use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.
the class ServerLauncher method start.
/**
* Invokes the 'start' command and operation to startup a GemFire server (a cache server). Note,
* this method will cause the JVM to block upon server start, providing the calling Thread is a
* non-daemon Thread.
*
* @see #run()
*/
public ServerState start() {
if (isStartable()) {
INSTANCE.compareAndSet(null, this);
try {
process = new ControllableProcess(this.controlHandler, new File(getWorkingDirectory()), ProcessType.SERVER, isForcing());
if (!isDisableDefaultServer()) {
assertPortAvailable(getServerBindAddress(), getServerPort());
}
SystemFailure.setExitOK(true);
ProcessLauncherContext.set(isRedirectingOutput(), getOverriddenDefaults(), new StartupStatusListener() {
@Override
public void setStatus(final String statusMessage) {
debug("Callback setStatus(String) called with message (%1$s)...", statusMessage);
ServerLauncher.this.statusMessage = statusMessage;
}
});
try {
final Properties gemfireProperties = getDistributedSystemProperties(getProperties());
this.cache = createCache(gemfireProperties);
// Set the resource manager options
if (this.criticalHeapPercentage != null) {
this.cache.getResourceManager().setCriticalHeapPercentage(getCriticalHeapPercentage());
}
if (this.evictionHeapPercentage != null) {
this.cache.getResourceManager().setEvictionHeapPercentage(getEvictionHeapPercentage());
}
if (this.criticalOffHeapPercentage != null) {
this.cache.getResourceManager().setCriticalOffHeapPercentage(getCriticalOffHeapPercentage());
}
if (this.evictionOffHeapPercentage != null) {
this.cache.getResourceManager().setEvictionOffHeapPercentage(getEvictionOffHeapPercentage());
}
this.cache.setIsServer(true);
startCacheServer(this.cache);
assignBuckets(this.cache);
rebalance(this.cache);
} finally {
ProcessLauncherContext.remove();
}
debug("Running Server on (%1$s) in (%2$s) as (%2$s)...", getId(), getWorkingDirectory(), getMember());
this.running.set(true);
return new ServerState(this, Status.ONLINE);
} catch (AuthenticationRequiredException e) {
failOnStart(e);
throw new AuthenticationRequiredException("user/password required. Please start your server with --user and --password. " + e.getMessage());
} catch (GemFireSecurityException e) {
failOnStart(e);
throw new GemFireSecurityException(e.getMessage());
} catch (IOException e) {
failOnStart(e);
throw new RuntimeException(LocalizedStrings.Launcher_Command_START_IO_ERROR_MESSAGE.toLocalizedString(getServiceName(), getWorkingDirectory(), getId(), e.getMessage()), e);
} catch (FileAlreadyExistsException e) {
failOnStart(e);
throw new RuntimeException(LocalizedStrings.Launcher_Command_START_PID_FILE_ALREADY_EXISTS_ERROR_MESSAGE.toLocalizedString(getServiceName(), getWorkingDirectory(), getId()), e);
} catch (PidUnavailableException e) {
failOnStart(e);
throw new RuntimeException(LocalizedStrings.Launcher_Command_START_PID_UNAVAILABLE_ERROR_MESSAGE.toLocalizedString(getServiceName(), getId(), getWorkingDirectory(), e.getMessage()), e);
} catch (ClusterConfigurationNotAvailableException e) {
failOnStart(e);
throw e;
} catch (RuntimeException e) {
failOnStart(e);
throw e;
} catch (Exception e) {
failOnStart(e);
throw new RuntimeException(e);
} catch (Error e) {
failOnStart(e);
throw e;
} finally {
this.starting.set(false);
}
} else {
throw new IllegalStateException(LocalizedStrings.Launcher_Command_START_SERVICE_ALREADY_RUNNING_ERROR_MESSAGE.toLocalizedString(getServiceName(), getWorkingDirectory(), getId()));
}
}
use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.
the class HandShake method getCredentials.
