Created
January 26, 2018 10:16
-
-
Save kwart/415e7e6d4ccb442d71ef5734a35e96d2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Copyright (c) 2008-2017, Hazelcast, Inc. All Rights Reserved. | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software | |
* distributed under the License is distributed on an "AS IS" BASIS, | |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
* See the License for the specific language governing permissions and | |
* limitations under the License. | |
*/ | |
package com.hazelcast.client; | |
import com.hazelcast.client.HazelcastClient; | |
import com.hazelcast.client.config.ClientConfig; | |
import com.hazelcast.config.Config; | |
import com.hazelcast.config.LoginModuleConfig; | |
import com.hazelcast.config.PermissionConfig; | |
import com.hazelcast.config.PermissionPolicyConfig; | |
import com.hazelcast.config.SecurityConfig; | |
import com.hazelcast.config.SecurityInterceptorConfig; | |
import com.hazelcast.core.Hazelcast; | |
import com.hazelcast.core.HazelcastInstance; | |
import com.hazelcast.core.IMap; | |
import com.hazelcast.security.Credentials; | |
import com.hazelcast.security.Parameters; | |
import com.hazelcast.security.SecurityConstants; | |
import com.hazelcast.security.SecurityInterceptor; | |
import com.hazelcast.security.impl.DefaultLoginModule; | |
import com.hazelcast.security.impl.DefaultPermissionPolicy; | |
import javax.security.auth.Subject; | |
import javax.security.auth.login.LoginException; | |
import java.security.AccessControlException; | |
import java.security.Permission; | |
import java.security.PermissionCollection; | |
import static com.hazelcast.config.LoginModuleConfig.LoginModuleUsage.REQUIRED; | |
/** | |
* todo add proper javadoc | |
*/ | |
public class SecurityInterceptorTest { | |
static { | |
System.setProperty("hazelcast.enterprise.license.key", | |
"put-your-licese-here"); | |
} | |
public static void main(String[] args) throws Exception { | |
Config config = new Config(); | |
SecurityConfig securityConfig = config.getSecurityConfig(); | |
PermissionPolicyConfig policyConfig = new PermissionPolicyConfig(); | |
policyConfig.setImplementation(new CustomPolicy()); | |
securityConfig.setClientPolicyConfig(policyConfig); | |
securityConfig.setEnabled(true); | |
PermissionConfig permissionConfig = new PermissionConfig(PermissionConfig.PermissionType.ALL, "", null); | |
securityConfig.addClientPermissionConfig(permissionConfig); | |
SecurityInterceptorConfig securityInterceptorConfig = new SecurityInterceptorConfig(); | |
securityInterceptorConfig.setImplementation(new MySecurityInterceptor()); | |
securityConfig.addSecurityInterceptorConfig(securityInterceptorConfig); | |
try { | |
// costom login module config | |
securityConfig.addClientLoginModuleConfig(new LoginModuleConfig(MyLoginModule.class.getName(), REQUIRED)); | |
HazelcastInstance instance = Hazelcast.newHazelcastInstance(config); | |
ClientConfig clientConfig = new ClientConfig(); | |
clientConfig.setCredentials(new MyCredentials("dev", "dev-pass", 8)); | |
HazelcastInstance client = HazelcastClient.newHazelcastClient(clientConfig); | |
IMap<Object, Object> map = client.getMap("map"); | |
map.put("key", "value"); | |
HazelcastInstance client2 = HazelcastClient.newHazelcastClient(clientConfig); | |
IMap<Object, Object> map2 = client2.getMap("map"); | |
System.out.println(map2.get("key")); | |
map2.put("key", "value2"); | |
} finally { | |
HazelcastClient.shutdownAll(); | |
Hazelcast.shutdownAll(); | |
} | |
} | |
public static class MySecurityInterceptor implements SecurityInterceptor { | |
public void before(Credentials credentials, String objectType, String objectName, String methodName, | |
Parameters parameters) throws AccessControlException { | |
System.out.println( | |
"before, " + credentials + ", " + objectType + ", " + objectName + ", " + methodName + ", " + parameters); | |
} | |
public void after(Credentials credentials, String objectType, String objectName, String methodName, | |
Parameters parameters) { | |
System.out.println("after, " + ", " + credentials + ", " + objectType + ", " + objectName + ", " + methodName + ", " | |
+ parameters); | |
} | |
} | |
public static class CustomPolicy extends DefaultPermissionPolicy { | |
@Override | |
public PermissionCollection getPermissions(Subject subject, Class<? extends Permission> type) { | |
System.out.println("getPermissions, " + subject.getPrincipals() + ", " + type.getName()); | |
return super.getPermissions(subject, type); | |
} | |
} | |
public static class MyLoginModule extends DefaultLoginModule { | |
public MyLoginModule() { | |
} | |
@Override | |
public boolean onLogin() throws LoginException { | |
if (credentials instanceof MyCredentials) { | |
final Config cfg = (Config) options.get(SecurityConstants.ATTRIBUTE_CONFIG); | |
final String group = cfg.getGroupConfig().getName(); | |
final String pass = cfg.getGroupConfig().getPassword(); | |
if (group.equals(credentials.getPrincipal()) && pass.equals(((MyCredentials) credentials).getPassword())) { | |
return true; | |
} | |
} | |
return false; | |
} | |
} | |
public static class MyCredentials implements Credentials { | |
private final String principal; | |
private final String password; | |
private final int clientId; | |
private String endpoint; | |
public MyCredentials(String principal, String password, int clientId) { | |
this.principal = principal; | |
this.password = password; | |
this.clientId = clientId; | |
} | |
public String getEndpoint() { | |
return endpoint; | |
} | |
public void setEndpoint(String endpoint) { | |
this.endpoint = endpoint; | |
} | |
public String getPrincipal() { | |
return principal; | |
} | |
public String getPassword() { | |
return password; | |
} | |
public int getClientId() { | |
return clientId; | |
} | |
@Override | |
public String toString() { | |
return "MyCredentials{" + "principal='" + principal + '\'' + ", password='" + password + '\'' + ", clientId=" | |
+ clientId + ", endpoint='" + endpoint + '\'' + '}'; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment