Example 36 with Credentials
use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class SmartProxyImpl method init.
private void init(String url, Credentials credentials, CredData credData) throws SchedulerException, LoginException {
if (this.connectionInfo == null) {
this.connectionInfo = new ConnectionInfo(url, null, null, null, false);
}
this.connectionInfo.setUrl(url);
this.credentials = credentials;
this.credData = credData;
SchedulerAuthenticationInterface auth = SchedulerConnection.join(url);
PublicKey pubKey = auth.getPublicKey();
if (this.credentials != null) {
this.credentials = credentials;
this.credData = null;
} else if (this.credData != null) {
this.credData = credData;
try {
this.credentials = Credentials.createCredentials(credData, pubKey);
} catch (KeyException e) {
throw new InternalSchedulerException(e);
}
} else {
throw new IllegalStateException("No valid credential available to connect to the scheduler");
}
this.schedulerProxy = auth.login(this.credentials);
jobTracker.loadJobs();
setInitialized(true);
registerAsListener();
syncAwaitedJobs();
}
Also used :
InternalSchedulerException(org.ow2.proactive.scheduler.common.exception.InternalSchedulerException)
PublicKey(java.security.PublicKey)
SchedulerAuthenticationInterface(org.ow2.proactive.scheduler.common.SchedulerAuthenticationInterface)
ConnectionInfo(org.ow2.proactive.authentication.ConnectionInfo)
KeyException(java.security.KeyException)
Example 37 with Credentials
use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class TestRMProxyRebind method createRMs.
@Before
public void createRMs() throws Exception {
schedulerProxyCredentials = Credentials.getCredentials(PASchedulerProperties.getAbsolutePath(PASchedulerProperties.RESOURCE_MANAGER_CREDS.getValueAsString()));
helper1 = new TestRM();
helper2 = new TestRM();
pnpPort1 = CentralPAPropertyRepository.PA_RMI_PORT.getValue() + 1;
jmxPort1 = PAResourceManagerProperties.RM_JMX_PORT.getValueAsInt() + 1;
pnpPort2 = CentralPAPropertyRepository.PA_RMI_PORT.getValue() + 2;
jmxPort2 = PAResourceManagerProperties.RM_JMX_PORT.getValueAsInt() + 2;
helper1.start(config1.getAbsolutePath(), pnpPort1, RMTHelper.testClasspath(), PAResourceManagerProperties.RM_JMX_PORT.getCmdLine() + jmxPort1);
Credentials connectedUserCreds = Credentials.createCredentials(new CredData(CredData.parseLogin(TestUsers.DEMO.username), CredData.parseDomain(TestUsers.DEMO.username), TestUsers.DEMO.password), helper1.getAuth().getPublicKey());
Map.Entry<RMMonitorsHandler, RMMonitorEventReceiver> entry1 = connectToRM(helper1.getUrl(), connectedUserCreds);
monitorsHandler1 = entry1.getKey();
rm1 = entry1.getValue();
testNodes.addAll(RMTHelper.addNodesToDefaultNodeSource(NODES_NUMBER, new ArrayList<String>(), rm1, monitorsHandler1));
helper2.start(config2.getAbsolutePath(), pnpPort2, RMTHelper.testClasspath(), PAResourceManagerProperties.RM_JMX_PORT.getCmdLine() + jmxPort2);
Map.Entry<RMMonitorsHandler, RMMonitorEventReceiver> entry2 = connectToRM(helper2.getUrl(), connectedUserCreds);
monitorsHandler2 = entry2.getKey();
rm2 = entry2.getValue();
testNodes.addAll(RMTHelper.addNodesToDefaultNodeSource(NODES_NUMBER, new ArrayList<String>(), rm2, monitorsHandler2));
checkFreeNodes(rm1, NODES_NUMBER);
checkFreeNodes(rm2, NODES_NUMBER);
}
Also used :
CredData(org.ow2.proactive.authentication.crypto.CredData)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
AbstractMap(java.util.AbstractMap)
Credentials(org.ow2.proactive.authentication.crypto.Credentials)
RMMonitorEventReceiver(functionaltests.monitor.RMMonitorEventReceiver)
RMMonitorsHandler(functionaltests.monitor.RMMonitorsHandler)
Before(org.junit.Before)
Example 38 with Credentials
use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class AbstractSmartProxy method syncAwaitedJob.
