Examples with AuthenticationRequiredException org.apache.geode.security.AuthenticationRequiredException used on opensource projects

Example 1 with AuthenticationRequiredException

use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.

the class ServerLauncher method start.

/**
   * Invokes the 'start' command and operation to startup a GemFire server (a cache server). Note,
   * this method will cause the JVM to block upon server start, providing the calling Thread is a
   * non-daemon Thread.
   *
   * @see #run()
   */
public ServerState start() {
    if (isStartable()) {
        INSTANCE.compareAndSet(null, this);
        try {
            process = new ControllableProcess(this.controlHandler, new File(getWorkingDirectory()), ProcessType.SERVER, isForcing());
            if (!isDisableDefaultServer()) {
                assertPortAvailable(getServerBindAddress(), getServerPort());
            }
            SystemFailure.setExitOK(true);
            ProcessLauncherContext.set(isRedirectingOutput(), getOverriddenDefaults(), new StartupStatusListener() {

                @Override
                public void setStatus(final String statusMessage) {
                    debug("Callback setStatus(String) called with message (%1$s)...", statusMessage);
                    ServerLauncher.this.statusMessage = statusMessage;
                }
            });
            try {
                final Properties gemfireProperties = getDistributedSystemProperties(getProperties());
                this.cache = createCache(gemfireProperties);
                // Set the resource manager options
                if (this.criticalHeapPercentage != null) {
                    this.cache.getResourceManager().setCriticalHeapPercentage(getCriticalHeapPercentage());
                }
                if (this.evictionHeapPercentage != null) {
                    this.cache.getResourceManager().setEvictionHeapPercentage(getEvictionHeapPercentage());
                }
                if (this.criticalOffHeapPercentage != null) {
                    this.cache.getResourceManager().setCriticalOffHeapPercentage(getCriticalOffHeapPercentage());
                }
                if (this.evictionOffHeapPercentage != null) {
                    this.cache.getResourceManager().setEvictionOffHeapPercentage(getEvictionOffHeapPercentage());
                }
                this.cache.setIsServer(true);
                startCacheServer(this.cache);
                assignBuckets(this.cache);
                rebalance(this.cache);
            } finally {
                ProcessLauncherContext.remove();
            }
            debug("Running Server on (%1$s) in (%2$s) as (%2$s)...", getId(), getWorkingDirectory(), getMember());
            this.running.set(true);
            return new ServerState(this, Status.ONLINE);
        } catch (AuthenticationRequiredException e) {
            failOnStart(e);
            throw new AuthenticationRequiredException("user/password required. Please start your server with --user and --password. " + e.getMessage());
        } catch (GemFireSecurityException e) {
            failOnStart(e);
            throw new GemFireSecurityException(e.getMessage());
        } catch (IOException e) {
            failOnStart(e);
            throw new RuntimeException(LocalizedStrings.Launcher_Command_START_IO_ERROR_MESSAGE.toLocalizedString(getServiceName(), getWorkingDirectory(), getId(), e.getMessage()), e);
        } catch (FileAlreadyExistsException e) {
            failOnStart(e);
            throw new RuntimeException(LocalizedStrings.Launcher_Command_START_PID_FILE_ALREADY_EXISTS_ERROR_MESSAGE.toLocalizedString(getServiceName(), getWorkingDirectory(), getId()), e);
        } catch (PidUnavailableException e) {
            failOnStart(e);
            throw new RuntimeException(LocalizedStrings.Launcher_Command_START_PID_UNAVAILABLE_ERROR_MESSAGE.toLocalizedString(getServiceName(), getId(), getWorkingDirectory(), e.getMessage()), e);
        } catch (ClusterConfigurationNotAvailableException e) {
            failOnStart(e);
            throw e;
        } catch (RuntimeException e) {
            failOnStart(e);
            throw e;
        } catch (Exception e) {
            failOnStart(e);
            throw new RuntimeException(e);
        } catch (Error e) {
            failOnStart(e);
            throw e;
        } finally {
            this.starting.set(false);
        }
    } else {
        throw new IllegalStateException(LocalizedStrings.Launcher_Command_START_SERVICE_ALREADY_RUNNING_ERROR_MESSAGE.toLocalizedString(getServiceName(), getWorkingDirectory(), getId()));
    }
}

Example 2 with AuthenticationRequiredException

use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.

the class HandShake method getCredentials.

