• Home
• org.apache.geode
• geode-core
• 1.1.1
• source code
• GMSAuthenticator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.apache.geode.distributed.internal.membership.gms.auth.GMSAuthenticator Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
 * agreements. See the NOTICE file distributed with this work for additional information regarding
 * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License. You may obtain a
 * copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */
package org.apache.geode.distributed.internal.membership.gms.auth;

import static org.apache.geode.distributed.ConfigurationProperties.*;
import static org.apache.geode.internal.i18n.LocalizedStrings.*;

import java.security.Principal;
import java.util.Properties;

import org.apache.commons.lang.StringUtils;

import org.apache.geode.LogWriter;
import org.apache.geode.distributed.DistributedMember;
import org.apache.geode.distributed.internal.membership.InternalDistributedMember;
import org.apache.geode.distributed.internal.membership.NetView;
import org.apache.geode.distributed.internal.membership.gms.Services;
import org.apache.geode.distributed.internal.membership.gms.interfaces.Authenticator;
import org.apache.geode.internal.cache.tier.sockets.HandShake;
import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.InternalLogWriter;
import org.apache.geode.internal.security.IntegratedSecurityService;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.AuthenticationFailedException;
import org.apache.geode.security.GemFireSecurityException;

public class GMSAuthenticator implements Authenticator {

  private Services services;
  private Properties securityProps;
  private SecurityService securityService = IntegratedSecurityService.getSecurityService();

  @Override
  public void init(Services s) {
    this.services = s;
    this.securityProps = this.services.getConfig().getDistributionConfig().getSecurityProps();
  }

  @Override
  public void start() {}

  @Override
  public void started() {}

  @Override
  public void stop() {}

  @Override
  public void stopped() {}

  @Override
  public void installView(NetView v) {}

  @Override
  public void beSick() {}

  @Override
  public void playDead() {}

  @Override
  public void beHealthy() {}

  @Override
  public void memberSuspected(InternalDistributedMember initiator,
      InternalDistributedMember suspect, String reason) {}

  /**
   * Authenticate peer member with authenticator class defined by property
   * "security-peer-authenticator".
   *
   * @param member the member to be authenticated
   * @param credentials the credentials used in authentication
   * @return null if authentication succeed (including no authenticator case), otherwise, return
   *         failure message
   * @throws AuthenticationFailedException this will be removed since return string is used for
   *         failure
   */
  @Override
  public String authenticate(InternalDistributedMember member, Properties credentials)
      throws AuthenticationFailedException {
    return authenticate(member, credentials, this.securityProps);
  }

  /**
   * Method is package protected to be used in testing.
   */
  String authenticate(DistributedMember member, Properties credentials, Properties secProps)
      throws AuthenticationFailedException {
    // For older systems, locator might be started without cache, so secureService may not be
    // initialized here. We need to check
    // if the passed in secProps has peer authenticator or not
    String authMethod = secProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
    // at this point,
    if (!securityService.isPeerSecurityRequired() && StringUtils.isBlank(authMethod)) {
      return null;
    }

    InternalLogWriter securityLogWriter = this.services.getSecurityLogWriter();

    if (credentials == null) {
      securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS, member);
      return AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS.toLocalizedString(member);
    }

    String failMsg = null;
    try {
      if (this.securityService.isIntegratedSecurity()) {
        this.securityService.login(credentials);
        this.securityService.authorizeClusterManage();
      } else {
        invokeAuthenticator(secProps, member, credentials);
      }
    } catch (Exception ex) {
      securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION,
          new Object[] {member, ex.getLocalizedMessage()}, ex);
      failMsg = AUTH_PEER_AUTHENTICATION_FAILED.toLocalizedString(ex.getLocalizedMessage());
    }

    return failMsg;
  }


  /**
   * Method is package protected to be used in testing.
   */
  Principal invokeAuthenticator(Properties securityProps, DistributedMember member,
      Properties credentials) throws AuthenticationFailedException {
    String authMethod = securityProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
    org.apache.geode.security.Authenticator auth = null;
    try {
      auth = SecurityService.getObjectOfType(authMethod,
          org.apache.geode.security.Authenticator.class);

      LogWriter logWriter = this.services.getLogWriter();
      LogWriter securityLogWriter = this.services.getSecurityLogWriter();
      auth.init(this.securityProps, logWriter, securityLogWriter); // this.securityProps contains
                                                                   // security-ldap-basedn but
                                                                   // security-ldap-baseDomainName
                                                                   // is expected
      return auth.authenticate(credentials, member);

    } catch (GemFireSecurityException gse) {
      throw gse;

    } catch (Exception ex) {
      throw new AuthenticationFailedException(
          HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);

    } finally {
      if (auth != null)
        auth.close();
    }
  }

  /**
   * Get credential object for the given GemFire distributed member.
   *
   * @param member the target distributed member
   * @return the credentials
   */
  @Override
  public Properties getCredentials(InternalDistributedMember member) {
    try {
      return getCredentials(member, securityProps);

    } catch (Exception e) {
      String authMethod = securityProps.getProperty(SECURITY_PEER_AUTH_INIT);
      services.getSecurityLogWriter().warning(
          LocalizedStrings.AUTH_FAILED_TO_OBTAIN_CREDENTIALS_IN_0_USING_AUTHINITIALIZE_1_2,
          new Object[] {authMethod, e.getLocalizedMessage()});
      return null;
    }
  }

  /**
   * For testing only.
   */
  Properties getCredentials(DistributedMember member, Properties secProps) {
    String authMethod = secProps.getProperty(SECURITY_PEER_AUTH_INIT);
    return HandShake.getCredentials(authMethod, secProps, member, true, services.getLogWriter(),
        services.getSecurityLogWriter());
  }

  /**
   * For testing only.
   */
  Properties getSecurityProps() {
    return this.securityProps;
  }

  @Override
  public void emergencyClose() {}
}