Google Git
Sign in
apache / geode / refs/heads/next-gen-native-client-software-grant / . / src / cppcache / integration-test / testThinClientSecurityPostAuthorization.cpp
blob: 2667585dddf6b8ea606c0c656677f977f964b86d [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file testThinClientSecurityPostAuthorization.cpp
*
* @brief Currently this tests for getAll() with only some keys allowed
* so expecting some authorization failure exceptions in the result
*
*
*/
#include "fw_dunit.hpp"
#include <gfcpp/GeodeCppCache.hpp>
#include "CacheHelper.hpp"
#include "ThinClientHelper.hpp"
#include <ace/Process.h>
#include <string>
#include "ThinClientSecurity.hpp"
using namespace apache::geode::client;
const char* locHostPort =
CacheHelper::getLocatorHostPort(isLocator, isLocalServer, 1);
#define HANDLE_NO_NOT_AUTHORIZED_EXCEPTION \
catch (const apache::geode::client::NotAuthorizedException&) { \
LOG("NotAuthorizedException Caught"); \
FAIL("should not have caught NotAuthorizedException"); \
} \
catch (const apache::geode::client::Exception& other) { \
LOG("Got apache::geode::client::Exception& other "); \
other.printStackTrace(); \
FAIL(other.getMessage()); \
}
#define HANDLE_NOT_AUTHORIZED_EXCEPTION \
catch (const apache::geode::client::NotAuthorizedException&) { \
LOG("NotAuthorizedException Caught"); \
LOG("Success"); \
} \
catch (const apache::geode::client::Exception& other) { \
other.printStackTrace(); \
FAIL(other.getMessage()); \
}
#define ADMIN_CLIENT s1p1
#define WRITER_CLIENT s1p2
#define READER_CLIENT s2p1
#define READER2_CLIENT s2p2
const char* regionNamesAuth[] = {"DistRegionAck"};
void initClientAuth(char userType, int clientNum = 1) {
PropertiesPtr config = Properties::create();
config->insert("security-client-auth-library", "securityImpl");
config->insert("security-client-auth-factory",
"createUserPasswordAuthInitInstance");
switch (userType) {
case 'W': {
config->insert("security-username", "geode9");
config->insert("security-password", "geode9");
break;
}
case 'R': {
char clientStr[32];
sprintf(clientStr, "geode%d", clientNum);
config->insert("security-username", clientStr);
config->insert("security-password", clientStr);
break;
}
case 'A': {
config->insert("security-username", "geode1");
config->insert("security-password", "geode1");
break;
}
default: { break; }
}
initClient(true, config);
}
const char* getServerSecurityParams() {
static std::string serverSecurityParams;
if (serverSecurityParams.size() == 0) {
serverSecurityParams =
"security-client-authenticator="
"javaobject.LdapUserAuthenticator.create "
"security-client-accessor="
"org.apache.geode.internal.security.FilterPreAuthorization.create "
"security-client-accessor-pp="
"org.apache.geode.internal.security.FilterPostAuthorization.create "
"log-level=fine security-log-level=finest";
char* ldapSrv = ACE_OS::getenv("LDAP_SERVER");
serverSecurityParams += std::string(" security-ldap-server=") +
(ldapSrv != NULL ? ldapSrv : "ldap");
char* ldapRoot = ACE_OS::getenv("LDAP_BASEDN");
serverSecurityParams +=
std::string(" security-ldap-basedn=") +
(ldapRoot != NULL ? ldapRoot
: "ou=ldapTesting,dc=ldap,dc=gemstone,dc=com");
char* ldapSSL = ACE_OS::getenv("LDAP_USESSL");
serverSecurityParams += std::string(" security-ldap-usessl=") +
(ldapSSL != NULL ? ldapSSL : "false");
}
return serverSecurityParams.c_str();
}
void getKeysVector(VectorOfCacheableKey& keysVec, int numKeys) {
for (int index = 0; index < numKeys; ++index) {
keysVec.push_back(CacheableString::create(keys[index]));
}
}
void checkValuesMap(const HashMapOfCacheablePtr& values, int clientNum,
int numKeys) {
int expectedNum = 0;
CacheableKeyPtr key;
CacheableStringPtr val;
