protected List <AuthzCredentialGenerator> GetAllGeneratorCombos(bool isMultiUser)
{
List <AuthzCredentialGenerator> generators =
new List <AuthzCredentialGenerator>();
foreach (AuthzCredentialGenerator.ClassCode authzClassCode in
Enum.GetValues(typeof(AuthzCredentialGenerator.ClassCode)))
{
List <CredentialGenerator> cGenerators =
SecurityTestUtil.getAllGenerators(isMultiUser);
foreach (CredentialGenerator cGen in cGenerators)
{
AuthzCredentialGenerator authzGen = AuthzCredentialGenerator
.Create(authzClassCode);
if (authzGen != null)
{
if (authzGen.Init(cGen))
{
generators.Add(authzGen);
}
}
}
}
return(generators);
}
void runNoAuthInitWithCredentials()
{
foreach (CredentialGenerator gen in SecurityTestUtil.getAllGenerators(false))
{
Properties <string, string> extraProps = gen.SystemProperties;
Properties <string, string> javaProps = gen.JavaProperties;
string authenticator = gen.Authenticator;
string authInit = gen.AuthInit;
if (authInit == null || authInit.Length == 0)
{
// If the scheme does not have an authInit in the first place
// (e.g. SSL) then skip it
Util.Log("NoAuthInitWithCredentials: Skipping scheme [" +
gen.GetClassCode() + "] which has no authInit");
continue;
}
Util.Log("NoAuthInitWithCredentials: Using scheme: " +
gen.GetClassCode());
Util.Log("NoAuthInitWithCredentials: Using authenticator: " +
authenticator);
// Start the server
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
authenticator, extraProps, javaProps));
Util.Log("Cacheserver 1 started.");
// Start client1 with valid credentials and client2 with invalid
// credentials; both should fail without an authInit
Properties <string, string> credentials1 = gen.GetValidCredentials(6);
Properties <string, string> javaProps1 = gen.JavaProperties;
Util.Log("NoAuthInitWithCredentials: For first client valid " +
"credentials: " + credentials1 + " : " + javaProps1);
Properties <string, string> credentials2 = gen.GetInvalidCredentials(2);
Properties <string, string> javaProps2 = gen.JavaProperties;
Util.Log("NoAuthInitWithCredentials: For second client invalid " +
"credentials: " + credentials2 + " : " + javaProps2);
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, (string)null, credentials1,
ExpectedResult.AuthRequiredException);
m_client2.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, (string)null, credentials2,
ExpectedResult.AuthRequiredException);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
}
void runCQTest()
{
CacheHelper.SetupJavaServers(true, "remotequeryN.xml");
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
DummyAuthorization3 da = new DummyAuthorization3();
string authenticator = da.Authenticator;
string authInit = da.AuthInit;
string accessorPP = da.AuthenticatorPP;
Util.Log("testAllowPutsGets: Using authinit: " + authInit);
Util.Log("testAllowPutsGets: Using authenticator: " + authenticator);
Util.Log("testAllowPutsGets: Using accessorPP: " + accessorPP);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
null, accessorPP, null, null);
// Start the two servers.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
// Start client1 with valid CREATE credentials, this index will be used to authorzie the user
Properties <string, string> createCredentials = da.GetValidCredentials(4);
Util.Log("runCQTest: ");
m_client1.Call(SecurityTestUtil.CreateClientMU2, RegionName_CQ,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true, true);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName_CQ,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Perform some put operations from client1
m_client1.Call(registerCQ, createCredentials, false);
// Verify that the gets succeed
m_client2.Call(doCQPut, createCredentials);
m_client1.Call(verifyCQEvents, true, CqOperationType.OP_TYPE_CREATE);
m_client1.Call(CloseUserCache, false);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
// CacheHelper.StopJavaServer(2);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runInvalidAuthenticator()
{
foreach (CredentialGenerator gen in SecurityTestUtil.getAllGenerators(false))
{
Properties <string, string> extraProps = gen.SystemProperties;
Properties <string, string> javaProps = gen.JavaProperties;
string authInit = gen.AuthInit;
if (authInit == null || authInit.Length == 0)
{
// Skip a scheme which does not have an authInit in the first place
// (e.g. SSL) since that will fail with AuthReqEx before
// authenticator is even invoked
Util.Log("InvalidAuthenticator: Skipping scheme [" +
gen.GetClassCode() + "] which has no authInit");
continue;
}
