use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.
the class ClientAuthenticationTestCase method doTestCredentialsWithFailover.
protected void doTestCredentialsWithFailover(final boolean multiUser) throws Exception {
CredentialGenerator gen = new DummyCredentialGenerator();
Properties extraProps = gen.getSystemProperties();
Properties javaProps = gen.getJavaProperties();
String authenticator = gen.getAuthenticator();
String authInit = gen.getAuthInit();
getLogWriter().info("testCredentialsWithFailover: Using scheme: " + gen.classCode());
getLogWriter().info("testCredentialsWithFailover: Using authenticator: " + authenticator);
getLogWriter().info("testCredentialsWithFailover: Using authinit: " + authInit);
// Start the first server
int locPort1 = getLocatorPort();
int locPort2 = getLocatorPort();
String locString = getAndClearLocatorString();
int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
// Get a port for second server but do not start it
// This forces the clients to connect to the first server
int port2 = getRandomAvailablePort(SOCKET);
// Start the clients with valid credentials
Properties credentials1 = gen.getValidCredentials(5);
Properties javaProps1 = gen.getJavaProperties();
getLogWriter().info("testCredentialsWithFailover: For first client credentials: " + credentials1 + " : " + javaProps1);
Properties credentials2 = gen.getValidCredentials(6);
Properties javaProps2 = gen.getJavaProperties();
getLogWriter().info("testCredentialsWithFailover: For second client credentials: " + credentials2 + " : " + javaProps2);
createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2);
// Perform some put operations from client1
client1.invoke(() -> doPuts(2));
// Verify that the puts succeeded
client2.invoke(() -> doGets(2));
// start the second one and stop the first server to force a failover
server2.invoke(() -> createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps));
server1.invoke(() -> closeCache());
// Perform some create/update operations from client1
client1.invoke(() -> doNPuts(4));
// Verify that the creates/updates succeeded
client2.invoke(() -> doNGets(4));
// Verify that the creation of region throws security exception
if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
// For SSL the exception may not come since the server can close socket
// before handshake message is sent from client. However exception
// should come in any region operations.
client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, NOFORCE_AUTHREQ_EXCEPTION));
client2.invoke(() -> doPuts(2, OTHER_EXCEPTION));
} else {
client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
}
// Now try to connect client1 with invalid credentials
// Verify that the creation of region throws security exception
Properties credentials3 = gen.getInvalidCredentials(7);
Properties javaProps3 = gen.getJavaProperties();
getLogWriter().info("testCredentialsWithFailover: For first client invalid credentials: " + credentials3 + " : " + javaProps3);
client1.invoke(() -> createCacheClient(authInit, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION));
if (multiUser) {
client1.invoke(() -> doProxyCacheClose());
client2.invoke(() -> doProxyCacheClose());
client1.invoke(() -> doSimplePut("CacheClosedException"));
client2.invoke(() -> doSimpleGet("CacheClosedException"));
}
}
use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.
the class ClientAuthenticationTestCase method doTestInvalidAuthenticator.
/**
* NOTE: "final boolean multiUser" is unused
*/
protected void doTestInvalidAuthenticator(final boolean multiUser) throws Exception {
CredentialGenerator gen = new DummyCredentialGenerator();
Properties extraProps = gen.getSystemProperties();
Properties javaProps = gen.getJavaProperties();
String authInit = gen.getAuthInit();
getLogWriter().info("testInvalidAuthenticator: Using scheme: " + gen.classCode());
getLogWriter().info("testInvalidAuthenticator: Using authinit: " + authInit);
// Start the server with invalid authenticator
int locPort1 = getLocatorPort();
String locString = getAndClearLocatorString();
server1.invoke(() -> createCacheServer(locPort1, locString, "org.apache.geode.none", extraProps, javaProps, AUTHREQ_EXCEPTION));
}
use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.
the class ClientAuthorizationDUnitTest method testAllowPutsGets.
