Example 1 with OSecurityAccessException
use of com.orientechnologies.orient.core.exception.OSecurityAccessException in project orientdb by orientechnologies.
the class ODistributedDatabaseImpl method send2Nodes.
@Override
public ODistributedResponse send2Nodes(final ODistributedRequest iRequest, final Collection<String> iClusterNames, Collection<String> iNodes, final ODistributedRequest.EXECUTION_MODE iExecutionMode, final Object localResult, final OCallable<Void, ODistributedRequestId> iAfterSentCallback) {
boolean afterSendCallBackCalled = false;
try {
checkForServerOnline(iRequest);
final String databaseName = iRequest.getDatabaseName();
if (iNodes.isEmpty()) {
ODistributedServerLog.error(this, localNodeName, null, DIRECTION.OUT, "No nodes configured for database '%s' request: %s", databaseName, iRequest);
throw new ODistributedException("No nodes configured for partition '" + databaseName + "' request: " + iRequest);
}
final ODistributedConfiguration cfg = manager.getDatabaseConfiguration(databaseName);
final ORemoteTask task = iRequest.getTask();
final boolean checkNodesAreOnline = task.isNodeOnlineRequired();
final Set<String> nodesConcurToTheQuorum = manager.getDistributedStrategy().getNodesConcurInQuorum(manager, cfg, iRequest, iNodes, localResult);
// AFTER COMPUTED THE QUORUM, REMOVE THE OFFLINE NODES TO HAVE THE LIST OF REAL AVAILABLE NODES
final int availableNodes = checkNodesAreOnline ? manager.getNodesWithStatus(iNodes, databaseName, ODistributedServerManager.DB_STATUS.ONLINE, ODistributedServerManager.DB_STATUS.BACKUP, ODistributedServerManager.DB_STATUS.SYNCHRONIZING) : iNodes.size();
final int expectedResponses = localResult != null ? availableNodes + 1 : availableNodes;
final int quorum = calculateQuorum(task.getQuorumType(), iClusterNames, cfg, expectedResponses, nodesConcurToTheQuorum.size(), checkNodesAreOnline, localNodeName);
final boolean groupByResponse = task.getResultStrategy() != OAbstractRemoteTask.RESULT_STRATEGY.UNION;
final boolean waitLocalNode = waitForLocalNode(cfg, iClusterNames, iNodes);
// CREATE THE RESPONSE MANAGER
final ODistributedResponseManager currentResponseMgr = new ODistributedResponseManager(manager, iRequest, iNodes, nodesConcurToTheQuorum, expectedResponses, quorum, waitLocalNode, task.getSynchronousTimeout(expectedResponses), task.getTotalTimeout(availableNodes), groupByResponse);
if (localResult != null)
// COLLECT LOCAL RESULT
currentResponseMgr.setLocalResult(localNodeName, localResult);
// SORT THE NODE TO GUARANTEE THE SAME ORDER OF DELIVERY
if (!(iNodes instanceof List))
iNodes = new ArrayList<String>(iNodes);
if (iNodes.size() > 1)
Collections.sort((List<String>) iNodes);
msgService.registerRequest(iRequest.getId().getMessageId(), currentResponseMgr);
if (ODistributedServerLog.isDebugEnabled())
ODistributedServerLog.debug(this, localNodeName, iNodes.toString(), DIRECTION.OUT, "Sending request %s...", iRequest);
for (String node : iNodes) {
// CATCH ANY EXCEPTION LOG IT AND IGNORE TO CONTINUE SENDING REQUESTS TO OTHER NODES
try {
final ORemoteServerController remoteServer = manager.getRemoteServer(node);
remoteServer.sendRequest(iRequest);
} catch (Throwable e) {
currentResponseMgr.removeServerBecauseUnreachable(node);
String reason = e.getMessage();
if (e instanceof ODistributedException && e.getCause() instanceof IOException) {
// CONNECTION ERROR: REMOVE THE CONNECTION
reason = e.getCause().getMessage();
manager.closeRemoteServer(node);
} else if (e instanceof OSecurityAccessException) {
// THE CONNECTION COULD BE STALE, CREATE A NEW ONE AND RETRY
manager.closeRemoteServer(node);
try {
final ORemoteServerController remoteServer = manager.getRemoteServer(node);
remoteServer.sendRequest(iRequest);
continue;
} catch (Throwable ex) {
// IGNORE IT BECAUSE MANAGED BELOW
}
}
if (!manager.isNodeAvailable(node))
// NODE IS NOT AVAILABLE
ODistributedServerLog.debug(this, localNodeName, node, ODistributedServerLog.DIRECTION.OUT, "Error on sending distributed request %s. The target node is not available. Active nodes: %s", e, iRequest, manager.getAvailableNodeNames(databaseName));
else
ODistributedServerLog.error(this, localNodeName, node, ODistributedServerLog.DIRECTION.OUT, "Error on sending distributed request %s (err=%s). Active nodes: %s", iRequest, reason, manager.getAvailableNodeNames(databaseName));
}
}
if (ODistributedServerLog.isDebugEnabled())
ODistributedServerLog.debug(this, localNodeName, iNodes.toString(), DIRECTION.OUT, "Sent request %s", iRequest);
totalSentRequests.incrementAndGet();
afterSendCallBackCalled = true;
if (iAfterSentCallback != null)
iAfterSentCallback.call(iRequest.getId());
if (iExecutionMode == ODistributedRequest.EXECUTION_MODE.RESPONSE)
return waitForResponse(iRequest, currentResponseMgr);
return null;
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw OException.wrapException(new ODistributedException("Error on executing distributed request (" + iRequest + ") against database '" + databaseName + (iClusterNames != null ? "." + iClusterNames : "") + "' to nodes " + iNodes), e);
} finally {
if (iAfterSentCallback != null && !afterSendCallBackCalled)
iAfterSentCallback.call(iRequest.getId());
}
}
Also used :
IOException(java.io.IOException)
ORemoteTask(com.orientechnologies.orient.server.distributed.task.ORemoteTask)
OConfigurationException(com.orientechnologies.orient.core.exception.OConfigurationException)
OException(com.orientechnologies.common.exception.OException)
ODistributedOperationException(com.orientechnologies.orient.server.distributed.task.ODistributedOperationException)
ODistributedRecordLockedException(com.orientechnologies.orient.server.distributed.task.ODistributedRecordLockedException)
IOException(java.io.IOException)
OOfflineNodeException(com.orientechnologies.common.concur.OOfflineNodeException)
OSecurityAccessException(com.orientechnologies.orient.core.exception.OSecurityAccessException)
OSecurityAccessException(com.orientechnologies.orient.core.exception.OSecurityAccessException)
Example 2 with OSecurityAccessException
use of com.orientechnologies.orient.core.exception.OSecurityAccessException in project orientdb by orientechnologies.
the class OSecurityShared method authenticate.
// Token MUST be validated before being passed to this method.
public OUser authenticate(final OToken authToken) {
final String dbName = getDatabase().getName();
if (authToken.getIsValid() != true) {
throw new OSecurityAccessException(dbName, "Token not valid");
}
OUser user = authToken.getUser(getDatabase());
if (user == null && authToken.getUserName() != null) {
// Token handler may not support returning an OUser so let's get username (subject) and query:
user = getUser(authToken.getUserName());
}
if (user == null) {
throw new OSecurityAccessException(dbName, "Authentication failed, could not load user from token");
}
if (user.getAccountStatus() != STATUSES.ACTIVE)
throw new OSecurityAccessException(dbName, "User '" + user.getName() + "' is not active");
return user;
}
Also used :
OSecurityAccessException(com.orientechnologies.orient.core.exception.OSecurityAccessException)
Example 3 with OSecurityAccessException
use of com.orientechnologies.orient.core.exception.OSecurityAccessException in project orientdb by orientechnologies.
the class OSecurityShared method authenticate.
public OUser authenticate(final String iUserName, final String iUserPassword) {
final String dbName = getDatabase().getName();
final OUser user = getUser(iUserName);
if (user == null)
throw new OSecurityAccessException(dbName, "User or password not valid for database: '" + dbName + "'");
if (user.getAccountStatus() != OSecurityUser.STATUSES.ACTIVE)
throw new OSecurityAccessException(dbName, "User '" + iUserName + "' is not active");
if (!(getDatabase().getStorage() instanceof OStorageProxy)) {
// CHECK USER & PASSWORD
if (!user.checkPassword(iUserPassword)) {
// WAIT A BIT TO AVOID BRUTE FORCE
try {
Thread.sleep(200);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
}
throw new OSecurityAccessException(dbName, "User or password not valid for database: '" + dbName + "'");
}
}
return user;
}
Also used :
OSecurityAccessException(com.orientechnologies.orient.core.exception.OSecurityAccessException)
OStorageProxy(com.orientechnologies.orient.core.storage.OStorageProxy)
Example 4 with OSecurityAccessException
use of com.orientechnologies.orient.core.exception.OSecurityAccessException in project orientdb by orientechnologies.
the class OUser method allow.
/**
* Checks if the user has the permission to access to the requested resource for the requested operation.
*
* @param iOperation
* Requested operation
* @return The role that has granted the permission if any, otherwise a OSecurityAccessException exception is raised
* @exception OSecurityAccessException
*/
public ORole allow(final ORule.ResourceGeneric resourceGeneric, String resourceSpecific, final int iOperation) {
if (roles == null || roles.isEmpty()) {
if (document.field("roles") != null && !((Collection<OIdentifiable>) document.field("roles")).isEmpty()) {
final ODocument doc = document;
document = null;
fromStream(doc);
} else
throw new OSecurityAccessException(document.getDatabase().getName(), "User '" + document.field("name") + "' has no role defined");
}
final ORole role = checkIfAllowed(resourceGeneric, resourceSpecific, iOperation);
if (role == null)
throw new OSecurityAccessException(document.getDatabase().getName(), "User '" + document.field("name") + "' does not have permission to execute the operation '" + ORole.permissionToString(iOperation) + "' against the resource: " + resourceGeneric + "." + resourceSpecific);
return role;
}
Also used :
OSecurityAccessException(com.orientechnologies.orient.core.exception.OSecurityAccessException)
Collection(java.util.Collection)
ODocument(com.orientechnologies.orient.core.record.impl.ODocument)
Example 5 with OSecurityAccessException
use of com.orientechnologies.orient.core.exception.OSecurityAccessException in project orientdb by orientechnologies.
the class OServerCommandPostDatabase method exportClass.
protected void exportClass(final ODatabaseDocument db, final OJSONWriter json, final OClass cls) throws IOException {
json.beginObject(2, true, null);
json.writeAttribute(3, true, "name", cls.getName());
json.writeAttribute(3, true, "superClass", cls.getSuperClass() != null ? cls.getSuperClass().getName() : "");
json.writeAttribute(3, true, "alias", cls.getShortName());
json.writeAttribute(3, true, "clusters", cls.getClusterIds());
json.writeAttribute(3, true, "defaultCluster", cls.getDefaultClusterId());
json.writeAttribute(3, true, "clusterSelection", cls.getClusterSelection().getName());
try {
json.writeAttribute(3, false, "records", db.countClass(cls.getName()));
} catch (OSecurityAccessException e) {
json.writeAttribute(3, false, "records", "? (Unauthorized)");
}
if (cls.properties() != null && cls.properties().size() > 0) {
json.beginCollection(3, true, "properties");
for (final OProperty prop : cls.properties()) {
json.beginObject(4, true, null);
json.writeAttribute(4, true, "name", prop.getName());
if (prop.getLinkedClass() != null)
json.writeAttribute(4, true, "linkedClass", prop.getLinkedClass().getName());
if (prop.getLinkedType() != null)
json.writeAttribute(4, true, "linkedType", prop.getLinkedType().toString());
json.writeAttribute(4, true, "type", prop.getType().toString());
json.writeAttribute(4, true, "mandatory", prop.isMandatory());
json.writeAttribute(4, true, "readonly", prop.isReadonly());
json.writeAttribute(4, true, "notNull", prop.isNotNull());
json.writeAttribute(4, true, "min", prop.getMin());
json.writeAttribute(4, true, "max", prop.getMax());
json.endObject(3, true);
}
json.endCollection(1, true);
}
final Set<OIndex<?>> indexes = cls.getIndexes();
if (!indexes.isEmpty()) {
json.beginCollection(3, true, "indexes");
for (final OIndex<?> index : indexes) {
json.beginObject(4, true, null);
json.writeAttribute(4, true, "name", index.getName());
json.writeAttribute(4, true, "type", index.getType());
final OIndexDefinition indexDefinition = index.getDefinition();
if (indexDefinition != null && !indexDefinition.getFields().isEmpty())
json.writeAttribute(4, true, "fields", indexDefinition.getFields());
json.endObject(3, true);
}
json.endCollection(1, true);
}
json.endObject(1, false);
}
Also used :
OProperty(com.orientechnologies.orient.core.metadata.schema.OProperty)
OIndexDefinition(com.orientechnologies.orient.core.index.OIndexDefinition)
OSecurityAccessException(com.orientechnologies.orient.core.exception.OSecurityAccessException)
OIndex(com.orientechnologies.orient.core.index.OIndex)
Aggregations
OSecurityAccessException (com.orientechnologies.orient.core.exception.OSecurityAccessException)16
ODatabaseDocument (com.orientechnologies.orient.core.db.document.ODatabaseDocument)4
ODocument (com.orientechnologies.orient.core.record.impl.ODocument)4
OLockException (com.orientechnologies.common.concur.lock.OLockException)3
IOException (java.io.IOException)3
OOfflineNodeException (com.orientechnologies.common.concur.OOfflineNodeException)2
OException (com.orientechnologies.common.exception.OException)2
ODatabaseDocumentInternal (com.orientechnologies.orient.core.db.ODatabaseDocumentInternal)2
ODatabaseDocumentTx (com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)2
OConfigurationException (com.orientechnologies.orient.core.exception.OConfigurationException)2
ODatabaseException (com.orientechnologies.orient.core.exception.ODatabaseException)2
OIndex (com.orientechnologies.orient.core.index.OIndex)2
OIndexDefinition (com.orientechnologies.orient.core.index.OIndexDefinition)2
OProperty (com.orientechnologies.orient.core.metadata.schema.OProperty)2
OUser (com.orientechnologies.orient.core.metadata.security.OUser)2
OStorageProxy (com.orientechnologies.orient.core.storage.OStorageProxy)2
ODistributedOperationException (com.orientechnologies.orient.server.distributed.task.ODistributedOperationException)2
ODistributedRecordLockedException (com.orientechnologies.orient.server.distributed.task.ODistributedRecordLockedException)2
ORemoteTask (com.orientechnologies.orient.server.distributed.task.ORemoteTask)2
ORecordId (com.orientechnologies.orient.core.id.ORecordId)1
