GEODE-6781: Switch from deprecated Authenticator to SecurityManager for examples (#528)
* Have the authentication use a SecurityManager vs Authenticator.
* Bash script was stopping servers vs shutdown.
* No reason to destroy the region if we are deleting the data directory. Wait for process to die before trying to delete the data directories.
diff --git a/examples/cpp/authinitialize/startserver.ps1 b/examples/cpp/authinitialize/startserver.ps1
index 354e7c3..f0a10c6 100644
--- a/examples/cpp/authinitialize/startserver.ps1
+++ b/examples/cpp/authinitialize/startserver.ps1
@@ -35,11 +35,14 @@
if ($GFSH_PATH -ne "")
{
- # Set this variable to include your java object that implements the Authenticator class
- $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
+ # Set this variable to include your java object that implements the Authenticator class
+ $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
- # Set this variable to the full name of your Authenticator.create function
- $AUTHENTICATOR = 'javaobject.SimpleAuthenticator.create'
+ $COMMON_OPTS = "--J=-Dgemfire.security-username=server"
+ $COMMON_OPTS = "$COMMON_OPTS --J=-Dgemfire.security-password=server"
+ $COMMON_OPTS = "$COMMON_OPTS --classpath=$RESOLVEDPATH"
- Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator' -e 'start server --name=server --classpath=$RESOLVEDPATH --J=-Dgemfire.security-client-authenticator=$AUTHENTICATOR --dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'"
+ $LOCATOR_OPTS = "$COMMON_OPTS --J=-Dgemfire.security-manager=javaobject.SimpleSecurityManager"
+
+ Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator $LOCATOR_OPTS' -e 'connect --locator=localhost[10334] --user=server --password=server' -e 'start server --name=server $COMMON_OPTS' -e 'create region --name=region --type=PARTITION'"
}
diff --git a/examples/cpp/authinitialize/startserver.sh b/examples/cpp/authinitialize/startserver.sh
index 9e38174..483ff25 100644
--- a/examples/cpp/authinitialize/startserver.sh
+++ b/examples/cpp/authinitialize/startserver.sh
@@ -28,10 +28,19 @@
fi
fi
-# Set this variable to include your java object that implements the Authenticator class
-RESOLVEDPATH = "../../utilities/example.jar"
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/../.." >&-
+BUILD_HOME="`pwd -P`"
+cd "$SAVED" >&-
-# Set this variable to the full name of your Authenticator.create function
-AUTHENTICATOR = 'javaobject.SimpleAuthenticator.create'
-$GFSH_PATH -e "start locator --name=locator" -e "start server --name=server --classpath=${RESOLVEDPATH} --J=-Dgemfire.security-client-authenticator=$AUTHENTICATOR" -e "create region --name=region --type=PARTITION"
+# These security items typically go into gfsecurity.properties file. For
+# simplicity we are including the security details on the commandline.
+
+COMMON_OPTS="--J=-Dgemfire.security-username=server"
+COMMON_OPTS="${COMMON_OPTS} --J=-Dgemfire.security-password=server"
+COMMON_OPTS="${COMMON_OPTS} --classpath=${BUILD_HOME}/utilities/example.jar"
+
+LOCATOR_OPTS="${COMMON_OPTS} --J=-Dgemfire.security-manager=javaobject.SimpleSecurityManager"
+
+$GFSH_PATH -e "start locator --name=locator ${LOCATOR_OPTS}" -e "connect --locator=localhost[10334] --user=server --password=server" -e "start server --name=server ${COMMON_OPTS}" -e "create region --name=region --type=PARTITION"
diff --git a/examples/cpp/authinitialize/stopserver.ps1 b/examples/cpp/authinitialize/stopserver.ps1
index 801c273..6500a30 100644
--- a/examples/cpp/authinitialize/stopserver.ps1
+++ b/examples/cpp/authinitialize/stopserver.ps1
@@ -32,10 +32,19 @@
$GFSH_PATH = "$env:GEODE_HOME\bin\gfsh.bat"
}
}
+$locatorPid = Get-Content -Path locator/vf.gf.locator.pid
+$serverPid = Get-Content -Path server/vf.gf.server.pid
if ($GFSH_PATH -ne "")
{
- Invoke-Expression "$GFSH_PATH -e 'connect' -e 'destroy region --name=region' -e 'stop server --name=server' -e 'stop locator --name=locator'"
+ Invoke-Expression "$GFSH_PATH -e 'connect --locator=localhost[10334] --user=server --password=server' -e 'shutdown --include-locators=true'"
+}
+
+while(Get-Process -Id $locatorPid -ErrorAction SilentlyContinue) {
+ Start-Sleep -Seconds 0.5
+}
+while(Get-Process -Id $serverPid -ErrorAction SilentlyContinue) {
+ Start-Sleep -Seconds 0.5
}
Remove-Item -Path locator -Recurse -Force
