Google Git
Sign in
apache / geode-native / refs/heads/feature/GEODE-5957-onRegion / . / cppcache / integration-test / testThinClientSecurityPostAuthorization.cpp
blob: 9c879f46b9b9b891a64ac4e092d8c0e1a2fdc431 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file testThinClientSecurityPostAuthorization.cpp
*
* @brief Currently this tests for getAll() with only some keys allowed
* so expecting some authorization failure exceptions in the result
*
*
*/
#include "fw_dunit.hpp"
#include "CacheHelper.hpp"
#include "ThinClientHelper.hpp"
#include <ace/Process.h>
#include <string>
#include "ThinClientSecurity.hpp"
using apache::geode::client::Exception;
using apache::geode::client::HashMapOfCacheable;
using apache::geode::client::HashMapOfException;
using apache::geode::client::NotAuthorizedException;
const char *locHostPort =
CacheHelper::getLocatorHostPort(isLocator, isLocalServer, 1);
#define HANDLE_NO_NOT_AUTHORIZED_EXCEPTION \
catch (const NotAuthorizedException &) { \
LOG("NotAuthorizedException Caught"); \
FAIL("should not have caught NotAuthorizedException"); \
} \
catch (const Exception &other) { \
LOG("Got apache::geode::client::Exception& other "); \
LOG(other.getStackTrace().c_str()); \
FAIL(other.what()); \
}
#define HANDLE_NOT_AUTHORIZED_EXCEPTION \
catch (const NotAuthorizedException &) { \
LOG("NotAuthorizedException Caught"); \
LOG("Success"); \
} \
catch (const Exception &other) { \
LOG(other.getStackTrace().c_str()); \
FAIL(other.what()); \
}
#define ADMIN_CLIENT s1p1
#define WRITER_CLIENT s1p2
#define READER_CLIENT s2p1
#define READER2_CLIENT s2p2
const char *regionNamesAuth[] = {"DistRegionAck"};
void initClientAuth(char userType, int clientNum = 1) {
auto config = Properties::create();
config->insert("security-client-auth-library", "securityImpl");
config->insert("security-client-auth-factory",
"createUserPasswordAuthInitInstance");
switch (userType) {
case 'W': {
config->insert("security-username", "geode9");
config->insert("security-password", "geode9");
break;
}
case 'R': {
char clientStr[32];
sprintf(clientStr, "geode%d", clientNum);
config->insert("security-username", clientStr);
config->insert("security-password", clientStr);
break;
}
case 'A': {
config->insert("security-username", "geode1");
config->insert("security-password", "geode1");
break;
}
default: { break; }
}
initClient(true, config);
}
const char *getServerSecurityParams() {
static std::string serverSecurityParams;
if (serverSecurityParams.size() == 0) {
serverSecurityParams =
"security-client-authenticator="
"javaobject.LdapUserAuthenticator.create "
"security-client-accessor="
"org.apache.geode.internal.security.FilterPreAuthorization.create "
"security-client-accessor-pp="
"org.apache.geode.internal.security.FilterPostAuthorization.create "
"log-level=fine security-log-level=finest";
char *ldapSrv = ACE_OS::getenv("LDAP_SERVER");
serverSecurityParams += std::string(" security-ldap-server=") +
(ldapSrv != nullptr ? ldapSrv : "ldap");
char *ldapRoot = ACE_OS::getenv("LDAP_BASEDN");
serverSecurityParams +=
std::string(" security-ldap-basedn=") +
(ldapRoot != nullptr ? ldapRoot
: "ou=ldapTesting,dc=ldap,dc=apache,dc=org");
char *ldapSSL = ACE_OS::getenv("LDAP_USESSL");
serverSecurityParams += std::string(" security-ldap-usessl=") +
(ldapSSL != nullptr ? ldapSSL : "false");
}
return serverSecurityParams.c_str();
}
void getKeysVector(std::vector<std::shared_ptr<CacheableKey>> &keysVec,
int numKeys) {
for (int index = 0; index < numKeys; ++index) {
keysVec.push_back(CacheableString::create(keys[index]));
}
}
void checkValuesMap(HashMapOfCacheable &values, int clientNum, int numKeys) {
size_t expectedNum = 0;
std::shared_ptr<CacheableKey> key;
std::shared_ptr<CacheableString> val;
std::shared_ptr<CacheableString> expectedVal;
for (int index = clientNum - 1; index < numKeys; index += clientNum) {
++expectedNum;
key = CacheableString::create(keys[index]);
const auto &iter = values.find(key);
ASSERT(iter != values.end(), "key not found in values map");
val = std::dynamic_pointer_cast<CacheableString>(iter->second);
expectedVal = CacheableString::create(nvals[index]);
ASSERT(*val == *expectedVal, "unexpected value in values map");
}
printf("Expected number of values: %zd; got values: %zd", expectedNum,
values.size());
ASSERT(values.size() == expectedNum, "unexpected number of values");
}
void checkExceptionsMap(HashMapOfException &exceptions, int clientNum,
int numKeys) {
size_t expectedNum = 0;
std::shared_ptr<CacheableKey> key;
for (int index = 0; index < numKeys; ++index) {
if ((index + 1) % clientNum != 0) {
++expectedNum;
key = CacheableString::create(keys[index]);
const auto &iter = exceptions.find(key);
ASSERT(iter != exceptions.end(), "key not found in exceptions map");
ASSERT(std::dynamic_pointer_cast<std::shared_ptr<NotAuthorizedException>>(
iter->second),
"unexpected exception type in exception map");
printf("Got expected NotAuthorizedException: %s", iter->second->what());
}
}
printf("Expected number of exceptions: %zd; got exceptions: %zd", expectedNum,
exceptions.size());
ASSERT(exceptions.size() == expectedNum, "unexpected number of exceptions");
}
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, StartLocator)
{
if (isLocator) CacheHelper::initLocator(1);
LOG("Locator1 started");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, StartServer1)
{
if (isLocalServer) {
CacheHelper::initServer(1, "cacheserver_notify_subscription.xml",
locHostPort, getServerSecurityParams());
LOG("Server1 started");
}
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, StartServer2)
{
if (isLocalServer) {
CacheHelper::initServer(2, "cacheserver_notify_subscription2.xml",
locHostPort, getServerSecurityParams());
LOG("Server2 started");
}
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, StepOne)
{
initClientAuth('A');
try {
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
createEntry(regionNamesAuth[0], keys[0], vals[0]);
updateEntry(regionNamesAuth[0], keys[0], nvals[0]);
invalidateEntry(regionNamesAuth[0], keys[0]);
verifyInvalid(regionNamesAuth[0], keys[0]);
destroyEntry(regionNamesAuth[0], keys[0]);
verifyDestroyed(regionNamesAuth[0], keys[0]);
destroyRegion(regionNamesAuth[0]);
auto key0 = CacheableKey::create(keys[0]);
auto val0 = CacheableString::create(vals[0]);
auto key2 = CacheableKey::create(keys[2]);
auto val2 = CacheableString::create(nvals[2]);
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
createEntry(regionNamesAuth[0], keys[0], vals[0]);
createEntry(regionNamesAuth[0], keys[2], nvals[2]);
auto regPtr0 = getHelper()->getRegion(regionNamesAuth[0]);
if (regPtr0 != nullptr) {
regPtr0->registerAllKeys();
regPtr0->unregisterAllKeys();
}
std::vector<std::shared_ptr<CacheableKey>> keysVec;
keysVec.push_back(key0);
keysVec.push_back(key2);
auto values = regPtr0->getAll(keysVec);
ASSERT(values.size() == 2, "Expected 2 entries");
auto res0 = std::dynamic_pointer_cast<CacheableString>(values[key0]);
auto res2 = std::dynamic_pointer_cast<CacheableString>(values[key2]);
ASSERT(*res0 == *val0, "Unexpected value for key");