Util.Log("InvalidAuthenticator: Using scheme: " + gen.GetClassCode());
Util.Log("InvalidAuthenticator: Using authinit: " + authInit);
// Start the server with invalid authenticator
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
"org.apache.geode.none", extraProps, javaProps));
Util.Log("Cacheserver 1 started.");
// Starting the client with valid credentials should throw
// authentication failed exception
Properties <string, string> credentials1 = gen.GetValidCredentials(1);
Properties <string, string> javaProps1 = gen.JavaProperties;
Util.Log("InvalidAuthenticator: For first client valid credentials: " +
credentials1 + " : " + javaProps1);
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials1,
ExpectedResult.AuthFailedException);
// Also try with invalid credentials
Properties <string, string> credentials2 = gen.GetInvalidCredentials(1);
Properties <string, string> javaProps2 = gen.JavaProperties;
Util.Log("InvalidAuthenticator: For first client invalid " +
"credentials: " + credentials2 + " : " + javaProps2);
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials2,
ExpectedResult.AuthFailedException);
m_client1.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
}
void runValidCredentials()
{
foreach (CredentialGenerator gen in SecurityTestUtil.getAllGenerators(false))
{
Properties <string, string> extraProps = gen.SystemProperties;
Properties <string, string> javaProps = gen.JavaProperties;
string authenticator = gen.Authenticator;
string authInit = gen.AuthInit;
Util.Log("ValidCredentials: Using scheme: " + gen.GetClassCode());
Util.Log("ValidCredentials: Using authenticator: " + authenticator);
Util.Log("ValidCredentials: Using authinit: " + authInit);
// Start the server
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
authenticator, extraProps, javaProps));
Util.Log("Cacheserver 1 started.");
// Start the clients with valid credentials
Properties <string, string> credentials1 = gen.GetValidCredentials(1);
Properties <string, string> javaProps1 = gen.JavaProperties;
Util.Log("ValidCredentials: For first client credentials: " +
credentials1 + " : " + javaProps1);
Properties <string, string> credentials2 = gen.GetValidCredentials(2);
Properties <string, string> javaProps2 = gen.JavaProperties;
Util.Log("ValidCredentials: For second client credentials: " +
credentials2 + " : " + javaProps2);
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials1);
m_client2.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials2);
// Perform some put operations from client1
m_client1.Call(DoPuts, 4);
m_client1.Call(DoTxPuts);
// Verify that the puts succeeded
m_client2.Call(DoGets, 4);
m_client2.Call(DoGetsTx);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
}
void runInvalidCredentials()
{
foreach (CredentialGenerator gen in SecurityTestUtil.getAllGenerators(true))
{
Properties <string, string> extraProps = gen.SystemProperties;
Properties <string, string> javaProps = gen.JavaProperties;
string authenticator = gen.Authenticator;
string authInit = gen.AuthInit;
Util.Log("InvalidCredentials: Using scheme: " + gen.GetClassCode());
Util.Log("InvalidCredentials: Using authenticator: " + authenticator);
Util.Log("InvalidCredentials: Using authinit: " + authInit);
// Start the server
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
authenticator, extraProps, javaProps));
Util.Log("Cacheserver 1 started.");
// Start the clients with valid credentials
Properties <string, string> credentials1 = gen.GetValidCredentials(8);
Properties <string, string> javaProps1 = gen.JavaProperties;
Util.Log("InvalidCredentials: For first client credentials: " +
credentials1 + " : " + javaProps1);
Properties <string, string> credentials2 = gen.GetInvalidCredentials(7);
Properties <string, string> javaProps2 = gen.JavaProperties;
Util.Log("InvalidCredentials: For second client credentials: " +
credentials2 + " : " + javaProps2);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Perform some put operations from client1
m_client1.Call(DoPutsMU, 4, credentials1, true);
// Creating region on client2 should throw authentication
// failure exception
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Perform some put operations from client1
m_client2.Call(DoPutsMU, 4, credentials2, true, ExpectedResult.AuthFailedException);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
}
void runInvalidAuthInit()
{
foreach (CredentialGenerator gen in SecurityTestUtil.getAllGenerators(true))
{
Properties <string, string> extraProps = gen.SystemProperties;
Properties <string, string> javaProps = gen.JavaProperties;
