Search in sources :

Example 1 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class ClientPostAuthorizationDUnitTest method testAllPostOps.

// GEODE-693: getRandomAvailablePort
@Category(FlakyTest.class)
@Test
public void testAllPostOps() throws Exception {
    OperationWithAction[] allOps = allOpsForTestAllPostOps();
    for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext(); ) {
        AuthzCredentialGenerator gen = iter.next();
        CredentialGenerator cGen = gen.getCredentialGenerator();
        Properties extraAuthProps = cGen.getSystemProperties();
        Properties javaProps = cGen.getJavaProperties();
        Properties extraAuthzProps = gen.getSystemProperties();
        String authenticator = cGen.getAuthenticator();
        String authInit = cGen.getAuthInit();
        String accessor = gen.getAuthorizationCallback();
        TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
        getLogWriter().info("testAllPostOps: Using authinit: " + authInit);
        getLogWriter().info("testAllPostOps: Using authenticator: " + authenticator);
        getLogWriter().info("testAllPostOps: Using accessor: " + accessor);
        // Start servers with all required properties
        Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
        // Get ports for the servers
        int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
        int port1 = randomAvailableTCPPorts[0];
        int port2 = randomAvailableTCPPorts[1];
        // Close down any running servers
        server1.invoke(() -> closeCache());
        server2.invoke(() -> closeCache());
        // Perform all the ops on the clients
        List opBlock = new ArrayList();
        Random rnd = new Random();
        for (int opNum = 0; opNum < allOps.length; ++opNum) {
            // Start client with valid credentials as specified in OperationWithAction
            OperationWithAction currentOp = allOps[opNum];
            if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
                // End of current operation block; execute all the operations on the servers with failover
                if (opBlock.size() > 0) {
                    // Start the first server and execute the operation block
                    server1.invoke(() -> createCacheServer(getLocatorPort(), port1, serverProps, javaProps));
                    server2.invoke(() -> closeCache());
                    executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
                    if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
                        // Failover to the second server and run the block again
                        server2.invoke(() -> createCacheServer(getLocatorPort(), port2, serverProps, javaProps));
                        server1.invoke(() -> closeCache());
                        executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
                    }
                    opBlock.clear();
                }
            } else {
                currentOp.setOpNum(opNum);
                opBlock.add(currentOp);
            }
        }
    }
}
Also used : ArrayList(java.util.ArrayList) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties) Random(java.util.Random) ArrayList(java.util.ArrayList) List(java.util.List) Category(org.junit.experimental.categories.Category) SecurityTest(org.apache.geode.test.junit.categories.SecurityTest) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest) FlakyTest(org.apache.geode.test.junit.categories.FlakyTest)

Example 2 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class ClientAuthorizationDUnitTest method testPutsGetsWithFailover.

