override + public ThreadState bindSubject(final Subject subject) { + return null; + } + + @Override + public Subject getSubject() { + return null; + } + + @Override + public Subject login(final Properties credentials) { + return null; + } + + @Override + public void logout() { + + } + + @Override + public Callable associateWith(final Callable callable) { + return null; + } + + @Override + public void authorize(final ResourceOperation resourceOperation) { + + } + + @Override + public void authorizeClusterManage() { + + } + + @Override + public void authorizeClusterWrite() { + + } + + @Override + public void authorizeClusterRead() { + + } + + @Override + public void authorizeDataManage() { + + } + + @Override + public void authorizeDataWrite() { + + } + + @Override + public void authorizeDataRead() { + + } + + @Override + public void authorizeRegionManage(final String regionName) { + + } + + @Override + public void authorizeRegionManage(final String regionName, final String key) { + + } + + @Override + public void authorizeRegionWrite(final String regionName) { + + } + + @Override + public void authorizeRegionWrite(final String regionName, final String key) { + + } + + @Override + public void authorizeRegionRead(final String regionName) { + + } + + @Override + public void authorizeRegionRead(final String regionName, final String key) { + + } + + @Override + public void authorize(final String resource, final String operation) { + + } + + @Override + public void authorize(final String resource, final String operation, final String regionName) { + + } + + @Override + public void authorize(final String resource, final String operation, final String regionName, final String key) { + + } + + @Override + public void authorize(final ResourcePermission context) { + + } + + @Override + public void close() { + + } + + @Override + public boolean needPostProcess() { + return false; + } + + @Override + public Object postProcess(final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return null; + } + + @Override + public Object postProcess(final Object principal, final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return null; + } + + @Override + public boolean isClientSecurityRequired() { + return false; + } + + @Override + public boolean isIntegratedSecurity() { + return true; + } + + @Override + public boolean isPeerSecurityRequired() { + return false; + } + + @Override + public SecurityManager getSecurityManager() { + return null; + } + + @Override + public PostProcessor getPostProcessor() { + return null; + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java new file mode 100644 index 0000000..47cfc7b --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/DisabledSecurityService.java @@ -0,0 +1,208 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import java.util.Properties; +import java.util.concurrent.Callable; + +import org.apache.shiro.subject.Subject; +import org.apache.shiro.util.ThreadState; + +import org.apache.geode.management.internal.security.ResourceOperation; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.security.SecurityManager; + +/** + * No-op security service that does nothing. + */ +public class DisabledSecurityService implements SecurityService { + + public DisabledSecurityService() { + // nothing + } + + @Override + public void initSecurity(final Properties securityProps) { + // nothing + } + + @Override + public void setSecurityManager(final SecurityManager securityManager) { + // nothing + } + + @Override + public void setPostProcessor(final PostProcessor postProcessor) { + // nothing + } + + @Override + public ThreadState bindSubject(final Subject subject) { + return null; + } + + @Override + public Subject getSubject() { + return null; + } + + @Override + public Subject login(final Properties credentials) { + return null; + } + + @Override + public void logout() { + // nothing + } + + @Override + public Callable associateWith(final Callable callable) { + return null; + } + + @Override + public void authorize(final ResourceOperation resourceOperation) { + // nothing + } + + @Override + public void authorizeClusterManage() { + // nothing + } + + @Override + public void authorizeClusterWrite() { + // nothing + } + + @Override + public void authorizeClusterRead() { + // nothing + } + + @Override + public void authorizeDataManage() { + // nothing + } + + @Override + public void authorizeDataWrite() { + // nothing + } + + @Override + public void authorizeDataRead() { + // nothing + } + + @Override + public void authorizeRegionManage(final String regionName) { + // nothing + } + + @Override + public void authorizeRegionManage(final String regionName, final String key) { + // nothing + } + + @Override + public void authorizeRegionWrite(final String regionName) { + // nothing + } + + @Override + public void authorizeRegionWrite(final String regionName, final String key) { + // nothing + } + + @Override + public void authorizeRegionRead(final String regionName) { + // nothing + } + + @Override + public void authorizeRegionRead(final String regionName, final String key) { + // nothing + } + + @Override + public void authorize(final String resource, final String operation) { + // nothing + } + + @Override + public void authorize(final String resource, final String operation, final String regionName) { + // nothing + } + + @Override + public void authorize(final String resource, final String operation, final String regionName, final String key) { + // nothing + } + + @Override + public void authorize(final ResourcePermission context) { + // nothing + } + + @Override + public void close() { + // nothing + } + + @Override + public boolean needPostProcess() { + return false; + } + + @Override + public Object postProcess(final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return null; + } + + @Override + public Object postProcess(final Object principal, final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return null; + } + + @Override + public boolean isClientSecurityRequired() { + return false; + } + + @Override + public boolean isIntegratedSecurity() { + return false; + } + + @Override + public boolean isPeerSecurityRequired() { + return false; + } + + @Override + public SecurityManager getSecurityManager() { + return null; + } + + @Override + public PostProcessor getPostProcessor() { + return null; + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java new file mode 100644 index 0000000..81d28be --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java @@ -0,0 +1,418 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import java.io.IOException; +import java.io.Serializable; +import java.security.AccessController; +import java.util.Properties; +import java.util.Set; +import java.util.concurrent.Callable; + +import org.apache.commons.lang.SerializationException; +import org.apache.commons.lang.StringUtils; +import org.apache.logging.log4j.Logger; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.ShiroException; +import org.apache.shiro.mgt.DefaultSecurityManager; +import org.apache.shiro.realm.Realm; +import org.apache.shiro.session.mgt.DefaultSessionManager; +import org.apache.shiro.session.mgt.SessionManager; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.subject.support.SubjectThreadState; +import org.apache.shiro.util.ThreadContext; +import org.apache.shiro.util.ThreadState; + +import org.apache.geode.GemFireIOException; +import org.apache.geode.internal.cache.EntryEventImpl; +import org.apache.geode.internal.logging.LogService; +import org.apache.geode.internal.security.shiro.CustomAuthRealm; +import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken; +import org.apache.geode.internal.security.shiro.ShiroPrincipal; +import org.apache.geode.internal.util.BlobHelper; +import org.apache.geode.management.internal.security.ResourceOperation; +import org.apache.geode.security.AuthenticationFailedException; +import org.apache.geode.security.GemFireSecurityException; +import org.apache.geode.security.NotAuthorizedException; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.security.ResourcePermission.Operation; +import org.apache.geode.security.ResourcePermission.Resource; +import org.apache.geode.security.SecurityManager; + +/** + * Security service with SecurityManager and an optional PostProcessor. + * + * TODO: rename EnabledSecurityService to IntegratedSecurityService + */ +public class EnabledSecurityService implements SecurityService { + private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME); + + private final SecurityManager securityManager; + + private final PostProcessor postProcessor; + + EnabledSecurityService(final SecurityManager securityManager, final PostProcessor postProcessor) { + this.securityManager = securityManager; + this.postProcessor = postProcessor; + + // initialize Shiro + Realm realm = new CustomAuthRealm(securityManager); + DefaultSecurityManager shiroManager = new DefaultSecurityManager(realm); + SecurityUtils.setSecurityManager(shiroManager); + increaseShiroGlobalSessionTimeout(shiroManager); + } + + @Override + public void initSecurity(final Properties securityProps) { + // nothing + } + + @Override + public void setSecurityManager(final SecurityManager securityManager) { + // nothing + } + + @Override + public void setPostProcessor(final PostProcessor postProcessor) { + // nothing + } + + /** + * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to + * process operations from the same client, then it looks into Shiro's thead context. + * + * @return the shiro subject, null if security is not enabled + */ + @Override + public Subject getSubject() { + Subject currentUser; + + // First try get the principal out of AccessControlContext instead of Shiro's Thread context + // since threads can be shared between JMX clients. + javax.security.auth.Subject