Example 6 with ObjectPartList
use of org.apache.geode.internal.cache.tier.sockets.ObjectPartList in project geode by apache.
the class GetAllWithCallbackTest method oldSecurityShouldFailIfNotAuthorized.
@Test
public void oldSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(false);
for (Object key : KEYS) {
doThrow(new NotAuthorizedException("")).when(this.authzRequest).getAuthorize(eq(REGION_NAME), eq(key.toString()), eq(null));
}
this.getAll70.cmdExecute(this.message, this.serverConnection, 0);
ArgumentCaptor<ObjectPartList> argument = ArgumentCaptor.forClass(ObjectPartList.class);
verify(this.chunkedResponseMessage).addObjPartNoCopying(argument.capture());
assertThat(argument.getValue().getObjects()).hasSize(KEYS.length);
for (Object o : argument.getValue().getObjects()) {
assertThat(o).isExactlyInstanceOf(NotAuthorizedException.class);
}
for (Object key : KEYS) {
verify(this.authzRequest).getAuthorize(eq(REGION_NAME), eq(key.toString()), eq(null));
}
verify(this.chunkedResponseMessage).sendChunk(eq(this.serverConnection));
}
Also used :
ObjectPartList(org.apache.geode.internal.cache.tier.sockets.ObjectPartList)
NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)
UnitTest(org.apache.geode.test.junit.categories.UnitTest)
Test(org.junit.Test)
Example 7 with ObjectPartList
use of org.apache.geode.internal.cache.tier.sockets.ObjectPartList in project geode by apache.
the class GetAllWithCallbackTest method integratedSecurityShouldFailIfNotAuthorized.
@Test
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
for (Object key : KEYS) {
doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
}
this.getAll70.cmdExecute(this.message, this.serverConnection, 0);
for (Object key : KEYS) {
verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
}
ArgumentCaptor<ObjectPartList> argument = ArgumentCaptor.forClass(ObjectPartList.class);
verify(this.chunkedResponseMessage).addObjPartNoCopying(argument.capture());
assertThat(argument.getValue().getObjects()).hasSize(KEYS.length);
for (Object key : argument.getValue().getObjects()) {
assertThat(key).isExactlyInstanceOf(NotAuthorizedException.class);
}
verify(this.chunkedResponseMessage).sendChunk(eq(this.serverConnection));
}
Also used :
ObjectPartList(org.apache.geode.internal.cache.tier.sockets.ObjectPartList)
NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)
UnitTest(org.apache.geode.test.junit.categories.UnitTest)
Test(org.junit.Test)
Example 8 with ObjectPartList
use of org.apache.geode.internal.cache.tier.sockets.ObjectPartList in project geode by apache.
the class GetAll70Test method oldSecurityShouldFailIfNotAuthorized.
@Test
public void oldSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(false);
for (Object key : KEYS) {
doThrow(new NotAuthorizedException("")).when(this.authzRequest).getAuthorize(eq(REGION_NAME), eq(key.toString()), eq(null));
}
this.getAll70.cmdExecute(this.message, this.serverConnection, 0);
ArgumentCaptor<ObjectPartList> argument = ArgumentCaptor.forClass(ObjectPartList.class);
verify(this.chunkedResponseMessage).addObjPartNoCopying(argument.capture());
assertThat(argument.getValue().getObjects()).hasSize(KEYS.length);
for (Object o : argument.getValue().getObjects()) {
assertThat(o).isExactlyInstanceOf(NotAuthorizedException.class);
}
for (Object key : KEYS) {
verify(this.authzRequest).getAuthorize(eq(REGION_NAME), eq(key.toString()), eq(null));
}
verify(this.chunkedResponseMessage).sendChunk(eq(this.serverConnection));
}
Also used :
ObjectPartList(org.apache.geode.internal.cache.tier.sockets.ObjectPartList)
NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)
UnitTest(org.apache.geode.test.junit.categories.UnitTest)
Test(org.junit.Test)
Example 9 with ObjectPartList
use of org.apache.geode.internal.cache.tier.sockets.ObjectPartList in project geode by apache.
the class GetAll method fillAndSendGetAllResponseChunks.
private void fillAndSendGetAllResponseChunks(Region region, String regionName, Object[] keys, ServerConnection servConn) throws IOException {
// Interpret null keys object as a request to get all key,value entry pairs
// of the region; otherwise iterate each key and perform the get behavior.
