Jinwoo Hwang created GEODE-10563:
------------------------------------
Summary: Testcases — Server-Only TLS with Application-Layer
Authentication
Key: GEODE-10563
URL: https://issues.apache.org/jira/browse/GEODE-10563
Project: Geode
Issue Type: Improvement
Reporter: Jinwoo Hwang
h3. Summary
Create testcases to validate a Server-only TLS deployment where servers present
public (or internal) TLS certificates for encryption but clients authenticate
using application-layer credentials (username/password, tokens, or mutual
application-level certificates). Tests cover connectivity, auth flows,
misconfiguration, and security/regression scenarios. Use these testcases to
create individual JIRA test tickets.
h3. Test environment / prerequisites
- Java runtime matching CI environment
- Keystore/truststore artifacts for servers (public or internal CA-signed)
- Authentication backends: built-in security manager, LDAP/JAAS stub, token
auth service (if used)
- Nodes available: at least 2 servers (peers), 1 locator, 2 clients (one using
valid app credentials, one invalid)
- Ensure `ssl-keystore-type=JKS`, `ssl-truststore-type=JKS` are configurable
in test node properties
h3. Acceptance criteria
- Test is reliable and reproducible in CI.
- Test asserts TLS encryption is active and that application-layer
authentication and authorization succeed/fail as expected with clear log
evidence.
- Performance tests should include baseline comparisons and documented
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