jmxSubject = + javax.security.auth.Subject.getSubject(AccessController.getContext()); + + if (jmxSubject != null) { + Set principals = jmxSubject.getPrincipals(ShiroPrincipal.class); + if (!principals.isEmpty()) { + ShiroPrincipal principal = principals.iterator().next(); + currentUser = principal.getSubject(); + ThreadContext.bind(currentUser); + return currentUser; + } + } + + // in other cases like rest call, client operations, we get it from the current thread + currentUser = SecurityUtils.getSubject(); + + if (currentUser == null || currentUser.getPrincipal() == null) { + throw new GemFireSecurityException("Error: Anonymous User"); + } + + return currentUser; + } + + /** + * @return null if security is not enabled, otherwise return a shiro subject + */ + @Override + public Subject login(final Properties credentials) { + if (credentials == null) { + return null; + } + + // this makes sure it starts with a clean user object + ThreadContext.remove(); + + Subject currentUser = SecurityUtils.getSubject(); + GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials); + try { + logger.info("Logging in " + token.getPrincipal()); + currentUser.login(token); + } catch (ShiroException e) { + logger.info(e.getMessage(), e); + throw new AuthenticationFailedException( + "Authentication error. Please check your credentials.", e); + } + + return currentUser; + } + + @Override + public void logout() { + Subject currentUser = getSubject(); + if (currentUser == null) { + return; + } + + try { + logger.info("Logging out " + currentUser.getPrincipal()); + currentUser.logout(); + } catch (ShiroException e) { + logger.info(e.getMessage(), e); + throw new GemFireSecurityException(e.getMessage(), e); + } + + // clean out Shiro's thread local content + ThreadContext.remove(); + } + + @Override // TODO: give Callable a type + public Callable associateWith(final Callable callable) { + Subject currentUser = getSubject(); + if (currentUser == null) { + return callable; + } + + return currentUser.associateWith(callable); + } + + /** + * Binds the passed-in subject to the executing thread. Usage: + * + * 

+   * ThreadState state = null;
+   * try {
+   *   state = IntegratedSecurityService.bindSubject(subject);
+   *   //do the rest of the work as this subject
+   * } finally {
+   *   if(state!=null) state.clear();
+   * }
+   *
+ */ + @Override + public ThreadState bindSubject(final Subject subject) { + if (subject == null) { + return null; + } + + ThreadState threadState = new SubjectThreadState(subject); + threadState.bind(); + return threadState; + } + + @Override + public void authorize(final ResourceOperation resourceOperation) { + if (resourceOperation == null) { + return; + } + + authorize(resourceOperation.resource().name(), resourceOperation.operation().name(), null); + } + + @Override + public void authorizeClusterManage() { + authorize("CLUSTER", "MANAGE"); + } + + @Override + public void authorizeClusterWrite() { + authorize("CLUSTER", "WRITE"); + } + + @Override + public void authorizeClusterRead() { + authorize("CLUSTER", "READ"); + } + + @Override + public void authorizeDataManage() { + authorize("DATA", "MANAGE"); + } + + @Override + public void authorizeDataWrite() { + authorize("DATA", "WRITE"); + } + + @Override + public void authorizeDataRead() { + authorize("DATA", "READ"); + } + + @Override + public void authorizeRegionManage(final String regionName) { + authorize("DATA", "MANAGE", regionName); + } + + @Override + public void authorizeRegionManage(final String regionName, final String key) { + authorize("DATA", "MANAGE", regionName, key); + } + + @Override + public void authorizeRegionWrite(final String regionName) { + authorize("DATA", "WRITE", regionName); + } + + @Override + public void authorizeRegionWrite(final String regionName, final String key) { + authorize("DATA", "WRITE", regionName, key); + } + + @Override + public void authorizeRegionRead(final String regionName) { + authorize("DATA", "READ", regionName); + } + + @Override + public void authorizeRegionRead(final String regionName, final String key) { + authorize("DATA", "READ", regionName, key); + } + + @Override + public void authorize(final String resource, final String operation) { + authorize(resource, operation, null); + } + + @Override + public void authorize(final String resource, final String operation, final String regionName) { + authorize(resource, operation, regionName, null); + } + + @Override + public void authorize(final String resource, final String operation, String regionName, final String key) { + regionName = StringUtils.stripStart(regionName, "/"); + authorize(new ResourcePermission(resource, operation, regionName, key)); + } + + @Override + public void authorize(final ResourcePermission context) { + Subject currentUser = getSubject(); + if (currentUser == null) { + return; + } + if (context == null) { + return; + } + if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) { + return; + } + + try { + currentUser.checkPermission(context); + } catch (ShiroException e) { + String msg = currentUser.getPrincipal() + " not authorized for " + context; + logger.info(msg); + throw new NotAuthorizedException(msg, e); + } + } + + @Override + public void close() { + if (this.securityManager != null) { + this.securityManager.close(); + } + + if (this.postProcessor != null) { + this.postProcessor.close(); + } + + ThreadContext.remove(); + SecurityUtils.setSecurityManager(null); + } + + /** + * postProcess call already has this logic built in, you don't need to call this everytime you + * call postProcess. But if your postProcess is pretty involved with preparations and you need to + * bypass it entirely, call this first. + */ + @Override + public boolean needPostProcess() { + return this.postProcessor != null; + } + + @Override + public Object postProcess(final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return postProcess(null, regionPath, key, value, valueIsSerialized); + } + + @Override + public Object postProcess(Object principal, final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + if (!needPostProcess()) { + return value; + } + + if (principal == null) { + Subject subject = getSubject(); + if (subject == null) { + return value; + } + principal = (Serializable) subject.getPrincipal(); + } + + String regionName = StringUtils.stripStart(regionPath, "/"); + Object newValue; + + // if the data is a byte array, but the data itself is supposed to be an object, we need to + // deserialize it before we pass it to the callback. + if (valueIsSerialized && value instanceof byte[]) { + try { + Object oldObj = EntryEventImpl.deserialize((byte[]) value); + Object newObj = this.postProcessor.processRegionValue(principal, regionName, key, oldObj); + newValue = BlobHelper.serializeToBlob(newObj); + } catch (IOException | SerializationException e) { + throw new GemFireIOException("Exception de/serializing entry value", e); + } + } else { + newValue = this.postProcessor.processRegionValue(principal, regionName, key, value); + } + + return newValue; + } + + @Override + public SecurityManager getSecurityManager() { + return this.securityManager; + } + + @Override + public PostProcessor getPostProcessor() { + return this.postProcessor; + } + + @Override + public boolean isIntegratedSecurity() { + return true; + } + + @Override + public boolean isClientSecurityRequired() { + return true; + } + + @Override + public boolean isPeerSecurityRequired() { + return true; + } + + private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager) { + SessionManager sessionManager = shiroManager.getSessionManager(); + if (DefaultSessionManager.class.isInstance(sessionManager)) { + DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager; + defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE); + long value = defaultSessionManager.getGlobalSessionTimeout(); + if (value != Long.MAX_VALUE) { + logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.", value); + } + } else { + logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is '{}'.", + sessionManager == null ? "null" : sessionManager.getClass()); + } + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java new file mode 100644 index 0000000..0e8bdbe --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java @@ -0,0 +1,218 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import static org.apache.geode.distributed.ConfigurationProperties.*; + +import java.util.Properties; +import java.util.concurrent.Callable; + +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.config.Ini.Section; +import org.apache.shiro.config.IniSecurityManagerFactory; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.util.ThreadState; + +import org.apache.geode.management.internal.security.ResourceOperation; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.ResourcePermission; +import org.apache.geode.security.SecurityManager; + +/** + * Legacy security service with ClientAuthenticator and/or PeerAuthenticator. + */ +public class LegacySecurityService implements SecurityService { + + private final boolean hasClientAuthenticator; + + private final boolean hasPeerAuthenticator; + + LegacySecurityService(final String clientAuthenticator, final String peerAuthenticator) { + this.hasClientAuthenticator = clientAuthenticator != null; + this.hasPeerAuthenticator = peerAuthenticator != null; + } + + @Override + public void initSecurity(final Properties securityProps) { + // nothing + } + + @Override + public void setSecurityManager(final SecurityManager securityManager) { + // nothing + } + + @Override + public void setPostProcessor(final PostProcessor postProcessor) { + // nothing + } + + @Override + public ThreadState bindSubject(final Subject subject) { + return null; + } + + @Override + public Subject getSubject() { + return null; + } + + @Override + public Subject login(final Properties credentials) { + return null; + } + + @Override + public void logout() { + // nothing + } + + @Override + public Callable associateWith(final Callable callable) { + return null; + } + + @Override + public void authorize(final ResourceOperation resourceOperation) { + // nothing + } + + @Override + public void authorizeClusterManage() { + // nothing + } + + @Override + public void authorizeClusterWrite() { + // nothing + } + + @Override + public void authorizeClusterRead() { + // nothing + } + + @Override + public void authorizeDataManage() { + // nothing + } + + @Override + public void authorizeDataWrite() { + // nothing + } + + @Override + public void authorizeDataRead() { + // nothing + } + + @Override + public void authorizeRegionManage(final String regionName) { + // nothing + } + + @Override + public void authorizeRegionManage(final String regionName, final String key) { + // nothing + } + + @Override + public void authorizeRegionWrite(final String regionName) { + // nothing + } + + @Override + public void authorizeRegionWrite(final String regionName, final String key) { + // nothing + } + + @Override + public void authorizeRegionRead(final String regionName) { + // nothing + } + + @Override + public void authorizeRegionRead(final String regionName, final String key) { + // nothing + } + + @Override + public void authorize(final String resource, final String operation) { + // nothing + } + + @Override + public void authorize(final String resource, final String operation, final String regionName) { + // nothing + } + + @Override + public void authorize(final String resource, final String operation, final String regionName, final String key) { + // nothing + } + + @Override + public void authorize(final ResourcePermission context) { + // nothing + } + + @Override + public void close() { + // nothing + } + + @Override + public boolean needPostProcess() { + return false; + } + + @Override + public Object postProcess(final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return null; + } + + @Override + public Object postProcess(final Object principal, final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) { + return null; + } + + @Override + public boolean isClientSecurityRequired() { + return this.hasClientAuthenticator; + } + + @Override + public boolean isIntegratedSecurity() { + return false; + } + + @Override + public boolean isPeerSecurityRequired() { + return this.hasPeerAuthenticator; + } + + @Override + public SecurityManager getSecurityManager() { + return null; + } + + @Override + public PostProcessor getPostProcessor() { + return null; + } +} http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java index 14784c3..1a5375a 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java @@ -30,6 +30,12 @@ import java.util.concurrent.Callable; public interface SecurityService { + void initSecurity(Properties securityProps); // TODO:KIRK + + void setSecurityManager(SecurityManager securityManager); // TODO:KIRK + + void setPostProcessor(PostProcessor postProcessor); // TODO:KIRK + ThreadState bindSubject(Subject subject); Subject getSubject(); @@ -74,8 +80,6 @@ public interface SecurityService { void authorize(ResourcePermission context); - void initSecurity(Properties securityProps); - void close(); boolean needPostProcess(); @@ -93,21 +97,17 @@ public interface SecurityService { SecurityManager getSecurityManager(); - void setSecurityManager(SecurityManager securityManager); - PostProcessor getPostProcessor(); - void setPostProcessor(PostProcessor postProcessor); - /** * this method would never return null, it either throws an exception or returns an object */ - public static T getObjectOfTypeFromClassName(String className, Class expectedClazz) { - Class actualClass = null; + static T getObjectOfTypeFromClassName(String className, Class expectedClazz) { + Class actualClass; try { actualClass = ClassLoadUtil.classFromName(className); - } catch (Exception ex) { - throw new GemFireSecurityException("Instance could not be obtained, " + ex.toString(), ex); + } catch (Exception e) { + throw new GemFireSecurityException("Instance could not be obtained, " + e, e); } if (!expectedClazz.isAssignableFrom(actualClass)) { @@ -115,22 +115,22 @@ public interface SecurityService { "Instance could not be obtained. Expecting a " + expectedClazz.getName() + " class."); } - T actualObject = null; try { - actualObject = (T) actualClass.newInstance(); + return (T) actualClass.newInstance(); } catch (Exception e) { throw new GemFireSecurityException( "Instance could not be obtained. Error instantiating " + actualClass.getName(), e); } - return actualObject; } /** * this method would never return null, it either throws an exception or returns an object + * + * TODO: expectedClazz is unused */ - public static T getObjectOfTypeFromFactoryMethod(String factoryMethodName, + static