use of com.hazelcast.config.EndpointConfig in project hazelcast by hazelcast.
the class TestAdvancedNetworkApplicationContext method testAdvancedNetworkConfig.
@Test
public void testAdvancedNetworkConfig() {
Config config = instance.getConfig();
AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
assertTrue(advancedNetworkConfig.isEnabled());
TcpIpConfig tcpIpConfig = advancedNetworkConfig.getJoin().getTcpIpConfig();
assertTrue(tcpIpConfig.isEnabled());
assertEquals("127.0.0.1:5700", tcpIpConfig.getRequiredMember());
assertFalse(advancedNetworkConfig.getJoin().getMulticastConfig().isEnabled());
assertFalse(advancedNetworkConfig.getJoin().getAutoDetectionConfig().isEnabled());
MemberAddressProviderConfig addressProviderConfig = advancedNetworkConfig.getMemberAddressProviderConfig();
assertFalse(addressProviderConfig.isEnabled());
ServerSocketEndpointConfig memberEndpointConfig = (ServerSocketEndpointConfig) advancedNetworkConfig.getEndpointConfigs().get(EndpointQualifier.MEMBER);
assertEquals(5700, memberEndpointConfig.getPort());
assertEquals(99, memberEndpointConfig.getPortCount());
assertFalse(memberEndpointConfig.isPortAutoIncrement());
assertTrue(memberEndpointConfig.getInterfaces().isEnabled());
assertContains(memberEndpointConfig.getInterfaces().getInterfaces(), "127.0.0.1");
assertTrue(memberEndpointConfig.isReuseAddress());
assertTrue(memberEndpointConfig.getSocketInterceptorConfig().isEnabled());
assertEquals("com.hazelcast.SocketInterceptor", memberEndpointConfig.getSocketInterceptorConfig().getClassName());
assertTrue(memberEndpointConfig.isSocketBufferDirect());
assertTrue(memberEndpointConfig.isSocketKeepAlive());
assertFalse(memberEndpointConfig.isSocketTcpNoDelay());
EndpointConfig wanConfig = advancedNetworkConfig.getEndpointConfigs().get(EndpointQualifier.resolve(ProtocolType.WAN, "wan-tokyo"));
assertFalse(wanConfig.getInterfaces().isEnabled());
assertTrue(wanConfig.getSymmetricEncryptionConfig().isEnabled());
assertEquals("PBEWithMD5AndDES", wanConfig.getSymmetricEncryptionConfig().getAlgorithm());
assertEquals("thesalt", wanConfig.getSymmetricEncryptionConfig().getSalt());
assertEquals("thepass", wanConfig.getSymmetricEncryptionConfig().getPassword());
assertEquals(19, wanConfig.getSymmetricEncryptionConfig().getIterationCount());
ServerSocketEndpointConfig clientEndpointConfig = (ServerSocketEndpointConfig) advancedNetworkConfig.getEndpointConfigs().get(EndpointQualifier.CLIENT);
assertEquals(9919, clientEndpointConfig.getPort());
assertEquals(10, clientEndpointConfig.getPortCount());
assertFalse(clientEndpointConfig.isPortAutoIncrement());
assertTrue(clientEndpointConfig.isReuseAddress());
RestServerEndpointConfig restServerEndpointConfig = advancedNetworkConfig.getRestEndpointConfig();
assertEquals(9999, restServerEndpointConfig.getPort());
assertTrue(restServerEndpointConfig.isPortAutoIncrement());
assertContainsAll(restServerEndpointConfig.getEnabledGroups(), Arrays.asList(HEALTH_CHECK, CLUSTER_READ));
WanReplicationConfig testWan = config.getWanReplicationConfig("testWan");
WanBatchPublisherConfig tokyoWanPublisherConfig = testWan.getBatchPublisherConfigs().stream().filter(pc -> pc.getPublisherId().equals("tokyoPublisherId")).findFirst().get();
assertNotNull(tokyoWanPublisherConfig);
assertEquals("wan-tokyo", tokyoWanPublisherConfig.getEndpoint());
}
use of com.hazelcast.config.EndpointConfig in project hazelcast by hazelcast.
the class ChannelInitializerFunction method init.
public void init() {
AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
if (!advancedNetworkConfig.isEnabled() || advancedNetworkConfig.getEndpointConfigs().isEmpty()) {
initializerMap = Collections.emptyMap();
return;
}
Map<EndpointQualifier, ChannelInitializer> map = new HashMap<EndpointQualifier, ChannelInitializer>();
for (EndpointConfig endpointConfig : advancedNetworkConfig.getEndpointConfigs().values()) {
checkSslConfigAvailability(endpointConfig.getSSLConfig());
switch(endpointConfig.getProtocolType()) {
case MEMBER:
map.put(EndpointQualifier.MEMBER, provideMemberChannelInitializer(endpointConfig));
break;
case CLIENT:
map.put(EndpointQualifier.CLIENT, provideClientChannelInitializer(endpointConfig));
break;
case REST:
map.put(EndpointQualifier.REST, provideTextChannelInitializer(endpointConfig, true));
break;
case MEMCACHE:
map.put(EndpointQualifier.MEMCACHE, provideTextChannelInitializer(endpointConfig, false));
break;
case WAN:
map.put(endpointConfig.getQualifier(), provideMemberChannelInitializer(endpointConfig));
break;
default:
throw new IllegalStateException("Cannot build channel initializer for protocol type " + endpointConfig.getProtocolType());
}
}
initializerMap = map;
}
use of com.hazelcast.config.EndpointConfig in project hazelcast by hazelcast.
the class ConfigValidator method checkAdvancedNetworkConfig.
@SuppressWarnings({ "checkstyle:npathcomplexity", "checkstyle:cyclomaticcomplexity", "checkstyle:booleanexpressioncomplexity" })
public static void checkAdvancedNetworkConfig(Config config) {
if (!config.getAdvancedNetworkConfig().isEnabled()) {
return;
}
EnumMap<ProtocolType, MutableInteger> serverSocketsPerProtocolType = new EnumMap<>(ProtocolType.class);
for (ProtocolType protocolType : ProtocolType.values()) {
serverSocketsPerProtocolType.put(protocolType, new MutableInteger());
}
Map<EndpointQualifier, EndpointConfig> endpointConfigs = config.getAdvancedNetworkConfig().getEndpointConfigs();
for (EndpointConfig endpointConfig : endpointConfigs.values()) {
if (endpointConfig instanceof ServerSocketEndpointConfig) {
serverSocketsPerProtocolType.get(endpointConfig.getProtocolType()).getAndInc();
}
}
for (ProtocolType protocolType : ProtocolType.values()) {
int serverSocketCount = serverSocketsPerProtocolType.get(protocolType).value;
if (serverSocketCount > protocolType.getServerSocketCardinality()) {
throw new InvalidConfigurationException(format("Protocol type %s allows definition " + "of up to %d server sockets but %d were configured", protocolType, protocolType.getServerSocketCardinality(), serverSocketCount));
}
}
// ensure there is 1 MEMBER type server socket
if (serverSocketsPerProtocolType.get(MEMBER).value != 1) {
throw new InvalidConfigurationException("A member-server-socket-endpoint" + " configuration is required for the cluster to form.");
}
// endpoint qualifiers referenced by WAN publishers must exist
for (WanReplicationConfig wanReplicationConfig : config.getWanReplicationConfigs().values()) {
for (WanBatchPublisherConfig wanPublisherConfig : wanReplicationConfig.getBatchPublisherConfigs()) {
if (wanPublisherConfig.getEndpoint() != null) {
EndpointQualifier qualifier = EndpointQualifier.resolve(WAN, wanPublisherConfig.getEndpoint());
if (endpointConfigs.get(qualifier) == null) {
throw new InvalidConfigurationException(format("WAN publisher config for cluster name '%s' requires an wan-endpoint " + "config with identifier '%s' but none was found", wanPublisherConfig.getClusterName(), wanPublisherConfig.getEndpoint()));
}
}
}
}
}
use of com.hazelcast.config.EndpointConfig in project hazelcast by hazelcast.
the class Node method hasClientServerSocket.
private boolean hasClientServerSocket() {
if (!config.getAdvancedNetworkConfig().isEnabled()) {
return true;
}
Map<EndpointQualifier, EndpointConfig> endpointConfigs = config.getAdvancedNetworkConfig().getEndpointConfigs();
EndpointConfig clientEndpointConfig = endpointConfigs.get(CLIENT);
return clientEndpointConfig != null;
}
use of com.hazelcast.config.EndpointConfig in project hazelcast by hazelcast.
the class NodeSecurityBanner method printSecurityFeaturesInfo.
