Examples with AuthzCredentialGenerator org.apache.geode.security.generator.AuthzCredentialGenerator used on opensource projects

Search in sources :

Example 6 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class ClientAuthorizationDUnitTest method testAllowPutsGets.

@Test
public void testAllowPutsGets() {
    AuthzCredentialGenerator gen = getXmlAuthzGenerator();
    CredentialGenerator cGen = gen.getCredentialGenerator();
    Properties extraAuthProps = cGen.getSystemProperties();
    Properties javaProps = cGen.getJavaProperties();
    Properties extraAuthzProps = gen.getSystemProperties();
    String authenticator = cGen.getAuthenticator();
    String authInit = cGen.getAuthInit();
    String accessor = gen.getAuthorizationCallback();
    getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
    getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator);
    getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
    // Start servers with all required properties
    Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
    int port1 = createServer1(javaProps, serverProps);
    int port2 = createServer2(javaProps, serverProps);
    // Start client1 with valid CREATE credentials
    Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
    javaProps = cGen.getJavaProperties();
    getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials);
    createClient1NoException(javaProps, authInit, port1, port2, createCredentials);
    // Start client2 with valid GET credentials
    Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2);
    javaProps = cGen.getJavaProperties();
    getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials);
    createClient2NoException(javaProps, authInit, port1, port2, getCredentials);
    // Perform some put operations from client1
    client1.invoke(() -> doPuts(2, NO_EXCEPTION));
    // Verify that the gets succeed
    client2.invoke(() -> doGets(2, NO_EXCEPTION));
}
Also used : AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties) SecurityTest(org.apache.geode.test.junit.categories.SecurityTest) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)

Example 7 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class ClientCQPostAuthorizationDUnitTest method doStartUp.

private void doStartUp(final int numOfUsers, final int numOfPuts, final boolean[] postAuthzAllowed, final boolean failover) throws Exception {
    AuthzCredentialGenerator authzGenerator = getXmlAuthzGenerator();
    CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
    Properties extraAuthProps = credentialGenerator.getSystemProperties();
    Properties javaProps = credentialGenerator.getJavaProperties();
    Properties extraAuthzProps = authzGenerator.getSystemProperties();
    String authenticator = credentialGenerator.getAuthenticator();
    String accessor = authzGenerator.getAuthorizationCallback();
    String authInit = credentialGenerator.getAuthInit();
    TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
    Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
    Properties opCredentials;
    credentialGenerator = tgen.getCredentialGenerator();
    final Properties javaProps2 = credentialGenerator == null ? null : credentialGenerator.getJavaProperties();
    int[] indices = new int[numOfPuts];
    for (int index = 0; index < numOfPuts; ++index) {
        indices[index] = index;
    }
    Random rnd = new Random();
    Properties[] authProps = new Properties[numOfUsers];
    for (int i = 0; i < numOfUsers; i++) {
        int rand = rnd.nextInt(100) + 1;
        if (postAuthzAllowed[i]) {
            // For callback, GET should be allowed
            opCredentials = tgen.getAllowedCredentials(new OperationCode[] { OperationCode.EXECUTE_CQ, OperationCode.GET }, new String[] { REGION_NAME }, indices, rand);
        } else {
            // For callback, GET should be disallowed
            opCredentials = tgen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { REGION_NAME }, indices, rand);
        }
        authProps[i] = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
    }
    // Get ports for the servers
    int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(3);
    int port1 = randomAvailableTCPPorts[0];
    int port2 = randomAvailableTCPPorts[1];
    int locatorPort = randomAvailableTCPPorts[2];
    // Close down any running servers
    server1.invoke(() -> closeCache());
    server2.invoke(() -> closeCache());
    server1.invoke(() -> createTheServerCache(serverProps, javaProps, locatorPort, port1));
    client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, postAuthzAllowed));
    client2.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, postAuthzAllowed));
    client1.invoke(() -> createCQ(numOfUsers));
    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers], postAuthzAllowed));
    client2.invoke(() -> doPuts(numOfPuts, true));
    if (!postAuthzAllowed[0]) {
        // There is no point waiting as no user is authorized to receive cq events.
        try {
            Thread.sleep(1000);
        } catch (InterruptedException ie) {
        }
    // TODO: replace with Awaitility
    } else {
        client1.invoke(() -> waitForLastKey(0));
        if (postAuthzAllowed[1]) {
            client1.invoke(() -> waitForLastKey(1));
        }
    }
    client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfPuts + 1, /* last key */
    0, !failover));
    if (failover) {
        server2.invoke(() -> createTheServerCache(serverProps, javaProps, locatorPort, port2));
        server1.invoke(() -> closeCache());
        // Allow time for client1 to register its CQs on server2
        server2.invoke(() -> allowCQsToRegister(2));
        client2.invoke(() -> doPuts(numOfPuts, true));
        client1.invoke(() -> waitForLastKeyUpdate(0));
        client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfPuts + 1, /* last key */
        numOfPuts + 1, /* last key */
        true));
    }
}
Also used : Random(java.util.Random) OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties)

Example 8 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class MultiUserDurableCQAuthzDUnitTest method doTest.

/**
   * WARNING: "final Boolean keepAlive" is treated as a ternary value: null, true, false
   */
private void doTest(int numOfUsers, int numOfPuts, boolean[] postAuthzAllowed, final AuthzCredentialGenerator authzGenerator, final Boolean keepAlive) throws Exception {
    CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
    Properties extraAuthProps = credentialGenerator.getSystemProperties();
    Properties javaProps = credentialGenerator.getJavaProperties();
    Properties extraAuthzProps = authzGenerator.getSystemProperties();
    String authenticator = credentialGenerator.getAuthenticator();
    String accessor = authzGenerator.getAuthorizationCallback();
    String authInit = credentialGenerator.getAuthInit();
    TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
    Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
    Properties opCredentials;
    credentialGenerator = tgen.getCredentialGenerator();
    final Properties javaProps2 = credentialGenerator != null ? credentialGenerator.getJavaProperties() : null;
    int[] indices = new int[numOfPuts];
    for (int index = 0; index < numOfPuts; ++index) {
        indices[index] = index;
    }
    Random random = new Random();
    Properties[] authProps = new Properties[numOfUsers];
    String durableClientId = "multiuser_durable_client_1";
    Properties client2Credentials = null;
    for (int i = 0; i < numOfUsers; i++) {
        int rand = random.nextInt(100) + 1;
        if (postAuthzAllowed[i]) {
            opCredentials = tgen.getAllowedCredentials(// For callback, GET
            new OperationCode[] { OperationCode.EXECUTE_CQ, OperationCode.GET }, // should be allowed
            new String[] { regionName }, indices, rand);
        } else {
            opCredentials = // For
            tgen.getDisallowedCredentials(// For
            new OperationCode[] { OperationCode.GET }, // disallowed
            new String[] { regionName }, indices, rand);
        }
        authProps[i] = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
        if (client2Credentials == null) {
            client2Credentials = tgen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, indices, rand);
        }
    }
    // Get ports for the servers
    int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(3);
    int port1 = randomAvailableTCPPorts[0];
    int port2 = randomAvailableTCPPorts[1];
    int locatorPort = randomAvailableTCPPorts[2];
    // Close down any running servers
    server1.invoke(() -> closeCache());
    server2.invoke(() -> closeCache());
    server1.invoke(() -> createServerCache(serverProps, javaProps, locatorPort, port1));
    client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, durableClientId, postAuthzAllowed));
    client1.invoke(() -> createCQ(numOfUsers, true));
    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
    client1.invoke(() -> readyForEvents());
    if (keepAlive == null) {
        client1.invoke(() -> closeCache());
    } else {
        client1.invoke(() -> closeCache(keepAlive));
    }
    server1.invoke(() -> doPuts(numOfPuts, true));
    client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, durableClientId, postAuthzAllowed));
    client1.invoke(() -> createCQ(numOfUsers, true));
    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
    client1.invoke(() -> readyForEvents());
    if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
        // Don't wait as no user is authorized to receive cq events.
        // TODO: use Awaitility
        Thread.sleep(1000);
    } else {
        client1.invoke(() -> waitForLastKey(0, true));
    }
    int numOfCreates = keepAlive == null ? 0 : (keepAlive ? numOfPuts + 1 : /* last key */
    0);
    client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfCreates, 0));
    client1.invoke(() -> proxyCacheClose(new int[] { 0, 1 }, keepAlive));
    client1.invoke(() -> createProxyCache(new int[] { 0, 1 }, authProps));
    client1.invoke(() -> createCQ(numOfUsers, true));
    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
    server1.invoke(() -> doPuts(numOfPuts, true));
    if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
        // Don't wait as no user is authorized to receive cq events.
        // TODO: use Awaitility
        Thread.sleep(1000);
    } else {
        client1.invoke(() -> waitForLastKey(0, false));
    }
    int numOfUpdates = numOfPuts + 1;
    client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, 0, numOfUpdates));
}
Also used : Random(java.util.Random) OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties)

Example 9 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class ClientPostAuthorizationDUnitTest method testAllOpsNotifications.

