Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 68312200BB9 for ; Mon, 7 Nov 2016 20:42:58 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 66DB7160AEC; Mon, 7 Nov 2016 19:42:58 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 8584E160AE0 for ; Mon, 7 Nov 2016 20:42:57 +0100 (CET) Received: (qmail 37004 invoked by uid 500); 7 Nov 2016 19:42:56 -0000 Mailing-List: contact issues-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list issues@geode.incubator.apache.org Received: (qmail 36995 invoked by uid 99); 7 Nov 2016 19:42:56 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Nov 2016 19:42:56 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id E960718887D for ; Mon, 7 Nov 2016 19:42:55 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -6.219 X-Spam-Level: X-Spam-Status: No, score=-6.219 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.999] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id powUibMyfvkm for ; Mon, 7 Nov 2016 19:42:54 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id E70CF5F1B8 for ; Mon, 7 Nov 2016 19:42:52 +0000 (UTC) Received: (qmail 35120 invoked by uid 99); 7 Nov 2016 19:41:59 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Nov 2016 19:41:59 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 388142C2A6B for ; Mon, 7 Nov 2016 19:41:59 +0000 (UTC) Date: Mon, 7 Nov 2016 19:41:59 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: issues@geode.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (GEODE-1993) value returned through /region/key rest service needs to be post processed MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 07 Nov 2016 19:42:58 -0000 [ https://issues.apache.org/jira/browse/GEODE-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15645205#comment-15645205 ] ASF GitHub Bot commented on GEODE-1993: --------------------------------------- Github user kjduling commented on a diff in the pull request: https://github.com/apache/incubator-geode/pull/276#discussion_r86852018 --- Diff: geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityPostProcessorTest.java --- @@ -0,0 +1,185 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.rest.internal.web; + +import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_BIND_ADDRESS; +import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_PORT; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; +import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR; +import static org.apache.geode.distributed.ConfigurationProperties.START_DEV_REST_API; +import static org.apache.geode.rest.internal.web.GeodeRestClient.getCode; +import static org.apache.geode.rest.internal.web.GeodeRestClient.getContentType; +import static org.apache.geode.rest.internal.web.GeodeRestClient.getJsonArray; +import static org.apache.geode.rest.internal.web.GeodeRestClient.getJsonObject; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import org.apache.commons.io.IOUtils; +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.cache.execute.FunctionService; +import org.apache.geode.internal.AvailablePortHelper; +import org.apache.geode.rest.internal.web.controllers.GetRegions; +import org.apache.geode.security.templates.SamplePostProcessor; +import org.apache.geode.security.templates.SampleSecurityManager; +import org.apache.geode.test.dunit.rules.ServerStarterRule; +import org.apache.geode.test.junit.categories.IntegrationTest; +import org.apache.geode.test.junit.categories.SecurityTest; +import org.apache.http.HttpResponse; +import org.json.JSONArray; +import org.json.JSONObject; +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.springframework.http.MediaType; + +import java.net.URLEncoder; +import java.util.Properties; + + +@Category({IntegrationTest.class, SecurityTest.class}) +public class RestSecurityPostProcessorTest { + + static final String REGION_NAME = "AuthRegion"; + + static int restPort = AvailablePortHelper.getRandomAvailableTCPPort(); + static Properties properties = new Properties() { + { + setProperty(SampleSecurityManager.SECURITY_JSON, + "org/apache/geode/management/internal/security/clientServer.json"); + setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName()); + setProperty(START_DEV_REST_API, "true"); + setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost"); + setProperty(HTTP_SERVICE_PORT, restPort + ""); + setProperty(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName()); + } + }; + + @ClassRule + public static ServerStarterRule serverStarter = new ServerStarterRule(properties); + private final GeodeRestClient restClient = new GeodeRestClient("localhost", restPort); + + @BeforeClass + public static void before() throws Exception { + serverStarter.startServer(); + Region region = + serverStarter.cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME); + region.put("key1", + "{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.bean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225}"); + region.put("key2", "bar"); + serverStarter.cache.createRegionFactory(RegionShortcut.REPLICATE).create("customers"); + FunctionService.registerFunction(new GetRegions()); + } + + /** + * Test post-processing of a retrieved key from the server. + */ + @Test + public void getRegionKey() throws Exception { + + // Test a single key + HttpResponse response = restClient.doGet("/" + REGION_NAME + "/key1", "key1User", "1234567"); + assertEquals(200, getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, getContentType(response)); + + String body = IOUtils.toString(response.getEntity().getContent(), "UTF-8"); + assertTrue(body.startsWith("\"key1User/" + REGION_NAME + "/key1/")); + + // Test multiple keys + response = restClient.doGet("/" + REGION_NAME + "/key1,key2", "dataReader", "1234567"); + assertEquals(200, getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, getContentType(response)); + + JSONObject jsonObject = getJsonObject(response); + JSONArray jsonArray = jsonObject.getJSONArray(REGION_NAME); + final int length = jsonArray.length(); + for (int index = 0; index < length; ++index) { + String data = jsonArray.getString(index); + assertTrue(data.contains("dataReader/" + REGION_NAME + "/")); + } + } + + @Test + public void getRegion() throws Exception { + HttpResponse response = restClient.doGet("/" + REGION_NAME, "dataReader", "1234567"); + assertEquals(200, getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, getContentType(response)); + + JSONObject jsonObject = getJsonObject(response); + JSONArray jsonArray = jsonObject.getJSONArray(REGION_NAME); + final int length = jsonArray.length(); + for (int index = 0; index < length; ++index) { + String data = jsonArray.getString(index); + assertTrue(data.contains("dataReader/" + REGION_NAME + "/")); + } + } + + @Test + public void adhocQuery() throws Exception { + String query = + "/queries/adhoc?q=" + URLEncoder.encode("SELECT * FROM /" + REGION_NAME, "UTF-8"); + HttpResponse response = restClient.doGet(query, "dataReader", "1234567"); + assertEquals(200, getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, getContentType(response)); + + JSONArray jsonArray = getJsonArray(response); + final int length = jsonArray.length(); + for (int index = 0; index < length; ++index) { + String data = jsonArray.getString(index); + assertTrue(data.contains("dataReader/" + REGION_NAME + "/")); + } + } + + @Test + public void namedQuery() throws Exception { + String namedQuery = "SELECT c FROM /customers c WHERE c.customerId = $1"; + + HttpResponse response = + restClient.doPost("/queries?id=selectCustomer&q=" + URLEncoder.encode(namedQuery, "UTF-8"), + "dataReader", "1234567", ""); + assertEquals(201, getCode(response)); + + String query = "/queries"; + response = restClient.doGet(query, "dataReader", "1234567"); + assertEquals(200, getCode(response)); + assertEquals(MediaType.APPLICATION_JSON_UTF8_VALUE, getContentType(response)); + + String customerJson = --- End diff -- This breaks from the pattern RestAPIsQueryAndFEJUnitTest follows. But as you said in an earlier comment about the Orders, it will read cleaner. > value returned through /region/key rest service needs to be post processed > -------------------------------------------------------------------------- > > Key: GEODE-1993 > URL: https://issues.apache.org/jira/browse/GEODE-1993 > Project: Geode > Issue Type: New Feature > Components: management > Reporter: Jinmei Liao > Assignee: Kevin Duling > Fix For: 1.1.0-incubating > > > The new rest security did not use post processor before returning the value back to the client. -- This message was sent by Atlassian JIRA (v6.3.4#6332)