Galen O'Sullivan created GEODE-3827:
---------------------------------------
Summary: SecurityManager is leaked from one Cache to another
Key: GEODE-3827
URL: https://issues.apache.org/jira/browse/GEODE-3827
Project: Geode
Issue Type: Bug
Components: configuration, security
Reporter: Galen O'Sullivan
After creating and closing Cache, the SecurityManager is visible to the next
Cache created. This only happens if CacheServer.setSecurityManager is called,
not if the class is specified via property. This is causing failure of some
integration tests we'd like to add.
I've created a minimal working example, also visible on branch
{{SecurityManager-integration-test}} of https://github.com/galen-pivotal/geode
{code}
package org.apache.geode.security;
import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
import static
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
import static org.assertj.core.api.Assertions.assertThat;
import java.util.Properties;
import org.junit.Test;
import org.apache.geode.cache.CacheFactory;
import org.apache.geode.examples.SimpleSecurityManager;
import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.internal.security.SecurityService;
/**
* This test verifies that when a SecurityManager is set, it does not persist
between Cache
* creations.
*
* We had seen this issue, and it broke integration tests.
*/
public class SecurityManagerPersistenceIntegrationTest {
private static final Properties defaultProperties;
static {
Properties properties = new Properties();
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(LOCATORS, "");
defaultProperties = properties;
}
@Test
public void doesNotPersistWhenSetViaCacheFactoryJavaApi() {
CacheFactory firstCacheFactory = new CacheFactory(new
Properties(defaultProperties));
SecurityManager securityManager = new SimpleSecurityManager();
firstCacheFactory.setSecurityManager(securityManager);
InternalCache firstCache = (InternalCache) firstCacheFactory.create();
firstCache.close();
CacheFactory cacheFactory = new CacheFactory(new
Properties(defaultProperties));
try (InternalCache cache = (InternalCache) cacheFactory.create()) {
assertCacheHasNoSecurity(cache);
}
}
@Test
public void doesNotPersistWhenSetWithProperty() {
Properties properties = new Properties(defaultProperties);
properties.setProperty(SECURITY_MANAGER,
SimpleSecurityManager.class.getName());
CacheFactory firstCacheFactory = new CacheFactory(properties);
InternalCache firstCache = (InternalCache) firstCacheFactory.create();
firstCache.close();
// Make sure we're using a fresh CacheFactory, so the test is valid.
CacheFactory cacheFactory = new CacheFactory(new
Properties(defaultProperties));
try (InternalCache cache = (InternalCache) cacheFactory.create()) {
assertCacheHasNoSecurity(cache);
}
}
private void assertCacheHasNoSecurity(InternalCache cache) {
SecurityService securityService = cache.getSecurityService();
assertThat(securityService.isIntegratedSecurity()).isFalse();
assertThat(securityService.isClientSecurityRequired()).isFalse();
assertThat(securityService.isPeerSecurityRequired()).isFalse();
// We expect null if it's not set, but there could be a default security
manager if
// implementation details change.
if (securityService.getSecurityManager() != null) {
assertThat(securityService.getSecurityManager())
.describedAs("Security manager is not the same as the previously
existing Cache")
.isNotInstanceOf(SpySecurityManager.class);
}
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