string authenticator = gen.Authenticator;
Util.Log("InvalidAuthInit: Using scheme: " + gen.GetClassCode());
Util.Log("InvalidAuthInit: Using authenticator: " + authenticator);
// Start the server
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
authenticator, extraProps, javaProps));
Util.Log("Cacheserver 1 started.");
// Creating region on client1 with invalid authInit callback should
// throw authentication required exception
Properties <string, string> credentials = gen.GetValidCredentials(5);
javaProps = gen.JavaProperties;
Util.Log("InvalidAuthInit: For first client credentials: " +
credentials + " : " + javaProps);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, "Apache.Geode.Templates.Cache.Security.none",
(Properties <string, string>)null, true);
// Perform some put operations from client1
m_client1.Call(DoPutsMU, 20, credentials, true);
m_client1.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
}
void runValidCredentials()
{
var dataDir = Util.GetEnvironmentVariable("TESTSRC");
Properties <string, string> javaProps = new Properties <string, string>();
javaProps.Insert("gemfire.security-authz-xml-uri", dataDir + "\\..\\..\\templates\\security\\authz-dummy.xml");
string authenticator = "javaobject.DummyAuthenticator.create";
// Start the server
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
authenticator, null, javaProps));
Util.Log("Cacheserver 1 started.");
AssertAuthInitializeCalled(false);
CreateClient(RegionName, CacheHelper.Locators);
// Perform some put operations from client1
DoPuts(4);
AssertAuthInitializeCalled(true);
// Verify that the puts succeeded
DoGets(4);
Close();
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runDisallowPutsGets()
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("DisallowPutsGets: Using authinit: " + authInit);
Util.Log("DisallowPutsGets: Using authenticator: " + authenticator);
Util.Log("DisallowPutsGets: Using accessor: " + accessor);
// Check that we indeed can obtain valid credentials not allowed to do
// gets
Properties <string, string> createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
Properties <string, string> createJavaProps = cGen.JavaProperties;
Properties <string, string> getCredentials = authzGen.GetDisallowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 2);
Properties <string, string> getJavaProps = cGen.JavaProperties;
if (getCredentials == null || getCredentials.Size == 0)
{
Util.Log("DisallowPutsGets: Unable to obtain valid credentials " +
"with no GET permission; skipping this combination.");
continue;
}
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Start the two servers.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
// Start client1 with valid CREATE credentials
createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPutsGets: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Start client2 with invalid GET credentials
getCredentials = authzGen.GetDisallowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 2);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPutsGets: For second client invalid GET " +
"credentials: " + getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true);
// Verify that the gets throw exception
m_client2.Call(DoGetsMU, 10, getCredentials, true, ExpectedResult.NotAuthorizedException);
// Try to connect client2 with reader credentials
getCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 5);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPutsGets: For second client valid GET " +
"credentials: " + getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Verify that the gets succeed
m_client2.Call(DoGetsMU, 10, getCredentials, true);
// Verify that the puts throw exception
m_client2.Call(DoPutsMU, 10, getCredentials, true, ExpectedResult.NotAuthorizedException);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaServer(2);
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runCredentialsWithFailover()
{
foreach (CredentialGenerator gen in SecurityTestUtil.getAllGenerators(false))
{
Properties <string, string> extraProps = gen.SystemProperties;
Properties <string, string> javaProps = gen.JavaProperties;
string authenticator = gen.Authenticator;
string authInit = gen.AuthInit;
Util.Log("CredentialsWithFailover: Using scheme: " +
gen.GetClassCode());
Util.Log("CredentialsWithFailover: Using authenticator: " +
authenticator);
Util.Log("CredentialsWithFailover: Using authinit: " + authInit);
// Start the first server; do not start second server yet to force
// the clients to connect to the first server.