T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class expectedClazz) { - T actualObject = null; + T actualObject; try { Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName); actualObject = (T) factoryMethod.invoke(null, (Object[]) null); @@ -153,17 +153,17 @@ public interface SecurityService { * @return an object of type expectedClazz. This method would never return null. It either returns * an non-null object or throws exception. */ - public static T getObjectOfType(String classOrMethod, Class expectedClazz) { - T object = null; + static T getObjectOfType(String classOrMethod, Class expectedClazz) { + T object; try { object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz); - } catch (Exception e) { + } catch (Exception ignore) { object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz); } return object; } - public static Properties getCredentials(Properties securityProps) { + static Properties getCredentials(Properties securityProps) { Properties credentials = null; if (securityProps.containsKey(ResourceConstants.USER_NAME) && securityProps.containsKey(ResourceConstants.PASSWORD)) { @@ -177,6 +177,7 @@ public interface SecurityService { } static SecurityService getSecurityService() { + // TODO:KIRK return IntegratedSecurityService.getSecurityService(); } http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java new file mode 100644 index 0000000..83781a7 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java @@ -0,0 +1,136 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +import static org.apache.geode.distributed.ConfigurationProperties.*; + +import java.util.Properties; + +import org.apache.commons.lang.StringUtils; + +import org.apache.geode.distributed.internal.DistributionConfig; +import org.apache.geode.internal.cache.CacheConfig; +import org.apache.geode.internal.security.shiro.ConfigInitialization; +import org.apache.geode.security.PostProcessor; +import org.apache.geode.security.SecurityManager; + +public class SecurityServiceFactory { + + private SecurityServiceFactory() { + // do not instantiate + } + + public static SecurityService create(CacheConfig cacheConfig, DistributionConfig distributionConfig) { + Properties securityConfig = getSecurityConfig(distributionConfig); + SecurityManager securityManager = getSecurityManager(getSecurityManagerFromConfig(cacheConfig), securityConfig); + PostProcessor postProcessor = getPostProcessor(getPostProcessorFromConfig(cacheConfig), securityConfig); + + SecurityService securityService = create(securityConfig, securityManager, postProcessor); + // securityService.initSecurity(distributionConfig.getSecurityProps()); + return securityService; + } + + static SecurityService create(Properties securityConfig, SecurityManager securityManager, PostProcessor postProcessor) { + SecurityServiceType type = determineType(securityConfig, securityManager); + switch (type) { + case CUSTOM: + String shiroConfig = securityConfig.getProperty(SECURITY_SHIRO_INIT); + ConfigInitialization configInitialization = new ConfigInitialization(shiroConfig); + configInitialization.initialize(); + return new CustomSecurityService(); + case ENABLED: + return new EnabledSecurityService(securityManager, postProcessor); + case LEGACY: + String clientAuthenticator = securityConfig.getProperty(SECURITY_CLIENT_AUTHENTICATOR); + String peerAuthenticator = securityConfig.getProperty(SECURITY_PEER_AUTHENTICATOR); + return new LegacySecurityService(clientAuthenticator, peerAuthenticator); + default: + return new DisabledSecurityService(); + } + } + + static SecurityServiceType determineType(Properties securityConfig, SecurityManager securityManager) { + boolean hasShiroConfig = securityConfig.getProperty(SECURITY_SHIRO_INIT) != null; + if (hasShiroConfig) { + return SecurityServiceType.CUSTOM; + } + + boolean hasSecurityManager = securityManager != null; + if (hasSecurityManager) { + return SecurityServiceType.ENABLED; + } + + boolean hasClientAuthenticator = securityConfig.getProperty(SECURITY_CLIENT_AUTHENTICATOR) != null; + boolean hasPeerAuthenticator = securityConfig.getProperty(SECURITY_PEER_AUTHENTICATOR) != null; + if (hasClientAuthenticator || hasPeerAuthenticator) { + return SecurityServiceType.LEGACY; + } + + return SecurityServiceType.DISABLED; + } + + static SecurityManager getSecurityManager(SecurityManager securityManager, Properties securityConfig) { + if (securityManager != null) { + return securityManager; + } + + String securityManagerConfig = securityConfig.getProperty(SECURITY_MANAGER); + if (StringUtils.isNotBlank(securityManagerConfig)) { + securityManager = SecurityService.getObjectOfTypeFromClassName(securityManagerConfig, SecurityManager.class); + securityManager.init(securityConfig); + } + + return securityManager; + } + + static PostProcessor getPostProcessor(PostProcessor postProcessor, Properties securityConfig) { + if (postProcessor != null) { + return