geode-core/src/distributedTest/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java - geode - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.apache.geode.security;

 import static org.apache.geode.cache.Region.SEPARATOR;
 import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR;
 import static org.apache.geode.security.SecurityTestUtil.createClientCache;
 import static org.apache.geode.security.SecurityTestUtil.createProxyRegion;
 import static org.apache.geode.test.awaitility.GeodeAwaitility.await;
 import static org.assertj.core.api.Assertions.assertThat;

 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Iterator;

 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;

 import org.apache.geode.cache.EntryEvent;
 import org.apache.geode.cache.Region;
 import org.apache.geode.cache.RegionShortcut;
 import org.apache.geode.cache.client.ClientCache;
 import org.apache.geode.cache.client.ClientRegionFactory;
 import org.apache.geode.cache.client.ClientRegionShortcut;
 import org.apache.geode.cache.query.SelectResults;
 import org.apache.geode.cache.util.CacheListenerAdapter;
 import org.apache.geode.internal.cache.EntryEventImpl;
 import org.apache.geode.pdx.SimpleClass;
 import org.apache.geode.test.dunit.Host;
 import org.apache.geode.test.dunit.IgnoredException;
 import org.apache.geode.test.dunit.VM;
 import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
 import org.apache.geode.test.junit.categories.SecurityTest;
 import org.apache.geode.test.junit.rules.GfshCommandRule;
 import org.apache.geode.test.junit.rules.ServerStarterRule;
 import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;

 @Category({SecurityTest.class})
 @RunWith(Parameterized.class)
 @Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
 public class PDXPostProcessorDUnitTest extends JUnit4DistributedTestCase {

   private static final byte[] BYTES = PDXPostProcessor.bytes();
   private static final String REGION_NAME = "AuthRegion";

   private VM client1;
   private VM client2;

   private boolean pdxPersistent;

   @Parameterized.Parameters
   public static Collection<Object[]> parameters() {
     Object[][] params = {{true}, {false}};
     return Arrays.asList(params);
   }

   public PDXPostProcessorDUnitTest(boolean pdxPersistent) {
     this.pdxPersistent = pdxPersistent;
   }

   @Before
   public void before() throws Exception {
     Host host = Host.getHost(0);
     this.client1 = host.getVM(1);
     this.client2 = host.getVM(2);
   }

   @Rule
   public ServerStarterRule server =
       new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
           .withProperty(TestSecurityManager.SECURITY_JSON,
               "org/apache/geode/management/internal/security/clientServer.json")
           .withProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName())
           .withProperty("security-pdx", this.pdxPersistent + "").withJMXManager()
           .withRegion(RegionShortcut.REPLICATE, REGION_NAME);

   @Test
   public void testRegionGet() {
     this.client2.invoke(() -> {
       ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
       Region region = createProxyRegion(cache, REGION_NAME);
       // put in a value that's a domain object
       region.put("key1", new SimpleClass(1, (byte) 1));
       // put in a byte value
       region.put("key2", BYTES);
     });

     this.client1.invoke(() -> {
       ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
       Region region = createProxyRegion(cache, REGION_NAME);

       // post process for get the client domain object
       Object value = region.get("key1");
       assertThat(value).isInstanceOf(SimpleClass.class);

       // post process for get the raw byte value
       value = region.get("key2");
       assertThat(Arrays.equals(BYTES, (byte[]) value)).isTrue();
     });

     // this makes sure PostProcessor is getting called
     PDXPostProcessor pp =
         (PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor();
     assertThat(pp.getCount()).isEqualTo(2);
   }

   @Test
   public void testQuery() {
     this.client2.invoke(() -> {
       ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
       Region region = createProxyRegion(cache, REGION_NAME);
       // put in a value that's a domain object
       region.put("key1", new SimpleClass(1, (byte) 1));
       region.put("key2", BYTES);
     });

     this.client1.invoke(() -> {
       ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
       Region region = createProxyRegion(cache, REGION_NAME);

       // post process for query
       String query = "select * from " + SEPARATOR + "AuthRegion";
       SelectResults result = region.query(query);

       Iterator itr = result.iterator();
       while (itr.hasNext()) {
         Object obj = itr.next();
         if (obj instanceof byte[]) {
           assertThat(Arrays.equals(BYTES, (byte[]) obj)).isTrue();
         } else {
           assertThat(obj).isInstanceOf(SimpleClass.class);
         }
       }
     });

     // this makes sure PostProcessor is getting called
     PDXPostProcessor pp =
         (PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor();
     assertThat(pp.getCount()).isEqualTo(2);
   }

   @Test
   public void testRegisterInterest() {
     IgnoredException.addIgnoredException("NoAvailableServersException");

     this.client1.invoke(() -> {
       ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());

       ClientRegionFactory factory = cache.createClientRegionFactory(ClientRegionShortcut.PROXY);
       factory.addCacheListener(new CacheListenerAdapter() {
         @Override
         public void afterUpdate(EntryEvent event) {
           Object key = event.getKey();
           Object value = ((EntryEventImpl) event).getDeserializedValue();
           if (key.equals("key1")) {
             assertThat(value).isInstanceOf(SimpleClass.class);
           } else if (key.equals("key2")) {
             assertThat(Arrays.equals(BYTES, (byte[]) value)).isTrue();
           }
         }
       });

       Region region = factory.create(REGION_NAME);
       region.put("key1", "value1");
       region.registerInterest("key1");
       region.registerInterest("key2");
     });

     this.client2.invoke(() -> {
       ClientCache cache = createClientCache("dataUser", "1234567", this.server.getPort());
       Region region = createProxyRegion(cache, REGION_NAME);
       // put in a value that's a domain object
       region.put("key1", new SimpleClass(1, (byte) 1));
       region.put("key2", BYTES);
     });

     PDXPostProcessor pp =
         (PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor();
     await()
         .untilAsserted(() -> assertThat(pp.getCount()).isEqualTo(2));
   }

   @Test
   public void testGfshCommand() {
     // have client2 input some domain data into the region
     this.client2.invoke(() -> {
       ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
       Region region = createProxyRegion(cache, REGION_NAME);
       // put in a value that's a domain object
       region.put("key1", new SimpleClass(1, (byte) 1));
       // put in a byte value
       region.put("key2", BYTES);
     });

     this.client1.invoke(() -> {
       GfshCommandRule gfsh = new GfshCommandRule();
       gfsh.secureConnectAndVerify(this.server.getJmxPort(), GfshCommandRule.PortType.jmxManager,
           "dataUser", "1234567");

       // get command
       gfsh.executeAndAssertThat("get --key=key1 --region=AuthRegion").statusIsSuccess();
       if (this.pdxPersistent) {
         assertThat(gfsh.getGfshOutput().contains("org.apache.geode.pdx.internal.PdxInstanceImpl"));
       } else {
         assertThat(gfsh.getGfshOutput()).contains("SimpleClass");
       }

       gfsh.executeAndAssertThat("get --key=key2 --region=AuthRegion").statusIsSuccess()
           .containsOutput("byte[]");

       gfsh.executeAndAssertThat("query --query=\"select * from " + SEPARATOR + "AuthRegion\"")
           .statusIsSuccess();
       gfsh.close();
     });

     PDXPostProcessor pp =
         (PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor();
     assertThat(pp).isNotNull(); // TODO: what else to check here?
   }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/
	package org.apache.geode.security;

	import static org.apache.geode.cache.Region.SEPARATOR;
	import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
	import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_POST_PROCESSOR;
	import static org.apache.geode.security.SecurityTestUtil.createClientCache;
	import static org.apache.geode.security.SecurityTestUtil.createProxyRegion;
	import static org.apache.geode.test.awaitility.GeodeAwaitility.await;
	import static org.assertj.core.api.Assertions.assertThat;

	import java.util.Arrays;
	import java.util.Collection;
	import java.util.Iterator;

	import org.junit.Before;
	import org.junit.Rule;
	import org.junit.Test;
	import org.junit.experimental.categories.Category;
	import org.junit.runner.RunWith;
	import org.junit.runners.Parameterized;

	import org.apache.geode.cache.EntryEvent;
	import org.apache.geode.cache.Region;
	import org.apache.geode.cache.RegionShortcut;
	import org.apache.geode.cache.client.ClientCache;
	import org.apache.geode.cache.client.ClientRegionFactory;
	import org.apache.geode.cache.client.ClientRegionShortcut;
	import org.apache.geode.cache.query.SelectResults;
	import org.apache.geode.cache.util.CacheListenerAdapter;
	import org.apache.geode.internal.cache.EntryEventImpl;
	import org.apache.geode.pdx.SimpleClass;
	import org.apache.geode.test.dunit.Host;
	import org.apache.geode.test.dunit.IgnoredException;
	import org.apache.geode.test.dunit.VM;
	import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
	import org.apache.geode.test.junit.categories.SecurityTest;
	import org.apache.geode.test.junit.rules.GfshCommandRule;
	import org.apache.geode.test.junit.rules.ServerStarterRule;
	import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;

	@Category({SecurityTest.class})
	@RunWith(Parameterized.class)
	@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
	public class PDXPostProcessorDUnitTest extends JUnit4DistributedTestCase {

	private static final byte[] BYTES = PDXPostProcessor.bytes();
	private static final String REGION_NAME = "AuthRegion";

	private VM client1;
	private VM client2;

	private boolean pdxPersistent;

	@Parameterized.Parameters
	public static Collection<Object[]> parameters() {
	Object[][] params = {{true}, {false}};
	return Arrays.asList(params);
	}

	public PDXPostProcessorDUnitTest(boolean pdxPersistent) {
	this.pdxPersistent = pdxPersistent;
	}

	@Before
	public void before() throws Exception {
	Host host = Host.getHost(0);
	this.client1 = host.getVM(1);
	this.client2 = host.getVM(2);
	}