public static Properties getCredentials(String authInitMethod, Properties securityProperties, DistributedMember server, boolean isPeer, InternalLogWriter logWriter, InternalLogWriter securityLogWriter) throws AuthenticationRequiredException {
Properties credentials = null;
// if no authInit, Try to extract the credentials directly from securityProps
if (StringUtils.isBlank(authInitMethod)) {
return SecurityService.getCredentials(securityProperties);
}
// if authInit exists
try {
AuthInitialize auth = SecurityService.getObjectOfType(authInitMethod, AuthInitialize.class);
auth.init(logWriter, securityLogWriter);
try {
credentials = auth.getCredentials(securityProperties, server, isPeer);
} finally {
auth.close();
}
} catch (GemFireSecurityException ex) {
throw ex;
} catch (Exception ex) {
throw new AuthenticationRequiredException(LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHINITIALIZE_METHOD_0.toLocalizedString(authInitMethod), ex);
}
return credentials;
}
use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.
the class HandShake method handshakeWithServer.
/**
* Client-side handshake with a Server
*/
public ServerQueueStatus handshakeWithServer(Connection conn, ServerLocation location, byte communicationMode) throws IOException, AuthenticationRequiredException, AuthenticationFailedException, ServerRefusedConnectionException {
try {
ServerQueueStatus serverQStatus = null;
Socket sock = conn.getSocket();
DataOutputStream dos = new DataOutputStream(sock.getOutputStream());
final InputStream in = sock.getInputStream();
DataInputStream dis = new DataInputStream(in);
DistributedMember member = getIDForSocket(sock);
// if running in a loner system, use the new port number in the ID to
// help differentiate from other clients
DM dm = ((InternalDistributedSystem) this.system).getDistributionManager();
InternalDistributedMember idm = dm.getDistributionManagerId();
synchronized (idm) {
if (idm.getPort() == 0 && dm instanceof LonerDistributionManager) {
int port = sock.getLocalPort();
((LonerDistributionManager) dm).updateLonerPort(port);
updateProxyID(dm.getDistributionManagerId());
}
}
if (communicationMode == Acceptor.GATEWAY_TO_GATEWAY) {
this.credentials = getCredentials(member);
}
byte intermediateAcceptanceCode = write(dos, dis, communicationMode, REPLY_OK, this.clientReadTimeout, null, this.credentials, member, false);
String authInit = this.system.getProperties().getProperty(SECURITY_CLIENT_AUTH_INIT);
if (communicationMode != Acceptor.GATEWAY_TO_GATEWAY && intermediateAcceptanceCode != REPLY_AUTH_NOT_REQUIRED && (authInit != null && authInit.length() != 0)) {
location.compareAndSetRequiresCredentials(true);
}
// Read the acceptance code
byte acceptanceCode = dis.readByte();
if (acceptanceCode == (byte) 21 && !(sock instanceof SSLSocket)) {
// SSL
throw new AuthenticationRequiredException(LocalizedStrings.HandShake_SERVER_EXPECTING_SSL_CONNECTION.toLocalizedString());
}
if (acceptanceCode == REPLY_SERVER_IS_LOCATOR) {
throw new GemFireConfigException("Improperly configured client detected. " + "Server at " + location + " is actually a locator. Use addPoolLocator to configure locators.");
}
// Successful handshake for GATEWAY_TO_GATEWAY mode sets the peer version in connection
if (communicationMode == Acceptor.GATEWAY_TO_GATEWAY && !(acceptanceCode == REPLY_EXCEPTION_AUTHENTICATION_REQUIRED || acceptanceCode == REPLY_EXCEPTION_AUTHENTICATION_FAILED)) {
short wanSiteVersion = Version.readOrdinal(dis);
conn.setWanSiteVersion(wanSiteVersion);
// establish a versioned stream for the other site, if necessary
if (wanSiteVersion < Version.CURRENT_ORDINAL) {
dis = new VersionedDataInputStream(dis, Version.fromOrdinalOrCurrent(wanSiteVersion));
}
}
// No need to check for return value since DataInputStream already throws
// EOFException in case of EOF
byte epType = dis.readByte();
int qSize = dis.readInt();
// Read the server member
member = readServerMember(dis);
serverQStatus = new ServerQueueStatus(epType, qSize, member);
// Read the message (if any)
readMessage(dis, dos, acceptanceCode, member);
// DSes with different values of this. It shoule be a member variable.
if (communicationMode != Acceptor.GATEWAY_TO_GATEWAY && currentClientVersion.compareTo(Version.GFE_61) >= 0) {
deltaEnabledOnServer = dis.readBoolean();
}
// validate that the remote side has a different distributed system id.
