Examples with CredentialGenerator org.apache.geode.security.generator.CredentialGenerator used on opensource projects

Search in sources :

Example 26 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthorizationDUnitTest method testDisallowPutsGets.

@Test
public void testDisallowPutsGets() {
    AuthzCredentialGenerator gen = getXmlAuthzGenerator();
    CredentialGenerator cGen = gen.getCredentialGenerator();
    Properties extraAuthProps = cGen.getSystemProperties();
    Properties javaProps = cGen.getJavaProperties();
    Properties extraAuthzProps = gen.getSystemProperties();
    String authenticator = cGen.getAuthenticator();
    String authInit = cGen.getAuthInit();
    String accessor = gen.getAuthorizationCallback();
    getLogWriter().info("testDisallowPutsGets: Using authinit: " + authInit);
    getLogWriter().info("testDisallowPutsGets: Using authenticator: " + authenticator);
    getLogWriter().info("testDisallowPutsGets: Using accessor: " + accessor);
    // Check that we indeed can obtain valid credentials not allowed to do gets
    Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
    Properties createJavaProps = cGen.getJavaProperties();
    getLogWriter().info("testDisallowPutsGets: For first client credentials: " + createCredentials);
    Properties getCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2);
    Properties getJavaProps = cGen.getJavaProperties();
    getLogWriter().info("testDisallowPutsGets: For second client disallowed GET credentials: " + getCredentials);
    // Start servers with all required properties
    Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
    int port1 = createServer1(javaProps, serverProps);
    int port2 = createServer2(javaProps, serverProps);
    createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
    createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
    // Perform some put operations from client1
    client1.invoke(() -> doPuts(2, NO_EXCEPTION));
    // Gets as normal user should throw exception
    client2.invoke(() -> doGets(2, NOTAUTHZ_EXCEPTION));
    // Try to connect client2 with reader credentials
    getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5);
    getJavaProps = cGen.getJavaProperties();
    getLogWriter().info("testDisallowPutsGets: For second client with GET credentials: " + getCredentials);
    createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
    // Verify that the gets succeed
    client2.invoke(() -> doGets(2, NO_EXCEPTION));
    // Verify that the puts throw exception
    client2.invoke(() -> doNPuts(2, NOTAUTHZ_EXCEPTION));
}
Also used : OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties) SecurityTest(org.apache.geode.test.junit.categories.SecurityTest) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)

Example 27 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthorizationDUnitTest method testInvalidAccessor.

@Test
public void testInvalidAccessor() {
    AuthzCredentialGenerator gen = getXmlAuthzGenerator();
    CredentialGenerator cGen = gen.getCredentialGenerator();
    Properties extraAuthProps = cGen.getSystemProperties();
    Properties javaProps = cGen.getJavaProperties();
    Properties extraAuthzProps = gen.getSystemProperties();
    String authenticator = cGen.getAuthenticator();
    String authInit = cGen.getAuthInit();
    String accessor = gen.getAuthorizationCallback();
    getLogWriter().info("testInvalidAccessor: Using authinit: " + authInit);
    getLogWriter().info("testInvalidAccessor: Using authenticator: " + authenticator);
    // Start server1 with invalid accessor
    Properties serverProps = buildProperties(authenticator, "org.apache.none", false, extraAuthProps, extraAuthzProps);
    int port1 = createServer1(javaProps, serverProps);
    int port2 = getRandomAvailablePort(SOCKET);
    // Client creation should throw exceptions
    Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 3);
    Properties createJavaProps = cGen.getJavaProperties();
    getLogWriter().info("testInvalidAccessor: For first client CREATE credentials: " + createCredentials);
    Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 7);
    Properties getJavaProps = cGen.getJavaProperties();
    getLogWriter().info("testInvalidAccessor: For second client GET credentials: " + getCredentials);
    client1.invoke(() -> ClientAuthenticationTestUtils.createCacheClient(authInit, createCredentials, createJavaProps, port1, port2, 0, false, false, NO_EXCEPTION));
    client1.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION));
    client2.invoke(() -> ClientAuthenticationTestUtils.createCacheClient(authInit, getCredentials, getJavaProps, port1, port2, 0, false, false, NO_EXCEPTION));
    client2.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION));
    // Now start server2 that has valid accessor
    getLogWriter().info("testInvalidAccessor: Using accessor: " + accessor);
    serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
    createServer2(javaProps, serverProps, port2);
    server1.invoke(() -> closeCache());
    createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
    createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
    // Now perform some put operations from client1
    client1.invoke(() -> doPuts(4, NO_EXCEPTION));
    // Verify that the gets succeed
    client2.invoke(() -> doGets(4, NO_EXCEPTION));
}
Also used : AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties) SecurityTest(org.apache.geode.test.junit.categories.SecurityTest) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)

Example 28 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthorizationTestCase method executeOpBlock.

protected void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException {
    for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext(); ) {
        // Start client with valid credentials as specified in OperationWithAction
        OperationWithAction currentOp = opIter.next();
        OperationCode opCode = currentOp.getOperationCode();
        int opFlags = currentOp.getFlags();
        int clientNum = currentOp.getClientNum();
        VM clientVM = null;
        boolean useThisVM = false;
        switch(clientNum) {
            case 1:
                clientVM = client1;
                break;
            case 2:
                clientVM = client2;
                break;
            case 3:
                useThisVM = true;
                break;
            default:
                fail("executeOpBlock: Unknown client number " + clientNum);
                break;
        }
        System.out.println("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
        if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
            Properties opCredentials;
            int newRnd = random.nextInt(100) + 1;
            String currentRegionName = '/' + regionName;
            if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
                currentRegionName += ('/' + SUBREGION_NAME);
            }
            String credentialsTypeStr;
            OperationCode authOpCode = currentOp.getAuthzOperationCode();
            int[] indices = currentOp.getIndices();
            CredentialGenerator cGen = credentialGenerator.getCredentialGenerator();
            final Properties javaProps = cGen == null ? null : cGen.getJavaProperties();
            if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
                opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd);
                credentialsTypeStr = " unauthorized " + authOpCode;
            } else {
                opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] { opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd);
                credentialsTypeStr = " authorized " + authOpCode;
            }
            Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
            // Start the client with valid credentials but allowed or disallowed to perform an operation
            System.out.println("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
            boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
            if (useThisVM) {
                SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, 0, setupDynamicRegionFactory, NO_EXCEPTION);
            } else {
                clientVM.invoke("SecurityTestUtils.createCacheClientWithDynamicRegion", () -> SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, 0, setupDynamicRegionFactory, NO_EXCEPTION));
            }
        }
        int expectedResult;
        if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
            expectedResult = NOTAUTHZ_EXCEPTION;
        } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
            expectedResult = OTHER_EXCEPTION;
        } else {
            expectedResult = NO_EXCEPTION;
        }
        // Perform the operation from selected client
        if (useThisVM) {
            doOp(opCode, currentOp.getIndices(), new Integer(opFlags), new Integer(expectedResult));
        } else {
            int[] indices = currentOp.getIndices();
            clientVM.invoke("ClientAuthorizationTestCase.doOp", () -> ClientAuthorizationTestCase.doOp(opCode, indices, new Integer(opFlags), new Integer(expectedResult)));
        }
    }
}
Also used : OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode) VM(org.apache.geode.test.dunit.VM) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) ConfigurationProperties(org.apache.geode.distributed.ConfigurationProperties) Properties(java.util.Properties)

Example 29 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthorizationTestCase method getXmlAuthzGenerator.

protected AuthzCredentialGenerator getXmlAuthzGenerator() {
    AuthzCredentialGenerator authzGen = new XmlAuthzCredentialGenerator();
    CredentialGenerator cGen = new DummyCredentialGenerator();
    cGen.init();
    authzGen.init(cGen);
    return authzGen;
}
Also used : AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) XmlAuthzCredentialGenerator(org.apache.geode.security.generator.XmlAuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator)

Example 30 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class DeltaClientAuthorizationDUnitTest method testAllowPutsGets.

@Test
public void testAllowPutsGets() throws Exception {
    AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
    CredentialGenerator cGen = gen.getCredentialGenerator();
    Properties extraAuthProps = cGen.getSystemProperties();
    Properties javaProps = cGen.getJavaProperties();
    Properties extraAuthzProps = gen.getSystemProperties();
    String authenticator = cGen.getAuthenticator();
    String authInit = cGen.getAuthInit();
    String accessor = gen.getAuthorizationCallback();
    getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
    getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator);
    getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
    // Start servers with all required properties
    Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
    int port1 = createServer1(javaProps, serverProps);
    int port2 = createServer2(javaProps, serverProps);
    // Start client1 with valid CREATE credentials
    Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { REGION_NAME }, 1);
    javaProps = cGen.getJavaProperties();
    getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials);
    createClient1(javaProps, authInit, port1, port2, createCredentials);
    // Start client2 with valid GET credentials
    Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { REGION_NAME }, 2);
    javaProps = cGen.getJavaProperties();
    getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials);
    createClient2(javaProps, authInit, port1, port2, getCredentials);
    // Perform some put operations from client1
    client1.invoke(() -> doPuts(2, NO_EXCEPTION));
    Thread.sleep(5000);
    assertTrue("Delta feature NOT used", client1.invoke(() -> DeltaTestImpl.toDeltaFeatureUsed()));
    // Verify that the gets succeed
    client2.invoke(() -> doGets(2, NO_EXCEPTION));
}
Also used : AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator) CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator) Properties(java.util.Properties) SecurityTest(org.apache.geode.test.junit.categories.SecurityTest) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)

Aggregations

CredentialGenerator (org.apache.geode.security.generator.CredentialGenerator)39 Properties (java.util.Properties)37 DummyCredentialGenerator (org.apache.geode.security.generator.DummyCredentialGenerator)29 DistributedTest (org.apache.geode.test.junit.categories.DistributedTest)23 Test (org.junit.Test)23 SecurityTest (org.apache.geode.test.junit.categories.SecurityTest)21 AuthzCredentialGenerator (org.apache.geode.security.generator.AuthzCredentialGenerator)20 ConfigurationProperties (org.apache.geode.distributed.ConfigurationProperties)12 FlakyTest (org.apache.geode.test.junit.categories.FlakyTest)11 XmlAuthzCredentialGenerator (org.apache.geode.security.generator.XmlAuthzCredentialGenerator)10 ArrayList (java.util.ArrayList)7 Random (java.util.Random)7 OperationCode (org.apache.geode.cache.operations.OperationContext.OperationCode)7 LdapUserCredentialGenerator (org.apache.geode.security.generator.LdapUserCredentialGenerator)7 Category (org.junit.experimental.categories.Category)6 List (java.util.List)5 SecurityTestUtils (org.apache.geode.security.SecurityTestUtils)4 VM (org.apache.geode.test.dunit.VM)4 Host (org.apache.geode.test.dunit.Host)2 Iterator (java.util.Iterator)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial