use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.
the class ClientPostAuthorizationDUnitTest method testAllPostOps.
// GEODE-693: getRandomAvailablePort
@Category(FlakyTest.class)
@Test
public void testAllPostOps() throws Exception {
OperationWithAction[] allOps = allOpsForTestAllPostOps();
for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext(); ) {
AuthzCredentialGenerator gen = iter.next();
CredentialGenerator cGen = gen.getCredentialGenerator();
Properties extraAuthProps = cGen.getSystemProperties();
Properties javaProps = cGen.getJavaProperties();
Properties extraAuthzProps = gen.getSystemProperties();
String authenticator = cGen.getAuthenticator();
String authInit = cGen.getAuthInit();
String accessor = gen.getAuthorizationCallback();
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
getLogWriter().info("testAllPostOps: Using authinit: " + authInit);
getLogWriter().info("testAllPostOps: Using authenticator: " + authenticator);
getLogWriter().info("testAllPostOps: Using accessor: " + accessor);
// Start servers with all required properties
Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
// Get ports for the servers
int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
int port1 = randomAvailableTCPPorts[0];
int port2 = randomAvailableTCPPorts[1];
// Close down any running servers
server1.invoke(() -> closeCache());
server2.invoke(() -> closeCache());
// Perform all the ops on the clients
List opBlock = new ArrayList();
Random rnd = new Random();
for (int opNum = 0; opNum < allOps.length; ++opNum) {
// Start client with valid credentials as specified in OperationWithAction
OperationWithAction currentOp = allOps[opNum];
if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
// End of current operation block; execute all the operations on the servers with failover
if (opBlock.size() > 0) {
// Start the first server and execute the operation block
server1.invoke(() -> createCacheServer(getLocatorPort(), port1, serverProps, javaProps));
server2.invoke(() -> closeCache());
executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
// Failover to the second server and run the block again
server2.invoke(() -> createCacheServer(getLocatorPort(), port2, serverProps, javaProps));
server1.invoke(() -> closeCache());
executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
}
opBlock.clear();
}
} else {
currentOp.setOpNum(opNum);
opBlock.add(currentOp);
}
}
}
}
use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.
the class ClientAuthorizationDUnitTest method testPutsGetsWithFailover.
@Test
public void testPutsGetsWithFailover() {
AuthzCredentialGenerator gen = getXmlAuthzGenerator();
CredentialGenerator cGen = gen.getCredentialGenerator();
Properties extraAuthProps = cGen.getSystemProperties();
Properties javaProps = cGen.getJavaProperties();
Properties extraAuthzProps = gen.getSystemProperties();
String authenticator = cGen.getAuthenticator();
String authInit = cGen.getAuthInit();
String accessor = gen.getAuthorizationCallback();
getLogWriter().info("testPutsGetsWithFailover: Using authinit: " + authInit);
getLogWriter().info("testPutsGetsWithFailover: Using authenticator: " + authenticator);
getLogWriter().info("testPutsGetsWithFailover: Using accessor: " + accessor);
// Start servers with all required properties
Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
int port1 = createServer1(javaProps, serverProps);
// Get a port for second server but do not start it. This forces the clients to connect to the
// first server
int port2 = getRandomAvailablePort(SOCKET);
// Start client1 with valid CREATE credentials
Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
Properties createJavaProps = cGen.getJavaProperties();
getLogWriter().info("testPutsGetsWithFailover: For first client credentials: " + createCredentials);
createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
// Start client2 with valid GET credentials
Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5);
Properties getJavaProps = cGen.getJavaProperties();
getLogWriter().info("testPutsGetsWithFailover: For second client credentials: " + getCredentials);
createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
// Perform some put operations from client1
client1.invoke(() -> doPuts(2, NO_EXCEPTION));
// Verify that the puts succeeded
client2.invoke(() -> doGets(2, NO_EXCEPTION));
createServer2(javaProps, serverProps, port2);
server1.invoke(() -> closeCache());
// Perform some put operations from client1
client1.invoke(() -> doNPuts(4, NO_EXCEPTION));
// Verify that the puts succeeded
client2.invoke(() -> doNGets(4, NO_EXCEPTION));
// Now re-connect with credentials not allowed to do gets
Properties noGetCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 9);
getJavaProps = cGen.getJavaProperties();
getLogWriter().info("testPutsGetsWithFailover: For second client disallowed GET credentials: " + noGetCredentials);
createClient2NoException(getJavaProps, authInit, port1, port2, noGetCredentials);
// Perform some put operations from client1
client1.invoke(() -> doPuts(4, NO_EXCEPTION));
// Gets as normal user should throw exception
client2.invoke(() -> doGets(4, NOTAUTHZ_EXCEPTION));
// force a failover and do the drill again
server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps));
server2.invoke(() -> closeCache());
// Perform some put operations from client1
client1.invoke(() -> doNPuts(4, NO_EXCEPTION));
// Gets as normal user should throw exception
client2.invoke(() -> doNGets(4, NOTAUTHZ_EXCEPTION));
createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
// Verify that the gets succeed
client2.invoke(() -> doNGets(4, NO_EXCEPTION));
// Verify that the puts throw exception
client2.invoke(() -> doPuts(4, NOTAUTHZ_EXCEPTION));
}
use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.
