geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mmart...@apache.org
Subject [geode-native] branch develop updated: GEODE-6781: Switch from deprecated Authenticator to SecurityManager for examples (#528)
Date Thu, 26 Sep 2019 14:07:05 GMT
This is an automated email from the ASF dual-hosted git repository.

mmartell pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-native.git


The following commit(s) were added to refs/heads/develop by this push:
     new d83baf0  GEODE-6781: Switch from deprecated Authenticator to SecurityManager for
examples (#528)
d83baf0 is described below

commit d83baf00a43391c6b317cfa1842c78f47078e0e0
Author: Charlie Black <charliemblack@gmail.com>
AuthorDate: Thu Sep 26 07:07:00 2019 -0700

    GEODE-6781: Switch from deprecated Authenticator to SecurityManager for examples (#528)
    
    * Have the authentication use a SecurityManager vs Authenticator.
    * Bash script was stopping servers vs shutdown.
    * No reason to destroy the region if we are deleting the data directory.   Wait for process
to die before trying to delete the data directories.
---
 examples/cpp/authinitialize/startserver.ps1    | 13 ++--
 examples/cpp/authinitialize/startserver.sh     | 19 ++++--
 examples/cpp/authinitialize/stopserver.ps1     | 11 +++-
 examples/cpp/authinitialize/stopserver.sh      |  2 +-
 examples/dotnet/authinitialize/startserver.ps1 | 13 ++--
 examples/dotnet/authinitialize/stopserver.ps1  | 16 ++++-
 examples/utilities/CMakeLists.txt              |  2 +-
 examples/utilities/SimpleAuthenticator.java    | 84 --------------------------
 examples/utilities/SimpleSecurityManager.java  | 79 ++++++++++++++++++++++++
 9 files changed, 135 insertions(+), 104 deletions(-)

diff --git a/examples/cpp/authinitialize/startserver.ps1 b/examples/cpp/authinitialize/startserver.ps1
index 354e7c3..f0a10c6 100644
--- a/examples/cpp/authinitialize/startserver.ps1
+++ b/examples/cpp/authinitialize/startserver.ps1
@@ -35,11 +35,14 @@ else
 
 if ($GFSH_PATH -ne "")
 {
-  # Set this variable to include your java object that implements the Authenticator class
-  $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
+    # Set this variable to include your java object that implements the Authenticator class
+    $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
 
-  # Set this variable to the full name of your Authenticator.create function
-  $AUTHENTICATOR = 'javaobject.SimpleAuthenticator.create'
+    $COMMON_OPTS = "--J=-Dgemfire.security-username=server"
+    $COMMON_OPTS = "$COMMON_OPTS --J=-Dgemfire.security-password=server"
+    $COMMON_OPTS = "$COMMON_OPTS --classpath=$RESOLVEDPATH"
 
-  Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator'
-e 'start server --name=server --classpath=$RESOLVEDPATH --J=-Dgemfire.security-client-authenticator=$AUTHENTICATOR
--dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'"
+    $LOCATOR_OPTS = "$COMMON_OPTS --J=-Dgemfire.security-manager=javaobject.SimpleSecurityManager"

+ 
+    Invoke-Expression "$GFSH_PATH  -e 'start locator --name=locator $LOCATOR_OPTS' -e 'connect
--locator=localhost[10334] --user=server --password=server' -e 'start server --name=server
$COMMON_OPTS'  -e 'create region --name=region --type=PARTITION'"
 }
diff --git a/examples/cpp/authinitialize/startserver.sh b/examples/cpp/authinitialize/startserver.sh
index 9e38174..483ff25 100644
--- a/examples/cpp/authinitialize/startserver.sh
+++ b/examples/cpp/authinitialize/startserver.sh
@@ -28,10 +28,19 @@ else
     fi
 fi
 
-# Set this variable to include your java object that implements the Authenticator class
-RESOLVEDPATH = "../../utilities/example.jar"
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/../.." >&-
+BUILD_HOME="`pwd -P`"
+cd "$SAVED" >&-
 
-# Set this variable to the full name of your Authenticator.create function
-AUTHENTICATOR = 'javaobject.SimpleAuthenticator.create'
 
-$GFSH_PATH  -e "start locator --name=locator" -e "start server --name=server --classpath=${RESOLVEDPATH}
--J=-Dgemfire.security-client-authenticator=$AUTHENTICATOR"  -e "create region --name=region
--type=PARTITION"
+# These security items typically go into gfsecurity.properties file.    For 
+# simplicity we are including the security details on the commandline.
+
+COMMON_OPTS="--J=-Dgemfire.security-username=server"
+COMMON_OPTS="${COMMON_OPTS} --J=-Dgemfire.security-password=server"
+COMMON_OPTS="${COMMON_OPTS} --classpath=${BUILD_HOME}/utilities/example.jar"
+
+LOCATOR_OPTS="${COMMON_OPTS} --J=-Dgemfire.security-manager=javaobject.SimpleSecurityManager"

+
+$GFSH_PATH  -e "start locator --name=locator ${LOCATOR_OPTS}" -e "connect --locator=localhost[10334]
--user=server --password=server" -e "start server --name=server ${COMMON_OPTS}"  -e "create
region --name=region --type=PARTITION"
diff --git a/examples/cpp/authinitialize/stopserver.ps1 b/examples/cpp/authinitialize/stopserver.ps1
index 801c273..6500a30 100644
--- a/examples/cpp/authinitialize/stopserver.ps1
+++ b/examples/cpp/authinitialize/stopserver.ps1
@@ -32,10 +32,19 @@ else
         $GFSH_PATH = "$env:GEODE_HOME\bin\gfsh.bat"
     }
 }
+$locatorPid = Get-Content -Path locator/vf.gf.locator.pid
+$serverPid = Get-Content -Path server/vf.gf.server.pid
 
 if ($GFSH_PATH -ne "")
 {
-   Invoke-Expression "$GFSH_PATH -e 'connect' -e 'destroy region --name=region' -e 'stop
server --name=server' -e 'stop locator --name=locator'"
+   Invoke-Expression "$GFSH_PATH -e 'connect --locator=localhost[10334] --user=server --password=server'
-e 'shutdown --include-locators=true'"
+}
+
+while(Get-Process -Id $locatorPid -ErrorAction SilentlyContinue) {
+	Start-Sleep -Seconds 0.5
+}
+while(Get-Process -Id $serverPid -ErrorAction SilentlyContinue) {
+	Start-Sleep -Seconds 0.5
 }
 
 Remove-Item -Path locator -Recurse -Force
diff --git a/examples/cpp/authinitialize/stopserver.sh b/examples/cpp/authinitialize/stopserver.sh
index 4176d8e..fae134e 100644
--- a/examples/cpp/authinitialize/stopserver.sh
+++ b/examples/cpp/authinitialize/stopserver.sh
@@ -28,6 +28,6 @@ else
     fi
 fi
 
-$GFSH_PATH -e "connect" -e "stop server --name=server" -e "stop locator --name=locator"
+$GFSH_PATH -e "connect --locator=localhost[10334] --user=server --password=server" -e "shutdown
--include-locators=true"
 
 rm -rf locator server
diff --git a/examples/dotnet/authinitialize/startserver.ps1 b/examples/dotnet/authinitialize/startserver.ps1
index 354e7c3..b859386 100644
--- a/examples/dotnet/authinitialize/startserver.ps1
+++ b/examples/dotnet/authinitialize/startserver.ps1
@@ -35,11 +35,14 @@ else
 
 if ($GFSH_PATH -ne "")
 {
-  # Set this variable to include your java object that implements the Authenticator class
-  $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
+    # Set this variable to include your java object that implements the Authenticator class
+    $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
 
-  # Set this variable to the full name of your Authenticator.create function
-  $AUTHENTICATOR = 'javaobject.SimpleAuthenticator.create'
+    $COMMON_OPTS = "--J=-Dgemfire.security-username=server"
+    $COMMON_OPTS = "$COMMON_OPTS --J=-Dgemfire.security-password=server"
+    $COMMON_OPTS = "$COMMON_OPTS --classpath=$RESOLVEDPATH"
 