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
authenticator, extraProps, javaProps));
Util.Log("Cacheserver 1 started.");
// Start the clients with valid credentials
Properties <string, string> credentials1 = gen.GetValidCredentials(5);
Properties <string, string> javaProps1 = gen.JavaProperties;
Util.Log("CredentialsWithFailover: For first client valid " +
"credentials: " + credentials1 + " : " + javaProps1);
Properties <string, string> credentials2 = gen.GetValidCredentials(6);
Properties <string, string> javaProps2 = gen.JavaProperties;
Util.Log("CredentialsWithFailover: For second client valid " +
"credentials: " + credentials2 + " : " + javaProps2);
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials1);
m_client2.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials2);
// Perform some put operations from client1
m_client1.Call(DoPuts, 2);
// Verify that the puts succeeded
m_client2.Call(DoGets, 2);
// Start the second server and stop the first one to force a failover
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, SecurityTestUtil.GetServerArgs(
authenticator, extraProps, javaProps));
Util.Log("Cacheserver 2 started.");
CacheHelper.StopJavaServer(1);
// Perform some create/update operations from client1
// and verify from client2
m_client1.Call(DoPuts, 4, true, ExpectedResult.Success);
m_client2.Call(DoGets, 4, true);
// Try to connect client2 with no credentials
// Verify that the creation of region throws security exception
m_client2.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, (string)null, (Properties <string, string>)null,
ExpectedResult.AuthRequiredException);
// Now try to connect client1 with invalid credentials
// Verify that the creation of region throws security exception
credentials1 = gen.GetInvalidCredentials(7);
javaProps1 = gen.JavaProperties;
Util.Log("CredentialsWithFailover: For first client invalid " +
"credentials: " + credentials1 + " : " + javaProps1);
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials1,
ExpectedResult.AuthFailedException);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(2);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearLocators();
CacheHelper.ClearEndpoints();
}
}
void runCredentialsForNotifications()
{
foreach (CredentialGenerator gen in SecurityTestUtil.getAllGenerators(false))
{
Properties <string, string> extraProps = gen.SystemProperties;
Properties <string, string> javaProps = gen.JavaProperties;
string authenticator = gen.Authenticator;
string authInit = gen.AuthInit;
Util.Log("CredentialsForNotifications: Using scheme: " +
gen.GetClassCode());
Util.Log("CredentialsForNotifications: Using authenticator: " +
authenticator);
Util.Log("CredentialsForNotifications: Using authinit: " + authInit);
// Start the two servers.
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
authenticator, extraProps, javaProps));
Util.Log("Cacheserver 1 started.");
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, SecurityTestUtil.GetServerArgs(
authenticator, extraProps, javaProps));
Util.Log("Cacheserver 2 started.");
// Start the clients with valid credentials
Properties <string, string> credentials1 = gen.GetValidCredentials(5);
Properties <string, string> javaProps1 = gen.JavaProperties;
Util.Log("CredentialsForNotifications: For first client valid " +
"credentials: " + credentials1 + " : " + javaProps1);
Properties <string, string> credentials2 = gen.GetValidCredentials(6);
Properties <string, string> javaProps2 = gen.JavaProperties;
Util.Log("CredentialsForNotifications: For second client valid " +
"credentials: " + credentials2 + " : " + javaProps2);
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials1);
// Set up zero forward connections to check notification handshake only
m_client2.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials2,
0, ExpectedResult.Success);
m_client1.Call(registerPdxType8);
m_client2.Call(registerPdxType8);
// Register interest for all keys on second client
m_client2.Call(RegisterAllKeys, new string[] { RegionName });
// Wait for secondary server to see second client
Thread.Sleep(1000);
// Perform some put operations from client1
m_client1.Call(DoPuts, 2);
// Verify that the puts succeeded
m_client2.Call(DoLocalGets, 2);
// Stop the first server
CacheHelper.StopJavaServer(1);
// Perform some create/update operations from client1
m_client1.Call(DoPuts, 4, true, ExpectedResult.Success);
// Verify that the creates/updates succeeded
m_client2.Call(DoLocalGets, 4, true);
// Start server1 again and try to connect client1 using zero forward
// connections with no credentials.
// Verify that the creation of region throws authentication
// required exception
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
authenticator, extraProps, javaProps));
Util.Log("Cacheserver 1 started.");
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, (string)null, (Properties <string, string>)null,
0, ExpectedResult.AuthRequiredException);
// Now try to connect client2 using zero forward connections
// with invalid credentials.
// Verify that the creation of region throws security exception
credentials2 = gen.GetInvalidCredentials(3);
javaProps2 = gen.JavaProperties;
Util.Log("CredentialsForNotifications: For second client invalid " +
"credentials: " + credentials2 + " : " + javaProps2);
m_client2.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials2,
0, ExpectedResult.AuthFailedException);
// Now try to connect client2 with invalid auth-init method
// Trying to create the region on client with valid credentials should
// throw an authentication failed exception
m_client2.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, "Apache.Geode.Templates.Cache.Security.none",
credentials1, 0, ExpectedResult.AuthRequiredException);
// Try connection with null auth-init on clients.
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, (string)null, credentials1,
0, ExpectedResult.AuthRequiredException);
m_client2.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, (string)null, credentials2,
0, ExpectedResult.AuthRequiredException);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaServer(2);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearLocators();
CacheHelper.ClearEndpoints();
}
}
protected void ExecuteOpBlock(List <OperationWithAction> opBlock,
string authInit, Properties <string, string> extraAuthProps, Properties <string, string> extraAuthzProps,
TestCredentialGenerator gen, Random rnd, bool isMultiuser, bool ssl, bool withPassword)
{
foreach (OperationWithAction currentOp in opBlock)
{
// Start client with valid credentials as specified in
// OperationWithAction
OperationCode opCode = currentOp.OpCode;
OpFlags opFlags = currentOp.Flags;
int clientNum = currentOp.ClientNum;
if (clientNum > m_clients.Length)
{
Assert.Fail("ExecuteOpBlock: Unknown client number " + clientNum);
}
ClientBase client = m_clients[clientNum - 1];
Util.Log("ExecuteOpBlock: performing operation number [" +
currentOp.OpNum + "]: " + currentOp);
Properties <string, string> clientProps = null;
if (!CheckFlags(opFlags, OpFlags.UseOldConn))
{
Properties <string, string> opCredentials;
int newRnd = rnd.Next(100) + 1;
string currentRegionName = '/' + RegionName;
if (CheckFlags(opFlags, OpFlags.UseSubRegion))
{
currentRegionName += ('/' + SubregionName);
}
string credentialsTypeStr;
OperationCode authOpCode = currentOp.AuthzOperationCode;
int[] indices = currentOp.Indices;
CredentialGenerator cGen = gen.GetCredentialGenerator();
Properties <string, string> javaProps = null;
if (CheckFlags(opFlags, OpFlags.CheckNotAuthz) ||
CheckFlags(opFlags, OpFlags.UseNotAuthz))
{
opCredentials = gen.GetDisallowedCredentials(
new OperationCode[] { authOpCode },
new string[] { currentRegionName }, indices, newRnd);
credentialsTypeStr = " unauthorized " + authOpCode;
}
else
{
opCredentials = gen.GetAllowedCredentials(new OperationCode[] {
opCode, authOpCode
}, new string[] { currentRegionName },
indices, newRnd);
credentialsTypeStr = " authorized " + authOpCode;
}
if (cGen != null)
{
javaProps = cGen.JavaProperties;
}
clientProps = SecurityTestUtil.ConcatProperties(
opCredentials, extraAuthProps, extraAuthzProps);
// Start the client with valid credentials but allowed or disallowed to
// perform an operation
Util.Log("ExecuteOpBlock: For client" + clientNum +
credentialsTypeStr + " credentials: " + opCredentials);
if (!isMultiuser)
{
client.Call(SecurityTestUtil.CreateClientSSL, RegionName,
CacheHelper.Locators, authInit, clientProps, ssl, withPassword);
}
else
{
client.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
}
}
ExpectedResult expectedResult;
if (CheckFlags(opFlags, OpFlags.CheckNotAuthz))
{
expectedResult = ExpectedResult.NotAuthorizedException;
}
else if (CheckFlags(opFlags, OpFlags.CheckException))
{
expectedResult = ExpectedResult.OtherException;
}
else
{
expectedResult = ExpectedResult.Success;
}
// Perform the operation from selected client
if (!isMultiuser)
{
client.Call(DoOp, opCode, currentOp.Indices, opFlags, expectedResult);
}
else
{
client.Call(DoOp, opCode, currentOp.Indices, opFlags, expectedResult, clientProps, true);
}
}
}
void runNoAuthenticatorWithCredentials()
{
foreach (CredentialGenerator gen in SecurityTestUtil.getAllGenerators(false))
{
Properties <string, string> extraProps = gen.SystemProperties;
Properties <string, string> javaProps = gen.JavaProperties;
string authenticator = gen.Authenticator;
string authInit = gen.AuthInit;
if (authenticator == null || authenticator.Length == 0)
{
// If the scheme does not have an authenticator in the first place
// (e.g. SSL) then skip it since this test is useless
Util.Log("NoAuthenticatorWithCredentials: Skipping scheme [" +
gen.GetClassCode() + "] which has no authenticator");
continue;
}
Util.Log("NoAuthenticatorWithCredentials: Using scheme: " +
gen.GetClassCode());
Util.Log("NoAuthenticatorWithCredentials: Using authinit: " +
authInit);
// Start the servers
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, SecurityTestUtil.GetServerArgs(
null, extraProps, javaProps));
Util.Log("Cacheserver 1 started.");
// Start client1 with valid credentials and client2 with invalid
// credentials; both should succeed with no authenticator on server
Properties <string, string> credentials1 = gen.GetValidCredentials(3);
Properties <string, string> javaProps1 = gen.JavaProperties;
Util.Log("NoAuthenticatorWithCredentials: For first client valid " +
"credentials: " + credentials1 + " : " + javaProps1);
Properties <string, string> credentials2 = gen.GetInvalidCredentials(12);
Properties <string, string> javaProps2 = gen.JavaProperties;
Util.Log("NoAuthenticatorWithCredentials: For second client invalid " +
"credentials: " + credentials2 + " : " + javaProps2);
m_client1.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials1);
m_client2.Call(SecurityTestUtil.CreateClient, RegionName,
CacheHelper.Locators, authInit, credentials2);
// Perform some put operations from client1
m_client1.Call(DoPuts, 4);
// Verify that the puts succeeded
m_client2.Call(DoGets, 4);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
}
protected void RunOpsWithFailover(OperationWithAction[] opCodes,
string testName, bool isMultiUser, bool ssl, bool withPassword)
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC", null, ssl);
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(isMultiUser))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGen);
Util.Log(testName + ": Using authinit: " + authInit);
Util.Log(testName + ": Using authenticator: " + authenticator);
Util.Log(testName + ": Using accessor: " + accessor);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Perform all the ops on the clients
List <OperationWithAction> opBlock = new List <OperationWithAction>();
Random rnd = new Random();
for (int opNum = 0; opNum < opCodes.Length; ++opNum)
{
// Start client with valid credentials as specified in
// OperationWithAction
OperationWithAction currentOp = opCodes[opNum];
if (currentOp == OperationWithAction.OpBlockEnd ||
currentOp == OperationWithAction.OpBlockNoFailover)
{
// End of current operation block; execute all the operations
// on the servers with/without failover
if (opBlock.Count > 0)
{
// Start the first server and execute the operation block
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs, ssl);
Util.Log("Cacheserver 1 started.");
CacheHelper.StopJavaServer(2, false);
ExecuteOpBlock(opBlock, authInit, extraAuthProps,
extraAuthzProps, tgen, rnd, isMultiUser, ssl, withPassword);
if (currentOp == OperationWithAction.OpBlockNoFailover)
{
CacheHelper.StopJavaServer(1);
}
else
{
// Failover to the second server and run the block again
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs, ssl);
Util.Log("Cacheserver 2 started.");
CacheHelper.StopJavaServer(1);
ExecuteOpBlock(opBlock, authInit, extraAuthProps,
extraAuthzProps, tgen, rnd, isMultiUser, ssl, withPassword);
}
opBlock.Clear();
}
}
else
{
currentOp.OpNum = opNum;
opBlock.Add(currentOp);
}
}
// Close all clients here since we run multiple iterations for pool and non pool configs
foreach (ClientBase client in m_clients)
{
client.Call(Close);
}
}
CacheHelper.StopJavaLocator(1, true, ssl);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runThinClientWriterExceptionTest()
{
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
for (int i = 1; i <= 2; ++i)
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
//TODO: its not working for multiuser mode.. need to fix later
if (cGen.GetClassCode() == CredentialGenerator.ClassCode.PKCS)
{
continue;
}
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("ThinClientWriterException: Using authinit: " + authInit);
Util.Log("ThinClientWriterException: Using authenticator: " + authenticator);
Util.Log("ThinClientWriterException: Using accessor: " + accessor);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Start the server.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
// Start client1 with valid CREATE credentials
Properties <string, string> createCredentials = authzGen.GetDisallowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPuts: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientR0, RegionName,
CacheHelper.Locators, authInit, createCredentials);
Util.Log("Creating region in client1 , no-ack, no-cache, with listener and writer");
m_client1.Call(CreateRegion, CacheHelper.Locators,
true, true, true);
m_client1.Call(RegisterAllKeys, new string[] { RegionName });
try
{
Util.Log("Trying put Operation");
m_client1.Call(DoPut);
Util.Log(" Put Operation Successful");
Assert.Fail("Should have got NotAuthorizedException during put");
}
catch (NotAuthorizedException)
{
Util.Log("NotAuthorizedException Caught");
Util.Log("Success");
}
catch (Exception other)
{
Util.Log("Stack trace: {0} ", other.StackTrace);
Util.Log("Got exception : {0}",
other.Message);
}
m_client1.Call(CheckAssert);
// Do LocalPut
m_client1.Call(DoLocalPut);
m_client1.Call(Close);
CacheHelper.StopJavaServer(1);
}
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runInvalidAccessor()
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Util.Log("NIl:792:Current credential is = {0}", cGen);
//if (cGen.GetClassCode() == CredentialGenerator.ClassCode.LDAP)
// continue;
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("InvalidAccessor: Using authinit: " + authInit);
Util.Log("InvalidAccessor: Using authenticator: " + authenticator);
// Start server1 with invalid accessor
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
"com.gemstone.none", null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
// Client creation should throw exceptions
Properties <string, string> createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 3);
javaProps = cGen.JavaProperties;
Util.Log("InvalidAccessor: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Now perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true, ExpectedResult.OtherException);
Properties <string, string> getCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 7);
javaProps = cGen.JavaProperties;
Util.Log("InvalidAccessor: For second client GET credentials: " +
getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Now perform some put operations from client1
m_client2.Call(DoGetsMU, 10, getCredentials, true, ExpectedResult.OtherException);
// Now start server2 that has valid accessor
Util.Log("InvalidAccessor: Using accessor: " + accessor);
serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
CacheHelper.StopJavaServer(1);
// Client creation should be successful now
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Now perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true);
// Verify that the gets succeed
