use of org.apache.geode.cache.operations.QueryOperationContext in project geode by apache.
the class Query651 method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, InterruptedException {
// Based on MessageType.DESTROY
// Added by gregp 10/18/05
serverConnection.setAsTrue(REQUIRES_RESPONSE);
serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
// Retrieve the data from the message parts
String queryString = clientMessage.getPart(0).getString();
long compiledQueryId = 0;
Object[] queryParams = null;
try {
if (clientMessage.getMessageType() == MessageType.QUERY_WITH_PARAMETERS) {
// Query with parameters supported from 6.6 onwards.
// Number of parameters.
int params = clientMessage.getPart(1).getInt();
// In case of native client there will be extra two parameters at 2 and 3 index.
int paramStartIndex = 2;
if (clientMessage.getNumberOfParts() > (1 + /* type */
1 + /* query string */
1 + /* params length */
params)) {
int timeout = clientMessage.getPart(3).getInt();
serverConnection.setRequestSpecificTimeout(timeout);
paramStartIndex = 4;
}
// Get the query execution parameters.
queryParams = new Object[params];
for (int i = 0; i < queryParams.length; i++) {
queryParams[i] = clientMessage.getPart(i + paramStartIndex).getObject();
}
} else {
// need to take care while adding new message
if (clientMessage.getNumberOfParts() == 3) {
int timeout = clientMessage.getPart(2).getInt();
serverConnection.setRequestSpecificTimeout(timeout);
}
}
} catch (ClassNotFoundException cne) {
throw new QueryInvalidException(cne.getMessage() + queryString);
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Received query request from {} queryString: {}{}", serverConnection.getName(), serverConnection.getSocketString(), queryString, (queryParams != null ? (" with num query parameters :" + queryParams.length) : ""));
}
try {
// Create query
QueryService queryService = serverConnection.getCachedRegionHelper().getCache().getLocalQueryService();
org.apache.geode.cache.query.Query query = null;
if (queryParams != null) {
// Its a compiled query.
CacheClientNotifier ccn = serverConnection.getAcceptor().getCacheClientNotifier();
query = ccn.getCompiledQuery(queryString);
if (query == null) {
// This is first time the query is seen by this server.
query = queryService.newQuery(queryString);
ccn.addCompiledQuery((DefaultQuery) query);
}
ccn.getStats().incCompiledQueryUsedCount(1);
((DefaultQuery) query).setLastUsed(true);
} else {
query = queryService.newQuery(queryString);
}
Set regionNames = ((DefaultQuery) query).getRegionsInQuery(queryParams);
// Authorization check
QueryOperationContext queryContext = null;
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
queryContext = authzRequest.queryAuthorize(queryString, regionNames, queryParams);
String newQueryString = queryContext.getQuery();
if (queryString != null && !queryString.equals(newQueryString)) {
query = queryService.newQuery(newQueryString);
queryString = newQueryString;
regionNames = queryContext.getRegionNames();
if (regionNames == null) {
regionNames = ((DefaultQuery) query).getRegionsInQuery(null);
}
}
}
processQueryUsingParams(clientMessage, query, queryString, regionNames, start, null, queryContext, serverConnection, true, queryParams);
} catch (QueryInvalidException e) {
throw new QueryInvalidException(e.getMessage() + queryString);
}
}
use of org.apache.geode.cache.operations.QueryOperationContext in project geode by apache.
the class XmlAuthorization method authorizeOperation.
/**
* Return true if the given operation is allowed for the cache/region.
*
* This looks up the cached permissions of the principal in the map for the provided region name.
* If none are found then the global permissions with empty region name are looked up. The
* operation is allowed if it is found this permission list.
*
* @param regionName When null then it indicates a cache-level operation, else the name of the
* region for the operation.