@SuppressWarnings({ "checkstyle:CyclomaticComplexity", "checkstyle:MethodLength" })
private void printSecurityFeaturesInfo(Config config, Level logLevel) {
StringBuilder sb = new StringBuilder("\n").append(getLockEmo()).append("Security recommendations and their status:");
addSecurityFeatureCheck(sb, "Use a custom cluster name", !Config.DEFAULT_CLUSTER_NAME.equals(config.getClusterName()));
addSecurityFeatureCheck(sb, "Disable member multicast discovery/join method", !multicastUsed);
AdvancedNetworkConfig advancedNetworkConfig = config.getAdvancedNetworkConfig();
addSecurityFeatureCheck(sb, "Use advanced networking, separate client and member sockets", advancedNetworkConfig.isEnabled());
boolean bindAny = properties.getBoolean(SOCKET_SERVER_BIND_ANY);
addSecurityFeatureCheck(sb, "Bind Server sockets to a single network interface (disable " + SOCKET_SERVER_BIND_ANY.getName() + ")", !bindAny);
StringBuilder tlsSb = new StringBuilder();
boolean tlsUsed = true;
if (advancedNetworkConfig.isEnabled()) {
for (Map.Entry<EndpointQualifier, EndpointConfig> e : advancedNetworkConfig.getEndpointConfigs().entrySet()) {
tlsUsed = addAdvNetworkTlsInfo(tlsSb, e.getKey(), e.getValue().getSSLConfig()) && tlsUsed;
}
} else {
SSLConfig sslConfig = config.getNetworkConfig().getSSLConfig();
tlsUsed = addSecurityFeatureCheck(tlsSb, "Use TLS communication protection (Enterprise)", sslConfig != null && sslConfig.isEnabled());
}
boolean jetEnabled = config.getJetConfig().isEnabled();
if (jetEnabled) {
boolean trustedEnv = tlsUsed || !bindAny;
addSecurityFeatureCheck(sb, "Use Jet in trusted environments only (single network interface and/or TLS enabled)", trustedEnv);
if (config.getJetConfig().isResourceUploadEnabled()) {
addSecurityFeatureInfo(sb, "Jet resource upload is enabled. Any uploaded code can be executed within " + "Hazelcast. Use this in trusted environments only.");
}
}
if (config.getUserCodeDeploymentConfig().isEnabled()) {
addSecurityFeatureInfo(sb, "User code deployment is enabled. Any uploaded code can be executed within " + "Hazelcast. Use this in trusted environments only.");
}
addSecurityFeatureCheck(sb, "Disable scripting in the Management Center", !config.getManagementCenterConfig().isScriptingEnabled());
addSecurityFeatureCheck(sb, "Disable console in the Management Center", !config.getManagementCenterConfig().isConsoleEnabled());
SecurityConfig securityConfig = config.getSecurityConfig();
boolean securityEnabled = securityConfig != null && securityConfig.isEnabled();
addSecurityFeatureCheck(sb, "Enable Security (Enterprise)", securityEnabled);
if (securityEnabled) {
checkAuthnConfigured(sb, securityConfig, "member-authentication", securityConfig.getMemberRealm());
checkAuthnConfigured(sb, securityConfig, "client-authentication", securityConfig.getClientRealm());
}
// TLS here
sb.append(tlsSb.toString());
PersistenceConfig persistenceConfig = config.getPersistenceConfig();
if (persistenceConfig != null && persistenceConfig.isEnabled()) {
EncryptionAtRestConfig encryptionAtRestConfig = persistenceConfig.getEncryptionAtRestConfig();
addSecurityFeatureCheck(sb, "Enable encryption-at-rest in the Persistence config (Enterprise)", encryptionAtRestConfig != null && encryptionAtRestConfig.isEnabled());
}
AuditlogConfig auditlogConfig = config.getAuditlogConfig();
addSecurityFeatureCheck(sb, "Enable auditlog (Enterprise)", auditlogConfig != null && auditlogConfig.isEnabled());
sb.append("\nCheck the hazelcast-security-hardened.xml/yaml example config file to find why and how to configure" + " these security related settings.\n");
securityLogger.log(logLevel, sb.toString());
}
Aggregations