Example 1 with OperationCode
use of org.apache.geode.cache.operations.OperationContext.OperationCode in project geode by apache.
the class ClientCQPostAuthorizationDUnitTest method doStartUp.
private void doStartUp(final int numOfUsers, final int numOfPuts, final boolean[] postAuthzAllowed, final boolean failover) throws Exception {
AuthzCredentialGenerator authzGenerator = getXmlAuthzGenerator();
CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
Properties extraAuthProps = credentialGenerator.getSystemProperties();
Properties javaProps = credentialGenerator.getJavaProperties();
Properties extraAuthzProps = authzGenerator.getSystemProperties();
String authenticator = credentialGenerator.getAuthenticator();
String accessor = authzGenerator.getAuthorizationCallback();
String authInit = credentialGenerator.getAuthInit();
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
Properties opCredentials;
credentialGenerator = tgen.getCredentialGenerator();
final Properties javaProps2 = credentialGenerator == null ? null : credentialGenerator.getJavaProperties();
int[] indices = new int[numOfPuts];
for (int index = 0; index < numOfPuts; ++index) {
indices[index] = index;
}
Random rnd = new Random();
Properties[] authProps = new Properties[numOfUsers];
for (int i = 0; i < numOfUsers; i++) {
int rand = rnd.nextInt(100) + 1;
if (postAuthzAllowed[i]) {
// For callback, GET should be allowed
opCredentials = tgen.getAllowedCredentials(new OperationCode[] { OperationCode.EXECUTE_CQ, OperationCode.GET }, new String[] { REGION_NAME }, indices, rand);
} else {
// For callback, GET should be disallowed
opCredentials = tgen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { REGION_NAME }, indices, rand);
}
authProps[i] = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
}
// Get ports for the servers
int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(3);
int port1 = randomAvailableTCPPorts[0];
int port2 = randomAvailableTCPPorts[1];
int locatorPort = randomAvailableTCPPorts[2];
// Close down any running servers
server1.invoke(() -> closeCache());
server2.invoke(() -> closeCache());
server1.invoke(() -> createTheServerCache(serverProps, javaProps, locatorPort, port1));
client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, postAuthzAllowed));
client2.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, postAuthzAllowed));
client1.invoke(() -> createCQ(numOfUsers));
client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers], postAuthzAllowed));
client2.invoke(() -> doPuts(numOfPuts, true));
if (!postAuthzAllowed[0]) {
// There is no point waiting as no user is authorized to receive cq events.
try {
Thread.sleep(1000);
} catch (InterruptedException ie) {
}
// TODO: replace with Awaitility
} else {
client1.invoke(() -> waitForLastKey(0));
if (postAuthzAllowed[1]) {
client1.invoke(() -> waitForLastKey(1));
}
}
client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfPuts + 1, /* last key */
0, !failover));
if (failover) {
server2.invoke(() -> createTheServerCache(serverProps, javaProps, locatorPort, port2));
server1.invoke(() -> closeCache());
// Allow time for client1 to register its CQs on server2
server2.invoke(() -> allowCQsToRegister(2));
client2.invoke(() -> doPuts(numOfPuts, true));
client1.invoke(() -> waitForLastKeyUpdate(0));
client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfPuts + 1, /* last key */
numOfPuts + 1, /* last key */
true));
}
}
Also used :
Random(java.util.Random)
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator)
Properties(java.util.Properties)
Example 2 with OperationCode
use of org.apache.geode.cache.operations.OperationContext.OperationCode in project geode by apache.
the class MultiUserDurableCQAuthzDUnitTest method doTest.
