void runThinClientWriterExceptionTest()
{
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
for (int i = 1; i <= 2; ++i)
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
//TODO: its not working for multiuser mode.. need to fix later
if (cGen.GetClassCode() == CredentialGenerator.ClassCode.PKCS)
{
continue;
}
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("ThinClientWriterException: Using authinit: " + authInit);
Util.Log("ThinClientWriterException: Using authenticator: " + authenticator);
Util.Log("ThinClientWriterException: Using accessor: " + accessor);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Start the server.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
// Start client1 with valid CREATE credentials
Properties <string, string> createCredentials = authzGen.GetDisallowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPuts: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientR0, RegionName,
CacheHelper.Locators, authInit, createCredentials);
Util.Log("Creating region in client1 , no-ack, no-cache, with listener and writer");
m_client1.Call(CreateRegion, CacheHelper.Locators,
true, true, true);
m_client1.Call(RegisterAllKeys, new string[] { RegionName });
try
{
Util.Log("Trying put Operation");
m_client1.Call(DoPut);
Util.Log(" Put Operation Successful");
Assert.Fail("Should have got NotAuthorizedException during put");
}
catch (NotAuthorizedException)
{
Util.Log("NotAuthorizedException Caught");
Util.Log("Success");
}
catch (Exception other)
{
Util.Log("Stack trace: {0} ", other.StackTrace);
Util.Log("Got exception : {0}",
other.Message);
}
m_client1.Call(CheckAssert);
// Do LocalPut
m_client1.Call(DoLocalPut);
m_client1.Call(Close);
CacheHelper.StopJavaServer(1);
}
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runInvalidAccessor()
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Util.Log("NIl:792:Current credential is = {0}", cGen);
//if (cGen.GetClassCode() == CredentialGenerator.ClassCode.LDAP)
// continue;
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("InvalidAccessor: Using authinit: " + authInit);
Util.Log("InvalidAccessor: Using authenticator: " + authenticator);
// Start server1 with invalid accessor
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
"com.gemstone.none", null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
// Client creation should throw exceptions
Properties <string, string> createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 3);
javaProps = cGen.JavaProperties;
Util.Log("InvalidAccessor: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Now perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true, ExpectedResult.OtherException);
Properties <string, string> getCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 7);
javaProps = cGen.JavaProperties;
Util.Log("InvalidAccessor: For second client GET credentials: " +
getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Now perform some put operations from client1
m_client2.Call(DoGetsMU, 10, getCredentials, true, ExpectedResult.OtherException);
// Now start server2 that has valid accessor
Util.Log("InvalidAccessor: Using accessor: " + accessor);
serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
CacheHelper.StopJavaServer(1);
// Client creation should be successful now
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Now perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true);
// Verify that the gets succeed
m_client2.Call(DoGetsMU, 10, getCredentials, true);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(2);
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runDisallowPutsGets()
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("DisallowPutsGets: Using authinit: " + authInit);
Util.Log("DisallowPutsGets: Using authenticator: " + authenticator);
Util.Log("DisallowPutsGets: Using accessor: " + accessor);
// Check that we indeed can obtain valid credentials not allowed to do
// gets
Properties <string, string> createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
Properties <string, string> createJavaProps = cGen.JavaProperties;
Properties <string, string> getCredentials = authzGen.GetDisallowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 2);
Properties <string, string> getJavaProps = cGen.JavaProperties;
if (getCredentials == null || getCredentials.Size == 0)
{
Util.Log("DisallowPutsGets: Unable to obtain valid credentials " +
"with no GET permission; skipping this combination.");
continue;
}
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Start the two servers.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
// Start client1 with valid CREATE credentials
createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPutsGets: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Start client2 with invalid GET credentials
getCredentials = authzGen.GetDisallowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 2);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPutsGets: For second client invalid GET " +
"credentials: " + getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true);
// Verify that the gets throw exception
m_client2.Call(DoGetsMU, 10, getCredentials, true, ExpectedResult.NotAuthorizedException);
// Try to connect client2 with reader credentials
getCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 5);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPutsGets: For second client valid GET " +
"credentials: " + getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Verify that the gets succeed
m_client2.Call(DoGetsMU, 10, getCredentials, true);
// Verify that the puts throw exception
m_client2.Call(DoPutsMU, 10, getCredentials, true, ExpectedResult.NotAuthorizedException);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaServer(2);
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runAllowPutsGets()
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("testAllowPutsGets: Using authinit: " + authInit);
Util.Log("testAllowPutsGets: Using authenticator: " + authenticator);