if (communicationMode == Acceptor.GATEWAY_TO_GATEWAY && Version.GFE_66.compareTo(conn.getWanSiteVersion()) <= 0 && currentClientVersion.compareTo(Version.GFE_66) >= 0) {
int remoteDistributedSystemId = in.read();
int localDistributedSystemId = ((InternalDistributedSystem) system).getDistributionManager().getDistributedSystemId();
if (localDistributedSystemId >= 0 && localDistributedSystemId == remoteDistributedSystemId) {
throw new GatewayConfigurationException("Remote WAN site's distributed system id " + remoteDistributedSystemId + " matches this sites distributed system id " + localDistributedSystemId);
}
}
// Read the PDX registry size from the remote size
if (communicationMode == Acceptor.GATEWAY_TO_GATEWAY && Version.GFE_80.compareTo(conn.getWanSiteVersion()) <= 0 && currentClientVersion.compareTo(Version.GFE_80) >= 0) {
int remotePdxSize = dis.readInt();
serverQStatus.setPdxSize(remotePdxSize);
}
return serverQStatus;
} catch (IOException ex) {
CancelCriterion stopper = this.system.getCancelCriterion();
stopper.checkCancelInProgress(null);
throw ex;
}
}
use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.
the class ServerConnection method getPostAuthzRequest.
public AuthorizeRequestPP getPostAuthzRequest() throws AuthenticationRequiredException, IOException {
if (!AcceptorImpl.isAuthenticationRequired())
return null;
if (AcceptorImpl.isIntegratedSecurity())
return null;
// look client version and return authzrequest
// for backward client it will be store in member variable userAuthId
// for other look "requestMsg" here and get unique-id from this to get the authzrequest
long uniqueId = getUniqueId();
UserAuthAttributes uaa = null;
try {
uaa = this.clientUserAuths.getUserAuthAttributes(uniqueId);
} catch (NullPointerException npe) {
if (this.isTerminated()) {
// Bug #52023.
throw new IOException("Server connection is terminated.");
} else {
logger.debug("Unexpected exception {}", npe);
}
}
if (uaa == null) {
throw new AuthenticationRequiredException("User authorization attributes not found.");
}
AuthorizeRequestPP postAuthReq = uaa.getPostAuthzRequest();
return postAuthReq;
}
use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.
the class GMSJoinLeave method attemptToJoin.
/**
* send a join request and wait for a reply. Process the reply. This may throw a
* SystemConnectException or an AuthenticationFailedException
*
* @return true if the attempt succeeded, false if it timed out
*/
@edu.umd.cs.findbugs.annotations.SuppressWarnings(value = "WA_NOT_IN_LOOP")
boolean attemptToJoin() {
SearchState state = searchState;
// send a join request to the coordinator and wait for a response
InternalDistributedMember coord = state.possibleCoordinator;
if (state.alreadyTried.contains(coord)) {
logger.info("Probable coordinator is still {} - waiting for a join-response", coord);
} else {
logger.info("Attempting to join the distributed system through coordinator " + coord + " using address " + this.localAddress);
int port = services.getHealthMonitor().getFailureDetectionPort();
JoinRequestMessage req = new JoinRequestMessage(coord, this.localAddress, services.getAuthenticator().getCredentials(coord), port, services.getMessenger().getRequestId());
// services.getMessenger().send(req, state.view);
services.getMessenger().send(req);
}
JoinResponseMessage response;
try {
response = waitForJoinResponse();
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
return false;
}
if (response == null) {
if (!isJoined) {
logger.debug("received no join response");
}
return isJoined;
}
logger.debug("received join response {}", response);
joinResponse[0] = null;
String failReason = response.getRejectionMessage();
if (failReason != null) {
if (failReason.contains("Rejecting the attempt of a member using an older version") || failReason.contains("15806")) {
throw new SystemConnectException(failReason);
} else if (failReason.contains("Failed to find credentials")) {
throw new AuthenticationRequiredException(failReason);
}
throw new GemFireSecurityException(failReason);
}
// there is no way we can rech here right now
throw new RuntimeException("Join Request Failed with response " + joinResponse[0]);
}
Aggregations