CacheableStringPtr expectedVal;
for (int index = clientNum - 1; index < numKeys; index += clientNum) {
++expectedNum;
key = CacheableString::create(keys[index]);
HashMapOfCacheable::Iterator iter = values->find(key);
ASSERT(iter != values->end(), "key not found in values map");
val = dynCast<CacheableStringPtr>(iter.second());
expectedVal = CacheableString::create(nvals[index]);
ASSERT(*val == *expectedVal, "unexpected value in values map");
}
printf("Expected number of values: %d; got values: %d", expectedNum,
values->size());
ASSERT(values->size() == expectedNum, "unexpected number of values");
}
void checkExceptionsMap(const HashMapOfExceptionPtr& exceptions, int clientNum,
int numKeys) {
int expectedNum = 0;
CacheableKeyPtr key;
for (int index = 0; index < numKeys; ++index) {
if ((index + 1) % clientNum != 0) {
++expectedNum;
key = CacheableString::create(keys[index]);
HashMapOfException::Iterator iter = exceptions->find(key);
ASSERT(iter != exceptions->end(), "key not found in exceptions map");
ASSERT(instanceOf<NotAuthorizedExceptionPtr>(iter.second()),
"unexpected exception type in exception map");
printf("Got expected NotAuthorizedException: %s",
iter.second()->getMessage());
}
}
printf("Expected number of exceptions: %d; got exceptions: %d", expectedNum,
exceptions->size());
ASSERT(exceptions->size() == expectedNum, "unexpected number of exceptions");
}
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, StartLocator)
{
if (isLocator) CacheHelper::initLocator(1);
LOG("Locator1 started");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, StartServer1)
{
if (isLocalServer) {
CacheHelper::initServer(1, "cacheserver_notify_subscription.xml",
locHostPort, getServerSecurityParams());
LOG("Server1 started");
}
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, StartServer2)
{
if (isLocalServer) {
CacheHelper::initServer(2, "cacheserver_notify_subscription2.xml",
locHostPort, getServerSecurityParams());
LOG("Server2 started");
}
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, StepOne)
{
initClientAuth('A');
try {
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
createEntry(regionNamesAuth[0], keys[0], vals[0]);
updateEntry(regionNamesAuth[0], keys[0], nvals[0]);
invalidateEntry(regionNamesAuth[0], keys[0]);
verifyInvalid(regionNamesAuth[0], keys[0]);
destroyEntry(regionNamesAuth[0], keys[0]);
verifyDestroyed(regionNamesAuth[0], keys[0]);
destroyRegion(regionNamesAuth[0]);
CacheableKeyPtr key0 = CacheableKey::create(keys[0]);
CacheableStringPtr val0 = CacheableString::create(vals[0]);
CacheableKeyPtr key2 = CacheableKey::create(keys[2]);
CacheableStringPtr val2 = CacheableString::create(nvals[2]);
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
createEntry(regionNamesAuth[0], keys[0], vals[0]);
createEntry(regionNamesAuth[0], keys[2], nvals[2]);
RegionPtr regPtr0 = getHelper()->getRegion(regionNamesAuth[0]);
if (regPtr0 != NULLPTR) {
regPtr0->registerAllKeys();
regPtr0->unregisterAllKeys();
}
VectorOfCacheableKey keysVec;
keysVec.push_back(key0);
keysVec.push_back(key2);
HashMapOfCacheablePtr values(new HashMapOfCacheable());
HashMapOfExceptionPtr exceptions(new HashMapOfException());
regPtr0->getAll(keysVec, values, exceptions);
ASSERT(values->size() == 2, "Expected 2 entries");
ASSERT(exceptions->size() == (size_t)0, "Expected no exceptions");
CacheableStringPtr res0 = dynCast<CacheableStringPtr>((*values)[key0]);
CacheableStringPtr res2 = dynCast<CacheableStringPtr>((*values)[key2]);
ASSERT(*res0 == *val0, "Unexpected value for key");
ASSERT(*res2 == *val2, "Unexpected value for key");
}
HANDLE_NO_NOT_AUTHORIZED_EXCEPTION
LOG("StepOne complete.");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(WRITER_CLIENT, StepTwo)
