Example 36 with CredentialGenerator
use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.
the class ClientAuthenticationTestCase method doTestNoAuthInitWithCredentials.
protected void doTestNoAuthInitWithCredentials(final boolean multiUser) throws Exception {
CredentialGenerator gen = new DummyCredentialGenerator();
Properties extraProps = gen.getSystemProperties();
Properties javaProps = gen.getJavaProperties();
String authenticator = gen.getAuthenticator();
getLogWriter().info("testNoAuthInitWithCredentials: Using scheme: " + gen.classCode());
getLogWriter().info("testNoAuthInitWithCredentials: Using authenticator: " + authenticator);
// Start the servers
int locPort1 = getLocatorPort();
int locPort2 = getLocatorPort();
String locString = getAndClearLocatorString();
int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
// Start the clients with valid credentials
Properties credentials1 = gen.getValidCredentials(1);
Properties javaProps1 = gen.getJavaProperties();
getLogWriter().info("testNoAuthInitWithCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
Properties credentials2 = gen.getValidCredentials(2);
Properties javaProps2 = gen.getJavaProperties();
getLogWriter().info("testNoAuthInitWithCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
client1.invoke(() -> createCacheClient(null, credentials1, javaProps1, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
client2.invoke(() -> createCacheClient(null, credentials2, javaProps2, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
client2.invoke(() -> closeCache());
// Now also try with invalid credentials
Properties credentials3 = gen.getInvalidCredentials(5);
Properties javaProps3 = gen.getJavaProperties();
client2.invoke(() -> createCacheClient(null, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
}
Also used :
DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator)
CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator)
Properties(java.util.Properties)
DummyCredentialGenerator(org.apache.geode.security.generator.DummyCredentialGenerator)
Example 37 with CredentialGenerator
use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.
the class ClientCQPostAuthorizationDUnitTest method doStartUp.
private void doStartUp(final int numOfUsers, final int numOfPuts, final boolean[] postAuthzAllowed, final boolean failover) throws Exception {
AuthzCredentialGenerator authzGenerator = getXmlAuthzGenerator();
CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
Properties extraAuthProps = credentialGenerator.getSystemProperties();
Properties javaProps = credentialGenerator.getJavaProperties();
Properties extraAuthzProps = authzGenerator.getSystemProperties();
String authenticator = credentialGenerator.getAuthenticator();
String accessor = authzGenerator.getAuthorizationCallback();
String authInit = credentialGenerator.getAuthInit();
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
Properties opCredentials;
credentialGenerator = tgen.getCredentialGenerator();
final Properties javaProps2 = credentialGenerator == null ? null : credentialGenerator.getJavaProperties();
int[] indices = new int[numOfPuts];
for (int index = 0; index < numOfPuts; ++index) {
indices[index] = index;
}
Random rnd = new Random();
Properties[] authProps = new Properties[numOfUsers];
for (int i = 0; i < numOfUsers; i++) {
int rand = rnd.nextInt(100) + 1;
if (postAuthzAllowed[i]) {
// For callback, GET should be allowed
opCredentials = tgen.getAllowedCredentials(new OperationCode[] { OperationCode.EXECUTE_CQ, OperationCode.GET }, new String[] { REGION_NAME }, indices, rand);
} else {
// For callback, GET should be disallowed
opCredentials = tgen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { REGION_NAME }, indices, rand);
}
authProps[i] = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
}
// Get ports for the servers
int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(3);
int port1 = randomAvailableTCPPorts[0];
int port2 = randomAvailableTCPPorts[1];
int locatorPort = randomAvailableTCPPorts[2];
// Close down any running servers
server1.invoke(() -> closeCache());
server2.invoke(() -> closeCache());
server1.invoke(() -> createTheServerCache(serverProps, javaProps, locatorPort, port1));
client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, postAuthzAllowed));
client2.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, postAuthzAllowed));
client1.invoke(() -> createCQ(numOfUsers));
client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers], postAuthzAllowed));
client2.invoke(() -> doPuts(numOfPuts, true));
if (!postAuthzAllowed[0]) {
// There is no point waiting as no user is authorized to receive cq events.
