Search in sources :

Example 1 with AdvancedNetworkConfig

use of com.hazelcast.config.AdvancedNetworkConfig in project hazelcast by hazelcast.

the class TestAdvancedNetworkApplicationContext method testAdvancedNetworkConfig.

@Test
public void testAdvancedNetworkConfig() {
    Config config = instance.getConfig();
    AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
    assertTrue(advancedNetworkConfig.isEnabled());
    TcpIpConfig tcpIpConfig = advancedNetworkConfig.getJoin().getTcpIpConfig();
    assertTrue(tcpIpConfig.isEnabled());
    assertEquals("127.0.0.1:5700", tcpIpConfig.getRequiredMember());
    assertFalse(advancedNetworkConfig.getJoin().getMulticastConfig().isEnabled());
    assertFalse(advancedNetworkConfig.getJoin().getAutoDetectionConfig().isEnabled());
    MemberAddressProviderConfig addressProviderConfig = advancedNetworkConfig.getMemberAddressProviderConfig();
    assertFalse(addressProviderConfig.isEnabled());
    ServerSocketEndpointConfig memberEndpointConfig = (ServerSocketEndpointConfig) advancedNetworkConfig.getEndpointConfigs().get(EndpointQualifier.MEMBER);
    assertEquals(5700, memberEndpointConfig.getPort());
    assertEquals(99, memberEndpointConfig.getPortCount());
    assertFalse(memberEndpointConfig.isPortAutoIncrement());
    assertTrue(memberEndpointConfig.getInterfaces().isEnabled());
    assertContains(memberEndpointConfig.getInterfaces().getInterfaces(), "127.0.0.1");
    assertTrue(memberEndpointConfig.isReuseAddress());
    assertTrue(memberEndpointConfig.getSocketInterceptorConfig().isEnabled());
    assertEquals("com.hazelcast.SocketInterceptor", memberEndpointConfig.getSocketInterceptorConfig().getClassName());
    assertTrue(memberEndpointConfig.isSocketBufferDirect());
    assertTrue(memberEndpointConfig.isSocketKeepAlive());
    assertFalse(memberEndpointConfig.isSocketTcpNoDelay());
    EndpointConfig wanConfig = advancedNetworkConfig.getEndpointConfigs().get(EndpointQualifier.resolve(ProtocolType.WAN, "wan-tokyo"));
    assertFalse(wanConfig.getInterfaces().isEnabled());
    assertTrue(wanConfig.getSymmetricEncryptionConfig().isEnabled());
    assertEquals("PBEWithMD5AndDES", wanConfig.getSymmetricEncryptionConfig().getAlgorithm());
    assertEquals("thesalt", wanConfig.getSymmetricEncryptionConfig().getSalt());
    assertEquals("thepass", wanConfig.getSymmetricEncryptionConfig().getPassword());
    assertEquals(19, wanConfig.getSymmetricEncryptionConfig().getIterationCount());
    ServerSocketEndpointConfig clientEndpointConfig = (ServerSocketEndpointConfig) advancedNetworkConfig.getEndpointConfigs().get(EndpointQualifier.CLIENT);
    assertEquals(9919, clientEndpointConfig.getPort());
    assertEquals(10, clientEndpointConfig.getPortCount());
    assertFalse(clientEndpointConfig.isPortAutoIncrement());
    assertTrue(clientEndpointConfig.isReuseAddress());
    RestServerEndpointConfig restServerEndpointConfig = advancedNetworkConfig.getRestEndpointConfig();
    assertEquals(9999, restServerEndpointConfig.getPort());
    assertTrue(restServerEndpointConfig.isPortAutoIncrement());
    assertContainsAll(restServerEndpointConfig.getEnabledGroups(), Arrays.asList(HEALTH_CHECK, CLUSTER_READ));
    WanReplicationConfig testWan = config.getWanReplicationConfig("testWan");
    WanBatchPublisherConfig tokyoWanPublisherConfig = testWan.getBatchPublisherConfigs().stream().filter(pc -> pc.getPublisherId().equals("tokyoPublisherId")).findFirst().get();
    assertNotNull(tokyoWanPublisherConfig);
    assertEquals("wan-tokyo", tokyoWanPublisherConfig.getEndpoint());
}
Also used : WanBatchPublisherConfig(com.hazelcast.config.WanBatchPublisherConfig) AdvancedNetworkConfig(com.hazelcast.config.AdvancedNetworkConfig) MemberAddressProviderConfig(com.hazelcast.config.MemberAddressProviderConfig) WanReplicationConfig(com.hazelcast.config.WanReplicationConfig) WanBatchPublisherConfig(com.hazelcast.config.WanBatchPublisherConfig) Config(com.hazelcast.config.Config) EndpointConfig(com.hazelcast.config.EndpointConfig) ServerSocketEndpointConfig(com.hazelcast.config.ServerSocketEndpointConfig) TcpIpConfig(com.hazelcast.config.TcpIpConfig) WanReplicationConfig(com.hazelcast.config.WanReplicationConfig) RestServerEndpointConfig(com.hazelcast.config.RestServerEndpointConfig) AdvancedNetworkConfig(com.hazelcast.config.AdvancedNetworkConfig) MemberAddressProviderConfig(com.hazelcast.config.MemberAddressProviderConfig) ServerSocketEndpointConfig(com.hazelcast.config.ServerSocketEndpointConfig) TcpIpConfig(com.hazelcast.config.TcpIpConfig) RestServerEndpointConfig(com.hazelcast.config.RestServerEndpointConfig) EndpointConfig(com.hazelcast.config.EndpointConfig) ServerSocketEndpointConfig(com.hazelcast.config.ServerSocketEndpointConfig) RestServerEndpointConfig(com.hazelcast.config.RestServerEndpointConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 2 with AdvancedNetworkConfig

use of com.hazelcast.config.AdvancedNetworkConfig in project hazelcast by hazelcast.

the class TcpServerContext method initMemcacheProtocolConfig.

private static MemcacheProtocolConfig initMemcacheProtocolConfig(Config config) {
    AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
    boolean isAdvancedNetwork = advancedNetworkConfig.isEnabled();
    if (isAdvancedNetwork && config.getAdvancedNetworkConfig().getEndpointConfigs().get(MEMCACHE) != null) {
        return new MemcacheProtocolConfig().setEnabled(true);
    }
    return config.getNetworkConfig().getMemcacheProtocolConfig();
}
Also used : AdvancedNetworkConfig(com.hazelcast.config.AdvancedNetworkConfig) MemcacheProtocolConfig(com.hazelcast.config.MemcacheProtocolConfig)

Example 3 with AdvancedNetworkConfig

use of com.hazelcast.config.AdvancedNetworkConfig in project hazelcast by hazelcast.

the class TcpServerContext method initRestApiConfig.

private static RestApiConfig initRestApiConfig(Config config) {
    AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
    boolean isAdvancedNetwork = advancedNetworkConfig.isEnabled();
    RestApiConfig restApiConfig = config.getNetworkConfig().getRestApiConfig();
    if (isAdvancedNetwork && advancedNetworkConfig.getEndpointConfigs().get(REST) != null) {
        RestServerEndpointConfig restServerEndpointConfig = advancedNetworkConfig.getRestEndpointConfig();
        restApiConfig.setEnabled(true).setEnabledGroups(restServerEndpointConfig.getEnabledGroups());
    }
    return restApiConfig;
}
Also used : RestApiConfig(com.hazelcast.config.RestApiConfig) AdvancedNetworkConfig(com.hazelcast.config.AdvancedNetworkConfig) RestServerEndpointConfig(com.hazelcast.config.RestServerEndpointConfig)

Example 4 with AdvancedNetworkConfig

use of com.hazelcast.config.AdvancedNetworkConfig in project hazelcast by hazelcast.

the class ChannelInitializerFunction method init.

public void init() {
    AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
    if (!advancedNetworkConfig.isEnabled() || advancedNetworkConfig.getEndpointConfigs().isEmpty()) {
        initializerMap = Collections.emptyMap();
        return;
    }
    Map<EndpointQualifier, ChannelInitializer> map = new HashMap<EndpointQualifier, ChannelInitializer>();
    for (EndpointConfig endpointConfig : advancedNetworkConfig.getEndpointConfigs().values()) {
        checkSslConfigAvailability(endpointConfig.getSSLConfig());
        switch(endpointConfig.getProtocolType()) {
            case MEMBER:
                map.put(EndpointQualifier.MEMBER, provideMemberChannelInitializer(endpointConfig));
                break;
            case CLIENT:
                map.put(EndpointQualifier.CLIENT, provideClientChannelInitializer(endpointConfig));
                break;
            case REST:
                map.put(EndpointQualifier.REST, provideTextChannelInitializer(endpointConfig, true));
                break;
            case MEMCACHE:
                map.put(EndpointQualifier.MEMCACHE, provideTextChannelInitializer(endpointConfig, false));
                break;
            case WAN:
                map.put(endpointConfig.getQualifier(), provideMemberChannelInitializer(endpointConfig));
                break;
            default:
                throw new IllegalStateException("Cannot build channel initializer for protocol type " + endpointConfig.getProtocolType());
        }
    }
    initializerMap = map;
}
Also used : AdvancedNetworkConfig(com.hazelcast.config.AdvancedNetworkConfig) HashMap(java.util.HashMap) EndpointQualifier(com.hazelcast.instance.EndpointQualifier) TextChannelInitializer(com.hazelcast.internal.nio.ascii.TextChannelInitializer) ChannelInitializer(com.hazelcast.internal.networking.ChannelInitializer) EndpointConfig(com.hazelcast.config.EndpointConfig)

Example 5 with AdvancedNetworkConfig

use of com.hazelcast.config.AdvancedNetworkConfig in project hazelcast by hazelcast.

the class NodeSecurityBanner method printSecurityFeaturesInfo.