m_client2.Call(DoGetsMU, 10, getCredentials, true);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(2);
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
//private static string DurableClientId2 = "DurableClientId2";
void runDurableCQTest(bool logicalCacheClose, bool durableCQ, bool whetherResult)
{
CacheHelper.SetupJavaServers(true, "remotequeryN.xml");
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
DummyAuthorization3 da = new DummyAuthorization3();
string authenticator = da.Authenticator;
string authInit = da.AuthInit;
string accessorPP = da.AuthenticatorPP;
Util.Log("testAllowPutsGets: Using authinit: " + authInit);
Util.Log("testAllowPutsGets: Using authenticator: " + authenticator);
Util.Log("testAllowPutsGets: Using accessorPP: " + accessorPP);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
null, accessorPP, null, null);
// Start the two servers.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
// Start client1 with valid CREATE credentials, this index will be used to authorzie the user
Properties <string, string> createCredentials = da.GetValidCredentials(4);
Util.Log("runCQTest: ");
/*
* regionName, string endpoints, string locators,
* authInit, Properties credentials, bool pool, bool locator, bool isMultiuser, bool notificationEnabled, string durableClientId)
*/
m_client1.Call(SecurityTestUtil.CreateMUDurableClient, RegionName_CQ,
CacheHelper.Locators, authInit, DurableClientId1, true, true);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName_CQ,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
m_client1.Call(ReadyForEvents2);
// Perform some put operations from client1
m_client1.Call(registerCQ, createCredentials, durableCQ);
Properties <string, string> createCredentials2 = da.GetValidCredentials(3);
// Verify that the gets succeed
m_client2.Call(doCQPut, createCredentials2);
//close cache client-1
m_client1.Call(verifyCQEvents, true, CqOperationType.OP_TYPE_CREATE);
Thread.Sleep(10000);
Util.Log("Before calling CloseUserCache: " + logicalCacheClose);
if (logicalCacheClose)
{
m_client1.Call(CloseUserCache, logicalCacheClose);
}
m_client1.Call(CloseKeepAlive);
//put again from other client
m_client2.Call(doCQPut, createCredentials2);
//client-1 will up again
m_client1.Call(SecurityTestUtil.CreateMUDurableClient, RegionName_CQ,
CacheHelper.Locators, authInit, DurableClientId1, true, true);
// Perform some put operations from client1
m_client1.Call(registerCQ, createCredentials, durableCQ);
m_client1.Call(ReadyForEvents2);
Thread.Sleep(20000);
m_client1.Call(verifyCQEvents, whetherResult, CqOperationType.OP_TYPE_UPDATE);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
// CacheHelper.StopJavaServer(2);
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runAllowPutsGets()
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("testAllowPutsGets: Using authinit: " + authInit);
Util.Log("testAllowPutsGets: Using authenticator: " + authenticator);
Util.Log("testAllowPutsGets: Using accessor: " + accessor);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Start the two servers.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
// Start client1 with valid CREATE credentials
Properties <string, string> createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
javaProps = cGen.JavaProperties;
Util.Log("AllowPutsGets: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Start client2 with valid GET credentials
Properties <string, string> getCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 2);
javaProps = cGen.JavaProperties;
Util.Log("AllowPutsGets: For second client GET credentials: " +
getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true);
// Verify that the gets succeed
m_client2.Call(DoGetsMU, 10, getCredentials, true);
m_client1.Call(DoPutsTx, 10, true, ExpectedResult.Success, getCredentials, true);
m_client2.Call(DoGets, 10, true, ExpectedResult.Success, getCredentials, true);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaServer(2);
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