postProcessor; + } + + String postProcessorConfig = securityConfig.getProperty(SECURITY_POST_PROCESSOR); + if (StringUtils.isNotBlank(postProcessorConfig)) { + postProcessor = + SecurityService.getObjectOfTypeFromClassName(postProcessorConfig, PostProcessor.class); + postProcessor.init(securityConfig); + } + + return postProcessor; + } + + private static Properties getSecurityConfig(DistributionConfig distributionConfig) { + if (distributionConfig == null) { + return new Properties(); + } + return distributionConfig.getSecurityProps(); + } + + private static SecurityManager getSecurityManagerFromConfig(CacheConfig cacheConfig) { + if (cacheConfig == null) { + return null; + } + return cacheConfig.getSecurityManager(); + } + + private static PostProcessor getPostProcessorFromConfig(CacheConfig cacheConfig) { + if (cacheConfig == null) { + return null; + } + return cacheConfig.getPostProcessor(); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java new file mode 100644 index 0000000..99df876 --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security; + +public enum SecurityServiceType { + /** Integrated Security is Enabled */ + ENABLED, + /** Security is Disabled */ + DISABLED, + /** Legacy Security is Enabled */ + LEGACY, + /** Shiro Config is specified */ + CUSTOM +} http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java new file mode 100644 index 0000000..18b5dca --- /dev/null +++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.geode.internal.security.shiro; + +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.config.Ini.Section; +import org.apache.shiro.config.IniSecurityManagerFactory; + +public class ConfigInitialization { + + private final String shiroConfig; + + public ConfigInitialization(String shiroConfig) { + this.shiroConfig = shiroConfig; + } + + public void initialize() { + IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + this.shiroConfig); + + // we will need to make sure that shiro uses a case sensitive permission resolver + Section main = factory.getIni().addSection("main"); + main.put("geodePermissionResolver", + "org.apache.geode.internal.security.shiro.GeodePermissionResolver"); + if (!main.containsKey("iniRealm.permissionResolver")) { + main.put("iniRealm.permissionResolver", "$geodePermissionResolver"); + } + + org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance(); + SecurityUtils.setSecurityManager(securityManager); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java index 2a641d3..49d38f5 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java +++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java @@ -14,7 +14,11 @@ */ package org.apache.geode.internal.security.shiro; -import static org.apache.geode.management.internal.security.ResourceConstants.*; +import static org.apache.geode.management.internal.security.ResourceConstants.MISSING_CREDENTIALS_MESSAGE; + +import org.apache.geode.internal.security.SecurityService; +import org.apache.geode.management.internal.security.ResourceConstants; +import org.apache.geode.security.AuthenticationFailedException; import java.security.Principal; import java.util.Collections; @@ -26,18 +30,16 @@ import javax.management.remote.JMXConnectionNotification; import javax.management.remote.JMXPrincipal; import javax.security.auth.Subject; -import org.apache.geode.internal.security.IntegratedSecurityService; -import org.apache.geode.internal.security.SecurityService; -import org.apache.geode.management.internal.security.ResourceConstants; -import org.apache.geode.security.AuthenticationFailedException; - /** * this will make JMX authentication to use Shiro for Authentication */ - public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener { - private SecurityService securityService = IntegratedSecurityService.getSecurityService(); + private final SecurityService securityService; + + public JMXShiroAuthenticator(SecurityService securityService) { + this.securityService = securityService; + } @Override public Subject authenticate(Object credentials) { http://git-wip-us.apache.org/repos/asf/geode/blob/13b94704/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java index 767cf94..55957b2 100644 --- a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java +++ b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java @@ -19,6 +19,7 @@ import java.util.Map; import org.apache.geode.cache.Cache; import org.apache.geode.cache.CacheClosedException; +import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.i18n.LocalizedStrings; import org.apache.geode.management.DependenciesNotFoundException; import org.apache.geode.management.internal.cli.CliUtil; @@ -124,7 +125,7 @@ public abstract class CommandService { .toLocalizedString(new Object[] {nonExistingDependency})); } - localCommandService = new MemberCommandService(cache); + localCommandService = new MemberCommandService((InternalCache) cache); } return localCommandService;