-  Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator'
-e 'start server --name=server --classpath=$RESOLVEDPATH --J=-Dgemfire.security-client-authenticator=$AUTHENTICATOR
--dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'"
+    $LOCATOR_OPTS = "$COMMON_OPTS --J=-Dgemfire.security-manager=javaobject.SimpleSecurityManager"
+
+    Invoke-Expression "$GFSH_PATH  -e 'start locator --name=locator $LOCATOR_OPTS' -e 'connect
--locator=localhost[10334] --user=server --password=server' -e 'start server --name=server
$COMMON_OPTS'  -e 'create region --name=region --type=PARTITION'"
 }
diff --git a/examples/dotnet/authinitialize/stopserver.ps1 b/examples/dotnet/authinitialize/stopserver.ps1
index ec2c218..6500a30 100644
--- a/examples/dotnet/authinitialize/stopserver.ps1
+++ b/examples/dotnet/authinitialize/stopserver.ps1
@@ -32,8 +32,20 @@ else
         $GFSH_PATH = "$env:GEODE_HOME\bin\gfsh.bat"
     }
 }
+$locatorPid = Get-Content -Path locator/vf.gf.locator.pid
+$serverPid = Get-Content -Path server/vf.gf.server.pid
 
 if ($GFSH_PATH -ne "")
 {
-   Invoke-Expression "$GFSH_PATH -e 'connect' -e 'destroy region --name=region' -e 'stop
server --name=server' -e 'stop locator --name=locator'"
-}
\ No newline at end of file
+   Invoke-Expression "$GFSH_PATH -e 'connect --locator=localhost[10334] --user=server --password=server'
-e 'shutdown --include-locators=true'"
+}
+
+while(Get-Process -Id $locatorPid -ErrorAction SilentlyContinue) {
+	Start-Sleep -Seconds 0.5
+}
+while(Get-Process -Id $serverPid -ErrorAction SilentlyContinue) {
+	Start-Sleep -Seconds 0.5
+}
+
+Remove-Item -Path locator -Recurse -Force
+Remove-Item -Path server -Recurse -Force
diff --git a/examples/utilities/CMakeLists.txt b/examples/utilities/CMakeLists.txt
index 0fe49ba..cbe5c06 100644
--- a/examples/utilities/CMakeLists.txt
+++ b/examples/utilities/CMakeLists.txt
@@ -22,7 +22,7 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMakeLists.txt.in ${CMAKE_CURRENT_BIN
 install(FILES
   ${CMAKE_CURRENT_BINARY_DIR}/CMakeLists.txt
   ${CMAKE_CURRENT_SOURCE_DIR}/ExampleMultiGetFunction.java
-  ${CMAKE_CURRENT_SOURCE_DIR}/SimpleAuthenticator.java
+  ${CMAKE_CURRENT_SOURCE_DIR}/SimpleSecurityManager.java
   ${CMAKE_CURRENT_SOURCE_DIR}/UserPasswordAuthInit.java
   ${CMAKE_CURRENT_SOURCE_DIR}/UsernamePrincipal.java
   DESTINATION examples/utilities)
diff --git a/examples/utilities/SimpleAuthenticator.java b/examples/utilities/SimpleAuthenticator.java
deleted file mode 100644
index 68f0909..0000000
--- a/examples/utilities/SimpleAuthenticator.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- * 
- *      http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package javaobject;
-
-import java.security.Principal;
-import java.util.Properties;
-
-import org.apache.geode.LogWriter;
-import org.apache.geode.distributed.DistributedMember;
-import org.apache.geode.security.AuthenticationFailedException;
-import org.apache.geode.security.Authenticator;
-import javaobject.UserPasswordAuthInit;
-import javaobject.UsernamePrincipal;
-
-/**
- * A dummy implementation of the {@link Authenticator} interface that expects a
- * user name and password allowing authentication depending on the format of the
- * user name.
- * 
- */
-public class SimpleAuthenticator implements Authenticator {
-
-  public static Authenticator create() {
-    return new SimpleAuthenticator();
-  }
-
-  public SimpleAuthenticator() {
-  }
-
-  public void init(Properties systemProps, LogWriter systemLogger,
-      LogWriter securityLogger) throws AuthenticationFailedException {
-  }
-
-  public static boolean testValidName(String userName) {
-
-    return (userName.startsWith("user") || userName.startsWith("reader")
-        || userName.startsWith("writer") || userName.equals("admin")
-        || userName.equals("root") || userName.equals("administrator"));
-  }
-
-  public Principal authenticate(Properties props, DistributedMember member)
-      throws AuthenticationFailedException {
