Example 6 with RealmConfig
use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.
the class YamlConfigBuilderTest method testSecurityConfig.
@Override
@Test
public void testSecurityConfig() {
String yaml = "" + "hazelcast:\n" + " security:\n" + " enabled: true\n" + " security-interceptors:\n" + " - foo\n" + " - bar\n" + " client-block-unmapped-actions: false\n" + " member-authentication:\n" + " realm: mr\n" + " client-authentication:\n" + " realm: cr\n" + " realms:\n" + " - name: mr\n" + " authentication:\n" + " jaas:\n" + " - class-name: MyRequiredLoginModule\n" + " usage: REQUIRED\n" + " properties:\n" + " login-property: login-value\n" + " - class-name: MyRequiredLoginModule2\n" + " usage: SUFFICIENT\n" + " properties:\n" + " login-property2: login-value2\n" + " identity:\n" + " credentials-factory:\n" + " class-name: MyCredentialsFactory\n" + " properties:\n" + " property: value\n" + " - name: cr\n" + " authentication:\n" + " jaas:\n" + " - class-name: MyOptionalLoginModule\n" + " usage: OPTIONAL\n" + " properties:\n" + " client-property: client-value\n" + " - class-name: MyRequiredLoginModule\n" + " usage: REQUIRED\n" + " properties:\n" + " client-property2: client-value2\n" + " - name: kerberos\n" + " authentication:\n" + " kerberos:\n" + " skip-role: false\n" + " relax-flags-check: true\n" + " use-name-without-realm: true\n" + " security-realm: krb5Acceptor\n" + " principal: jduke@HAZELCAST.COM\n" + " keytab-file: /opt/jduke.keytab\n" + " ldap:\n" + " url: ldap://127.0.0.1\n" + " identity:\n" + " kerberos:\n" + " realm: HAZELCAST.COM\n" + " security-realm: krb5Initializer\n" + " principal: jduke@HAZELCAST.COM\n" + " keytab-file: /opt/jduke.keytab\n" + " use-canonical-hostname: true\n" + " - name: simple\n" + " authentication:\n" + " simple:\n" + " skip-role: true\n" + " users:\n" + " - username: test\n" + " password: 'a1234'\n" + " roles:\n" + " - monitor\n" + " - hazelcast\n" + " - username: dev\n" + " password: secret\n" + " roles:\n" + " - root\n" + " client-permission-policy:\n" + " class-name: MyPermissionPolicy\n" + " properties:\n" + " permission-property: permission-value\n";
Config config = buildConfig(yaml);
SecurityConfig securityConfig = config.getSecurityConfig();
List<SecurityInterceptorConfig> interceptorConfigs = securityConfig.getSecurityInterceptorConfigs();
assertEquals(2, interceptorConfigs.size());
assertEquals("foo", interceptorConfigs.get(0).className);
assertEquals("bar", interceptorConfigs.get(1).className);
assertFalse(securityConfig.getClientBlockUnmappedActions());
RealmConfig memberRealm = securityConfig.getRealmConfig(securityConfig.getMemberRealm());
CredentialsFactoryConfig memberCredentialsConfig = memberRealm.getCredentialsFactoryConfig();
assertEquals("MyCredentialsFactory", memberCredentialsConfig.getClassName());
assertEquals(1, memberCredentialsConfig.getProperties().size());
assertEquals("value", memberCredentialsConfig.getProperties().getProperty("property"));
List<LoginModuleConfig> memberLoginModuleConfigs = memberRealm.getJaasAuthenticationConfig().getLoginModuleConfigs();
assertEquals(2, memberLoginModuleConfigs.size());
Iterator<LoginModuleConfig> memberLoginIterator = memberLoginModuleConfigs.iterator();
LoginModuleConfig memberLoginModuleCfg1 = memberLoginIterator.next();
assertEquals("MyRequiredLoginModule", memberLoginModuleCfg1.getClassName());
assertEquals(LoginModuleUsage.REQUIRED, memberLoginModuleCfg1.getUsage());
assertEquals(1, memberLoginModuleCfg1.getProperties().size());
assertEquals("login-value", memberLoginModuleCfg1.getProperties().getProperty("login-property"));
LoginModuleConfig memberLoginModuleCfg2 = memberLoginIterator.next();
assertEquals("MyRequiredLoginModule2", memberLoginModuleCfg2.getClassName());
assertEquals(LoginModuleUsage.SUFFICIENT, memberLoginModuleCfg2.getUsage());
assertEquals(1, memberLoginModuleCfg2.getProperties().size());
assertEquals("login-value2", memberLoginModuleCfg2.getProperties().getProperty("login-property2"));