* @param context the data required by the operation
*
* @return true if the operation is authorized and false otherwise
*/
@Override
public boolean authorizeOperation(String regionName, final OperationContext context) {
Map<OperationCode, FunctionSecurityPrmsHolder> operationMap;
// Check GET permissions for updates from server to client
if (context.isClientUpdate()) {
operationMap = this.allowedOps.get(regionName);
if (operationMap == null && regionName.length() > 0) {
operationMap = this.allowedOps.get(EMPTY_VALUE);
}
if (operationMap != null) {
return operationMap.containsKey(OperationCode.GET);
}
return false;
}
OperationCode opCode = context.getOperationCode();
if (opCode.isQuery() || opCode.isExecuteCQ() || opCode.isCloseCQ() || opCode.isStopCQ()) {
// First check if cache-level permission has been provided
operationMap = this.allowedOps.get(EMPTY_VALUE);
boolean globalPermission = (operationMap != null && operationMap.containsKey(opCode));
Set<String> regionNames = ((QueryOperationContext) context).getRegionNames();
if (regionNames == null || regionNames.size() == 0) {
return globalPermission;
}
for (String r : regionNames) {
regionName = normalizeRegionName(r);
operationMap = this.allowedOps.get(regionName);
if (operationMap == null) {
if (!globalPermission) {
return false;
}
} else if (!operationMap.containsKey(opCode)) {
return false;
}
}
return true;
}
final String normalizedRegionName = normalizeRegionName(regionName);
operationMap = this.allowedOps.get(normalizedRegionName);
if (operationMap == null && normalizedRegionName.length() > 0) {
operationMap = this.allowedOps.get(EMPTY_VALUE);
}
if (operationMap != null) {
if (context.getOperationCode() != OperationCode.EXECUTE_FUNCTION) {
return operationMap.containsKey(context.getOperationCode());
} else {
if (!operationMap.containsKey(context.getOperationCode())) {
return false;
} else {
if (!context.isPostOperation()) {
FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode());
ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext) context;
// OnRegion execution
if (functionContext.getRegionName() != null) {
if (functionParameter.isOptimizeForWrite() != null && functionParameter.isOptimizeForWrite().booleanValue() != functionContext.isOptimizeForWrite()) {
return false;
}
if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains(functionContext.getFunctionId())) {
return false;
}
if (functionParameter.getKeySet() != null && functionContext.getKeySet() != null) {
if (functionContext.getKeySet().containsAll(functionParameter.getKeySet())) {
return false;
}
}
return true;
} else {
// On Server execution
if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains(functionContext.getFunctionId())) {
return false;
}
return true;
}
} else {
ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext) context;
FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode());
if (functionContext.getRegionName() != null) {
if (functionContext.getResult() instanceof ArrayList && functionParameter.getKeySet() != null) {
ArrayList<String> resultList = (ArrayList) functionContext.getResult();
Set<String> nonAllowedKeys = functionParameter.getKeySet();
if (resultList.containsAll(nonAllowedKeys)) {
return false;
}
}
return true;
} else {
ArrayList<String> resultList = (ArrayList) functionContext.getResult();
final String inSecureItem = "Insecure item";
if (resultList.contains(inSecureItem)) {
return false;
}
return true;
}
}
}
}
}
return false;
}
use of org.apache.geode.cache.operations.QueryOperationContext in project geode by apache.
the class Query method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, InterruptedException {
// Based on MessageType.DESTROY
// Added by gregp 10/18/05
serverConnection.setAsTrue(REQUIRES_RESPONSE);
serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
// Retrieve the data from the message parts
String queryString = clientMessage.getPart(0).getString();
if (clientMessage.getNumberOfParts() == 3) {
int timeout = clientMessage.getPart(2).getInt();
serverConnection.setRequestSpecificTimeout(timeout);
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Received query request from {} queryString: {}", serverConnection.getName(), serverConnection.getSocketString(), queryString);
}
try {
// Create query
QueryService queryService = serverConnection.getCachedRegionHelper().getCache().getLocalQueryService();
org.apache.geode.cache.query.Query query = queryService.newQuery(queryString);
Set regionNames = ((DefaultQuery) query).getRegionsInQuery(null);
// Authorization check
QueryOperationContext queryContext = null;
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
queryContext = authzRequest.queryAuthorize(queryString, regionNames);
String newQueryString = queryContext.getQuery();
if (queryString != null && !queryString.equals(newQueryString)) {
query = queryService.newQuery(newQueryString);
queryString = newQueryString;
regionNames = queryContext.getRegionNames();
if (regionNames == null) {
regionNames = ((DefaultQuery) query).getRegionsInQuery(null);
}
}
}
processQuery(clientMessage, query, queryString, regionNames, start, null, queryContext, serverConnection, true);
} catch (QueryInvalidException e) {
throw new QueryInvalidException(e.getMessage() + queryString);
} catch (QueryExecutionLowMemoryException e) {
writeQueryResponseException(clientMessage, e, serverConnection);
}
}
Aggregations