/**
* This method will synchronize this proxy with a remote Scheduler for the
* given job
*
* @param id job ID
*/
private void syncAwaitedJob(String id) {
AwaitedJob awaitedJob = jobTracker.getAwaitedJob(id);
try {
JobState js = getJobState(id);
for (TaskState ts : js.getTasks()) {
String tname = ts.getName();
AwaitedTask at = awaitedJob.getAwaitedTask(tname);
if ((at != null) && (!at.isTransferring())) {
TaskResult tres = null;
try {
tres = getTaskResult(id, tname);
if (tres != null) {
log.debug("Synchonizing task " + tname + " of job " + id);
taskStateUpdatedEvent(new NotificationData<>(SchedulerEvent.TASK_RUNNING_TO_FINISHED, ts.getTaskInfo()));
}
} catch (NotConnectedException e) {
e.printStackTrace();
} catch (UnknownJobException e) {
log.error("Could not retrieve output data for job " + id + " because this job is not known by the Scheduler. \n ", e);
} catch (UnknownTaskException e) {
log.error("Could not retrieve output data for task " + tname + " of job " + id + " because this task is not known by the Scheduler. \n ", e);
} catch (Exception e) {
log.error("Unexpected error while getting the output data for task " + tname + " of job " + id, e);
}
}
}
if (js.isFinished()) {
jobStateUpdatedEvent(new NotificationData<>(SchedulerEvent.JOB_RUNNING_TO_FINISHED, js.getJobInfo()));
}
} catch (NotConnectedException e) {
log.error("A connection error occured while trying to download output data of Job " + id + ". This job will remain in the list of awaited jobs. Another attempt to dowload the output data will be made next time the application is initialized. ", e);
} catch (UnknownJobException e) {
log.error("Could not retrieve output data for job " + id + " because this job is not known by the Scheduler. \n ", e);
log.warn("Job " + id + " will be removed from the known job list. The system will not attempt again to retrieve data for this job. You could try to manually copy the data from the location " + awaitedJob.getPullURL());
jobTracker.removeAwaitedJob(id);
} catch (PermissionException e) {
log.error("Could not retrieve output data for job " + id + " because you don't have permmission to access this job. You need to use the same connection credentials you used for submitting the job. \n Another attempt to dowload the output data for this job will be made next time the application is initialized. ", e);
}
}
Also used :
PermissionException(org.ow2.proactive.scheduler.common.exception.PermissionException)
UnknownTaskException(org.ow2.proactive.scheduler.common.exception.UnknownTaskException)
NotConnectedException(org.ow2.proactive.scheduler.common.exception.NotConnectedException)
UnknownJobException(org.ow2.proactive.scheduler.common.exception.UnknownJobException)
JobState(org.ow2.proactive.scheduler.common.job.JobState)
TaskResult(org.ow2.proactive.scheduler.common.task.TaskResult)
TaskState(org.ow2.proactive.scheduler.common.task.TaskState)
LoginException(javax.security.auth.login.LoginException)
KeyException(java.security.KeyException)
UnknownJobException(org.ow2.proactive.scheduler.common.exception.UnknownJobException)
JobAlreadyFinishedException(org.ow2.proactive.scheduler.common.exception.JobAlreadyFinishedException)
SubmissionClosedException(org.ow2.proactive.scheduler.common.exception.SubmissionClosedException)
JobCreationException(org.ow2.proactive.scheduler.common.exception.JobCreationException)
PermissionException(org.ow2.proactive.scheduler.common.exception.PermissionException)
NotConnectedException(org.ow2.proactive.scheduler.common.exception.NotConnectedException)
UnknownTaskException(org.ow2.proactive.scheduler.common.exception.UnknownTaskException)
SchedulerException(org.ow2.proactive.scheduler.common.exception.SchedulerException)
Example 39 with Credentials
use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class SchedulerJMXTest method action.