{
initClientAuth('W');
try {
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
createEntry(regionNamesAuth[0], keys[0], vals[0]);
updateEntry(regionNamesAuth[0], keys[0], nvals[0]);
invalidateEntry(regionNamesAuth[0], keys[0]);
verifyInvalid(regionNamesAuth[0], keys[0]);
destroyEntry(regionNamesAuth[0], keys[0]);
verifyDestroyed(regionNamesAuth[0], keys[0]);
createEntry(regionNamesAuth[0], keys[0], vals[0]);
updateEntry(regionNamesAuth[0], keys[0], nvals[0]);
verifyEntry(regionNamesAuth[0], keys[0], nvals[0]);
destroyRegion(regionNamesAuth[0]);
}
HANDLE_NO_NOT_AUTHORIZED_EXCEPTION
try {
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
RegionPtr regPtr0 = getHelper()->getRegion(regionNamesAuth[0]);
CacheableKeyPtr keyPtr = CacheableKey::create(keys[0]);
CacheableStringPtr checkPtr =
dynCast<CacheableStringPtr>(regPtr0->get(keyPtr));
FAIL("Should get NotAuthorizedException");
}
HANDLE_NOT_AUTHORIZED_EXCEPTION
try {
createEntry(regionNamesAuth[0], keys[1], nvals[1]);
createEntry(regionNamesAuth[0], keys[2], nvals[2]);
createEntry(regionNamesAuth[0], keys[3], nvals[3]);
createEntry(regionNamesAuth[0], keys[4], nvals[4]);
createEntry(regionNamesAuth[0], keys[5], nvals[5]);
}
HANDLE_NO_NOT_AUTHORIZED_EXCEPTION
LOG("StepTwo complete.");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(READER_CLIENT, StepThree)
{
initClientAuth('R', 2);
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
VectorOfCacheableKey keys;
HashMapOfCacheablePtr values(new HashMapOfCacheable());
HashMapOfExceptionPtr exceptions(new HashMapOfException());
getKeysVector(keys, 6);
RegionPtr rptr = getHelper()->getRegion(regionNamesAuth[0]);
rptr->getAll(keys, values, exceptions);
checkValuesMap(values, 2, 6);
checkExceptionsMap(exceptions, 2, 6);
LOG("StepThree complete.");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(READER2_CLIENT, StepFour)
{
initClientAuth('R', 3);
createRegionForSecurity(regionNamesAuth[0], USE_ACK, true);
VectorOfCacheableKey keys;
HashMapOfCacheablePtr values(new HashMapOfCacheable());
HashMapOfExceptionPtr exceptions(new HashMapOfException());
getKeysVector(keys, 6);
RegionPtr rptr = getHelper()->getRegion(regionNamesAuth[0]);
rptr->getAll(keys, values, exceptions);
checkValuesMap(values, 3, 6);
checkExceptionsMap(exceptions, 3, 6);
LOG("StepFour complete.");
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, CloseServer1)
{
if (isLocalServer) {
CacheHelper::closeServer(1);
LOG("Server1 stopped");
}
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, CloseServer2)
{
if (isLocalServer) {
CacheHelper::closeServer(2);
LOG("Server2 stopped");
}
}
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, CloseCacheAdmin)
{ cleanProc(); }
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(WRITER_CLIENT, CloseCacheWriter)
{ cleanProc(); }
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(READER_CLIENT, CloseCacheReader)
{ cleanProc(); }
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(READER2_CLIENT, CloseCacheReader2)
{ cleanProc(); }
END_TASK_DEFINITION
DUNIT_TASK_DEFINITION(ADMIN_CLIENT, CloseLocator)
{
if (isLocator) {
CacheHelper::closeLocator(1);
LOG("Locator1 stopped");
}
}
END_TASK_DEFINITION
void doThinClientSecurityPostAuthorization() {
CALL_TASK(StartLocator);
CALL_TASK(StartServer1);
CALL_TASK(StartServer2);
CALL_TASK(StepOne);
CALL_TASK(StepTwo);
CALL_TASK(StepThree);
CALL_TASK(StepFour);
CALL_TASK(CloseServer1);
CALL_TASK(CloseServer2);
CALL_TASK(CloseCacheAdmin);
CALL_TASK(CloseCacheWriter);
CALL_TASK(CloseCacheReader);
CALL_TASK(CloseCacheReader2);
CALL_TASK(CloseLocator);
}
DUNIT_MAIN
{ doThinClientSecurityPostAuthorization(); }
END_MAIN