@Test
public void testPutsGetsWithFailover() {
    AuthzCredentialGenerator gen = getXmlAuthzGenerator();
    CredentialGenerator cGen = gen.getCredentialGenerator();
    Properties extraAuthProps = cGen.getSystemProperties();
    Properties javaProps = cGen.getJavaProperties();
    Properties extraAuthzProps = gen.getSystemProperties();
    String authenticator = cGen.getAuthenticator();
    String authInit = cGen.getAuthInit();
    String accessor = gen.getAuthorizationCallback();
    getLogWriter().info("testPutsGetsWithFailover: Using authinit: " + authInit);
    getLogWriter().info("testPutsGetsWithFailover: Using authenticator: " + authenticator);
    getLogWriter().info("testPutsGetsWithFailover: Using accessor: " + accessor);
    // Start servers with all required properties
    Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
    int port1 = createServer1(javaProps, serverProps);
    // Get a port for second server but do not start it. This forces the clients to connect to the
    // first server
    int port2 = getRandomAvailablePort(SOCKET);
    // Start client1 with valid CREATE credentials
    Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
    Properties createJavaProps = cGen.getJavaProperties();
    getLogWriter().info("testPutsGetsWithFailover: For first client credentials: " + createCredentials);
    createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
    // Start client2 with valid GET credentials
    Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5);
    Properties getJavaProps = cGen.getJavaProperties();
    getLogWriter().info("testPutsGetsWithFailover: For second client credentials: " + getCredentials);
    createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
    // Perform some put operations from client1
    client1.invoke(() -> doPuts(2, NO_EXCEPTION));
    // Verify that the puts succeeded
    client2.invoke(() -> doGets(2, NO_EXCEPTION));
    createServer2(javaProps, serverProps, port2);
    server1.invoke(() -> closeCache());
    // Perform some put operations from client1
    client1.invoke(() -> doNPuts(4, NO_EXCEPTION));
    // Verify that the puts succeeded
    client2.invoke(() -> doNGets(4, NO_EXCEPTION));
    // Now re-connect with credentials not allowed to do gets
    Properties noGetCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 9);
    getJavaProps = cGen.getJavaProperties();
    getLogWriter().info("testPutsGetsWithFailover: For second client disallowed GET credentials: " + noGetCredentials);
    createClient2NoException(getJavaProps, authInit, port1, port2, noGetCredentials);
    // Perform some put operations from client1
    client1.invoke(() -> doPuts(4, NO_EXCEPTION));
    // Gets as normal user should throw exception
    client2.invoke(() -> doGets(4, NOTAUTHZ_EXCEPTION));
    // force a failover and do the drill again
    server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps));
    server2.invoke(() -> closeCache());
    // Perform some put operations from client1
    client1.invoke(() -> doNPuts(4, NO_EXCEPTION));
    // Gets as normal user should throw exception
    client2.invoke(() -> doNGets(4, NOTAUTHZ_EXCEPTION));
    createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
    // Verify that the gets succeed
    client2.invoke(() -> doNGets(4, NO_EXCEPTION));
    // Verify that the puts throw exception
    client2.invoke(() -> doPuts(4, NOTAUTHZ_EXCEPTION));
}
Also used : AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties) SecurityTest(org.apache.geode.test.junit.categories.SecurityTest) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)

Example 3 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class ClientAuthorizationTestCase method runOpsWithFailOver.

protected void runOpsWithFailOver(final OperationWithAction[] opCodes, final String testName) throws InterruptedException {
    AuthzCredentialGenerator gen = getXmlAuthzGenerator();
    CredentialGenerator cGen = gen.getCredentialGenerator();
    Properties extraAuthProps = cGen.getSystemProperties();
    Properties javaProps = cGen.getJavaProperties();
    Properties extraAuthzProps = gen.getSystemProperties();
    String authenticator = cGen.getAuthenticator();
    String authInit = cGen.getAuthInit();
    String accessor = gen.getAuthorizationCallback();
    TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
    System.out.println(testName + ": Using authinit: " + authInit);
    System.out.println(testName + ": Using authenticator: " + authenticator);
    System.out.println(testName + ": Using accessor: " + accessor);
    // Start servers with all required properties
    Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
    // Get ports for the servers
    List<Keeper> randomAvailableTCPPortKeepers = AvailablePortHelper.getRandomAvailableTCPPortKeepers(4);
    Keeper locator1PortKeeper = randomAvailableTCPPortKeepers.get(0);
    Keeper locator2PortKeeper = randomAvailableTCPPortKeepers.get(1);
    Keeper port1Keeper = randomAvailableTCPPortKeepers.get(2);
    Keeper port2Keeper = randomAvailableTCPPortKeepers.get(3);
    int locator1Port = locator1PortKeeper.getPort();
    int locator2Port = locator2PortKeeper.getPort();
    int port1 = port1Keeper.getPort();
    int port2 = port2Keeper.getPort();
    // Perform all the ops on the clients
    List opBlock = new ArrayList();
    Random rnd = new Random();
    for (int opNum = 0; opNum < opCodes.length; ++opNum) {
        // Start client with valid credentials as specified in OperationWithAction
        OperationWithAction currentOp = opCodes[opNum];
        if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
            // failover
            if (opBlock.size() > 0) {
                locator1PortKeeper.release();
                port1Keeper.release();
                // Start the first server and execute the operation block
                server1.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator1Port, port1, serverProps, javaProps));
                server2.invoke("closeCache", () -> closeCache());
                executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
                if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
                    // Failover to the second server and run the block again
                    locator2PortKeeper.release();
                    port2Keeper.release();
                    server2.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator2Port, port2, serverProps, javaProps));
                    server1.invoke("closeCache", () -> closeCache());
                    executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
                }
                opBlock.clear();
            }
        } else {
            currentOp.setOpNum(opNum);
            opBlock.add(currentOp);
        }
    }
}
Also used : Random(java.util.Random) ArrayList(java.util.ArrayList) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) ArrayList(java.util.ArrayList) List(java.util.List) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) ConfigurationProperties(org.apache.geode.distributed.ConfigurationProperties) Properties(java.util.Properties)

Example 4 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class ClientAuthorizationDUnitTest method testPutAllWithSecurity.