@Test
public void testAllowPutsGets() {
AuthzCredentialGenerator gen = getXmlAuthzGenerator();
CredentialGenerator cGen = gen.getCredentialGenerator();
Properties extraAuthProps = cGen.getSystemProperties();
Properties javaProps = cGen.getJavaProperties();
Properties extraAuthzProps = gen.getSystemProperties();
String authenticator = cGen.getAuthenticator();
String authInit = cGen.getAuthInit();
String accessor = gen.getAuthorizationCallback();
getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator);
getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
// Start servers with all required properties
Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
int port1 = createServer1(javaProps, serverProps);
int port2 = createServer2(javaProps, serverProps);
// Start client1 with valid CREATE credentials
Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
javaProps = cGen.getJavaProperties();
getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials);
createClient1NoException(javaProps, authInit, port1, port2, createCredentials);
// Start client2 with valid GET credentials
Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2);
javaProps = cGen.getJavaProperties();
getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials);
createClient2NoException(javaProps, authInit, port1, port2, getCredentials);
// Perform some put operations from client1
client1.invoke(() -> doPuts(2, NO_EXCEPTION));
// Verify that the gets succeed
client2.invoke(() -> doGets(2, NO_EXCEPTION));
}
use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.
the class P2PAuthenticationDUnitTest method testP2PAuthenticationWithInvalidAuthInitialize.
/**
* AuthInitialize is incorrect
*/
@Test
public void testP2PAuthenticationWithInvalidAuthInitialize() throws Exception {
int locatorPort = getRandomAvailablePort(SOCKET);
CredentialGenerator gen = new DummyCredentialGenerator();
assertNotNull(gen.getAuthenticator());
assertNull(gen.getJavaProperties());
Properties props = new Properties();
props.setProperty(MCAST_PORT, "0");
props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
props.setProperty(SECURITY_PEER_AUTH_INIT, "Incorrect_AuthInitialize");
props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
startTheLocator(props, gen.getJavaProperties(), locatorPort);
try {
new SecurityTestUtils("tmp").createSystem(props, null);
fail("AuthenticationFailedException was expected as the AuthInitialize object passed is incorrect");
} catch (GemFireSecurityException expected) {
// success
} finally {
locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
}
}
use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.
the class P2PAuthenticationDUnitTest method testP2PLargeCredentialSucceeds.
/**
* The strategy is to test credential size greater than UDP datagram size.
*
* Here locator will accept the credentials from peer2 and the large credential from the first
* peer. Number of members in the DS should be four
*/
@Test
public void testP2PLargeCredentialSucceeds() throws Exception {
int locatorPort = getRandomAvailablePort(SOCKET);
final Host host = Host.getHost(0);
final VM peer2 = host.getVM(1);
final VM peer3 = host.getVM(2);
CredentialGenerator gen = new DummyCredentialGenerator();
gen.init();
assertNotNull(gen.getAuthenticator());
assertNull(gen.getJavaProperties());
assertNull(gen.getSystemProperties());
assertNotNull(gen.getValidCredentials(1));
String authInit = UserPasswordWithExtraPropsAuthInit.class.getName() + ".create";
Properties credentials = gen.getValidCredentials(1);
Properties props = new Properties();
props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
props.putAll(credentials);
startTheLocator(props, null, locatorPort);
try {
// Start the first peer with huge credentials
props = new Properties();
props.setProperty(MCAST_PORT, "0");
props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
String hugeStr = "20KString";
for (int i = 0; i <= 20000; i++) {
hugeStr += "A";
}
credentials = gen.getValidCredentials(3);
credentials.setProperty("security-keep-extra-props", "-");
credentials.setProperty("security-hugeentryone", hugeStr);
credentials.setProperty("security-hugeentrytwo", hugeStr);
credentials.setProperty("security-hugeentrythree", hugeStr);
props.putAll(credentials);
createDS(props, null);
// fail("AuthenticationFailedException was expected as credentials were passed beyond 50k");
// --?
// Start the second peer with the same authenticator as locator
props = new Properties();
props.setProperty(MCAST_PORT, "0");
props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
credentials = gen.getValidCredentials(7);
props.putAll(credentials);
createDS(peer2, props, null);
createDS(peer3, props, null);
// wait for view propagation
pause(2000);
// Verify the number of members on all peers and locator
locatorVM.invoke(() -> verifyMembers(4));
peer2.invoke(() -> verifyMembers(4));
peer3.invoke(() -> verifyMembers(4));
// Disconnect the peers
disconnectFromDS();
peer2.invoke(() -> disconnectFromDS());
peer3.invoke(() -> disconnectFromDS());
} finally {
locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
}
}
Aggregations