diff --git a/examples/cpp/authinitialize/stopserver.sh b/examples/cpp/authinitialize/stopserver.sh
index 4176d8e..fae134e 100644
--- a/examples/cpp/authinitialize/stopserver.sh
+++ b/examples/cpp/authinitialize/stopserver.sh
@@ -28,6 +28,6 @@
fi
fi
-$GFSH_PATH -e "connect" -e "stop server --name=server" -e "stop locator --name=locator"
+$GFSH_PATH -e "connect --locator=localhost[10334] --user=server --password=server" -e "shutdown --include-locators=true"
rm -rf locator server
diff --git a/examples/dotnet/authinitialize/startserver.ps1 b/examples/dotnet/authinitialize/startserver.ps1
index 354e7c3..b859386 100644
--- a/examples/dotnet/authinitialize/startserver.ps1
+++ b/examples/dotnet/authinitialize/startserver.ps1
@@ -35,11 +35,14 @@
if ($GFSH_PATH -ne "")
{
- # Set this variable to include your java object that implements the Authenticator class
- $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
+ # Set this variable to include your java object that implements the Authenticator class
+ $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
- # Set this variable to the full name of your Authenticator.create function
- $AUTHENTICATOR = 'javaobject.SimpleAuthenticator.create'
+ $COMMON_OPTS = "--J=-Dgemfire.security-username=server"
+ $COMMON_OPTS = "$COMMON_OPTS --J=-Dgemfire.security-password=server"
+ $COMMON_OPTS = "$COMMON_OPTS --classpath=$RESOLVEDPATH"
- Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator' -e 'start server --name=server --classpath=$RESOLVEDPATH --J=-Dgemfire.security-client-authenticator=$AUTHENTICATOR --dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'"
+ $LOCATOR_OPTS = "$COMMON_OPTS --J=-Dgemfire.security-manager=javaobject.SimpleSecurityManager"
+
+ Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator $LOCATOR_OPTS' -e 'connect --locator=localhost[10334] --user=server --password=server' -e 'start server --name=server $COMMON_OPTS' -e 'create region --name=region --type=PARTITION'"
}
diff --git a/examples/dotnet/authinitialize/stopserver.ps1 b/examples/dotnet/authinitialize/stopserver.ps1
index ec2c218..6500a30 100644
--- a/examples/dotnet/authinitialize/stopserver.ps1
+++ b/examples/dotnet/authinitialize/stopserver.ps1
@@ -32,8 +32,20 @@
$GFSH_PATH = "$env:GEODE_HOME\bin\gfsh.bat"
}
}
+$locatorPid = Get-Content -Path locator/vf.gf.locator.pid
+$serverPid = Get-Content -Path server/vf.gf.server.pid
if ($GFSH_PATH -ne "")
{
- Invoke-Expression "$GFSH_PATH -e 'connect' -e 'destroy region --name=region' -e 'stop server --name=server' -e 'stop locator --name=locator'"
-}
\ No newline at end of file
+ Invoke-Expression "$GFSH_PATH -e 'connect --locator=localhost[10334] --user=server --password=server' -e 'shutdown --include-locators=true'"
+}
+
+while(Get-Process -Id $locatorPid -ErrorAction SilentlyContinue) {
+ Start-Sleep -Seconds 0.5
+}
+while(Get-Process -Id $serverPid -ErrorAction SilentlyContinue) {
+ Start-Sleep -Seconds 0.5
+}
+
+Remove-Item -Path locator -Recurse -Force
+Remove-Item -Path server -Recurse -Force
diff --git a/examples/utilities/CMakeLists.txt b/examples/utilities/CMakeLists.txt
index 0fe49ba..cbe5c06 100644
--- a/examples/utilities/CMakeLists.txt
+++ b/examples/utilities/CMakeLists.txt
@@ -22,7 +22,7 @@
install(FILES
${CMAKE_CURRENT_BINARY_DIR}/CMakeLists.txt
${CMAKE_CURRENT_SOURCE_DIR}/ExampleMultiGetFunction.java
- ${CMAKE_CURRENT_SOURCE_DIR}/SimpleAuthenticator.java
+ ${CMAKE_CURRENT_SOURCE_DIR}/SimpleSecurityManager.java
${CMAKE_CURRENT_SOURCE_DIR}/UserPasswordAuthInit.java
${CMAKE_CURRENT_SOURCE_DIR}/UsernamePrincipal.java
DESTINATION examples/utilities)
diff --git a/examples/utilities/SimpleAuthenticator.java b/examples/utilities/SimpleAuthenticator.java
deleted file mode 100644
index 68f0909..0000000
--- a/examples/utilities/SimpleAuthenticator.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package javaobject;
-
-import java.security.Principal;
-import java.util.Properties;
-
-import org.apache.geode.LogWriter;
-import org.apache.geode.distributed.DistributedMember;
-import org.apache.geode.security.AuthenticationFailedException;
-import org.apache.geode.security.Authenticator;
-import javaobject.UserPasswordAuthInit;
-import javaobject.UsernamePrincipal;
-
-/**
- * A dummy implementation of the {@link Authenticator} interface that expects a
- * user name and password allowing authentication depending on the format of the
- * user name.
- *
- */
-public class SimpleAuthenticator implements Authenticator {
-
- public static Authenticator create() {
- return new SimpleAuthenticator();
- }
-
- public SimpleAuthenticator() {
- }
-
- public void init(Properties systemProps, LogWriter systemLogger,
- LogWriter securityLogger) throws AuthenticationFailedException {
- }
-
- public static boolean testValidName(String userName) {
-
- return (userName.startsWith("user") || userName.startsWith("reader")
- || userName.startsWith("writer") || userName.equals("admin")
- || userName.equals("root") || userName.equals("administrator"));
- }
-
- public Principal authenticate(Properties props, DistributedMember member)
- throws AuthenticationFailedException {
-
- String userName = props.getProperty(UserPasswordAuthInit.USER_NAME);
- if (userName == null) {
- throw new AuthenticationFailedException(
- "SimpleAuthenticator: user name property ["
- + UserPasswordAuthInit.USER_NAME + "] not provided");
- }
- String password = props.getProperty(UserPasswordAuthInit.PASSWORD);
- if (password == null) {
- throw new AuthenticationFailedException(
- "SimpleAuthenticator: password property ["
- + UserPasswordAuthInit.PASSWORD + "] not provided");
- }
-
- if (userName.equals(password) && testValidName(userName)) {
- return new UsernamePrincipal(userName);
- }
- else {
- throw new AuthenticationFailedException(
- "SimpleAuthenticator: Invalid user name [" + userName
- + "], password supplied.");
- }
- }
-
- public void close() {
- }
-
-}
diff --git a/examples/utilities/SimpleSecurityManager.java b/examples/utilities/SimpleSecurityManager.java
new file mode 100644
index 0000000..7dc8bd7
--- /dev/null
+++ b/examples/utilities/SimpleSecurityManager.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javaobject;
+
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.SecurityManager;
+
+import java.util.Properties;
+
+import javaobject.UserPasswordAuthInit;
+import javaobject.UsernamePrincipal;
+
+/**
+ * This Security manager only Authenticates - and allows any operations.
+ */
+public class SimpleSecurityManager implements SecurityManager {
+
+
+ /**
+ * Verify the credentials provided in the properties
+ * <p>
+ * Your security manager needs to validate credentials coming from all communication channels.
+ * If you use AuthInitialize to generate your client/peer credentials, then the input of this
+ * method is the output of your AuthInitialize.getCredentials method. But remember that this
+ * method will also need to validate credentials coming from gfsh/jmx/rest client, the framework
+ * is putting the username/password under security-username and security-password keys in the
+ * property, so your securityManager implementation needs to validate these kind of properties
+ * as well.
+ *
+ * @param credentials it contains the security-username and security-password as keys of the
+ * properties, also the properties generated by your AuthInitialize interface
+ * @return a serializable principal object
+ */
+ @Override
+ public Object authenticate(Properties props) throws AuthenticationFailedException {
+ String userName = props.getProperty(UserPasswordAuthInit.USER_NAME);
+ if (userName == null) {
+ throw new AuthenticationFailedException(
+ "SimpleSecurityManager: user name property ["
+ + UserPasswordAuthInit.USER_NAME + "] not provided");
+ }
+ String password = props.getProperty(UserPasswordAuthInit.PASSWORD);
+ if (password == null) {
+ throw new AuthenticationFailedException(
+ "SimpleSecurityManager: password property ["
+ + UserPasswordAuthInit.PASSWORD + "] not provided");
+ }
+
+ if (userName.equals(password) && testValidName(userName)) {
+ return new UsernamePrincipal(userName);
+ } else {
+ throw new AuthenticationFailedException(
+ "SimpleSecurityManager: Invalid user name [" + userName
+ + "], password supplied.");
+ }
+ }
+
+ private boolean testValidName(String userName) {
+
+ return (userName.startsWith("server") || userName.startsWith("user")
+ || userName.startsWith("reader") || userName.startsWith("writer")
+ || userName.equals("admin") || userName.equals("root")
+ || userName.equals("administrator"));
+ }
+}