the class ClientAuthorizationTestCase method runOpsWithFailOver.
protected void runOpsWithFailOver(final OperationWithAction[] opCodes, final String testName) throws InterruptedException {
AuthzCredentialGenerator gen = getXmlAuthzGenerator();
CredentialGenerator cGen = gen.getCredentialGenerator();
Properties extraAuthProps = cGen.getSystemProperties();
Properties javaProps = cGen.getJavaProperties();
Properties extraAuthzProps = gen.getSystemProperties();
String authenticator = cGen.getAuthenticator();
String authInit = cGen.getAuthInit();
String accessor = gen.getAuthorizationCallback();
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
System.out.println(testName + ": Using authinit: " + authInit);
System.out.println(testName + ": Using authenticator: " + authenticator);
System.out.println(testName + ": Using accessor: " + accessor);
// Start servers with all required properties
Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
// Get ports for the servers
List<Keeper> randomAvailableTCPPortKeepers = AvailablePortHelper.getRandomAvailableTCPPortKeepers(4);
Keeper locator1PortKeeper = randomAvailableTCPPortKeepers.get(0);
Keeper locator2PortKeeper = randomAvailableTCPPortKeepers.get(1);
Keeper port1Keeper = randomAvailableTCPPortKeepers.get(2);
Keeper port2Keeper = randomAvailableTCPPortKeepers.get(3);
int locator1Port = locator1PortKeeper.getPort();
int locator2Port = locator2PortKeeper.getPort();
int port1 = port1Keeper.getPort();
int port2 = port2Keeper.getPort();
// Perform all the ops on the clients
List opBlock = new ArrayList();
Random rnd = new Random();
for (int opNum = 0; opNum < opCodes.length; ++opNum) {
// Start client with valid credentials as specified in OperationWithAction
OperationWithAction currentOp = opCodes[opNum];
if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
// failover
if (opBlock.size() > 0) {
locator1PortKeeper.release();
port1Keeper.release();
// Start the first server and execute the operation block
server1.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator1Port, port1, serverProps, javaProps));
server2.invoke("closeCache", () -> closeCache());
executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
// Failover to the second server and run the block again
locator2PortKeeper.release();
port2Keeper.release();
server2.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator2Port, port2, serverProps, javaProps));
server1.invoke("closeCache", () -> closeCache());
executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
}
opBlock.clear();
}
} else {
currentOp.setOpNum(opNum);
opBlock.add(currentOp);
}
}
}
use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.
the class ClientAuthorizationDUnitTest method testPutAllWithSecurity.
@Test
public void testPutAllWithSecurity() {
AuthzCredentialGenerator gen = getXmlAuthzGenerator();
CredentialGenerator cGen = gen.getCredentialGenerator();
Properties extraAuthProps = cGen.getSystemProperties();
Properties javaProps = cGen.getJavaProperties();
Properties extraAuthzProps = gen.getSystemProperties();
String authenticator = cGen.getAuthenticator();
String authInit = cGen.getAuthInit();
String accessor = gen.getAuthorizationCallback();
getLogWriter().info("testPutAllWithSecurity: Using authinit: " + authInit);
getLogWriter().info("testPutAllWithSecurity: Using authenticator: " + authenticator);
getLogWriter().info("testPutAllWithSecurity: Using accessor: " + accessor);
// Start servers with all required properties
Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
int port1 = createServer1(javaProps, serverProps);
int port2 = createServer2(javaProps, serverProps);
// Start client1 with valid CREATE credentials
Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUTALL }, new String[] { regionName }, 1);
javaProps = cGen.getJavaProperties();
getLogWriter().info("testPutAllWithSecurity: For first client credentials: " + createCredentials);
createClient1NoException(javaProps, authInit, port1, port2, createCredentials);
// Perform some put all operations from client1
client1.invoke(() -> doPutAllP());
}
use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.
the class ClientAuthorizationTestCase method getDummyGeneratorCombos.
protected List<AuthzCredentialGenerator> getDummyGeneratorCombos() {
List<AuthzCredentialGenerator> generators = new ArrayList<>();
Iterator authzCodeIter = AuthzCredentialGenerator.ClassCode.getAll().iterator();
while (authzCodeIter.hasNext()) {
ClassCode authzClassCode = (ClassCode) authzCodeIter.next();
AuthzCredentialGenerator authzGen = AuthzCredentialGenerator.create(authzClassCode);
if (authzGen != null) {
CredentialGenerator cGen = new DummyCredentialGenerator();
cGen.init();
if (authzGen.init(cGen)) {
generators.add(authzGen);
}
}
}
assertTrue(generators.size() > 0);
return generators;
}
Aggregations