/**
* WARNING: "final Boolean keepAlive" is treated as a ternary value: null, true, false
*/
private void doTest(int numOfUsers, int numOfPuts, boolean[] postAuthzAllowed, final AuthzCredentialGenerator authzGenerator, final Boolean keepAlive) throws Exception {
CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
Properties extraAuthProps = credentialGenerator.getSystemProperties();
Properties javaProps = credentialGenerator.getJavaProperties();
Properties extraAuthzProps = authzGenerator.getSystemProperties();
String authenticator = credentialGenerator.getAuthenticator();
String accessor = authzGenerator.getAuthorizationCallback();
String authInit = credentialGenerator.getAuthInit();
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
Properties opCredentials;
credentialGenerator = tgen.getCredentialGenerator();
final Properties javaProps2 = credentialGenerator != null ? credentialGenerator.getJavaProperties() : null;
int[] indices = new int[numOfPuts];
for (int index = 0; index < numOfPuts; ++index) {
indices[index] = index;
}
Random random = new Random();
Properties[] authProps = new Properties[numOfUsers];
String durableClientId = "multiuser_durable_client_1";
Properties client2Credentials = null;
for (int i = 0; i < numOfUsers; i++) {
int rand = random.nextInt(100) + 1;
if (postAuthzAllowed[i]) {
opCredentials = tgen.getAllowedCredentials(// For callback, GET
new OperationCode[] { OperationCode.EXECUTE_CQ, OperationCode.GET }, // should be allowed
new String[] { regionName }, indices, rand);
} else {
opCredentials = // For
tgen.getDisallowedCredentials(// For
new OperationCode[] { OperationCode.GET }, // disallowed
new String[] { regionName }, indices, rand);
}
authProps[i] = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
if (client2Credentials == null) {
client2Credentials = tgen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, indices, rand);
}
}
// Get ports for the servers
int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(3);
int port1 = randomAvailableTCPPorts[0];
int port2 = randomAvailableTCPPorts[1];
int locatorPort = randomAvailableTCPPorts[2];
// Close down any running servers
server1.invoke(() -> closeCache());
server2.invoke(() -> closeCache());
server1.invoke(() -> createServerCache(serverProps, javaProps, locatorPort, port1));
client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, durableClientId, postAuthzAllowed));
client1.invoke(() -> createCQ(numOfUsers, true));
client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
client1.invoke(() -> readyForEvents());
if (keepAlive == null) {
client1.invoke(() -> closeCache());
} else {
client1.invoke(() -> closeCache(keepAlive));
}
server1.invoke(() -> doPuts(numOfPuts, true));
client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, durableClientId, postAuthzAllowed));
client1.invoke(() -> createCQ(numOfUsers, true));
client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
client1.invoke(() -> readyForEvents());
if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
// Don't wait as no user is authorized to receive cq events.
// TODO: use Awaitility
Thread.sleep(1000);
} else {
client1.invoke(() -> waitForLastKey(0, true));
}
int numOfCreates = keepAlive == null ? 0 : (keepAlive ? numOfPuts + 1 : /* last key */
0);
client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfCreates, 0));
client1.invoke(() -> proxyCacheClose(new int[] { 0, 1 }, keepAlive));
client1.invoke(() -> createProxyCache(new int[] { 0, 1 }, authProps));
client1.invoke(() -> createCQ(numOfUsers, true));
client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
server1.invoke(() -> doPuts(numOfPuts, true));
if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
// Don't wait as no user is authorized to receive cq events.
// TODO: use Awaitility
Thread.sleep(1000);
} else {
client1.invoke(() -> waitForLastKey(0, false));
}
int numOfUpdates = numOfPuts + 1;
client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, 0, numOfUpdates));
}
Also used :
Random(java.util.Random)
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator)
Properties(java.util.Properties)
Example 3 with OperationCode
use of org.apache.geode.cache.operations.OperationContext.OperationCode in project geode by apache.
the class ClientMultiUserAuthzDUnitTest method testOps1.
/**
* Tests with one user authorized to do puts/gets/containsKey/destroys and another not authorized
* for the same.
*/
@Test
public void testOps1() throws Exception {
for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext(); ) {
AuthzCredentialGenerator gen = iter.next();
CredentialGenerator cGen = gen.getCredentialGenerator();
Properties extraAuthProps = cGen.getSystemProperties();
Properties javaProps = cGen.getJavaProperties();
Properties extraAuthzProps = gen.getSystemProperties();
String authenticator = cGen.getAuthenticator();
String authInit = cGen.getAuthInit();
String accessor = gen.getAuthorizationCallback();
getLogWriter().info("testOps1: Using authinit: " + authInit);
getLogWriter().info("testOps1: Using authenticator: " + authenticator);
getLogWriter().info("testOps1: Using accessor: " + accessor);
// Start servers with all required properties
Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT }, new OperationCode[] { OperationCode.GET, OperationCode.GET }, javaProps, authInit, port1, port2)) {
continue;
}
verifyPutsGets();
if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY }, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY }, javaProps, authInit, port1, port2)) {
continue;
}
verifyContainsKeyDestroys();
if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY }, new OperationCode[] { OperationCode.INVALIDATE, OperationCode.INVALIDATE }, javaProps, authInit, port1, port2)) {
continue;
}
verifyContainsKeyInvalidates();
if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.GET, OperationCode.GET }, new OperationCode[] { OperationCode.REGION_DESTROY, OperationCode.REGION_DESTROY }, javaProps, authInit, port1, port2)) {
continue;
}
verifyGetAllInTX();
verifyGetAllRegionDestroys();
}
}
Also used :
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator)
Properties(java.util.Properties)
SecurityTest(org.apache.geode.test.junit.categories.SecurityTest)
Test(org.junit.Test)
DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)
Example 4 with OperationCode
use of org.apache.geode.cache.operations.OperationContext.OperationCode in project geode by apache.
the class ClientMultiUserAuthzDUnitTest method testOpsWithClientsInDifferentModes.
@Test
public void testOpsWithClientsInDifferentModes() throws Exception {
for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext(); ) {
AuthzCredentialGenerator gen = iter.next();
CredentialGenerator cGen = gen.getCredentialGenerator();
Properties extraAuthProps = cGen.getSystemProperties();
Properties javaProps = cGen.getJavaProperties();
Properties extraAuthzProps = gen.getSystemProperties();
String authenticator = cGen.getAuthenticator();
String authInit = cGen.getAuthInit();
String accessor = gen.getAuthorizationCallback();
getLogWriter().info("testOpsWithClientsInDifferentModes: Using authinit: " + authInit);
getLogWriter().info("testOpsWithClientsInDifferentModes: Using authenticator: " + authenticator);
getLogWriter().info("testOpsWithClientsInDifferentModes: Using accessor: " + accessor);
// Start servers with all required properties
Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT }, new OperationCode[] { OperationCode.GET, OperationCode.GET }, javaProps, authInit, port1, port2, false, true)) {
continue;
}
verifyPutsGets(false, true);
if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY }, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY }, javaProps, authInit, port1, port2, false, false)) {
continue;
}
verifyContainsKeyDestroys(false, false);
}
}
Also used :
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator)
Properties(java.util.Properties)
SecurityTest(org.apache.geode.test.junit.categories.SecurityTest)
Test(org.junit.Test)
DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)
Example 5 with OperationCode
use of org.apache.geode.cache.operations.OperationContext.OperationCode in project geode by apache.
the class ClientAuthorizationDUnitTest method executeRIOpBlock.
private void executeRIOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final Properties javaProps) throws InterruptedException {
for (Iterator opIter = opBlock.iterator(); opIter.hasNext(); ) {
// Start client with valid credentials as specified in OperationWithAction
OperationWithAction currentOp = (OperationWithAction) opIter.next();
OperationCode opCode = currentOp.getOperationCode();
int opFlags = currentOp.getFlags();
int clientNum = currentOp.getClientNum();
VM clientVM = null;
boolean useThisVM = false;
switch(clientNum) {
case 1:
clientVM = client1;
break;
case 2:
clientVM = client2;
break;
case 3:
useThisVM = true;
break;
default:
fail("executeRIOpBlock: Unknown client number " + clientNum);
break;
}
getLogWriter().info("executeRIOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
Properties opCredentials = null;
String currentRegionName = '/' + regionName;
if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
currentRegionName += ('/' + SUBREGION_NAME);
}
String credentialsTypeStr;
OperationCode authOpCode = currentOp.getAuthzOperationCode();
if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0 || !authOpCode.equals(opCode)) {
credentialsTypeStr = " unauthorized " + authOpCode;
if (authOpCode.isRegisterInterest()) {
opCredentials = getUserPassword("reader7");
} else if (authOpCode.isUnregisterInterest()) {
opCredentials = getUserPassword("reader6");
} else {
fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr);
}
} else {
credentialsTypeStr = " authorized " + authOpCode;
if (authOpCode.isRegisterInterest() || authOpCode.isUnregisterInterest()) {
opCredentials = getUserPassword("reader5");
} else if (authOpCode.isPut()) {
opCredentials = getUserPassword("writer1");
} else if (authOpCode.isGet()) {
opCredentials = getUserPassword("reader1");
} else {
fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr);
}
}
Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
// Start the client with valid credentials but allowed or disallowed to perform an operation
getLogWriter().info("executeRIOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
if (useThisVM) {
createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION);
} else {
clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION));
}
}
int expectedResult;
if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
expectedResult = NOTAUTHZ_EXCEPTION;
} else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
expectedResult = OTHER_EXCEPTION;
} else {
expectedResult = NO_EXCEPTION;
}
// Perform the operation from selected client
if (useThisVM) {
doOp(opCode, currentOp.getIndices(), opFlags, expectedResult);
} else {
int[] indices = currentOp.getIndices();
clientVM.invoke(() -> ClientAuthorizationTestCase.doOp(opCode, indices, opFlags, expectedResult));
}
}
}
Also used :
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
VM(org.apache.geode.test.dunit.VM)
Iterator(java.util.Iterator)
Properties(java.util.Properties)
Aggregations
OperationCode (org.apache.geode.cache.operations.OperationContext.OperationCode)14
Properties (java.util.Properties)8
AuthzCredentialGenerator (org.apache.geode.security.generator.AuthzCredentialGenerator)7
CredentialGenerator (org.apache.geode.security.generator.CredentialGenerator)7
Iterator (java.util.Iterator)3
VM (org.apache.geode.test.dunit.VM)3
DistributedTest (org.apache.geode.test.junit.categories.DistributedTest)3
SecurityTest (org.apache.geode.test.junit.categories.SecurityTest)3
Test (org.junit.Test)3
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
Random (java.util.Random)2
NotAuthorizedException (org.apache.geode.security.NotAuthorizedException)2
DummyCredentialGenerator (org.apache.geode.security.generator.DummyCredentialGenerator)2
XmlAuthzCredentialGenerator (org.apache.geode.security.generator.XmlAuthzCredentialGenerator)2
IOException (java.io.IOException)1
Collection (java.util.Collection)1
HashSet (java.util.HashSet)1
List (java.util.List)1