@Test
public void action() throws Exception {
final String userLogin = TestUsers.DEMO.username;
final String userPassword = TestUsers.DEMO.password;
final String adminLogin = TestUsers.TEST.username;
final String adminPassword = TestUsers.TEST.password;
final SchedulerAuthenticationInterface auth = schedulerHelper.getSchedulerAuth();
final PublicKey pubKey = auth.getPublicKey();
// final Credentials userCreds =
// Credentials.createCredentials(userLogin, userPassword, pubKey);
final Credentials adminCreds = Credentials.createCredentials(new CredData(adminLogin, adminPassword), pubKey);
final JMXServiceURL jmxRmiServiceURL = new JMXServiceURL(auth.getJMXConnectorURL(JMXTransportProtocol.RMI));
final JMXServiceURL jmxRoServiceURL = new JMXServiceURL(auth.getJMXConnectorURL(JMXTransportProtocol.RO));
final ObjectName allAccountsMBeanName = new ObjectName(SchedulerJMXHelper.ALLACCOUNTS_MBEAN_NAME);
final ObjectName myAccountMBeanName = new ObjectName(SchedulerJMXHelper.MYACCOUNT_MBEAN_NAME);
final ObjectName runtimeDataMBeanName = new ObjectName(SchedulerJMXHelper.RUNTIMEDATA_MBEAN_NAME);
final ObjectName managementMBeanName = new ObjectName(SchedulerJMXHelper.MANAGEMENT_MBEAN_NAME);
final String suffix = "/" + PASchedulerProperties.SCHEDULER_JMX_CONNECTOR_NAME.getValueAsString();
{
RMTHelper.log("Test jmxRmiServiceURL is well formed");
assertTrue("The jmxRmiServiceURL protocol must be rmi", jmxRmiServiceURL.getProtocol().equals("rmi"));
assertTrue("The jmxRmiServiceURL URLPath must end with " + suffix, jmxRmiServiceURL.getURLPath().endsWith(suffix));
}
{
RMTHelper.log("Test jmxRoServiceURL is well formed");
assertTrue("The jmxRoServiceURL protocol must be ro", jmxRoServiceURL.getProtocol().equals("ro"));
assertTrue("The jmxRoServiceURL URLPath must end with " + suffix, jmxRoServiceURL.getURLPath().endsWith(suffix));
}
{
log("Test jmxRmiServiceURL and jmxRoServiceURL are not equal");
Assert.assertFalse("The jmxRmiServiceURL and jmxRoServiceURL must not be equal", jmxRmiServiceURL.equals(jmxRoServiceURL));
}
{
log("Test invalid JMX auth without creds (expect SecurityException)");
try {
JMXConnectorFactory.connect(jmxRmiServiceURL, new HashMap<String, Object>(0));
} catch (Exception e) {
assertTrue("JMX auth must throw SecurityException if a client tries to connect without creds in the " + "env", e instanceof SecurityException);
}
}
{
log("Test invalid JMX auth with null login/password creds (expect SecurityException)");
// Create the environment
final HashMap<String, Object> env = new HashMap<String, Object>(1);
env.put(JMXConnector.CREDENTIALS, new Object[] { null, null });
try {
JMXConnectorFactory.connect(jmxRmiServiceURL, env);
} catch (Exception e) {
assertTrue("JMX auth must throw SecurityException if a client tries to connect with null credentials" + " the env", e instanceof SecurityException);
}
}
{
log("Test invalid JMX auth with bad login/password creds");
// Create the environment
final HashMap<String, Object> env = new HashMap<>(1);
env.put(JMXConnector.CREDENTIALS, new Object[] { "abra", "cadabra" });
try {
JMXConnectorFactory.connect(jmxRmiServiceURL, env);
} catch (Exception e) {
assertTrue("JMX auth must throw SecurityException if a client tries to connect with bad " + "login/password credentials the env", e instanceof SecurityException);
}
}
// Tests as user over RMI
{
log("Test as user 1 - Auth with login/pass over RMI and check connection");
// Create the environment
final HashMap<String, Object> env = new HashMap<>(1);
