ReadOpFileAccessControllerJUnitTest.java example

Explorer
geode-master
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
 * agreements. See the NOTICE file distributed with this work for additional information regarding
 * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License. You may obtain a
 * copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */
package org.apache.geode.management.internal.unsafe;

import org.apache.geode.cache.CacheFactory;
import org.apache.geode.distributed.DistributedMember;
import org.apache.geode.distributed.DistributedSystem;
import org.apache.geode.internal.cache.GemFireCacheImpl;
import org.apache.geode.management.ManagementService;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TemporaryFolder;

import javax.management.*;
import javax.management.remote.*;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.UnicastRemoteObject;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;

import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;

/**
 * Test ReadOnly operations are accesible from RMI Connector with readOnly user
 *
 */
@Category(IntegrationTest.class)
public class ReadOpFileAccessControllerJUnitTest {

  private GemFireCacheImpl cache = null;
  private DistributedSystem ds = null;
  private String hostname;
  private int port = 9999;
  private JMXConnectorServer rmiConnector = null;
  private JMXConnector connector = null;
  private Registry registry = null;

  public static final String SERVICE_URLPREFIX = "service:jmx:rmi:///jndi/rmi:";
  private static final String NEW_LINE = System.getProperty("line.separator");

  @Rule
  public TemporaryFolder tempFolder = new TemporaryFolder();

  @Before
  public void setUp() throws Exception {
    Properties pr = getProperties();
    ds = getSystem(pr);
    cache = (GemFireCacheImpl) CacheFactory.create(ds);
    hostname = InetAddress.getLocalHost().getCanonicalHostName();
  }

  @After
  public void tearDown() throws Exception {
    connector.close();
    rmiConnector.stop();
    cache.close();
    ds.disconnect();
    UnicastRemoteObject.unexportObject(registry, true);
  }

  private Properties getProperties() {
    Properties pr = new Properties();
    pr.put(MCAST_PORT, "0");
    pr.put(LOCATORS, "");
    // pr.put("jmx-manager", "true");
    // pr.put("jmx-manager-start", "true");
    return pr;
  }

  @Test
  public void testReadOnlyOperations()
      throws IOException, InstanceNotFoundException, ReflectionException, MBeanException {
    ManagementService service =
        ManagementService.getExistingManagementService(GemFireCacheImpl.getInstance());
    String accessFileName = createAccessFile();
    String passwordFileName = createPasswordFile();
    createConnector(accessFileName, passwordFileName);

    MBeanServerConnection server = connectToRmiConnector();
    DistributedMember member = cache.getMyId();

    assertNotNull(server.invoke(service.getMemberMBeanName(member), "listRegions", null, null));
    assertNotNull(
        server.invoke(service.getMemberMBeanName(member), "listGemFireProperties", null, null));
    assertNotNull(server.invoke(service.getMemberMBeanName(member), "listConnectedGatewayReceivers",
        null, null));
    assertNotNull(server.invoke(service.getMemberMBeanName(member), "listConnectedGatewaySenders",
        null, null));

    assertNotNull(server.invoke(service.getMemberMBeanName(member), "showJVMMetrics", null, null));
    assertNotNull(server.invoke(service.getMemberMBeanName(member), "showOSMetrics", null, null));

    assertNotNull(server.invoke(service.getMemberMBeanName(member), "fetchJvmThreads", null, null));

    assertNotNull(server.invoke(service.getMemberMBeanName(member), "viewLicense", null, null));

    // TODO QueryData : Start Manager fails due to #50280 : Can not start manager inside a loner
    try {
      server.invoke(service.getMemberMBeanName(member), "compactAllDiskStores", null, null);
      fail("Admin operation accessible to readonly user");
    } catch (SecurityException e) {
      // ok
    }

  }

  @SuppressWarnings({"rawtypes", "unchecked"})
  private MBeanServerConnection connectToRmiConnector() throws MalformedURLException, IOException {
    String serviceUrl = SERVICE_URLPREFIX + "//" + hostname + ":" + port + "/jmxconnector";
    String[] creds = {"user", "user"};
    Map env = new HashMap();
    env.put(JMXConnector.CREDENTIALS, creds);
    connector = JMXConnectorFactory.connect(new JMXServiceURL(serviceUrl), env);
    return connector.getMBeanServerConnection();
  }

  private void createConnector(String accessFileName, String pwFile) throws IOException {
    registry = LocateRegistry.createRegistry(port);
    MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
    String serviceUrl = SERVICE_URLPREFIX + "//" + hostname + ":" + port + "/jmxconnector";
    System.out.println("Server service url " + serviceUrl);
    final JMXServiceURL jmxServiceUrl = new JMXServiceURL(serviceUrl);

    final HashMap<String, Object> env = new HashMap<String, Object>();
    env.put("jmx.remote.x.password.file", pwFile);

    ReadOpFileAccessController controller = new ReadOpFileAccessController(accessFileName);
    controller.setMBeanServer(mbs);
    rmiConnector = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceUrl, env, controller);
    rmiConnector.start();
  }

  private String createAccessFile() throws IOException {
    File file = tempFolder.newFile("jmxremote.access");
    BufferedWriter writer = new BufferedWriter(new FileWriter(file));
    writer.append("admin readwrite");
    writer.append(NEW_LINE);
    writer.append("user readonly");
    writer.append(NEW_LINE);
    writer.flush();
    writer.close();
    return file.getAbsolutePath();
  }

  private String createPasswordFile() throws IOException {
    File file = tempFolder.newFile("jmxremote.password");
    BufferedWriter writer = new BufferedWriter(new FileWriter(file));
    writer.append("admin admin");
    writer.append(NEW_LINE);
    writer.append("user user");
    writer.append(NEW_LINE);
    writer.flush();
    writer.close();
    return file.getAbsolutePath();
  }

  private static DistributedSystem getSystem(Properties properties) {
    return DistributedSystem.connect(properties);
  }

}