RealmConfig clientRealm = securityConfig.getRealmConfig(securityConfig.getClientRealm());
List<LoginModuleConfig> clientLoginModuleConfigs = clientRealm.getJaasAuthenticationConfig().getLoginModuleConfigs();
assertEquals(2, clientLoginModuleConfigs.size());
Iterator<LoginModuleConfig> clientLoginIterator = clientLoginModuleConfigs.iterator();
LoginModuleConfig clientLoginModuleCfg1 = clientLoginIterator.next();
assertEquals("MyOptionalLoginModule", clientLoginModuleCfg1.getClassName());
assertEquals(LoginModuleUsage.OPTIONAL, clientLoginModuleCfg1.getUsage());
assertEquals(1, clientLoginModuleCfg1.getProperties().size());
assertEquals("client-value", clientLoginModuleCfg1.getProperties().getProperty("client-property"));
LoginModuleConfig clientLoginModuleCfg2 = clientLoginIterator.next();
assertEquals("MyRequiredLoginModule", clientLoginModuleCfg2.getClassName());
assertEquals(LoginModuleUsage.REQUIRED, clientLoginModuleCfg2.getUsage());
assertEquals(1, clientLoginModuleCfg2.getProperties().size());
assertEquals("client-value2", clientLoginModuleCfg2.getProperties().getProperty("client-property2"));
RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberos");
assertNotNull(kerberosRealm);
KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
assertNotNull(kerbIdentity);
assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
assertEquals("krb5Initializer", kerbIdentity.getSecurityRealm());
assertEquals("jduke@HAZELCAST.COM", kerbIdentity.getPrincipal());
assertEquals("/opt/jduke.keytab", kerbIdentity.getKeytabFile());
assertTrue(kerbIdentity.getUseCanonicalHostname());
KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
assertNotNull(kerbAuthentication);
assertEquals(Boolean.TRUE, kerbAuthentication.getRelaxFlagsCheck());
assertEquals(Boolean.FALSE, kerbAuthentication.getSkipRole());
assertNull(kerbAuthentication.getSkipIdentity());
assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
assertEquals("jduke@HAZELCAST.COM", kerbAuthentication.getPrincipal());
assertEquals("/opt/jduke.keytab", kerbAuthentication.getKeytabFile());
assertTrue(kerbAuthentication.getUseNameWithoutRealm());
LdapAuthenticationConfig kerbLdapAuthentication = kerbAuthentication.getLdapAuthenticationConfig();
assertNotNull(kerbLdapAuthentication);
assertEquals("ldap://127.0.0.1", kerbLdapAuthentication.getUrl());
RealmConfig simpleRealm = securityConfig.getRealmConfig("simple");
assertNotNull(simpleRealm);
SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
assertNotNull(simpleAuthnCfg);
assertEquals(2, simpleAuthnCfg.getUsernames().size());
assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
Set<String> expectedRoles = new HashSet<>();
expectedRoles.add("monitor");
expectedRoles.add("hazelcast");
assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
assertEquals(Boolean.TRUE, simpleAuthnCfg.getSkipRole());
// client-permission-policy
PermissionPolicyConfig permissionPolicyConfig = securityConfig.getClientPolicyConfig();
assertEquals("MyPermissionPolicy", permissionPolicyConfig.getClassName());
assertEquals(1, permissionPolicyConfig.getProperties().size());
assertEquals("permission-value", permissionPolicyConfig.getProperties().getProperty("permission-property"));
}
Also used :
RealmConfig(com.hazelcast.config.security.RealmConfig)
LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig)
SemaphoreConfig(com.hazelcast.config.cp.SemaphoreConfig)
CPSubsystemConfig(com.hazelcast.config.cp.CPSubsystemConfig)
RaftAlgorithmConfig(com.hazelcast.config.cp.RaftAlgorithmConfig)
SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
RealmConfig(com.hazelcast.config.security.RealmConfig)
FencedLockConfig(com.hazelcast.config.cp.FencedLockConfig)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig)
HashSet(java.util.HashSet)
ParallelJVMTest(com.hazelcast.test.annotation.ParallelJVMTest)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Test(org.junit.Test)
Example 7 with RealmConfig
use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.
the class TestFullApplicationContext method testSecurity.