env.put(JMXConnector.CREDENTIALS, new Object[] { userLogin, userPassword });
// Connect to the JMX RMI Connector Server
final JMXConnector jmxConnector = JMXConnectorFactory.connect(jmxRmiServiceURL, env);
final MBeanServerConnection conn = jmxConnector.getMBeanServerConnection();
// Check that the MBean Server connection is not null
assertNotNull("Unable to obtain the MBean server connection over RMI", conn);
log("Test as user 2 - Check all mbeans are registered in the server");
assertTrue("AllAccountsMBean is not registered", conn.isRegistered(allAccountsMBeanName));
assertTrue("MyAccountMBean is not registered", conn.isRegistered(myAccountMBeanName));
assertTrue("RuntimeDataMBean is not registered", conn.isRegistered(runtimeDataMBeanName));
assertTrue("ManagementMBean is not registered", conn.isRegistered(managementMBeanName));
log("Test as user 3 - Check MyAccountMBean attributes do not throw exceptions");
final MBeanInfo info = conn.getMBeanInfo(myAccountMBeanName);
for (final MBeanAttributeInfo att : info.getAttributes()) {
final String attName = att.getName();
try {
conn.getAttribute(myAccountMBeanName, attName);
} catch (Exception e) {
fail("The attribute " + attName + " of MyAccountMBean must not throw " + e);
}
}
log("Test as user 4 - Check RuntimeDataMBeanName attributes are correct");
final String[] attributesToCheck = new String[] { "Status", "TotalJobsCount", "FinishedJobsCount", "TotalTasksCount", "FinishedTasksCount" };
// Get all attributes to test BEFORE JOB SUBMISSION
AttributeList list = conn.getAttributes(runtimeDataMBeanName, attributesToCheck);
// Status
Attribute att = (Attribute) list.get(0);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", "Started", att.getValue());
// TotalJobsCount
att = (Attribute) list.get(1);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", 0, att.getValue());
// FinishedJobsCount
att = (Attribute) list.get(2);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", 0, att.getValue());
// NumberOfTasksCount
att = (Attribute) list.get(3);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", 0, att.getValue());
// FinishedTasksCount
att = (Attribute) list.get(4);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", 0, att.getValue());
// Create a job then submit it to the scheduler
final int taskPerJob = 2;
final TaskFlowJob job = new TaskFlowJob();
for (int i = 0; i < taskPerJob; i++) {
JavaTask task = new JavaTask();
task.setName("" + i);
task.setExecutableClassName(WaitAndPrint.class.getName());
task.addArgument("sleepTime", "1");
job.addTask(task);
}
// log as admin since its creds are already available
final JobId id = schedulerHelper.submitJob(job);
schedulerHelper.waitForEventJobFinished(id);
// Get all attributes to test AFTER JOB EXECUTION
list = conn.getAttributes(runtimeDataMBeanName, attributesToCheck);
// Check SchedulerStatus
att = (Attribute) list.get(0);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", "Started", att.getValue());
// Check TotalNumberOfJobs
att = (Attribute) list.get(1);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", 1, att.getValue());
// Check NumberOfFinishedJobs
att = (Attribute) list.get(2);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", 1, att.getValue());
// Check TotalNumberOfTasks
att = (Attribute) list.get(3);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", taskPerJob, att.getValue());
// Check NumberOfFinishedTasks
att = (Attribute) list.get(4);
Assert.assertEquals("Incorrect value of " + att.getName() + " attribute", taskPerJob, att.getValue());
jmxConnector.close();
}