try {
Thread.sleep(1000);
} catch (InterruptedException ie) {
}
// TODO: replace with Awaitility
} else {
client1.invoke(() -> waitForLastKey(0));
if (postAuthzAllowed[1]) {
client1.invoke(() -> waitForLastKey(1));
}
}
client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfPuts + 1, /* last key */
0, !failover));
if (failover) {
server2.invoke(() -> createTheServerCache(serverProps, javaProps, locatorPort, port2));
server1.invoke(() -> closeCache());
// Allow time for client1 to register its CQs on server2
server2.invoke(() -> allowCQsToRegister(2));
client2.invoke(() -> doPuts(numOfPuts, true));
client1.invoke(() -> waitForLastKeyUpdate(0));
client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfPuts + 1, /* last key */
numOfPuts + 1, /* last key */
true));
}
}
Also used :
Random(java.util.Random)
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator)
Properties(java.util.Properties)
Example 38 with CredentialGenerator
use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.
the class MultiUserDurableCQAuthzDUnitTest method doTest.
/**
* WARNING: "final Boolean keepAlive" is treated as a ternary value: null, true, false
*/
private void doTest(int numOfUsers, int numOfPuts, boolean[] postAuthzAllowed, final AuthzCredentialGenerator authzGenerator, final Boolean keepAlive) throws Exception {
CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
Properties extraAuthProps = credentialGenerator.getSystemProperties();
Properties javaProps = credentialGenerator.getJavaProperties();
Properties extraAuthzProps = authzGenerator.getSystemProperties();
String authenticator = credentialGenerator.getAuthenticator();
String accessor = authzGenerator.getAuthorizationCallback();
String authInit = credentialGenerator.getAuthInit();
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
Properties opCredentials;
credentialGenerator = tgen.getCredentialGenerator();
final Properties javaProps2 = credentialGenerator != null ? credentialGenerator.getJavaProperties() : null;
int[] indices = new int[numOfPuts];
for (int index = 0; index < numOfPuts; ++index) {
indices[index] = index;
}
Random random = new Random();
Properties[] authProps = new Properties[numOfUsers];
String durableClientId = "multiuser_durable_client_1";
Properties client2Credentials = null;
for (int i = 0; i < numOfUsers; i++) {
int rand = random.nextInt(100) + 1;
if (postAuthzAllowed[i]) {
opCredentials = tgen.getAllowedCredentials(// For callback, GET
new OperationCode[] { OperationCode.EXECUTE_CQ, OperationCode.GET }, // should be allowed
new String[] { regionName }, indices, rand);
} else {
opCredentials = // For
tgen.getDisallowedCredentials(// For
new OperationCode[] { OperationCode.GET }, // disallowed
new String[] { regionName }, indices, rand);
}
authProps[i] = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
if (client2Credentials == null) {
client2Credentials = tgen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, indices, rand);
}
}
// Get ports for the servers
int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(3);
int port1 = randomAvailableTCPPorts[0];
int port2 = randomAvailableTCPPorts[1];
int locatorPort = randomAvailableTCPPorts[2];
// Close down any running servers
server1.invoke(() -> closeCache());
server2.invoke(() -> closeCache());
server1.invoke(() -> createServerCache(serverProps, javaProps, locatorPort, port1));
client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, durableClientId, postAuthzAllowed));
client1.invoke(() -> createCQ(numOfUsers, true));
client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
client1.invoke(() -> readyForEvents());
if (keepAlive == null) {
client1.invoke(() -> closeCache());
} else {
client1.invoke(() -> closeCache(keepAlive));
}
server1.invoke(() -> doPuts(numOfPuts, true));
client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, durableClientId, postAuthzAllowed));
client1.invoke(() -> createCQ(numOfUsers, true));
client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
client1.invoke(() -> readyForEvents());
if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
// Don't wait as no user is authorized to receive cq events.
// TODO: use Awaitility
Thread.sleep(1000);
} else {
client1.invoke(() -> waitForLastKey(0, true));
}
int numOfCreates = keepAlive == null ? 0 : (keepAlive ? numOfPuts + 1 : /* last key */
0);
client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfCreates, 0));
client1.invoke(() -> proxyCacheClose(new int[] { 0, 1 }, keepAlive));
client1.invoke(() -> createProxyCache(new int[] { 0, 1 }, authProps));
client1.invoke(() -> createCQ(numOfUsers, true));
client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
server1.invoke(() -> doPuts(numOfPuts, true));
if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
// Don't wait as no user is authorized to receive cq events.
