Example 11 with OperationCode
use of org.apache.geode.cache.operations.OperationContext.OperationCode in project geode by apache.
the class FilterPostAuthorization method authorizeOperation.
public boolean authorizeOperation(String regionName, OperationContext context) {
assert context.isPostOperation();
OperationCode opCode = context.getOperationCode();
if (opCode.isGet()) {
GetOperationContext getContext = (GetOperationContext) context;
Object value = getContext.getObject();
boolean isObject = getContext.isObject();
if (value != null) {
if ((value = checkObjectAuth(value)) != null) {
getContext.setObject(value, isObject);
return true;
}
} else {
byte[] serializedValue = getContext.getSerializedValue();
if ((serializedValue = checkObjectAuth(serializedValue, isObject)) != null) {
getContext.setSerializedValue(serializedValue, isObject);
return true;
}
}
} else if (opCode.isPut()) {
PutOperationContext putContext = (PutOperationContext) context;
byte[] serializedValue = putContext.getSerializedValue();
boolean isObject = putContext.isObject();
if ((serializedValue = checkObjectAuth(serializedValue, isObject)) != null) {
putContext.setSerializedValue(serializedValue, isObject);
return true;
}
} else if (opCode.equals(OperationCode.PUTALL)) {
// no need for now
} else if (opCode.isQuery() || opCode.isExecuteCQ()) {
QueryOperationContext queryContext = (QueryOperationContext) context;
Object value = queryContext.getQueryResult();
if (value instanceof SelectResults) {
SelectResults results = (SelectResults) value;
List newResults = new ArrayList();
Iterator resultIter = results.iterator();
while (resultIter.hasNext()) {
Object obj = resultIter.next();
if ((obj = checkObjectAuth(obj)) != null) {
newResults.add(obj);
}
}
if (results.isModifiable()) {
results.clear();
results.addAll(newResults);
} else {
ObjectType constraint = results.getCollectionType().getElementType();
results = new ResultsCollectionWrapper(constraint, newResults);
queryContext.setQueryResult(results);
}
return true;
} else {
return false;
}
}
return false;
}
Also used :
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
ArrayList(java.util.ArrayList)
ObjectType(org.apache.geode.cache.query.types.ObjectType)
SelectResults(org.apache.geode.cache.query.SelectResults)
ResultsCollectionWrapper(org.apache.geode.cache.query.internal.ResultsCollectionWrapper)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 12 with OperationCode
use of org.apache.geode.cache.operations.OperationContext.OperationCode in project geode by apache.
the class FilterPreAuthorization method authorizeOperation.
public boolean authorizeOperation(String regionName, OperationContext context) {
assert !context.isPostOperation();
OperationCode opCode = context.getOperationCode();
if (opCode.isPut()) {
PutOperationContext createContext = (PutOperationContext) context;
// byte[] serializedValue = createContext.getSerializedValue();
byte[] serializedValue = null;
Object value = createContext.getValue();
int valLength;
byte lastByte;
if (value == null) {
// This means serializedValue too is null.
valLength = 0;
lastByte = 0;
} else {
if (value instanceof byte[]) {
serializedValue = (byte[]) value;
valLength = serializedValue.length;
lastByte = serializedValue[valLength - 1];
} else {
ObjectWithAuthz authzObj = new ObjectWithAuthz(value, Integer.valueOf(value.hashCode()));
createContext.setValue(authzObj, true);
return true;
}
}
HeapDataOutputStream hos = new HeapDataOutputStream(valLength + 32, Version.CURRENT);
try {
InternalDataSerializer.writeUserDataSerializableHeader(ObjectWithAuthz.CLASSID, hos);
if (serializedValue != null) {
hos.write(serializedValue);
}
// Some value that determines the Principals that can get this object.