// Test as admin over RO
{
log("Test as admin 1, auth with login/creds over RO and check connection");
// Create the environment
final HashMap<String, Object> env = new HashMap<>(1);
env.put(JMXConnector.CREDENTIALS, new Object[] { adminLogin, adminCreds });
env.put(JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES, JMXProviderUtils.RO_PROVIDER_PKGS);
// Connect to the JMX RO Connector Server
final JMXConnector jmxConnector = JMXConnectorFactory.connect(jmxRoServiceURL, env);
final MBeanServerConnection conn = jmxConnector.getMBeanServerConnection();
// Check that the MBean Server connection is not null
assertNotNull("Unable to obtain the MBean server connection over RO", conn);
log("Test as admin 2 - Check ManagementMBean is registered in the MBean server");
assertTrue("ManagementMBean is not registered", conn.isRegistered(managementMBeanName));
RMTHelper.log("Test as admin 3 - Check ManagementMBean attributes do not throw exception");
final MBeanInfo mInfo = conn.getMBeanInfo(managementMBeanName);
for (final MBeanAttributeInfo att : mInfo.getAttributes()) {
final String attName = att.getName();
try {
conn.getAttribute(managementMBeanName, attName);
} catch (Exception e) {
fail("The attribute " + attName + " of ManagementMBean must not throw " + e);
}
}
RMTHelper.log("Test as admin 4 - Check AllAccountsMBean Username attribute");
final String username = "Username";
try {
conn.setAttribute(allAccountsMBeanName, new Attribute(username, adminLogin));
} catch (Exception e) {
fail("Setting Username attribute of the AllAccountsMBean must not throw " + e);
}
String res = "";
try {
res = (String) conn.getAttribute(allAccountsMBeanName, username);
} catch (Exception e) {
fail("The attribute " + username + " of AllAccountsMBean must not throw " + e);
}
assertTrue("The attribute " + username + " of returns incorrect value", res.equals(adminLogin));
jmxConnector.close();
}
// Test simultaneous RMI and RO connections
{
log("Test simultaneous JMX-RMI and JMX-RO connections as admin");
final HashMap<String, Object> env = new HashMap<>(1);
env.put(JMXConnector.CREDENTIALS, new Object[] { adminLogin, adminCreds });
// Connect to the JMX-RMI Connector Server
final JMXConnector jmxRmiConnector = JMXConnectorFactory.connect(jmxRmiServiceURL, env);
final MBeanServerConnection conRmi = jmxRmiConnector.getMBeanServerConnection();
// Connect to the JMX-RO Connector Server
env.put(JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES, JMXProviderUtils.RO_PROVIDER_PKGS);
final JMXConnector jmxRoConnector1 = JMXConnectorFactory.connect(jmxRoServiceURL, env);
final MBeanServerConnection conRo = jmxRoConnector1.getMBeanServerConnection();
Assert.assertFalse("In case of simultaneous RMI and RO JMX connections they must not be equal", conRmi.equals(conRo));
Assert.assertFalse("In case of simultaneous RMI and RO JMX connections the connectors must not provide the same connection ids", jmxRmiConnector.getConnectionId().equals(jmxRoConnector1.getConnectionId()));
log("Test JMX-RO connection unicity (two connections over RO must not have the same id)");
final JMXConnector jmxRoConnector2 = JMXConnectorFactory.connect(jmxRoServiceURL, env);
Assert.assertFalse("In case of multiple RO JMX connections the connectors must not provide the same connection ids", jmxRoConnector1.getConnectionId().equals(jmxRoConnector2.getConnectionId()));
// Close all connectors
jmxRoConnector2.close();
jmxRoConnector1.close();
jmxRmiConnector.close();
}
// Test Helper class
{
log("Test JMXClientHelper as admin over RMI with connect() method");
