User can run benchmarks with SecurityManager (#91)

Co-authored-by: Murtuza Boxwala <mboxwala@pivotal.io>
Co-authored-by: Kamilla Aslami <kaslami@pivotal.io>

.gitignore

@@ -4,3 +4,5 @@ out
 build/
 output*/
 temp-self-signed.jks
+geode-benchmarks/security.json
+harness/security.json

README.md

@@ -49,15 +49,16 @@ For example:
 ```
 
 Options:
-
-    -Phosts      : Hosts used by benchmarks on the order of client,locator,server,server (-Phosts=localhost,localhost,localhost,localhost)
-    -PoutputDir  : Results output directory (-PoutputDir=/tmp/results)
-    -PtestJVM    : Path to an alternative JVM for running the client, locator, and servers. If not specified JAVA_HOME will be used. Note all compilation tasks will still use JAVA_HOME.
-    -PwithSsl    : Flag to run geode with SSL. A self-signed certificate will be generated at runtime.
-    --tests      : Specific benchmarks to run (--tests=PartitionedPutBenchmark)
-    -d           : Debug
-    -i           : Info
-
+```
+    -Phosts               : Hosts used by benchmarks on the order of client,locator,server,server (-Phosts=localhost,localhost,localhost,localhost)
+    -PoutputDir           : Results output directory (-PoutputDir=/tmp/results)
+    -PtestJVM             : Path to an alternative JVM for running the client, locator, and servers. If not specified JAVA_HOME will be used. Note all compilation tasks will still use JAVA_HOME.
+    -PwithSsl             : Flag to run geode with SSL. A self-signed certificate will be generated at runtime.
+    -PwithSecurityManager : Flag to start Geode with the example implementation of SecurityManager
+    --tests               : Specific benchmarks to run (--tests=PartitionedPutBenchmark)
+    -d                    : Debug
+    -i                    : Info
+```    
 ### Running in aws
 
 This project includes some scripts to automate running benchmarks in AWS. See the 

geode-benchmarks/build.gradle

@@ -77,6 +77,7 @@ task benchmark(type: Test) {
     systemProperty 'TEST_METADATA', project.findProperty('metadata')
     systemProperty 'OUTPUT_DIR', outputDir
     systemProperty 'withSsl', project.hasProperty('withSsl')
+    systemProperty 'withSecurityManager', project.hasProperty('withSecurityManager')
     systemProperty 'benchmark.profiler.argument', project.findProperty('benchmark.profiler.argument')
 
     doFirst {

geode-benchmarks/src/main/java/org/apache/geode/benchmark/parameters/GeodeProperties.java

@@ -26,6 +26,7 @@
 import static org.apache.geode.distributed.ConfigurationProperties.LOG_LEVEL;
 import static org.apache.geode.distributed.ConfigurationProperties.MEMBER_TIMEOUT;
 import static org.apache.geode.distributed.ConfigurationProperties.REMOVE_UNRESPONSIVE_CLIENT;
+import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
 import static org.apache.geode.distributed.ConfigurationProperties.SERIALIZABLE_OBJECT_FILTER;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
 import static org.apache.geode.distributed.ConfigurationProperties.STATISTIC_SAMPLING_ENABLED;
@@ -34,6 +35,7 @@
 
 import java.util.Properties;
 
+import org.apache.geode.benchmark.security.ExampleAuthInit;
 
 public class GeodeProperties {
 
@@ -55,12 +57,12 @@ public static Properties serverProperties() {
     properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
     properties.setProperty(SERIALIZABLE_OBJECT_FILTER, "benchmark.geode.data.**");
 
-    return properties;
+    return withOptions(properties);
   }
 
   public static Properties locatorProperties() {
     // Locator properties are the same as the server properties right now
-    return serverProperties();
+    return withOptions(serverProperties());
   }
 
   public static Properties clientProperties() {
@@ -71,12 +73,47 @@ public static Properties clientProperties() {
     properties.setProperty(STATISTIC_SAMPLING_ENABLED, "true");
     properties.setProperty(MEMBER_TIMEOUT, "8000");
 
-    return properties;
+    properties.setProperty("security-username", "superUser");
+    properties.setProperty("security-password", "123");
+    properties.setProperty("security-client-auth-init", ExampleAuthInit.class.getName());
+
+    return withOptions(properties);
   }
 
+  public static Properties withSecurityManager(Properties properties) {
+    properties.setProperty(SECURITY_MANAGER,
+        "org.apache.geode.examples.security.ExampleSecurityManager");
+    properties.setProperty("security-username", "superUser");
+    properties.setProperty("security-password", "123");
+    return properties;
+  }
 
   public static Properties withSsl(Properties properties) {
     properties.setProperty(SSL_ENABLED_COMPONENTS, ALL);
     return properties;
   }
+
+  private static boolean isSecurityManagerEnabled() {
+    return isPropertySet("withSecurityManager");
+  }
+
+  private static boolean isSslEnabled() {
+    return isPropertySet("withSsl");
+  }
+
+  private static boolean isPropertySet(String withSecurityManager) {
+    String withSecurityManagerArg = System.getProperty(withSecurityManager);
+    return withSecurityManagerArg != null && withSecurityManagerArg.equals("true");
+  }
+
+  private static Properties withOptions(Properties properties) {
+    if (isSslEnabled()) {
+      properties = withSsl(properties);
+    }
+
+    if (isSecurityManagerEnabled()) {
+      properties = withSecurityManager(properties);
+    }
+    return properties;
+  }
 }

geode-benchmarks/src/main/java/org/apache/geode/benchmark/security/ExampleAuthInit.java

@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geode.benchmark.security;
+
+import java.util.Properties;
+
+import org.apache.geode.LogWriter;
+import org.apache.geode.distributed.DistributedMember;
+import org.apache.geode.security.AuthInitialize;
+import org.apache.geode.security.AuthenticationFailedException;
+
+public class ExampleAuthInit implements AuthInitialize {
+
+  private static final String USER_NAME = "security-username";
+  private static final String PASSWORD = "security-password";
+
+  private static final String INSECURE_PASSWORD_FOR_EVERY_USER = "123";
+
+  /**
+   * The implementer would use their existing infrastructure (e.g., ldap) here to populate these
+   * properties with the user credentials. These properties will in turn be handled by the
+   * implementer's design of SecurityManager to authenticate users and authorize operations.
+   */
+  @Override
+  public Properties getCredentials(Properties securityProps) throws AuthenticationFailedException {
+    Properties credentials = new Properties();
+    String userName = securityProps.getProperty(USER_NAME);
+    if (userName == null) {
+      throw new AuthenticationFailedException(
+          "ExampleAuthInit: user name property [" + USER_NAME + "] not set.");
+    }
+    credentials.setProperty(USER_NAME, userName);
+    credentials.setProperty(PASSWORD, INSECURE_PASSWORD_FOR_EVERY_USER);
+    return credentials;
+  }
+
+  @Override
+  public void close() {}
+
+  @Override
+  @Deprecated
+  public void init(LogWriter systemLogger, LogWriter securityLogger)
+      throws AuthenticationFailedException {}
+
+  @Override
+  @Deprecated
+  public Properties getCredentials(Properties securityProps, DistributedMember server,
+      boolean isPeer) throws AuthenticationFailedException {
+    return getCredentials(securityProps);
+  }
+}

geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartClient.java

@@ -18,7 +18,6 @@
 package org.apache.geode.benchmark.tasks;
 
 import static org.apache.geode.benchmark.parameters.GeodeProperties.clientProperties;
-import static org.apache.geode.benchmark.parameters.GeodeProperties.withSsl;
 
 import java.io.File;
 import java.net.InetAddress;
@@ -47,9 +46,7 @@ public void run(TestContext context) throws Exception {
     InetAddress locator = context.getHostsForRole("locator").iterator().next();
 
     String statsFile = new File(context.getOutputDir(), "stats.gfs").getAbsolutePath();
-    String withSslArg = System.getProperty("withSsl");
-    Properties properties = (withSslArg != null)
-        ? withSsl(clientProperties()) : clientProperties();
+    Properties properties = clientProperties();
 
     ClientCache clientCache = new ClientCacheFactory(properties)
         .setPdxSerializer(new ReflectionBasedAutoSerializer("benchmark.geode.data.*"))

geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartLocator.java

@@ -18,7 +18,6 @@
 package org.apache.geode.benchmark.tasks;
 
 import static org.apache.geode.benchmark.parameters.GeodeProperties.locatorProperties;
-import static org.apache.geode.benchmark.parameters.GeodeProperties.withSsl;
 
 import java.io.File;
 import java.net.InetAddress;
@@ -41,9 +40,7 @@ public StartLocator(int locatorPort) {
 
   @Override
   public void run(TestContext context) throws Exception {
-    String withSslArg = System.getProperty("withSsl");
-    Properties properties = (withSslArg != null)
-        ? withSsl(locatorProperties()) : locatorProperties();
+    Properties properties = locatorProperties();
 
     String statsFile = new File(context.getOutputDir(), "stats.gfs").getAbsolutePath();
     properties.setProperty(ConfigurationProperties.STATISTIC_ARCHIVE_FILE, statsFile);

geode-benchmarks/src/main/java/org/apache/geode/benchmark/tasks/StartServer.java

@@ -18,7 +18,6 @@
 package org.apache.geode.benchmark.tasks;
 
 import static org.apache.geode.benchmark.parameters.GeodeProperties.serverProperties;
-import static org.apache.geode.benchmark.parameters.GeodeProperties.withSsl;
 
 import java.io.File;
 import java.net.InetAddress;
@@ -45,9 +44,8 @@ public StartServer(int locatorPort) {
 
   @Override
   public void run(TestContext context) throws Exception {
-    String withSslArg = System.getProperty("withSsl");
-    Properties properties = (withSslArg != null)
-        ? withSsl(serverProperties()) : serverProperties();
+
+    Properties properties = serverProperties();
 
     String locatorString = LocatorUtil.getLocatorString(context, locatorPort);
     String statsFile = new File(context.getOutputDir(), "stats.gfs").getAbsolutePath();

geode-benchmarks/src/main/java/org/apache/geode/benchmark/topology/ClientServerTopology.java

@@ -49,7 +49,8 @@ public static class Roles {
   static final int NUM_LOCATORS = 1;
   static final int NUM_SERVERS = 2;
   static final int NUM_CLIENTS = 1;
-  private static final String WITH_SSL_ARGUMENT = "-DwithSsl";
+  private static final String WITH_SSL_ARGUMENT = "-DwithSsl=true";
+  private static final String WITH_SECURITY_MANAGER_ARGUMENT = "-DwithSecurityManager=true";
 
   public static void configure(TestConfig testConfig) {
     testConfig.role(LOCATOR, NUM_LOCATORS);
@@ -68,19 +69,24 @@ public static void configure(TestConfig testConfig) {
       testConfig.jvmArgs(SERVER, JVM8_ARGS);
     }
 
-    String withSslArg = System.getProperty("withSsl");
-    if (withSslArg != null && withSslArg.equals("true")) {
-      logger.info("Configuring JVMs to run with SSL enabled");
-      testConfig.jvmArgs(CLIENT, Arrays.append(JVM_ARGS, WITH_SSL_ARGUMENT));
-      testConfig.jvmArgs(LOCATOR, Arrays.append(JVM_ARGS, WITH_SSL_ARGUMENT));
-      testConfig.jvmArgs(SERVER, Arrays.append(JVM_ARGS, WITH_SSL_ARGUMENT));
-    }
+    addToTestConfig(testConfig, "withSsl", WITH_SSL_ARGUMENT);
+    addToTestConfig(testConfig, "withSecurityManager", WITH_SECURITY_MANAGER_ARGUMENT);
 
     testConfig.before(new StartLocator(LOCATOR_PORT), LOCATOR);
     testConfig.before(new StartServer(LOCATOR_PORT), SERVER);
     testConfig.before(new StartClient(LOCATOR_PORT), CLIENT);
   }
 
+  private static void addToTestConfig(TestConfig testConfig, String systemPropertyKey,
+      String jvmArgument) {
+    if (Boolean.getBoolean(systemPropertyKey)) {
+      logger.info("Configuring JVMs to run with " + jvmArgument);
+      testConfig.jvmArgs(CLIENT, jvmArgument);
+      testConfig.jvmArgs(LOCATOR, jvmArgument);
+      testConfig.jvmArgs(SERVER, jvmArgument);
+    }
+  }
+
   private static final String[] appendIfNotEmpty(String[] a, String b) {
     if (null == b || b.length() == 0) {
       return a;

geode-benchmarks/src/test/java/org/apache/geode/benchmark/topology/ClientServerTopologyTest.java

@@ -17,6 +17,7 @@
 
 
 import static org.apache.geode.benchmark.parameters.JVMParameters.JVM8_ARGS;
+import static org.apache.geode.benchmark.parameters.JVMParameters.JVM_ARGS;
 import static org.assertj.core.api.Assertions.assertThat;
 
 import org.junit.jupiter.api.AfterEach;
@@ -32,58 +33,67 @@ public class ClientServerTopologyTest {
   @AfterEach
   public void clearProperties() {
     System.clearProperty("withSsl");
+    System.clearProperty("withSecurityManager");
   }
 
   @Test
   public void configWithSsl() {
     System.setProperty("withSsl", "true");
     TestConfig testConfig = new TestConfig();
     ClientServerTopology.configure(testConfig);
-    assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl");
+    assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl=true");
   }
 
   @Test
   public void configWithNoSsl() {
     TestConfig testConfig = new TestConfig();
     ClientServerTopology.configure(testConfig);
-    assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl");
+    assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl=true");
   }
 
   @Test
   public void configWithJava8() {
     System.setProperty("java.runtime.version", "1.8.0_212");
     TestConfig testConfig = new TestConfig();
     ClientServerTopology.configure(testConfig);
-    assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl");
     assertThat(testConfig.getJvmArgs().get("client")).contains(JVM8_ARGS);
   }
 
   @Test
-  public void configWithJava9OrHigher() {
+  public void configWithJava9() {
     System.setProperty("java.runtime.version", "9.0.1");
     TestConfig testConfig = new TestConfig();
     ClientServerTopology.configure(testConfig);
-    assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSsl");
     assertThat(testConfig.getJvmArgs().get("client")).doesNotContain(JVM8_ARGS);
   }
 
   @Test
-  public void configWithSslAndJava8() {
-    System.setProperty("withSsl", "true");
-    System.setProperty("java.runtime.version", "1.8.0_212");
+  public void configWithoutSecurityManager() {
     TestConfig testConfig = new TestConfig();
     ClientServerTopology.configure(testConfig);
-    assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl");
-    assertThat(testConfig.getJvmArgs().get("client")).contains(JVM8_ARGS);
+    assertThat(testConfig.getJvmArgs().get("client")).doesNotContain("-DwithSecurityManager=true");
   }
 
   @Test
-  public void configWithSslAndJava9() {
-    System.setProperty("withSsl", "true");
+  public void configWithSecurityManager() {
+    System.setProperty("withSecurityManager", "true");
+    TestConfig testConfig = new TestConfig();
+    ClientServerTopology.configure(testConfig);
+    assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSecurityManager=true");
+  }
+
+  @Test
+  public void configWithSecurityManagerAndSslAndJava9() {
+    System.setProperty("withSecurityManager", "true");
     System.setProperty("java.runtime.version", "9.0.1");
+    System.setProperty("withSsl", "true");
     TestConfig testConfig = new TestConfig();
+
     ClientServerTopology.configure(testConfig);
-    assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl");
+
+    assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSecurityManager=true");
+    assertThat(testConfig.getJvmArgs().get("client")).contains("-DwithSsl=true");
+    assertThat(testConfig.getJvmArgs().get("client")).contains(JVM_ARGS);
     assertThat(testConfig.getJvmArgs().get("client")).doesNotContain(JVM8_ARGS);
   }
 }