-
-    String userName = props.getProperty(UserPasswordAuthInit.USER_NAME);
-    if (userName == null) {
-      throw new AuthenticationFailedException(
-          "SimpleAuthenticator: user name property ["
-              + UserPasswordAuthInit.USER_NAME + "] not provided");
-    }
-    String password = props.getProperty(UserPasswordAuthInit.PASSWORD);
-    if (password == null) {
-      throw new AuthenticationFailedException(
-          "SimpleAuthenticator: password property ["
-              + UserPasswordAuthInit.PASSWORD + "] not provided");
-    }
-
-    if (userName.equals(password) && testValidName(userName)) {
-      return new UsernamePrincipal(userName);
-    }
-    else {
-      throw new AuthenticationFailedException(
-          "SimpleAuthenticator: Invalid user name [" + userName
-              + "], password supplied.");
-    }
-  }
-
-  public void close() {
-  }
-
-}
diff --git a/examples/utilities/SimpleSecurityManager.java b/examples/utilities/SimpleSecurityManager.java
new file mode 100644
index 0000000..7dc8bd7
--- /dev/null
+++ b/examples/utilities/SimpleSecurityManager.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javaobject;
+
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.SecurityManager;
+
+import java.util.Properties;
+
+import javaobject.UserPasswordAuthInit;
+import javaobject.UsernamePrincipal;
+
+/**
+ * This Security manager only Authenticates - and allows any operations.
+ */
+public class SimpleSecurityManager implements SecurityManager {
+
+
+    /**
+     * Verify the credentials provided in the properties
+     * <p>
+     * Your security manager needs to validate credentials coming from all communication
channels.
+     * If you use AuthInitialize to generate your client/peer credentials, then the input
of this
+     * method is the output of your AuthInitialize.getCredentials method. But remember that
this
+     * method will also need to validate credentials coming from gfsh/jmx/rest client, the
framework
+     * is putting the username/password under security-username and security-password keys
in the
+     * property, so your securityManager implementation needs to validate these kind of properties
+     * as well.
+     *
+     * @param credentials it contains the security-username and security-password as keys
of the
+     *                    properties, also the properties generated by your AuthInitialize
interface
+     * @return a serializable principal object
+     */
+    @Override
+    public Object authenticate(Properties props) throws AuthenticationFailedException {
+        String userName = props.getProperty(UserPasswordAuthInit.USER_NAME);
+        if (userName == null) {
+            throw new AuthenticationFailedException(
+                    "SimpleSecurityManager: user name property ["
+                            + UserPasswordAuthInit.USER_NAME + "] not provided");
+        }
+        String password = props.getProperty(UserPasswordAuthInit.PASSWORD);
+        if (password == null) {
+            throw new AuthenticationFailedException(
+                    "SimpleSecurityManager: password property ["
+                            + UserPasswordAuthInit.PASSWORD + "] not provided");
+        }
+
+        if (userName.equals(password) && testValidName(userName)) {
+            return new UsernamePrincipal(userName);
+        } else {
+            throw new AuthenticationFailedException(
+                    "SimpleSecurityManager: Invalid user name [" + userName
+                            + "], password supplied.");
+        }
+    }
+
+    private boolean testValidName(String userName) {
+
+        return (userName.startsWith("server") || userName.startsWith("user")
+                || userName.startsWith("reader") || userName.startsWith("writer")
+                || userName.equals("admin")  || userName.equals("root")
+                || userName.equals("administrator"));
+    }
+}


Mime
View raw message