final JMXClientHelper client = new JMXClientHelper(auth, new Object[] { adminLogin, adminCreds });
// default is over
final boolean isConnected1 = client.connect();
// RMI
assertTrue("Unable to connect, exception is " + client.getLastException(), isConnected1);
assertTrue("Incorrect default behavior of connect() method it must use RMI protocol", client.getConnector().getConnectionId().startsWith("rmi"));
client.disconnect();
Assert.assertFalse("The helper disconnect() must set the helper as disconnected", client.isConnected());
final boolean isConnected2 = client.connect(JMXTransportProtocol.RO);
assertTrue("Unable to connect, exception is " + client.getLastException(), isConnected2);
assertTrue("The helper connect(JMXTransportProtocol.RO) method must use RO protocol", client.getConnector().getConnectionId().startsWith("ro"));
client.disconnect();
Assert.assertFalse("The helper disconnect() must set the helper as disconnected", client.isConnected());
}
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
HashMap(java.util.HashMap)
PublicKey(java.security.PublicKey)
TaskFlowJob(org.ow2.proactive.scheduler.common.job.TaskFlowJob)
CredData(org.ow2.proactive.authentication.crypto.CredData)
SchedulerAuthenticationInterface(org.ow2.proactive.scheduler.common.SchedulerAuthenticationInterface)
JavaTask(org.ow2.proactive.scheduler.common.task.JavaTask)
JMXConnector(javax.management.remote.JMXConnector)
JMXClientHelper(org.ow2.proactive.jmx.JMXClientHelper)
Credentials(org.ow2.proactive.authentication.crypto.Credentials)
JobId(org.ow2.proactive.scheduler.common.job.JobId)
Test(org.junit.Test)
Example 40 with Credentials
use of org.ow2.proactive.authentication.crypto.Credentials in project scheduling by ow2-proactive.
the class AuthenticationTest method loginIncorrectAdminPassword.
private void loginIncorrectAdminPassword(RMAuthentication auth) throws KeyException {
// negative
log("Test 3");
log("Trying to authorized with incorrect user name and password");
try {
Credentials cred = Credentials.createCredentials(new CredData(TestUsers.DEMO.username, "b"), auth.getPublicKey());
auth.login(cred);
fail("Error: successful authentication");
} catch (LoginException e) {
log("Passed: expected error " + e.getMessage());
}
}
Also used :
CredData(org.ow2.proactive.authentication.crypto.CredData)
LoginException(javax.security.auth.login.LoginException)
Credentials(org.ow2.proactive.authentication.crypto.Credentials)
Aggregations
Credentials (org.ow2.proactive.authentication.crypto.Credentials)50
CredData (org.ow2.proactive.authentication.crypto.CredData)42
KeyException (java.security.KeyException)17
ResourceManager (org.ow2.proactive.resourcemanager.frontend.ResourceManager)17
PublicKey (java.security.PublicKey)15
LoginException (javax.security.auth.login.LoginException)15
Test (org.junit.Test)14
SchedulerAuthenticationInterface (org.ow2.proactive.scheduler.common.SchedulerAuthenticationInterface)13
RMAuthentication (org.ow2.proactive.resourcemanager.authentication.RMAuthentication)12
IOException (java.io.IOException)11
HashMap (java.util.HashMap)11
File (java.io.File)9
RMFunctionalTest (functionaltests.utils.RMFunctionalTest)6
JMXServiceURL (javax.management.remote.JMXServiceURL)6
JMXConnector (javax.management.remote.JMXConnector)5
Node (org.objectweb.proactive.core.node.Node)5
Scheduler (org.ow2.proactive.scheduler.common.Scheduler)5
MBeanServerConnection (javax.management.MBeanServerConnection)4
ObjectName (javax.management.ObjectName)4
POST (javax.ws.rs.POST)4