	@Rule
	public ServerStarterRule server =
	new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
	.withProperty(TestSecurityManager.SECURITY_JSON,
	"org/apache/geode/management/internal/security/clientServer.json")
	.withProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName())
	.withProperty("security-pdx", this.pdxPersistent + "").withJMXManager()
	.withRegion(RegionShortcut.REPLICATE, REGION_NAME);

	@Test
	public void testRegionGet() {
	this.client2.invoke(() -> {
	ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
	Region region = createProxyRegion(cache, REGION_NAME);
	// put in a value that's a domain object
	region.put("key1", new SimpleClass(1, (byte) 1));
	// put in a byte value
	region.put("key2", BYTES);
	});

	this.client1.invoke(() -> {
	ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
	Region region = createProxyRegion(cache, REGION_NAME);

	// post process for get the client domain object
	Object value = region.get("key1");
	assertThat(value).isInstanceOf(SimpleClass.class);

	// post process for get the raw byte value
	value = region.get("key2");
	assertThat(Arrays.equals(BYTES, (byte[]) value)).isTrue();
	});

	// this makes sure PostProcessor is getting called
	PDXPostProcessor pp =
	(PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor();
	assertThat(pp.getCount()).isEqualTo(2);
	}

	@Test
	public void testQuery() {
	this.client2.invoke(() -> {
	ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
	Region region = createProxyRegion(cache, REGION_NAME);
	// put in a value that's a domain object
	region.put("key1", new SimpleClass(1, (byte) 1));
	region.put("key2", BYTES);
	});

	this.client1.invoke(() -> {
	ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
	Region region = createProxyRegion(cache, REGION_NAME);

	// post process for query
	String query = "select * from " + SEPARATOR + "AuthRegion";
	SelectResults result = region.query(query);

	Iterator itr = result.iterator();
	while (itr.hasNext()) {
	Object obj = itr.next();
	if (obj instanceof byte[]) {
	assertThat(Arrays.equals(BYTES, (byte[]) obj)).isTrue();
	} else {
	assertThat(obj).isInstanceOf(SimpleClass.class);
	}
	}
	});

	// this makes sure PostProcessor is getting called
	PDXPostProcessor pp =
	(PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor();
	assertThat(pp.getCount()).isEqualTo(2);
	}

	@Test
	public void testRegisterInterest() {
	IgnoredException.addIgnoredException("NoAvailableServersException");

	this.client1.invoke(() -> {
	ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());

	ClientRegionFactory factory = cache.createClientRegionFactory(ClientRegionShortcut.PROXY);
	factory.addCacheListener(new CacheListenerAdapter() {
	@Override
	public void afterUpdate(EntryEvent event) {
	Object key = event.getKey();
	Object value = ((EntryEventImpl) event).getDeserializedValue();
	if (key.equals("key1")) {
	assertThat(value).isInstanceOf(SimpleClass.class);
	} else if (key.equals("key2")) {
	assertThat(Arrays.equals(BYTES, (byte[]) value)).isTrue();
	}
	}
	});

	Region region = factory.create(REGION_NAME);
	region.put("key1", "value1");
	region.registerInterest("key1");
	region.registerInterest("key2");
	});

	this.client2.invoke(() -> {
	ClientCache cache = createClientCache("dataUser", "1234567", this.server.getPort());
	Region region = createProxyRegion(cache, REGION_NAME);
	// put in a value that's a domain object
	region.put("key1", new SimpleClass(1, (byte) 1));
	region.put("key2", BYTES);
	});

	PDXPostProcessor pp =
	(PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor();
	await()
	.untilAsserted(() -> assertThat(pp.getCount()).isEqualTo(2));
	}

	@Test
	public void testGfshCommand() {
	// have client2 input some domain data into the region
	this.client2.invoke(() -> {
	ClientCache cache = createClientCache("super-user", "1234567", this.server.getPort());
	Region region = createProxyRegion(cache, REGION_NAME);
	// put in a value that's a domain object
	region.put("key1", new SimpleClass(1, (byte) 1));
	// put in a byte value
	region.put("key2", BYTES);
	});

	this.client1.invoke(() -> {
	GfshCommandRule gfsh = new GfshCommandRule();
	gfsh.secureConnectAndVerify(this.server.getJmxPort(), GfshCommandRule.PortType.jmxManager,
	"dataUser", "1234567");

	// get command
	gfsh.executeAndAssertThat("get --key=key1 --region=AuthRegion").statusIsSuccess();
	if (this.pdxPersistent) {
	assertThat(gfsh.getGfshOutput().contains("org.apache.geode.pdx.internal.PdxInstanceImpl"));
	} else {
	assertThat(gfsh.getGfshOutput()).contains("SimpleClass");
	}

	gfsh.executeAndAssertThat("get --key=key2 --region=AuthRegion").statusIsSuccess()
	.containsOutput("byte[]");

	gfsh.executeAndAssertThat("query --query=\"select * from " + SEPARATOR + "AuthRegion\"")
	.statusIsSuccess();
	gfsh.close();
	});

	PDXPostProcessor pp =
	(PDXPostProcessor) this.server.getCache().getSecurityService().getPostProcessor();
	assertThat(pp).isNotNull(); // TODO: what else to check here?
	}

	}