// TODO: use Awaitility
Thread.sleep(1000);
} else {
client1.invoke(() -> waitForLastKey(0, false));
}
int numOfUpdates = numOfPuts + 1;
client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, 0, numOfUpdates));
}
Also used :
Random(java.util.Random)
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator)
Properties(java.util.Properties)
Example 39 with CredentialGenerator
use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.
the class ClientPostAuthorizationDUnitTest method testAllOpsNotifications.
// GEODE-1009: random ports, uses Random, time sensitive,
@Category(FlakyTest.class)
// waitForCondition (waitForCriterion)
@Test
public void testAllOpsNotifications() throws Exception {
OperationWithAction[] allOps = allOpsForTestAllOpsNotifications();
AuthzCredentialGenerator authzGenerator = getXmlAuthzGenerator();
getLogWriter().info("Executing opblocks with credential generator " + authzGenerator);
CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
Properties extraAuthProps = credentialGenerator.getSystemProperties();
Properties javaProps = credentialGenerator.getJavaProperties();
Properties extraAuthzProps = authzGenerator.getSystemProperties();
String authenticator = credentialGenerator.getAuthenticator();
String authInit = credentialGenerator.getAuthInit();
String accessor = authzGenerator.getAuthorizationCallback();
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
getLogWriter().info("testAllOpsNotifications: Using authinit: " + authInit);
getLogWriter().info("testAllOpsNotifications: Using authenticator: " + authenticator);
getLogWriter().info("testAllOpsNotifications: Using accessor: " + accessor);
// Start servers with all required properties
Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
// Get ports for the servers
int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
int port1 = randomAvailableTCPPorts[0];
int port2 = randomAvailableTCPPorts[1];
// Perform all the ops on the clients
List opBlock = new ArrayList();
Random rnd = new Random();
for (int opNum = 0; opNum < allOps.length; ++opNum) {
// Start client with valid credentials as specified in OperationWithAction
OperationWithAction currentOp = allOps[opNum];
if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
// End of current operation block; execute all the operations on the servers with failover
if (opBlock.size() > 0) {
// Start the first server and execute the operation block
server1.invoke(() -> createCacheServer(getLocatorPort(), port1, serverProps, javaProps));
server2.invoke(() -> closeCache());
executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
// Failover to the second server and run the block again
server2.invoke(() -> createCacheServer(getLocatorPort(), port2, serverProps, javaProps));
server1.invoke(() -> closeCache());
executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
}
opBlock.clear();
}
} else {
currentOp.setOpNum(opNum);
opBlock.add(currentOp);
}
}
}
Also used :
Random(java.util.Random)
ArrayList(java.util.ArrayList)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
ArrayList(java.util.ArrayList)
List(java.util.List)
AuthzCredentialGenerator(org.apache.geode.security.generator.AuthzCredentialGenerator)
CredentialGenerator(org.apache.geode.security.generator.CredentialGenerator)
Properties(java.util.Properties)
Category(org.junit.experimental.categories.Category)
SecurityTest(org.apache.geode.test.junit.categories.SecurityTest)
Test(org.junit.Test)
DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)
FlakyTest(org.apache.geode.test.junit.categories.FlakyTest)
Aggregations
CredentialGenerator (org.apache.geode.security.generator.CredentialGenerator)39
Properties (java.util.Properties)37
DummyCredentialGenerator (org.apache.geode.security.generator.DummyCredentialGenerator)29
DistributedTest (org.apache.geode.test.junit.categories.DistributedTest)23
Test (org.junit.Test)23
SecurityTest (org.apache.geode.test.junit.categories.SecurityTest)21
AuthzCredentialGenerator (org.apache.geode.security.generator.AuthzCredentialGenerator)20
ConfigurationProperties (org.apache.geode.distributed.ConfigurationProperties)12
FlakyTest (org.apache.geode.test.junit.categories.FlakyTest)11
XmlAuthzCredentialGenerator (org.apache.geode.security.generator.XmlAuthzCredentialGenerator)10
ArrayList (java.util.ArrayList)7
Random (java.util.Random)7
OperationCode (org.apache.geode.cache.operations.OperationContext.OperationCode)7
LdapUserCredentialGenerator (org.apache.geode.security.generator.LdapUserCredentialGenerator)7
Category (org.junit.experimental.categories.Category)6
List (java.util.List)5
SecurityTestUtils (org.apache.geode.security.SecurityTestUtils)4
VM (org.apache.geode.test.dunit.VM)4
Host (org.apache.geode.test.dunit.Host)2
Iterator (java.util.Iterator)1
