geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Schuchardt <bschucha...@pivotal.io>
Subject Re: geode git commit: GEODE-2775: Corrected setting of Pulse SSL Manager flag from System properties instead of pulse.properties when running in embedded mode.
Date Tue, 18 Apr 2017 17:06:46 GMT
spotlessCheck is broken by this commit

Le 4/17/2017 à 8:06 AM, jinmeiliao@apache.org a écrit :
> Repository: geode
> Updated Branches:
>    refs/heads/develop 3a3077094 -> 3423f6f5a
>
>
> GEODE-2775: Corrected setting of Pulse SSL Manager flag from System properties instead
of pulse.properties when running in embedded mode.
>
> * this closes #454
>
>
> Project: http://git-wip-us.apache.org/repos/asf/geode/repo
> Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/3423f6f5
> Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/3423f6f5
> Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/3423f6f5
>
> Branch: refs/heads/develop
> Commit: 3423f6f5a9102859fdae8a95c7715dfd64dacc75
> Parents: 3a30770
> Author: Patrick Rhomberg <prhomberg@pivotal.io>
> Authored: Wed Apr 12 11:39:11 2017 -0700
> Committer: Jinmei Liao <jiliao@pivotal.io>
> Committed: Mon Apr 17 08:06:01 2017 -0700
>
> ----------------------------------------------------------------------
>   .../tools/pulse/PulseSecurityWithSSLTest.java   | 83 ++++++++++++++++++++
>   .../management/internal/ManagementAgent.java    | 16 ++--
>   .../tools/pulse/internal/PulseAppListener.java  |  4 +
>   3 files changed, 95 insertions(+), 8 deletions(-)
> ----------------------------------------------------------------------
>
>
> http://git-wip-us.apache.org/repos/asf/geode/blob/3423f6f5/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
> ----------------------------------------------------------------------
> diff --git a/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
b/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
> new file mode 100644
> index 0000000..3b9cd72
> --- /dev/null
> +++ b/geode-assembly/src/test/java/org/apache/geode/tools/pulse/PulseSecurityWithSSLTest.java
> @@ -0,0 +1,83 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
> + * agreements. See the NOTICE file distributed with this work for additional information
regarding
> + * copyright ownership. The ASF licenses this file to You under the Apache License,
Version 2.0 (the
> + * "License"); you may not use this file except in compliance with the License. You
may obtain a
> + * copy of the License at
> + *
> + * http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software distributed under
the License
> + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express
> + * or implied. See the License for the specific language governing permissions and limitations
under
> + * the License.
> + */
> +
> +package org.apache.geode.tools.pulse;
> +
> +import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
> +import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
> +import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
> +import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
> +import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
> +import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
> +import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
> +import static org.apache.geode.util.test.TestUtil.getResourcePath;
> +import static org.assertj.core.api.Assertions.assertThat;
> +
> +import org.apache.geode.security.SecurableCommunicationChannels;
> +import org.apache.geode.security.SimpleTestSecurityManager;
> +import org.apache.geode.test.dunit.rules.HttpClientRule;
> +import org.apache.geode.test.dunit.rules.LocatorStarterRule;
> +import org.apache.geode.test.junit.categories.IntegrationTest;
> +import org.apache.http.HttpResponse;
> +import org.junit.BeforeClass;
> +import org.junit.ClassRule;
> +import org.junit.Rule;
> +import org.junit.Test;
> +import org.junit.experimental.categories.Category;
> +
> +import java.io.File;
> +import java.util.Properties;
> +
> +
> +@Category(IntegrationTest.class)
> +public class PulseSecurityWithSSLTest {
> +
> +  private static File jks =
> +      new File(getResourcePath(PulseSecurityWithSSLTest.class, "/ssl/trusted.keystore"));
> +
> +  @ClassRule
> +  public static LocatorStarterRule locator = new LocatorStarterRule();
> +
> +  @BeforeClass
> +  public static void beforeClass() throws Exception {
> +    Properties securityProps = new Properties();
> +    securityProps.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannels.JMX);