// GEODE-1009: random ports, uses Random, time sensitive,
@Category(FlakyTest.class)
// waitForCondition (waitForCriterion)
@Test
public void testAllOpsNotifications() throws Exception {
    OperationWithAction[] allOps = allOpsForTestAllOpsNotifications();
    AuthzCredentialGenerator authzGenerator = getXmlAuthzGenerator();
    getLogWriter().info("Executing opblocks with credential generator " + authzGenerator);
    CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
    Properties extraAuthProps = credentialGenerator.getSystemProperties();
    Properties javaProps = credentialGenerator.getJavaProperties();
    Properties extraAuthzProps = authzGenerator.getSystemProperties();
    String authenticator = credentialGenerator.getAuthenticator();
    String authInit = credentialGenerator.getAuthInit();
    String accessor = authzGenerator.getAuthorizationCallback();
    TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
    getLogWriter().info("testAllOpsNotifications: Using authinit: " + authInit);
    getLogWriter().info("testAllOpsNotifications: Using authenticator: " + authenticator);
    getLogWriter().info("testAllOpsNotifications: Using accessor: " + accessor);
    // Start servers with all required properties
    Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
    // Get ports for the servers
    int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
    int port1 = randomAvailableTCPPorts[0];
    int port2 = randomAvailableTCPPorts[1];
    // Perform all the ops on the clients
    List opBlock = new ArrayList();
    Random rnd = new Random();
    for (int opNum = 0; opNum < allOps.length; ++opNum) {
        // Start client with valid credentials as specified in OperationWithAction
        OperationWithAction currentOp = allOps[opNum];
        if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
            // End of current operation block; execute all the operations on the servers with failover
            if (opBlock.size() > 0) {
                // Start the first server and execute the operation block
                server1.invoke(() -> createCacheServer(getLocatorPort(), port1, serverProps, javaProps));
                server2.invoke(() -> closeCache());
                executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
                if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
                    // Failover to the second server and run the block again
                    server2.invoke(() -> createCacheServer(getLocatorPort(), port2, serverProps, javaProps));
                    server1.invoke(() -> closeCache());
                    executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
                }
                opBlock.clear();
            }
        } else {
            currentOp.setOpNum(opNum);
            opBlock.add(currentOp);
        }
    }
}
Also used : Random(java.util.Random) ArrayList(java.util.ArrayList) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) ArrayList(java.util.ArrayList) List(java.util.List) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties) Category(org.junit.experimental.categories.Category) SecurityTest(org.apache.geode.test.junit.categories.SecurityTest) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest) FlakyTest(org.apache.geode.test.junit.categories.FlakyTest)

Example 10 with AuthzCredentialGenerator

use of org.apache.geode.security.generator.AuthzCredentialGenerator in project geode by apache.

the class ClientMultiUserAuthzDUnitTest method testOps1.

/**
   * Tests with one user authorized to do puts/gets/containsKey/destroys and another not authorized
   * for the same.
   */
@Test
public void testOps1() throws Exception {
    for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext(); ) {
        AuthzCredentialGenerator gen = iter.next();
        CredentialGenerator cGen = gen.getCredentialGenerator();
        Properties extraAuthProps = cGen.getSystemProperties();
        Properties javaProps = cGen.getJavaProperties();
        Properties extraAuthzProps = gen.getSystemProperties();
        String authenticator = cGen.getAuthenticator();
        String authInit = cGen.getAuthInit();
        String accessor = gen.getAuthorizationCallback();
        getLogWriter().info("testOps1: Using authinit: " + authInit);
        getLogWriter().info("testOps1: Using authenticator: " + authenticator);
        getLogWriter().info("testOps1: Using accessor: " + accessor);
        // Start servers with all required properties
        Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
        int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
        int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
        if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT }, new OperationCode[] { OperationCode.GET, OperationCode.GET }, javaProps, authInit, port1, port2)) {
            continue;
        }
        verifyPutsGets();
        if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY }, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY }, javaProps, authInit, port1, port2)) {
            continue;
        }
        verifyContainsKeyDestroys();
        if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY }, new OperationCode[] { OperationCode.INVALIDATE, OperationCode.INVALIDATE }, javaProps, authInit, port1, port2)) {
            continue;
        }
        verifyContainsKeyInvalidates();
        if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.GET, OperationCode.GET }, new OperationCode[] { OperationCode.REGION_DESTROY, OperationCode.REGION_DESTROY }, javaProps, authInit, port1, port2)) {
            continue;
        }
        verifyGetAllInTX();
        verifyGetAllRegionDestroys();
    }
}
Also used : OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties) SecurityTest(org.apache.geode.test.junit.categories.SecurityTest) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)

Aggregations

AuthzCredentialGenerator (org.apache.geode.security.generator.AuthzCredentialGenerator)18 CredentialGenerator (org.apache.geode.security.generator.CredentialGenerator)18 Properties (java.util.Properties)16 DistributedTest (org.apache.geode.test.junit.categories.DistributedTest)13 SecurityTest (org.apache.geode.test.junit.categories.SecurityTest)13 Test (org.junit.Test)13 DummyCredentialGenerator (org.apache.geode.security.generator.DummyCredentialGenerator)9 XmlAuthzCredentialGenerator (org.apache.geode.security.generator.XmlAuthzCredentialGenerator)9 ArrayList (java.util.ArrayList)6 Random (java.util.Random)6 List (java.util.List)5 OperationCode (org.apache.geode.cache.operations.OperationContext.OperationCode)5 FlakyTest (org.apache.geode.test.junit.categories.FlakyTest)3 Category (org.junit.experimental.categories.Category)3 Iterator (java.util.Iterator)1 Function (org.apache.geode.cache.execute.Function)1 ConfigurationProperties (org.apache.geode.distributed.ConfigurationProperties)1 PartitionedRegionLocalMaxMemoryDUnitTest (org.apache.geode.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest)1 TestFunction (org.apache.geode.internal.cache.functions.TestFunction)1 ClassCode (org.apache.geode.security.generator.AuthzCredentialGenerator.ClassCode)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial