geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zho...@apache.org
Subject [39/50] [abbrv] geode git commit: GEODE-2920: handle non-existent role in ExampleSecurityManager
Date Fri, 21 Jul 2017 06:41:51 GMT
GEODE-2920: handle non-existent role in ExampleSecurityManager


Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/c5e77792
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/c5e77792
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/c5e77792

Branch: refs/heads/feature/GEM-1483
Commit: c5e777923e12b5484042b62a10db13500386f9df
Parents: aa4878e
Author: Jinmei Liao <jiliao@pivotal.io>
Authored: Mon Jul 17 14:35:43 2017 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Tue Jul 18 16:21:38 2017 -0700

----------------------------------------------------------------------
 .../security/ExampleSecurityManager.java        | 27 +++++++------
 .../security/ExampleSecurityManagerTest.java    | 40 ++++++++++++++++----
 .../geode/security/templates/security.json      |  5 +++
 3 files changed, 52 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode/blob/c5e77792/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
b/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
index c1d7ebf..cd5fd30 100644
--- a/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
+++ b/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
@@ -14,18 +14,6 @@
  */
 package org.apache.geode.examples.security;
 
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.commons.io.IOUtils;
-import org.apache.geode.management.internal.security.ResourceConstants;
-import org.apache.geode.security.AuthenticationFailedException;
-import org.apache.geode.security.NotAuthorizedException;
-import org.apache.geode.security.ResourcePermission;
-import org.apache.geode.security.ResourcePermission.Operation;
-import org.apache.geode.security.ResourcePermission.Resource;
-import org.apache.geode.security.SecurityManager;
-import org.apache.shiro.authz.Permission;
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.StringWriter;
@@ -40,6 +28,19 @@ import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.StreamSupport;
 
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.io.IOUtils;
+import org.apache.shiro.authz.Permission;
+
+import org.apache.geode.management.internal.security.ResourceConstants;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.SecurityManager;
+
 /**
  * This class provides a sample implementation of {@link SecurityManager} for authentication
and
  * authorization initialized from data provided as JSON.
@@ -112,6 +113,8 @@ public class ExampleSecurityManager implements SecurityManager {
 
     // check if the user has this permission defined in the context
     for (Role role : this.userNameToUser.get(user.name).roles) {
+      if (role == null)
+        continue;
       for (Permission permitted : role.permissions) {
         if (permitted.implies(context)) {
           return true;

http://git-wip-us.apache.org/repos/asf/geode/blob/c5e77792/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java
b/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java
index 9093a7b..93097c7 100644
--- a/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/ExampleSecurityManagerTest.java
@@ -16,22 +16,26 @@ package org.apache.geode.security;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.util.Properties;
+
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
-import org.apache.geode.examples.security.ExampleSecurityManager;
-import org.apache.geode.examples.security.ExampleSecurityManager.User;
-import org.apache.geode.test.junit.categories.IntegrationTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.rules.TemporaryFolder;
 
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.InputStream;
-import java.util.Properties;
+import org.apache.geode.examples.security.ExampleSecurityManager;
+import org.apache.geode.examples.security.ExampleSecurityManager.User;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.ResourcePermission.Target;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
 
 @Category({IntegrationTest.class, SecurityTest.class})
 public class ExampleSecurityManagerTest {
@@ -87,6 +91,26 @@ public class ExampleSecurityManagerTest {
     verifySecurityManagerState();
   }
 
+  @Test
+  public void userThatDoesNotExistInJson() throws Exception {
+    Properties securityProperties = new Properties();
+    securityProperties.setProperty(TestSecurityManager.SECURITY_JSON, this.jsonResource);
+    this.exampleSecurityManager.init(securityProperties);
+    ResourcePermission permission =
+        new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, Target.DISK);
+    assertThat(exampleSecurityManager.authorize("diskWriter", permission)).isFalse();
+  }
+
+  @Test
+  public void roleThatDoesNotExistInJson() throws Exception {
+    Properties securityProperties = new Properties();
+    securityProperties.setProperty(TestSecurityManager.SECURITY_JSON, this.jsonResource);
+    this.exampleSecurityManager.init(securityProperties);
+    ResourcePermission permission =
+        new ResourcePermission(Resource.CLUSTER, Operation.MANAGE, Target.DISK);
+    assertThat(exampleSecurityManager.authorize("phantom", permission)).isFalse();
+  }
+
   private void verifySecurityManagerState() {
     User adminUser = this.exampleSecurityManager.getUser("admin");
     assertThat(adminUser).isNotNull();

http://git-wip-us.apache.org/repos/asf/geode/blob/c5e77792/geode-core/src/test/resources/org/apache/geode/security/templates/security.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/templates/security.json
b/geode-core/src/test/resources/org/apache/geode/security/templates/security.json
index c1ee9fc..184fa04 100644
--- a/geode-core/src/test/resources/org/apache/geode/security/templates/security.json
+++ b/geode-core/src/test/resources/org/apache/geode/security/templates/security.json
@@ -25,6 +25,11 @@
       "name": "guest",
       "password": "guest",
       "roles": ["readRegionA"]
+    },
+    {
+      "name": "phantom",
+      "password": "guest",
+      "roles": ["notExist"]
     }
   ]
 }


Mime
View raw message