Integer allowedIndex = Integer.valueOf(lastByte);
DataSerializer.writeObject(allowedIndex, hos);
} catch (Exception ex) {
return false;
}
createContext.setSerializedValue(hos.toByteArray(), true);
if (this.logger.fineEnabled())
this.logger.fine("FilterPreAuthorization: added authorization " + "info for key: " + createContext.getKey());
} else if (opCode.isPutAll()) {
PutAllOperationContext createContext = (PutAllOperationContext) context;
Map map = createContext.getMap();
Collection entries = map.entrySet();
Iterator iterator = entries.iterator();
Map.Entry mapEntry = null;
while (iterator.hasNext()) {
mapEntry = (Map.Entry) iterator.next();
String currkey = (String) mapEntry.getKey();
Object value = mapEntry.getValue();
Integer authCode;
if (value != null) {
String valStr = value.toString();
authCode = (int) valStr.charAt(valStr.length() - 1);
} else {
authCode = 0;
}
ObjectWithAuthz authzObj = new ObjectWithAuthz(value, authCode);
mapEntry.setValue(authzObj);
if (this.logger.fineEnabled())
this.logger.fine("FilterPreAuthorization: putAll: added authorization " + "info for key: " + currkey);
}
// Now each of the map's values have become ObjectWithAuthz
}
return true;
}
Also used :
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)
PutAllOperationContext(org.apache.geode.cache.operations.PutAllOperationContext)
HeapDataOutputStream(org.apache.geode.internal.HeapDataOutputStream)
Iterator(java.util.Iterator)
Collection(java.util.Collection)
PutOperationContext(org.apache.geode.cache.operations.PutOperationContext)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 13 with OperationCode
use of org.apache.geode.cache.operations.OperationContext.OperationCode in project geode by apache.
the class XmlAuthzCredentialGenerator method getRequiredRole.
private byte getRequiredRole(final OperationCode[] opCodes, final String[] regionNames) {
byte roleType = ADMIN_ROLE;
boolean requiresReader = true;
boolean requiresWriter = true;
boolean requiresQuery = true;
for (int opNum = 0; opNum < opCodes.length; opNum++) {
final OperationCode opCode = opCodes[opNum];
if (requiresReader && !readerOpsSet.contains(opCode)) {
requiresReader = false;
}
if (requiresWriter && !writerOpsSet.contains(opCode)) {
requiresWriter = false;
}
if (requiresQuery && !queryOpsSet.contains(opCode)) {
requiresQuery = false;
}
}
if (requiresReader) {
roleType = READER_ROLE;
} else if (requiresWriter) {
roleType = WRITER_ROLE;
} else if (requiresQuery) {
if (regionNames != null && regionNames.length > 0) {
for (int index = 0; index < regionNames.length; index++) {
final String regionName = XmlAuthorization.normalizeRegionName(regionNames[index]);
if (requiresQuery && !queryRegionSet.contains(regionName)) {
requiresQuery = false;
break;
}
}
if (requiresQuery) {
roleType = QUERY_ROLE;
}
}
}
return roleType;
}
Also used :
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
Example 14 with OperationCode
use of org.apache.geode.cache.operations.OperationContext.OperationCode in project geode by apache.
the class DummyAuthorization method authorizeOperation.
@Override
public boolean authorizeOperation(String regionName, OperationContext context) {
final OperationCode opCode = context.getOperationCode();
this.securityLogWriter.fine("Invoked authorize operation for [" + opCode + "] in region [" + regionName + "] for client: " + remoteMember);
return this.allowedOps.contains(opCode);
}
Also used :
OperationCode(org.apache.geode.cache.operations.OperationContext.OperationCode)
Aggregations
OperationCode (org.apache.geode.cache.operations.OperationContext.OperationCode)14
Properties (java.util.Properties)8
AuthzCredentialGenerator (org.apache.geode.security.generator.AuthzCredentialGenerator)7
CredentialGenerator (org.apache.geode.security.generator.CredentialGenerator)7
Iterator (java.util.Iterator)3
VM (org.apache.geode.test.dunit.VM)3
DistributedTest (org.apache.geode.test.junit.categories.DistributedTest)3
SecurityTest (org.apache.geode.test.junit.categories.SecurityTest)3
Test (org.junit.Test)3
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
Random (java.util.Random)2
NotAuthorizedException (org.apache.geode.security.NotAuthorizedException)2
DummyCredentialGenerator (org.apache.geode.security.generator.DummyCredentialGenerator)2
XmlAuthzCredentialGenerator (org.apache.geode.security.generator.XmlAuthzCredentialGenerator)2
IOException (java.io.IOException)1
Collection (java.util.Collection)1
HashSet (java.util.HashSet)1
List (java.util.List)1