Util.Log("testAllowPutsGets: Using accessor: " + accessor);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Start the two servers.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
// Start client1 with valid CREATE credentials
Properties <string, string> createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
javaProps = cGen.JavaProperties;
Util.Log("AllowPutsGets: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Start client2 with valid GET credentials
Properties <string, string> getCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 2);
javaProps = cGen.JavaProperties;
Util.Log("AllowPutsGets: For second client GET credentials: " +
getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true);
// Verify that the gets succeed
m_client2.Call(DoGetsMU, 10, getCredentials, true);
m_client1.Call(DoPutsTx, 10, true, ExpectedResult.Success, getCredentials, true);
m_client2.Call(DoGets, 10, true, ExpectedResult.Success, getCredentials, true);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaServer(2);
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
protected void RunOpsWithFailover(OperationWithAction[] opCodes,
string testName, bool isMultiUser, bool ssl, bool withPassword)
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC", null, ssl);
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(isMultiUser))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGen);
Util.Log(testName + ": Using authinit: " + authInit);
Util.Log(testName + ": Using authenticator: " + authenticator);
Util.Log(testName + ": Using accessor: " + accessor);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Perform all the ops on the clients
List <OperationWithAction> opBlock = new List <OperationWithAction>();
Random rnd = new Random();
for (int opNum = 0; opNum < opCodes.Length; ++opNum)
{
// Start client with valid credentials as specified in
// OperationWithAction
OperationWithAction currentOp = opCodes[opNum];
if (currentOp == OperationWithAction.OpBlockEnd ||
currentOp == OperationWithAction.OpBlockNoFailover)
{
// End of current operation block; execute all the operations
// on the servers with/without failover
if (opBlock.Count > 0)
{
// Start the first server and execute the operation block
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs, ssl);
Util.Log("Cacheserver 1 started.");
CacheHelper.StopJavaServer(2, false);
ExecuteOpBlock(opBlock, authInit, extraAuthProps,
extraAuthzProps, tgen, rnd, isMultiUser, ssl, withPassword);
if (currentOp == OperationWithAction.OpBlockNoFailover)
{
CacheHelper.StopJavaServer(1);
}
else
{
// Failover to the second server and run the block again
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs, ssl);
Util.Log("Cacheserver 2 started.");
CacheHelper.StopJavaServer(1);
ExecuteOpBlock(opBlock, authInit, extraAuthProps,
extraAuthzProps, tgen, rnd, isMultiUser, ssl, withPassword);
}
opBlock.Clear();
}
}
else
{
currentOp.OpNum = opNum;
opBlock.Add(currentOp);
}
}
// Close all clients here since we run multiple iterations for pool and non pool configs
foreach (ClientBase client in m_clients)
{
client.Call(Close);
}
}
CacheHelper.StopJavaLocator(1, true, ssl);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
protected void ExecuteOpBlock(List <OperationWithAction> opBlock,
string authInit, Properties <string, string> extraAuthProps, Properties <string, string> extraAuthzProps,
TestCredentialGenerator gen, Random rnd, bool isMultiuser, bool ssl, bool withPassword)
{
foreach (OperationWithAction currentOp in opBlock)
{
// Start client with valid credentials as specified in
// OperationWithAction
OperationCode opCode = currentOp.OpCode;
OpFlags opFlags = currentOp.Flags;
int clientNum = currentOp.ClientNum;
if (clientNum > m_clients.Length)
{
Assert.Fail("ExecuteOpBlock: Unknown client number " + clientNum);
}
ClientBase client = m_clients[clientNum - 1];
Util.Log("ExecuteOpBlock: performing operation number [" +
currentOp.OpNum + "]: " + currentOp);
Properties <string, string> clientProps = null;
if (!CheckFlags(opFlags, OpFlags.UseOldConn))
{
Properties <string, string> opCredentials;
int newRnd = rnd.Next(100) + 1;
string currentRegionName = '/' + RegionName;
if (CheckFlags(opFlags, OpFlags.UseSubRegion))
{
currentRegionName += ('/' + SubregionName);
}
string credentialsTypeStr;
OperationCode authOpCode = currentOp.AuthzOperationCode;
int[] indices = currentOp.Indices;
CredentialGenerator cGen = gen.GetCredentialGenerator();
Properties <string, string> javaProps = null;
if (CheckFlags(opFlags, OpFlags.CheckNotAuthz) ||
CheckFlags(opFlags, OpFlags.UseNotAuthz))
{
opCredentials = gen.GetDisallowedCredentials(
new OperationCode[] { authOpCode },
new string[] { currentRegionName }, indices, newRnd);
credentialsTypeStr = " unauthorized " + authOpCode;
}
else
{
opCredentials = gen.GetAllowedCredentials(new OperationCode[] {
opCode, authOpCode
}, new string[] { currentRegionName },
indices, newRnd);
credentialsTypeStr = " authorized " + authOpCode;
}
if (cGen != null)
{
javaProps = cGen.JavaProperties;
}
clientProps = SecurityTestUtil.ConcatProperties(
opCredentials, extraAuthProps, extraAuthzProps);
// Start the client with valid credentials but allowed or disallowed to
// perform an operation
Util.Log("ExecuteOpBlock: For client" + clientNum +
credentialsTypeStr + " credentials: " + opCredentials);
if (!isMultiuser)
{
client.Call(SecurityTestUtil.CreateClientSSL, RegionName,
CacheHelper.Locators, authInit, clientProps, ssl, withPassword);
}
else
{
client.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
}
}
ExpectedResult expectedResult;
if (CheckFlags(opFlags, OpFlags.CheckNotAuthz))
{
expectedResult = ExpectedResult.NotAuthorizedException;
}
else if (CheckFlags(opFlags, OpFlags.CheckException))
{
expectedResult = ExpectedResult.OtherException;
}
else
{
expectedResult = ExpectedResult.Success;
}
// Perform the operation from selected client
if (!isMultiuser)
{
client.Call(DoOp, opCode, currentOp.Indices, opFlags, expectedResult);
}
else
{
client.Call(DoOp, opCode, currentOp.Indices, opFlags, expectedResult, clientProps, true);
}
}
}