public static Properties getCredentials(String authInitMethod, Properties securityProperties, DistributedMember server, boolean isPeer, InternalLogWriter logWriter, InternalLogWriter securityLogWriter) throws AuthenticationRequiredException {
    Properties credentials = null;
    // if no authInit, Try to extract the credentials directly from securityProps
    if (StringUtils.isBlank(authInitMethod)) {
        return SecurityService.getCredentials(securityProperties);
    }
    // if authInit exists
    try {
        AuthInitialize auth = SecurityService.getObjectOfType(authInitMethod, AuthInitialize.class);
        auth.init(logWriter, securityLogWriter);
        try {
            credentials = auth.getCredentials(securityProperties, server, isPeer);
        } finally {
            auth.close();
        }
    } catch (GemFireSecurityException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new AuthenticationRequiredException(LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHINITIALIZE_METHOD_0.toLocalizedString(authInitMethod), ex);
    }
    return credentials;
}

Example 3 with AuthenticationRequiredException

use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.

the class HandShake method handshakeWithServer.

/**
   * Client-side handshake with a Server
   */
public ServerQueueStatus handshakeWithServer(Connection conn, ServerLocation location, byte communicationMode) throws IOException, AuthenticationRequiredException, AuthenticationFailedException, ServerRefusedConnectionException {
    try {
        ServerQueueStatus serverQStatus = null;
        Socket sock = conn.getSocket();
        DataOutputStream dos = new DataOutputStream(sock.getOutputStream());
        final InputStream in = sock.getInputStream();
        DataInputStream dis = new DataInputStream(in);
        DistributedMember member = getIDForSocket(sock);
        // if running in a loner system, use the new port number in the ID to
        // help differentiate from other clients
        DM dm = ((InternalDistributedSystem) this.system).getDistributionManager();
        InternalDistributedMember idm = dm.getDistributionManagerId();
        synchronized (idm) {
            if (idm.getPort() == 0 && dm instanceof LonerDistributionManager) {
                int port = sock.getLocalPort();
                ((LonerDistributionManager) dm).updateLonerPort(port);
                updateProxyID(dm.getDistributionManagerId());
            }
        }
        if (communicationMode == Acceptor.GATEWAY_TO_GATEWAY) {
            this.credentials = getCredentials(member);
        }
        byte intermediateAcceptanceCode = write(dos, dis, communicationMode, REPLY_OK, this.clientReadTimeout, null, this.credentials, member, false);
        String authInit = this.system.getProperties().getProperty(SECURITY_CLIENT_AUTH_INIT);
        if (communicationMode != Acceptor.GATEWAY_TO_GATEWAY && intermediateAcceptanceCode != REPLY_AUTH_NOT_REQUIRED && (authInit != null && authInit.length() != 0)) {
            location.compareAndSetRequiresCredentials(true);
        }
        // Read the acceptance code
        byte acceptanceCode = dis.readByte();
        if (acceptanceCode == (byte) 21 && !(sock instanceof SSLSocket)) {
            // SSL
            throw new AuthenticationRequiredException(LocalizedStrings.HandShake_SERVER_EXPECTING_SSL_CONNECTION.toLocalizedString());
        }
        if (acceptanceCode == REPLY_SERVER_IS_LOCATOR) {
            throw new GemFireConfigException("Improperly configured client detected.  " + "Server at " + location + " is actually a locator.  Use addPoolLocator to configure locators.");
        }
        // Successful handshake for GATEWAY_TO_GATEWAY mode sets the peer version in connection
        if (communicationMode == Acceptor.GATEWAY_TO_GATEWAY && !(acceptanceCode == REPLY_EXCEPTION_AUTHENTICATION_REQUIRED || acceptanceCode == REPLY_EXCEPTION_AUTHENTICATION_FAILED)) {
            short wanSiteVersion = Version.readOrdinal(dis);
            conn.setWanSiteVersion(wanSiteVersion);
            // establish a versioned stream for the other site, if necessary
            if (wanSiteVersion < Version.CURRENT_ORDINAL) {
                dis = new VersionedDataInputStream(dis, Version.fromOrdinalOrCurrent(wanSiteVersion));
            }
        }
        // No need to check for return value since DataInputStream already throws
        // EOFException in case of EOF
        byte epType = dis.readByte();
        int qSize = dis.readInt();
        // Read the server member
        member = readServerMember(dis);
        serverQStatus = new ServerQueueStatus(epType, qSize, member);
        // Read the message (if any)
        readMessage(dis, dos, acceptanceCode, member);
        // DSes with different values of this. It shoule be a member variable.
        if (communicationMode != Acceptor.GATEWAY_TO_GATEWAY && currentClientVersion.compareTo(Version.GFE_61) >= 0) {
            deltaEnabledOnServer = dis.readBoolean();
        }
        // validate that the remote side has a different distributed system id.
        if (communicationMode == Acceptor.GATEWAY_TO_GATEWAY && Version.GFE_66.compareTo(conn.getWanSiteVersion()) <= 0 && currentClientVersion.compareTo(Version.GFE_66) >= 0) {
            int remoteDistributedSystemId = in.read();
            int localDistributedSystemId = ((InternalDistributedSystem) system).getDistributionManager().getDistributedSystemId();
            if (localDistributedSystemId >= 0 && localDistributedSystemId == remoteDistributedSystemId) {
                throw new GatewayConfigurationException("Remote WAN site's distributed system id " + remoteDistributedSystemId + " matches this sites distributed system id " + localDistributedSystemId);
            }
        }
        // Read the PDX registry size from the remote size
        if (communicationMode == Acceptor.GATEWAY_TO_GATEWAY && Version.GFE_80.compareTo(conn.getWanSiteVersion()) <= 0 && currentClientVersion.compareTo(Version.GFE_80) >= 0) {
            int remotePdxSize = dis.readInt();
            serverQStatus.setPdxSize(remotePdxSize);
        }
        return serverQStatus;
    } catch (IOException ex) {
        CancelCriterion stopper = this.system.getCancelCriterion();
        stopper.checkCancelInProgress(null);
        throw ex;
    }
}

Example 4 with AuthenticationRequiredException

use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.

the class ServerConnection method getPostAuthzRequest.

public AuthorizeRequestPP getPostAuthzRequest() throws AuthenticationRequiredException, IOException {
    if (!AcceptorImpl.isAuthenticationRequired())
        return null;
    if (AcceptorImpl.isIntegratedSecurity())
        return null;
    // look client version and return authzrequest
    // for backward client it will be store in member variable userAuthId
    // for other look "requestMsg" here and get unique-id from this to get the authzrequest
    long uniqueId = getUniqueId();
    UserAuthAttributes uaa = null;
    try {
        uaa = this.clientUserAuths.getUserAuthAttributes(uniqueId);
    } catch (NullPointerException npe) {
        if (this.isTerminated()) {
            // Bug #52023.
            throw new IOException("Server connection is terminated.");
        } else {
            logger.debug("Unexpected exception {}", npe);
        }
    }
    if (uaa == null) {
        throw new AuthenticationRequiredException("User authorization attributes not found.");
    }
    AuthorizeRequestPP postAuthReq = uaa.getPostAuthzRequest();
    return postAuthReq;
}

Example 5 with AuthenticationRequiredException

use of org.apache.geode.security.AuthenticationRequiredException in project geode by apache.

the class GMSJoinLeave method attemptToJoin.

/**
   * send a join request and wait for a reply. Process the reply. This may throw a
   * SystemConnectException or an AuthenticationFailedException
   *
   * @return true if the attempt succeeded, false if it timed out
   */
@edu.umd.cs.findbugs.annotations.SuppressWarnings(value = "WA_NOT_IN_LOOP")
boolean attemptToJoin() {
    SearchState state = searchState;
    // send a join request to the coordinator and wait for a response
    InternalDistributedMember coord = state.possibleCoordinator;
    if (state.alreadyTried.contains(coord)) {
        logger.info("Probable coordinator is still {} - waiting for a join-response", coord);
    } else {
        logger.info("Attempting to join the distributed system through coordinator " + coord + " using address " + this.localAddress);
        int port = services.getHealthMonitor().getFailureDetectionPort();
        JoinRequestMessage req = new JoinRequestMessage(coord, this.localAddress, services.getAuthenticator().getCredentials(coord), port, services.getMessenger().getRequestId());
        // services.getMessenger().send(req, state.view);
        services.getMessenger().send(req);
    }
    JoinResponseMessage response;
    try {
        response = waitForJoinResponse();
    } catch (InterruptedException e) {
        Thread.currentThread().interrupt();
        return false;
    }
    if (response == null) {
        if (!isJoined) {
            logger.debug("received no join response");
        }
        return isJoined;
    }
    logger.debug("received join response {}", response);
    joinResponse[0] = null;
    String failReason = response.getRejectionMessage();
    if (failReason != null) {
        if (failReason.contains("Rejecting the attempt of a member using an older version") || failReason.contains("15806")) {
            throw new SystemConnectException(failReason);
        } else if (failReason.contains("Failed to find credentials")) {
            throw new AuthenticationRequiredException(failReason);
        }
        throw new GemFireSecurityException(failReason);
    }
    // there is no way we can rech here right now
    throw new RuntimeException("Join Request Failed with response " + joinResponse[0]);
}