@Test
public void testSecurity() {
SecurityConfig securityConfig = config.getSecurityConfig();
assertEquals(OnJoinPermissionOperationName.SEND, securityConfig.getOnJoinPermissionOperation());
final Set<PermissionConfig> clientPermissionConfigs = securityConfig.getClientPermissionConfigs();
assertFalse(securityConfig.getClientBlockUnmappedActions());
assertTrue(isNotEmpty(clientPermissionConfigs));
assertEquals(PermissionType.values().length, clientPermissionConfigs.size());
final PermissionConfig pnCounterPermission = new PermissionConfig(PermissionType.PN_COUNTER, "pnCounterPermission", "*").addAction("create").setEndpoints(Collections.emptySet());
assertContains(clientPermissionConfigs, pnCounterPermission);
Set<PermissionType> permTypes = new HashSet<>(Arrays.asList(PermissionType.values()));
for (PermissionConfig pc : clientPermissionConfigs) {
permTypes.remove(pc.getType());
}
assertTrue("All permission types should be listed in fullConfig. Not found ones: " + permTypes, permTypes.isEmpty());
RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberosRealm");
assertNotNull(kerberosRealm);
KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
assertNotNull(kerbAuthentication);
assertEquals(TRUE, kerbAuthentication.getRelaxFlagsCheck());
assertEquals(TRUE, kerbAuthentication.getUseNameWithoutRealm());
assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
assertNotNull(kerbAuthentication.getLdapAuthenticationConfig());
KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
assertNotNull(kerbIdentity);
assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
assertEquals(TRUE, kerbIdentity.getUseCanonicalHostname());
RealmConfig simpleRealm = securityConfig.getRealmConfig("simpleRealm");
assertNotNull(simpleRealm);
SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
assertNotNull(simpleAuthnCfg);
assertEquals(2, simpleAuthnCfg.getUsernames().size());
assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
Set<String> expectedRoles = new HashSet<>();
expectedRoles.add("monitor");
expectedRoles.add("hazelcast");
assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
}
Also used :
PermissionConfig(com.hazelcast.config.PermissionConfig)
RealmConfig(com.hazelcast.config.security.RealmConfig)
SecurityConfig(com.hazelcast.config.SecurityConfig)
PermissionType(com.hazelcast.config.PermissionConfig.PermissionType)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig)
HashSet(java.util.HashSet)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
Test(org.junit.Test)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Example 8 with RealmConfig
use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.
the class SecureApplicationContextTest method testMemberRealm.
@Test
public void testMemberRealm() {
RealmConfig realmConfig = securityConfig.getRealmConfig(securityConfig.getMemberRealm());
JaasAuthenticationConfig jaasAuthenticationConfig = realmConfig.getJaasAuthenticationConfig();
assertNotNull(jaasAuthenticationConfig);
List<LoginModuleConfig> list = jaasAuthenticationConfig.getLoginModuleConfigs();
assertEquals(1, list.size());
LoginModuleConfig lm = list.get(0);
assertEquals("com.hazelcast.examples.MyRequiredLoginModule", lm.getClassName());
assertFalse(lm.getProperties().isEmpty());
assertEquals(LoginModuleUsage.REQUIRED, lm.getUsage());
CredentialsFactoryConfig credentialsFactoryConfig = realmConfig.getCredentialsFactoryConfig();
assertNotNull(credentialsFactoryConfig);
assertEquals(dummyCredentialsFactory, credentialsFactoryConfig.getImplementation());
}
Also used :
RealmConfig(com.hazelcast.config.security.RealmConfig)
CredentialsFactoryConfig(com.hazelcast.config.CredentialsFactoryConfig)
LoginModuleConfig(com.hazelcast.config.LoginModuleConfig)
JaasAuthenticationConfig(com.hazelcast.config.security.JaasAuthenticationConfig)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Test(org.junit.Test)
Example 9 with RealmConfig
use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.
the class ClientConfigXmlGenerator method security.
private static void security(XmlGenerator gen, ClientSecurityConfig security) {
if (security == null) {
return;
}
gen.open("security");
UsernamePasswordIdentityConfig upConfig = security.getUsernamePasswordIdentityConfig();
if (upConfig != null) {
gen.node("username-password", null, "username", upConfig.getUsername(), "password", upConfig.getPassword());
}
TokenIdentityConfig tic = security.getTokenIdentityConfig();
if (tic != null) {
gen.node("token", tic.getTokenEncoded(), "encoding", tic.getEncoding());
}
CredentialsFactoryConfig cfConfig = security.getCredentialsFactoryConfig();
if (cfConfig != null) {
gen.open("credentials-factory", "class-name", cfConfig.getClassName()).appendProperties(cfConfig.getProperties()).close();
}
kerberosIdentityGenerator(gen, security.getKerberosIdentityConfig());
Map<String, RealmConfig> realms = security.getRealmConfigs();
if (realms != null && !realms.isEmpty()) {
gen.open("realms");
for (Map.Entry<String, RealmConfig> realmEntry : realms.entrySet()) {
securityRealmGenerator(gen, realmEntry.getKey(), realmEntry.getValue());
}
gen.close();
}
gen.close();
}
Also used :
RealmConfig(com.hazelcast.config.security.RealmConfig)
UsernamePasswordIdentityConfig(com.hazelcast.config.security.UsernamePasswordIdentityConfig)
CredentialsFactoryConfig(com.hazelcast.config.CredentialsFactoryConfig)
TokenIdentityConfig(com.hazelcast.config.security.TokenIdentityConfig)
Map(java.util.Map)
Example 10 with RealmConfig
use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.
the class ClientDomConfigProcessor method handleRealm.
protected void handleRealm(Node node, ClientSecurityConfig clientSecurityConfig) {
String realmName = getAttribute(node, "name");
RealmConfig realmConfig = new RealmConfig();
clientSecurityConfig.addRealmConfig(realmName, realmConfig);
for (Node child : childElements(node)) {
String nodeName = cleanNodeName(child);
if (matches("authentication", nodeName)) {
handleAuthentication(realmConfig, child);
}
}
}
Also used :
RealmConfig(com.hazelcast.config.security.RealmConfig)
Node(org.w3c.dom.Node)
Aggregations
RealmConfig (com.hazelcast.config.security.RealmConfig)23
Test (org.junit.Test)18
QuickTest (com.hazelcast.test.annotation.QuickTest)16
JaasAuthenticationConfig (com.hazelcast.config.security.JaasAuthenticationConfig)12
KerberosIdentityConfig (com.hazelcast.config.security.KerberosIdentityConfig)11
ParallelJVMTest (com.hazelcast.test.annotation.ParallelJVMTest)11
KerberosAuthenticationConfig (com.hazelcast.config.security.KerberosAuthenticationConfig)10
SimpleAuthenticationConfig (com.hazelcast.config.security.SimpleAuthenticationConfig)10
CPSubsystemConfig (com.hazelcast.config.cp.CPSubsystemConfig)9
FencedLockConfig (com.hazelcast.config.cp.FencedLockConfig)9
SemaphoreConfig (com.hazelcast.config.cp.SemaphoreConfig)9
LdapAuthenticationConfig (com.hazelcast.config.security.LdapAuthenticationConfig)9
TokenIdentityConfig (com.hazelcast.config.security.TokenIdentityConfig)9
TlsAuthenticationConfig (com.hazelcast.config.security.TlsAuthenticationConfig)7
JetConfig (com.hazelcast.jet.config.JetConfig)7
LoginModuleConfig (com.hazelcast.config.LoginModuleConfig)5
Config (com.hazelcast.config.Config)3
CredentialsFactoryConfig (com.hazelcast.config.CredentialsFactoryConfig)3
PartitionGroupConfig (com.hazelcast.config.PartitionGroupConfig)3
HashSet (java.util.HashSet)3
