package org.infinispan.server.test.security.jgroups.sasl;
import static org.infinispan.server.test.util.ITestUtils.getAttribute;
import static org.junit.Assert.assertEquals;
import org.infinispan.arquillian.core.InfinispanResource;
import org.infinispan.arquillian.core.RemoteInfinispanServers;
import org.infinispan.arquillian.core.RunningServer;
import org.infinispan.arquillian.core.WithRunningServer;
import org.infinispan.arquillian.utils.MBeanServerConnectionProvider;
import org.infinispan.server.test.category.Security;
import org.infinispan.server.test.client.memcached.MemcachedClient;
import org.infinispan.server.test.util.ITestUtils;
import org.infinispan.server.test.util.RemoteInfinispanMBeans;
import org.infinispan.test.integration.security.utils.ApacheDsKrbLdap;
import org.jboss.arquillian.container.test.api.ContainerController;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
/**
*
* Test JGroups' SASL protocol with various mechs (namely with DIGEST-MD5 and GSSAPI).
*
* @author Martin Gencur
* @author vjuranek
* @since 7.0
*/
@RunWith(Arquillian.class)
@Category({ Security.class })
public class SaslAuthIT {
@InfinispanResource
RemoteInfinispanServers servers;
@ArquillianResource
ContainerController controller;
final String COORDINATOR_NODE_MD5 = "clustered-sasl-md5-1";
final String JOINING_NODE_MD5 = "clustered-sasl-md5-2";
final String ANOTHER_JOINING_NODE_MD5 = "another-clustered-sasl-md5-2";
final String MECH_MD5 = "DIGEST-MD5";
final String COORDINATOR_NODE_KRB = "clustered-sasl-krb-1";
final String JOINING_NODE_KRB = "clustered-sasl-krb-2";
final String MECH_KRB = "GSSAPI";
final String SASL_MBEAN = "jgroups:type=protocol,cluster=\"cluster\",protocol=SASL";
private static ApacheDsKrbLdap krbLdapServer;
@BeforeClass
public static void ldapSetup() throws Exception {
krbLdapServer = new ApacheDsKrbLdap("localhost");
krbLdapServer.start();
}
@AfterClass
public static void ldapTearDown() throws Exception {
krbLdapServer.stop();
}
@Test
@WithRunningServer(@RunningServer(name = COORDINATOR_NODE_MD5))
public void testSaslMD5() throws Exception {
saslTest(COORDINATOR_NODE_MD5, JOINING_NODE_MD5, MECH_MD5);
}
@Ignore
@WithRunningServer(@RunningServer(name = COORDINATOR_NODE_KRB))
public void testSaslKrb() throws Exception {
saslTest(COORDINATOR_NODE_KRB, JOINING_NODE_KRB, MECH_KRB);
}
@Test
@WithRunningServer(@RunningServer(name = COORDINATOR_NODE_MD5))
public void testNodeAuthorization() throws Exception {
authorizationTest(COORDINATOR_NODE_MD5, ANOTHER_JOINING_NODE_MD5, MECH_MD5);
}
public void saslTest(String coordinatorNode, String joiningNode, String mech) throws Exception {
try {
controller.start(joiningNode);
RemoteInfinispanMBeans coordinator = RemoteInfinispanMBeans.create(servers, coordinatorNode, "memcachedCache",
"clustered");
RemoteInfinispanMBeans friend = RemoteInfinispanMBeans.create(servers, joiningNode, "memcachedCache",
"clustered");
MBeanServerConnectionProvider providerCoordinator = new MBeanServerConnectionProvider(coordinator.server
.getHotrodEndpoint().getInetAddress().getHostName(), ITestUtils.SERVER1_MGMT_PORT);
MBeanServerConnectionProvider providerFriend = new MBeanServerConnectionProvider(friend.server
.getHotrodEndpoint().getInetAddress().getHostName(), ITestUtils.SERVER2_MGMT_PORT);
MemcachedClient mcCoordinator = new MemcachedClient(coordinator.server.getMemcachedEndpoint().getInetAddress()
.getHostName(), coordinator.server.getMemcachedEndpoint().getPort());
MemcachedClient mcFriend = new MemcachedClient(friend.server.getMemcachedEndpoint().getInetAddress()
.getHostName(), friend.server.getMemcachedEndpoint().getPort());
//check the cluster was formed
assertEquals(2, coordinator.manager.getClusterSize());
assertEquals(2, friend.manager.getClusterSize());
//check that SASL protocol is registered with JGroups
assertEquals(mech, getAttribute(providerCoordinator, SASL_MBEAN, "mech"));
assertEquals(mech, getAttribute(providerFriend, SASL_MBEAN, "mech"));
mcFriend.set("key1", "value1");
assertEquals("Could not read replicated pair key1/value1", "value1", mcCoordinator.get("key1"));
} finally {
controller.stop(joiningNode);
}
}
public void authorizationTest(String coordinatorNode, String joiningNode, String mech) throws Exception {
try {
controller.start(joiningNode);
RemoteInfinispanMBeans coordinator = RemoteInfinispanMBeans.create(servers, coordinatorNode, "memcachedCache",
"clustered");
//check the cluster was NOT formed
assertEquals(1, coordinator.manager.getClusterSize());
} finally {
controller.stop(joiningNode);
}
}
}