@Test
public void testPutAllWithSecurity() {
    AuthzCredentialGenerator gen = getXmlAuthzGenerator();
    CredentialGenerator cGen = gen.getCredentialGenerator();
    Properties extraAuthProps = cGen.getSystemProperties();
    Properties javaProps = cGen.getJavaProperties();
    Properties extraAuthzProps = gen.getSystemProperties();
    String authenticator = cGen.getAuthenticator();
    String authInit = cGen.getAuthInit();
    String accessor = gen.getAuthorizationCallback();
    getLogWriter().info("testPutAllWithSecurity: Using authinit: " + authInit);
    getLogWriter().info("testPutAllWithSecurity: Using authenticator: " + authenticator);
    getLogWriter().info("testPutAllWithSecurity: Using accessor: " + accessor);
    // Start servers with all required properties
    Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
    int port1 = createServer1(javaProps, serverProps);
    int port2 = createServer2(javaProps, serverProps);
    // Start client1 with valid CREATE credentials
    Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUTALL }, new String[] { regionName }, 1);
    javaProps = cGen.getJavaProperties();
    getLogWriter().info("testPutAllWithSecurity: For first client credentials: " + createCredentials);
    createClient1NoException(javaProps, authInit, port1, port2, createCredentials);
    // Perform some put all operations from client1
    client1.invoke(() -> doPutAllP());
}
Also used : AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties) SecurityTest(org.apache.geode.test.junit.categories.SecurityTest) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)

Example 5 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class ClientAuthorizationTestCase method getDummyGeneratorCombos.

protected List<AuthzCredentialGenerator> getDummyGeneratorCombos() {
    List<AuthzCredentialGenerator> generators = new ArrayList<>();
    Iterator authzCodeIter = AuthzCredentialGenerator.ClassCode.getAll().iterator();
    while (authzCodeIter.hasNext()) {
        ClassCode authzClassCode = (ClassCode) authzCodeIter.next();
        AuthzCredentialGenerator authzGen = AuthzCredentialGenerator.create(authzClassCode);
        if (authzGen != null) {
            CredentialGenerator cGen = new DummyCredentialGenerator();
            cGen.init();
            if (authzGen.init(cGen)) {
                generators.add(authzGen);
            }
        }
    }
    assertTrue(generators.size() > 0);
    return generators;
}
Also used : ClassCode(org.apache.geode.security.generator.AuthzCredentialGenerator.ClassCode) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator)

Aggregations

AuthzCredentialGenerator (org.apache.geode.security.generator.AuthzCredentialGenerator)18 CredentialGenerator (org.apache.geode.security.generator.CredentialGenerator)18 Properties (java.util.Properties)16 DistributedTest (org.apache.geode.test.junit.categories.DistributedTest)13 SecurityTest (org.apache.geode.test.junit.categories.SecurityTest)13 Test (org.junit.Test)13 DummyCredentialGenerator (org.apache.geode.security.generator.DummyCredentialGenerator)9 XmlAuthzCredentialGenerator (org.apache.geode.security.generator.XmlAuthzCredentialGenerator)9 ArrayList (java.util.ArrayList)6 Random (java.util.Random)6 List (java.util.List)5 OperationCode (org.apache.geode.cache.operations.OperationContext.OperationCode)5 FlakyTest (org.apache.geode.test.junit.categories.FlakyTest)3 Category (org.junit.experimental.categories.Category)3 Iterator (java.util.Iterator)1 Function (org.apache.geode.cache.execute.Function)1 ConfigurationProperties (org.apache.geode.distributed.ConfigurationProperties)1 PartitionedRegionLocalMaxMemoryDUnitTest (org.apache.geode.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest)1 TestFunction (org.apache.geode.internal.cache.functions.TestFunction)1 ClassCode (org.apache.geode.security.generator.AuthzCredentialGenerator.ClassCode)1