> +    securityProps.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
> +    securityProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
> +    // securityProps.setProperty(SSL_KEYSTORE_TYPE, "JKS");
> +    securityProps.setProperty(SSL_TRUSTSTORE, jks.getCanonicalPath());
> +    securityProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
> +    securityProps.setProperty(SSL_PROTOCOLS, "TLSv1.2");
> +    securityProps.setProperty(SSL_CIPHERS, "any");
> +
> +    locator.withSecurityManager(SimpleTestSecurityManager.class).withProperties(securityProps)
> +        .startLocator();
> +  }
> +
> +  @Rule
> +  public HttpClientRule client = new HttpClientRule(locator::getHttpPort);
> +
> +
> +  @Test
> +  public void loginWithIncorrectPassword() throws Exception {
> +    HttpResponse response = client.loginToPulse("data", "wrongPassword");
> +    assertThat(response.getStatusLine().getStatusCode()).isEqualTo(302);
> +    assertThat(response.getFirstHeader("Location").getValue())
> +        .contains("/pulse/login.html?error=BAD_CREDS");
> +
> +    client.loginToPulseAndVerify("data", "data");
> +  }
> +
> +}
>
> http://git-wip-us.apache.org/repos/asf/geode/blob/3423f6f5/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
> ----------------------------------------------------------------------
> diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
> index 025e5e5..5cbb990 100755
> --- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
> +++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
> @@ -100,6 +100,7 @@ public class ManagementAgent {
>      */
>     private static final String PULSE_EMBEDDED_PROP = "pulse.embedded";
>     private static final String PULSE_PORT_PROP = "pulse.port";
> +  private static final String PULSE_USESSL_MANAGER = "pulse.useSSL.manager";
>   
>     public ManagementAgent(DistributionConfig config) {
>       this.config = config;
> @@ -269,6 +270,10 @@ public class ManagementAgent {
>             System.setProperty(PULSE_EMBEDDED_PROP, "true");
>             System.setProperty(PULSE_PORT_PROP, "" + config.getJmxManagerPort());
>   
> +          final SocketCreator socketCreator =
> +              SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX);
> +          System.setProperty(PULSE_USESSL_MANAGER, socketCreator.useSSL() + "");
> +
>             this.httpServer = JettyHelper.startJetty(this.httpServer);
>   
>             // now, that Tomcat has been started, we can set the URL used by web
> @@ -504,14 +509,9 @@ public class ManagementAgent {
>         if (names.isEmpty()) {
>           try {
>             platformMBeanServer.registerMBean(acc, accessControlMBeanON);
> -          logger.info("Registered AccessContorlMBean on " + accessControlMBeanON);
> -        } catch (InstanceAlreadyExistsException e) {
> -          throw new GemFireConfigException("Error while configuring accesscontrol for
jmx resource",
> -              e);
> -        } catch (MBeanRegistrationException e) {
> -          throw new GemFireConfigException("Error while configuring accesscontrol for
jmx resource",
> -              e);
> -        } catch (NotCompliantMBeanException e) {
> +          logger.info("Registered AccessControlMBean on " + accessControlMBeanON);
> +        } catch (InstanceAlreadyExistsException | MBeanRegistrationException
> +            | NotCompliantMBeanException e) {
>             throw new GemFireConfigException("Error while configuring accesscontrol for
jmx resource",
>                 e);
>           }
>
> http://git-wip-us.apache.org/repos/asf/geode/blob/3423f6f5/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
> ----------------------------------------------------------------------
> diff --git a/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
b/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
> index 75bcc98..35f494b 100644
> --- a/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
> +++ b/geode-pulse/src/main/java/org/apache/geode/tools/pulse/internal/PulseAppListener.java
> @@ -169,6 +169,10 @@ public class PulseAppListener implements ServletContextListener
{
>   
>       // set SSL info
>       initializeSSL();
> +    if (sysIsEmbedded) {
> +      sysPulseUseSSLManager = Boolean
> +          .parseBoolean(System.getProperty(PulseConstants.SYSTEM_PROPERTY_PULSE_USESSL_MANAGER));
> +    }
>       repository.setUseSSLLocator(sysPulseUseSSLLocator);
>       repository.setUseSSLManager(sysPulseUseSSLManager);
>   
>
>


Mime
View raw message