@SuppressWarnings({ "checkstyle:CyclomaticComplexity", "checkstyle:MethodLength" })
private void printSecurityFeaturesInfo(Config config, Level logLevel) {
    StringBuilder sb = new StringBuilder("\n").append(getLockEmo()).append("Security recommendations and their status:");
    addSecurityFeatureCheck(sb, "Use a custom cluster name", !Config.DEFAULT_CLUSTER_NAME.equals(config.getClusterName()));
    addSecurityFeatureCheck(sb, "Disable member multicast discovery/join method", !multicastUsed);
    AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
    addSecurityFeatureCheck(sb, "Use advanced networking, separate client and member sockets", advancedNetworkConfig.isEnabled());
    boolean bindAny = properties.getBoolean(SOCKET_SERVER_BIND_ANY);
    addSecurityFeatureCheck(sb, "Bind Server sockets to a single network interface (disable " + SOCKET_SERVER_BIND_ANY.getName() + ")", !bindAny);
    StringBuilder tlsSb = new StringBuilder();
    boolean tlsUsed = true;
    if (advancedNetworkConfig.isEnabled()) {
        for (Map.Entry<EndpointQualifier, EndpointConfig> e : advancedNetworkConfig.getEndpointConfigs().entrySet()) {
            tlsUsed = addAdvNetworkTlsInfo(tlsSb, e.getKey(), e.getValue().getSSLConfig()) && tlsUsed;
        }
    } else {
        SSLConfig sslConfig = config.getNetworkConfig().getSSLConfig();
        tlsUsed = addSecurityFeatureCheck(tlsSb, "Use TLS communication protection (Enterprise)", sslConfig != null && sslConfig.isEnabled());
    }
    boolean jetEnabled = config.getJetConfig().isEnabled();
    if (jetEnabled) {
        boolean trustedEnv = tlsUsed || !bindAny;
        addSecurityFeatureCheck(sb, "Use Jet in trusted environments only (single network interface and/or TLS enabled)", trustedEnv);
        if (config.getJetConfig().isResourceUploadEnabled()) {
            addSecurityFeatureInfo(sb, "Jet resource upload is enabled. Any uploaded code can be executed within " + "Hazelcast. Use this in trusted environments only.");
        }
    }
    if (config.getUserCodeDeploymentConfig().isEnabled()) {
        addSecurityFeatureInfo(sb, "User code deployment is enabled. Any uploaded code can be executed within " + "Hazelcast. Use this in trusted environments only.");
    }
    addSecurityFeatureCheck(sb, "Disable scripting in the Management Center", !config.getManagementCenterConfig().isScriptingEnabled());
    addSecurityFeatureCheck(sb, "Disable console in the Management Center", !config.getManagementCenterConfig().isConsoleEnabled());
    SecurityConfig securityConfig = config.getSecurityConfig();
    boolean securityEnabled = securityConfig != null && securityConfig.isEnabled();
    addSecurityFeatureCheck(sb, "Enable Security (Enterprise)", securityEnabled);
    if (securityEnabled) {
        checkAuthnConfigured(sb, securityConfig, "member-authentication", securityConfig.getMemberRealm());
        checkAuthnConfigured(sb, securityConfig, "client-authentication", securityConfig.getClientRealm());
    }
    // TLS here
    sb.append(tlsSb.toString());
    PersistenceConfig persistenceConfig = config.getPersistenceConfig();
    if (persistenceConfig != null && persistenceConfig.isEnabled()) {
        EncryptionAtRestConfig encryptionAtRestConfig = persistenceConfig.getEncryptionAtRestConfig();
        addSecurityFeatureCheck(sb, "Enable encryption-at-rest in the Persistence config (Enterprise)", encryptionAtRestConfig != null && encryptionAtRestConfig.isEnabled());
    }
    AuditlogConfig auditlogConfig = config.getAuditlogConfig();
    addSecurityFeatureCheck(sb, "Enable auditlog (Enterprise)", auditlogConfig != null && auditlogConfig.isEnabled());
    sb.append("\nCheck the hazelcast-security-hardened.xml/yaml example config file to find why and how to configure" + " these security related settings.\n");
    securityLogger.log(logLevel, sb.toString());
}
Also used : AdvancedNetworkConfig(com.hazelcast.config.AdvancedNetworkConfig) SSLConfig(com.hazelcast.config.SSLConfig) EncryptionAtRestConfig(com.hazelcast.config.EncryptionAtRestConfig) SecurityConfig(com.hazelcast.config.SecurityConfig) PersistenceConfig(com.hazelcast.config.PersistenceConfig) EndpointQualifier(com.hazelcast.instance.EndpointQualifier) AuditlogConfig(com.hazelcast.config.AuditlogConfig) Map(java.util.Map) EndpointConfig(com.hazelcast.config.EndpointConfig)

Aggregations

AdvancedNetworkConfig (com.hazelcast.config.AdvancedNetworkConfig)12 Config (com.hazelcast.config.Config)7 RestServerEndpointConfig (com.hazelcast.config.RestServerEndpointConfig)5 ServerSocketEndpointConfig (com.hazelcast.config.ServerSocketEndpointConfig)5 EndpointConfig (com.hazelcast.config.EndpointConfig)4 JoinConfig (com.hazelcast.config.JoinConfig)4 NetworkConfig (com.hazelcast.config.NetworkConfig)2 TcpIpConfig (com.hazelcast.config.TcpIpConfig)2 EndpointQualifier (com.hazelcast.instance.EndpointQualifier)2 AuditlogConfig (com.hazelcast.config.AuditlogConfig)1 EncryptionAtRestConfig (com.hazelcast.config.EncryptionAtRestConfig)1 MemberAddressProviderConfig (com.hazelcast.config.MemberAddressProviderConfig)1 MemcacheProtocolConfig (com.hazelcast.config.MemcacheProtocolConfig)1 PersistenceConfig (com.hazelcast.config.PersistenceConfig)1 RestApiConfig (com.hazelcast.config.RestApiConfig)1 SSLConfig (com.hazelcast.config.SSLConfig)1 SecurityConfig (com.hazelcast.config.SecurityConfig)1 WanBatchPublisherConfig (com.hazelcast.config.WanBatchPublisherConfig)1 WanReplicationConfig (com.hazelcast.config.WanReplicationConfig)1 HazelcastInstance (com.hazelcast.core.HazelcastInstance)1