kwart/SecurityInterceptorTest.java

## SecurityInterceptorTest.java
/*
 * Copyright (c) 2008-2017, Hazelcast, Inc. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.hazelcast.client;

import com.hazelcast.client.HazelcastClient;
import com.hazelcast.client.config.ClientConfig;
import com.hazelcast.config.Config;
import com.hazelcast.config.LoginModuleConfig;
import com.hazelcast.config.PermissionConfig;
import com.hazelcast.config.PermissionPolicyConfig;
import com.hazelcast.config.SecurityConfig;
import com.hazelcast.config.SecurityInterceptorConfig;
import com.hazelcast.core.Hazelcast;
import com.hazelcast.core.HazelcastInstance;
import com.hazelcast.core.IMap;
import com.hazelcast.security.Credentials;
import com.hazelcast.security.Parameters;
import com.hazelcast.security.SecurityConstants;
import com.hazelcast.security.SecurityInterceptor;
import com.hazelcast.security.impl.DefaultLoginModule;
import com.hazelcast.security.impl.DefaultPermissionPolicy;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import java.security.AccessControlException;
import java.security.Permission;
import java.security.PermissionCollection;

import static com.hazelcast.config.LoginModuleConfig.LoginModuleUsage.REQUIRED;

/**
 * todo add proper javadoc
 */
public class SecurityInterceptorTest {

    static {
        System.setProperty("hazelcast.enterprise.license.key",
                "put-your-licese-here");
    }

    public static void main(String[] args) throws Exception {
        Config config = new Config();
        SecurityConfig securityConfig = config.getSecurityConfig();
        PermissionPolicyConfig policyConfig = new PermissionPolicyConfig();
        policyConfig.setImplementation(new CustomPolicy());
        securityConfig.setClientPolicyConfig(policyConfig);
        securityConfig.setEnabled(true);
        PermissionConfig permissionConfig = new PermissionConfig(PermissionConfig.PermissionType.ALL, "", null);
        securityConfig.addClientPermissionConfig(permissionConfig);
        SecurityInterceptorConfig securityInterceptorConfig = new SecurityInterceptorConfig();
        securityInterceptorConfig.setImplementation(new MySecurityInterceptor());
        securityConfig.addSecurityInterceptorConfig(securityInterceptorConfig);

        try {
        // costom login module config
        securityConfig.addClientLoginModuleConfig(new LoginModuleConfig(MyLoginModule.class.getName(), REQUIRED));
        HazelcastInstance instance = Hazelcast.newHazelcastInstance(config);

        ClientConfig clientConfig = new ClientConfig();
        clientConfig.setCredentials(new MyCredentials("dev", "dev-pass", 8));
        HazelcastInstance client = HazelcastClient.newHazelcastClient(clientConfig);
        IMap<Object, Object> map = client.getMap("map");
        map.put("key", "value");
        HazelcastInstance client2 = HazelcastClient.newHazelcastClient(clientConfig);
        IMap<Object, Object> map2 = client2.getMap("map");
        System.out.println(map2.get("key"));
        map2.put("key", "value2");
        } finally {
            HazelcastClient.shutdownAll();
            Hazelcast.shutdownAll();
        }
    }

    public static class MySecurityInterceptor implements SecurityInterceptor {

        public void before(Credentials credentials, String objectType, String objectName, String methodName,
                Parameters parameters) throws AccessControlException {
            System.out.println(
                    "before, " + credentials + ", " + objectType + ", " + objectName + ", " + methodName + ", " + parameters);
        }

        public void after(Credentials credentials, String objectType, String objectName, String methodName,
                Parameters parameters) {
            System.out.println("after, " + ", " + credentials + ", " + objectType + ", " + objectName + ", " + methodName + ", "
                    + parameters);
        }
    }

    public static class CustomPolicy extends DefaultPermissionPolicy {
        @Override
        public PermissionCollection getPermissions(Subject subject, Class<? extends Permission> type) {
            System.out.println("getPermissions, " + subject.getPrincipals() + ", " + type.getName());
            return super.getPermissions(subject, type);
        }

    }

    public static class MyLoginModule extends DefaultLoginModule {

        public MyLoginModule() {
        }

        @Override
        public boolean onLogin() throws LoginException {
            if (credentials instanceof MyCredentials) {
                final Config cfg = (Config) options.get(SecurityConstants.ATTRIBUTE_CONFIG);
                final String group = cfg.getGroupConfig().getName();
                final String pass = cfg.getGroupConfig().getPassword();
                if (group.equals(credentials.getPrincipal()) && pass.equals(((MyCredentials) credentials).getPassword())) {
                    return true;
                }
            }
            return false;
        }
    }

    public static class MyCredentials implements Credentials {

        private final String principal;

        private final String password;

        private final int clientId;

        private String endpoint;

        public MyCredentials(String principal, String password, int clientId) {
            this.principal = principal;
            this.password = password;
            this.clientId = clientId;
        }

        public String getEndpoint() {
            return endpoint;
        }

        public void setEndpoint(String endpoint) {
            this.endpoint = endpoint;
        }

        public String getPrincipal() {
            return principal;
        }

        public String getPassword() {
            return password;
        }

        public int getClientId() {
            return clientId;
        }

        @Override
        public String toString() {
            return "MyCredentials{" + "principal='" + principal + '\'' + ", password='" + password + '\'' + ", clientId="
                    + clientId + ", endpoint='" + endpoint + '\'' + '}';
        }
    }

}
	/*
	* Copyright (c) 2008-2017, Hazelcast, Inc. All Rights Reserved.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.hazelcast.client;

	import com.hazelcast.client.HazelcastClient;
	import com.hazelcast.client.config.ClientConfig;
	import com.hazelcast.config.Config;
	import com.hazelcast.config.LoginModuleConfig;
	import com.hazelcast.config.PermissionConfig;
	import com.hazelcast.config.PermissionPolicyConfig;
	import com.hazelcast.config.SecurityConfig;
	import com.hazelcast.config.SecurityInterceptorConfig;
	import com.hazelcast.core.Hazelcast;
	import com.hazelcast.core.HazelcastInstance;
	import com.hazelcast.core.IMap;
	import com.hazelcast.security.Credentials;
	import com.hazelcast.security.Parameters;
	import com.hazelcast.security.SecurityConstants;
	import com.hazelcast.security.SecurityInterceptor;
	import com.hazelcast.security.impl.DefaultLoginModule;
	import com.hazelcast.security.impl.DefaultPermissionPolicy;

	import javax.security.auth.Subject;
	import javax.security.auth.login.LoginException;
	import java.security.AccessControlException;
	import java.security.Permission;
	import java.security.PermissionCollection;

	import static com.hazelcast.config.LoginModuleConfig.LoginModuleUsage.REQUIRED;

	/**
	* todo add proper javadoc
	*/
	public class SecurityInterceptorTest {

	static {
	System.setProperty("hazelcast.enterprise.license.key",
	"put-your-licese-here");
	}

	public static void main(String[] args) throws Exception {
	Config config = new Config();
	SecurityConfig securityConfig = config.getSecurityConfig();
	PermissionPolicyConfig policyConfig = new PermissionPolicyConfig();
	policyConfig.setImplementation(new CustomPolicy());
	securityConfig.setClientPolicyConfig(policyConfig);
	securityConfig.setEnabled(true);
	PermissionConfig permissionConfig = new PermissionConfig(PermissionConfig.PermissionType.ALL, "", null);
	securityConfig.addClientPermissionConfig(permissionConfig);
	SecurityInterceptorConfig securityInterceptorConfig = new SecurityInterceptorConfig();
	securityInterceptorConfig.setImplementation(new MySecurityInterceptor());
	securityConfig.addSecurityInterceptorConfig(securityInterceptorConfig);

	try {
	// costom login module config
	securityConfig.addClientLoginModuleConfig(new LoginModuleConfig(MyLoginModule.class.getName(), REQUIRED));
	HazelcastInstance instance = Hazelcast.newHazelcastInstance(config);

	ClientConfig clientConfig = new ClientConfig();
	clientConfig.setCredentials(new MyCredentials("dev", "dev-pass", 8));
	HazelcastInstance client = HazelcastClient.newHazelcastClient(clientConfig);
	IMap<Object, Object> map = client.getMap("map");
	map.put("key", "value");
	HazelcastInstance client2 = HazelcastClient.newHazelcastClient(clientConfig);
	IMap<Object, Object> map2 = client2.getMap("map");
	System.out.println(map2.get("key"));
	map2.put("key", "value2");
	} finally {
	HazelcastClient.shutdownAll();
	Hazelcast.shutdownAll();
	}
	}

	public static class MySecurityInterceptor implements SecurityInterceptor {

	public void before(Credentials credentials, String objectType, String objectName, String methodName,
	Parameters parameters) throws AccessControlException {
	System.out.println(
	"before, " + credentials + ", " + objectType + ", " + objectName + ", " + methodName + ", " + parameters);
	}

	public void after(Credentials credentials, String objectType, String objectName, String methodName,
	Parameters parameters) {
	System.out.println("after, " + ", " + credentials + ", " + objectType + ", " + objectName + ", " + methodName + ", "
	+ parameters);
	}
	}

	public static class CustomPolicy extends DefaultPermissionPolicy {
	@Override
	public PermissionCollection getPermissions(Subject subject, Class<? extends Permission> type) {
	System.out.println("getPermissions, " + subject.getPrincipals() + ", " + type.getName());
	return super.getPermissions(subject, type);
	}

	}

	public static class MyLoginModule extends DefaultLoginModule {

	public MyLoginModule() {
	}

	@Override
	public boolean onLogin() throws LoginException {
	if (credentials instanceof MyCredentials) {
	final Config cfg = (Config) options.get(SecurityConstants.ATTRIBUTE_CONFIG);
	final String group = cfg.getGroupConfig().getName();
	final String pass = cfg.getGroupConfig().getPassword();
	if (group.equals(credentials.getPrincipal()) && pass.equals(((MyCredentials) credentials).getPassword())) {
	return true;
	}
	}
	return false;
	}
	}

	public static class MyCredentials implements Credentials {

	private final String principal;

	private final String password;

	private final int clientId;

	private String endpoint;

	public MyCredentials(String principal, String password, int clientId) {
	this.principal = principal;
	this.password = password;
	this.clientId = clientId;
	}

	public String getEndpoint() {
	return endpoint;
	}

	public void setEndpoint(String endpoint) {
	this.endpoint = endpoint;
	}

	public String getPrincipal() {
	return principal;
	}

	public String getPassword() {
	return password;
	}

	public int getClientId() {
	return clientId;
	}

	@Override
	public String toString() {
	return "MyCredentials{" + "principal='" + principal + '\'' + ", password='" + password + '\'' + ", clientId="
	+ clientId + ", endpoint='" + endpoint + '\'' + '}';
	}
	}

	}