Iterator allKeysIter;
int numKeys;
if (keys != null) {
allKeysIter = null;
numKeys = keys.length;
} else {
Set allKeys = region.keySet();
allKeysIter = allKeys.iterator();
numKeys = allKeys.size();
}
ObjectPartList values = new ObjectPartList(MAXIMUM_CHUNK_SIZE, keys == null);
AuthorizeRequest authzRequest = servConn.getAuthzRequest();
AuthorizeRequestPP postAuthzRequest = servConn.getPostAuthzRequest();
Request request = (Request) Request.getCommand();
Object[] valueAndIsObject = new Object[3];
for (int i = 0; i < numKeys; i++) {
// Send the intermediate chunk if necessary
if (values.size() == MAXIMUM_CHUNK_SIZE) {
// Send the chunk and clear the list
sendGetAllResponseChunk(region, values, false, servConn);
values.clear();
}
Object key;
if (keys != null) {
key = keys[i];
} else {
key = allKeysIter.next();
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Getting value for key={}", servConn.getName(), key);
}
// Determine if the user authorized to get this key
GetOperationContext getContext = null;
if (authzRequest != null) {
try {
getContext = authzRequest.getAuthorize(regionName, key, null);
if (logger.isDebugEnabled()) {
logger.debug("{}: Passed GET pre-authorization for key={}", servConn.getName(), key);
}
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[] { servConn.getName(), key }), ex);
values.addExceptionPart(key, ex);
continue;
}
}
try {
this.securityService.authorizeRegionRead(regionName, key.toString());
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[] { servConn.getName(), key }), ex);
values.addExceptionPart(key, ex);
continue;
}
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
// Getting a value in serialized form is pretty nasty. I split this out
// so the logic can be re-used by the CacheClientProxy.
request.getValueAndIsObject(region, key, null, servConn, valueAndIsObject);
Object value = valueAndIsObject[0];
boolean isObject = ((Boolean) valueAndIsObject[1]).booleanValue();
if (logger.isDebugEnabled()) {
logger.debug("{}: Retrieved value for key={}: {}", servConn.getName(), key, value);
}
if (postAuthzRequest != null) {
try {
getContext = postAuthzRequest.getAuthorize(regionName, key, value, isObject, getContext);
byte[] serializedValue = getContext.getSerializedValue();
if (serializedValue == null) {
value = getContext.getObject();
} else {
value = serializedValue;
}
isObject = getContext.isObject();
if (logger.isDebugEnabled()) {
logger.debug("{}: Passed GET post-authorization for key={}: {}", servConn.getName(), key, value);
}
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[] { servConn.getName(), key }), ex);
values.addExceptionPart(key, ex);
continue;
}
}
// post process
value = this.securityService.postProcess(regionName, key, value, isObject);
if (logger.isDebugEnabled()) {
logger.debug("{}: Returning value for key={}: {}", servConn.getName(), key, value);
}
// Add the value to the list of values
values.addObjectPart(key, value, isObject, null);
}
// Send the last chunk even if the list is of zero size.
sendGetAllResponseChunk(region, values, true, servConn);
servConn.setAsTrue(RESPONDED);
}
Also used :
Set(java.util.Set)
ObjectPartList(org.apache.geode.internal.cache.tier.sockets.ObjectPartList)
AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest)
AuthorizeRequestPP(org.apache.geode.internal.security.AuthorizeRequestPP)
AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest)
NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)
GetOperationContext(org.apache.geode.cache.operations.GetOperationContext)
Iterator(java.util.Iterator)
Aggregations
ObjectPartList (org.apache.geode.internal.cache.tier.sockets.ObjectPartList)9
NotAuthorizedException (org.apache.geode.security.NotAuthorizedException)9
UnitTest (org.apache.geode.test.junit.categories.UnitTest)8
Test (org.junit.Test)8
Iterator (java.util.Iterator)1
Set (java.util.Set)1
GetOperationContext (org.apache.geode.cache.operations.GetOperationContext)1
AuthorizeRequest (org.apache.geode.internal.security.AuthorizeRequest)1
AuthorizeRequestPP (org.apache.geode.internal.security.AuthorizeRequestPP)1
