Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 2B19B200D20 for ; Tue, 17 Oct 2017 18:46:05 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 295EF1609D9; Tue, 17 Oct 2017 16:46:05 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 51E7D1609EB for ; Tue, 17 Oct 2017 18:46:04 +0200 (CEST) Received: (qmail 23812 invoked by uid 500); 17 Oct 2017 16:46:03 -0000 Mailing-List: contact issues-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list issues@geode.apache.org Received: (qmail 23803 invoked by uid 99); 17 Oct 2017 16:46:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Oct 2017 16:46:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id AB06718071A for ; Tue, 17 Oct 2017 16:46:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 44uYd_fanEGU for ; Tue, 17 Oct 2017 16:46:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 1ACA75F477 for ; Tue, 17 Oct 2017 16:46:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id A2954E099A for ; Tue, 17 Oct 2017 16:46:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 5FEAA24390 for ; Tue, 17 Oct 2017 16:46:00 +0000 (UTC) Date: Tue, 17 Oct 2017 16:46:00 +0000 (UTC) From: "ASF subversion and git services (JIRA)" To: issues@geode.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (GEODE-3827) SecurityManager is leaked from one Cache to another MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 17 Oct 2017 16:46:05 -0000 [ https://issues.apache.org/jira/browse/GEODE-3827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16207893#comment-16207893 ] ASF subversion and git services commented on GEODE-3827: -------------------------------------------------------- Commit 0f72bef2a152b670868f582d9dfeafd794bed871 in geode's branch refs/heads/develop from [~jstewart] [ https://gitbox.apache.org/repos/asf?p=geode.git;h=0f72bef ] GEODE-3827: SecurityManager does not leak between separate CacheFactory's > SecurityManager is leaked from one Cache to another > --------------------------------------------------- > > Key: GEODE-3827 > URL: https://issues.apache.org/jira/browse/GEODE-3827 > Project: Geode > Issue Type: Bug > Components: configuration, security > Reporter: Galen O'Sullivan > Assignee: Jared Stewart > Fix For: 1.4.0 > > > After creating and closing Cache, the SecurityManager is visible to the next Cache created. This only happens if CacheServer.setSecurityManager is called, not if the class is specified via property. This is causing failure of some integration tests we'd like to add. > I've created a minimal working example, also visible on branch {{SecurityManager-integration-test}} of https://github.com/galen-pivotal/geode > {code} > package org.apache.geode.security; > import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS; > import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT; > import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER; > import static org.assertj.core.api.Assertions.assertThat; > import java.util.Properties; > import org.junit.Test; > import org.apache.geode.cache.CacheFactory; > import org.apache.geode.examples.SimpleSecurityManager; > import org.apache.geode.internal.cache.InternalCache; > import org.apache.geode.internal.security.SecurityService; > /** > * This test verifies that when a SecurityManager is set, it does not persist between Cache > * creations. > * > * We had seen this issue, and it broke integration tests. > */ > public class SecurityManagerPersistenceIntegrationTest { > private static final Properties defaultProperties; > static { > Properties properties = new Properties(); > properties.setProperty(MCAST_PORT, "0"); > properties.setProperty(LOCATORS, ""); > defaultProperties = properties; > } > @Test > public void doesNotPersistWhenSetViaCacheFactoryJavaApi() { > CacheFactory firstCacheFactory = new CacheFactory(new Properties(defaultProperties)); > SecurityManager securityManager = new SimpleSecurityManager(); > firstCacheFactory.setSecurityManager(securityManager); > InternalCache firstCache = (InternalCache) firstCacheFactory.create(); > firstCache.close(); > CacheFactory cacheFactory = new CacheFactory(new Properties(defaultProperties)); > try (InternalCache cache = (InternalCache) cacheFactory.create()) { > assertCacheHasNoSecurity(cache); > } > } > @Test > public void doesNotPersistWhenSetWithProperty() { > Properties properties = new Properties(defaultProperties); > properties.setProperty(SECURITY_MANAGER, SimpleSecurityManager.class.getName()); > CacheFactory firstCacheFactory = new CacheFactory(properties); > InternalCache firstCache = (InternalCache) firstCacheFactory.create(); > firstCache.close(); > // Make sure we're using a fresh CacheFactory, so the test is valid. > CacheFactory cacheFactory = new CacheFactory(new Properties(defaultProperties)); > try (InternalCache cache = (InternalCache) cacheFactory.create()) { > assertCacheHasNoSecurity(cache); > } > } > private void assertCacheHasNoSecurity(InternalCache cache) { > SecurityService securityService = cache.getSecurityService(); > assertThat(securityService.isIntegratedSecurity()).isFalse(); > assertThat(securityService.isClientSecurityRequired()).isFalse(); > assertThat(securityService.isPeerSecurityRequired()).isFalse(); > // We expect null if it's not set, but there could be a default security manager if > // implementation details change. > if (securityService.getSecurityManager() != null) { > assertThat(securityService.getSecurityManager()) > .describedAs("Security manager is not the same as the previously existing Cache") > .isNotInstanceOf(SpySecurityManager.class); > } > } > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)