ASSERT(*res2 == *val2, "Unexpected value for key");
}
HANDLE_NO_NOT_AUTHORIZED_EXCEPTION
LOG("StepOne complete.");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(WRITER_CLIENT, StepTwo)
{
initClientAuth('W');
try {
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
createEntry(regionNamesAuth[0], keys[0], vals[0]);
updateEntry(regionNamesAuth[0], keys[0], nvals[0]);
invalidateEntry(regionNamesAuth[0], keys[0]);
verifyInvalid(regionNamesAuth[0], keys[0]);
destroyEntry(regionNamesAuth[0], keys[0]);
verifyDestroyed(regionNamesAuth[0], keys[0]);
createEntry(regionNamesAuth[0], keys[0], vals[0]);
updateEntry(regionNamesAuth[0], keys[0], nvals[0]);
verifyEntry(regionNamesAuth[0], keys[0], nvals[0]);
destroyRegion(regionNamesAuth[0]);
}
HANDLE_NO_NOT_AUTHORIZED_EXCEPTION
try {
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
auto regPtr0 = getHelper()->getRegion(regionNamesAuth[0]);
auto keyPtr = CacheableKey::create(keys[0]);
auto checkPtr =
std::dynamic_pointer_cast<CacheableString>(regPtr0->get(keyPtr));
FAIL("Should get NotAuthorizedException");
}
HANDLE_NOT_AUTHORIZED_EXCEPTION
try {
createEntry(regionNamesAuth[0], keys[1], nvals[1]);
createEntry(regionNamesAuth[0], keys[2], nvals[2]);
createEntry(regionNamesAuth[0], keys[3], nvals[3]);
createEntry(regionNamesAuth[0], keys[4], nvals[4]);
createEntry(regionNamesAuth[0], keys[5], nvals[5]);
}
HANDLE_NO_NOT_AUTHORIZED_EXCEPTION
LOG("StepTwo complete.");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(READER_CLIENT, StepThree)
{
initClientAuth('R', 2);
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
std::vector<std::shared_ptr<CacheableKey>> keys;
getKeysVector(keys, 6);
auto rptr = getHelper()->getRegion(regionNamesAuth[0]);
auto values = rptr->getAll(keys);
checkValuesMap(values, 2, 6);
LOG("StepThree complete.");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(READER2_CLIENT, StepFour)
{
initClientAuth('R', 3);
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
std::vector<std::shared_ptr<CacheableKey>> keys;
getKeysVector(keys, 6);
auto rptr = getHelper()->getRegion(regionNamesAuth[0]);
auto values = rptr->getAll(keys);
checkValuesMap(values, 3, 6);
LOG("StepFour complete.");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, CloseServer1)
{
if (isLocalServer) {
CacheHelper::closeServer(1);
LOG("Server1 stopped");
}
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, CloseServer2)
{
if (isLocalServer) {
CacheHelper::closeServer(2);
LOG("Server2 stopped");
}
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, CloseCacheAdmin)
{ cleanProc(); }
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(WRITER_CLIENT, CloseCacheWriter)
{ cleanProc(); }
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(READER_CLIENT, CloseCacheReader)
{ cleanProc(); }
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(READER2_CLIENT, CloseCacheReader2)
{ cleanProc(); }
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, CloseLocator)
{
if (isLocator) {
CacheHelper::closeLocator(1);
LOG("Locator1 stopped");
}
}
END_TASK_DEFINITION
void doThinClientSecurityPostAuthorization() {
CALL_TASK(StartLocator);
CALL_TASK(StartServer1);
CALL_TASK(StartServer2);
CALL_TASK(StepOne);
CALL_TASK(StepTwo);
CALL_TASK(StepThree);
CALL_TASK(StepFour);
CALL_TASK(CloseServer1);
CALL_TASK(CloseServer2);
CALL_TASK(CloseCacheAdmin);
CALL_TASK(CloseCacheWriter);
CALL_TASK(CloseCacheReader);
CALL_TASK(CloseCacheReader2);
CALL_TASK(CloseLocator);
}
DUNIT_MAIN
{ doThinClientSecurityPostAuthorization(); }
END_MAIN