Search in sources :

Example 26 with AuthorizeRequest

use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.

the class Query651 method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, InterruptedException {
    // Based on MessageType.DESTROY
    // Added by gregp 10/18/05
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
    // Retrieve the data from the message parts
    String queryString = clientMessage.getPart(0).getString();
    long compiledQueryId = 0;
    Object[] queryParams = null;
    try {
        if (clientMessage.getMessageType() == MessageType.QUERY_WITH_PARAMETERS) {
            // Query with parameters supported from 6.6 onwards.
            // Number of parameters.
            int params = clientMessage.getPart(1).getInt();
            // In case of native client there will be extra two parameters at 2 and 3 index.
            int paramStartIndex = 2;
            if (clientMessage.getNumberOfParts() > (1 + /* type */
            1 + /* query string */
            1 + /* params length */
            params)) {
                int timeout = clientMessage.getPart(3).getInt();
                serverConnection.setRequestSpecificTimeout(timeout);
                paramStartIndex = 4;
            }
            // Get the query execution parameters.
            queryParams = new Object[params];
            for (int i = 0; i < queryParams.length; i++) {
                queryParams[i] = clientMessage.getPart(i + paramStartIndex).getObject();
            }
        } else {
            // need to take care while adding new message
            if (clientMessage.getNumberOfParts() == 3) {
                int timeout = clientMessage.getPart(2).getInt();
                serverConnection.setRequestSpecificTimeout(timeout);
            }
        }
    } catch (ClassNotFoundException cne) {
        throw new QueryInvalidException(cne.getMessage() + queryString);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received query request from {} queryString: {}{}", serverConnection.getName(), serverConnection.getSocketString(), queryString, (queryParams != null ? (" with num query parameters :" + queryParams.length) : ""));
    }
    try {
        // Create query
        QueryService queryService = serverConnection.getCachedRegionHelper().getCache().getLocalQueryService();
        org.apache.geode.cache.query.Query query = null;
        if (queryParams != null) {
            // Its a compiled query.
            CacheClientNotifier ccn = serverConnection.getAcceptor().getCacheClientNotifier();
            query = ccn.getCompiledQuery(queryString);
            if (query == null) {
                // This is first time the query is seen by this server.
                query = queryService.newQuery(queryString);
                ccn.addCompiledQuery((DefaultQuery) query);
            }
            ccn.getStats().incCompiledQueryUsedCount(1);
            ((DefaultQuery) query).setLastUsed(true);
        } else {
            query = queryService.newQuery(queryString);
        }
        Set regionNames = ((DefaultQuery) query).getRegionsInQuery(queryParams);
        // Authorization check
        QueryOperationContext queryContext = null;
        AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
        if (authzRequest != null) {
            queryContext = authzRequest.queryAuthorize(queryString, regionNames, queryParams);
            String newQueryString = queryContext.getQuery();
            if (queryString != null && !queryString.equals(newQueryString)) {
                query = queryService.newQuery(newQueryString);
                queryString = newQueryString;
                regionNames = queryContext.getRegionNames();
                if (regionNames == null) {
                    regionNames = ((DefaultQuery) query).getRegionsInQuery(null);
                }
            }
        }
        processQueryUsingParams(clientMessage, query, queryString, regionNames, start, null, queryContext, serverConnection, true, queryParams);
    } catch (QueryInvalidException e) {
        throw new QueryInvalidException(e.getMessage() + queryString);
    }
}
Also used : DefaultQuery(org.apache.geode.cache.query.internal.DefaultQuery) Set(java.util.Set) CacheClientNotifier(org.apache.geode.internal.cache.tier.sockets.CacheClientNotifier) AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) QueryInvalidException(org.apache.geode.cache.query.QueryInvalidException) QueryOperationContext(org.apache.geode.cache.operations.QueryOperationContext) QueryService(org.apache.geode.cache.query.QueryService)

Example 27 with AuthorizeRequest

use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.

the class Request method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
    Part regionNamePart = null, keyPart = null, valuePart = null;
    String regionName = null;
    Object callbackArg = null, key = null;
    CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
    CacheServerStats stats = serverConnection.getCacheServerStats();
    StringId errMessage = null;
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    // requiresResponse = true;
    {
        long oldStart = start;
        start = DistributionStats.getStatTime();
        stats.incReadGetRequestTime(start - oldStart);
    }
    // Retrieve the data from the message parts
    int parts = clientMessage.getNumberOfParts();
    regionNamePart = clientMessage.getPart(0);
    keyPart = clientMessage.getPart(1);
    // valuePart = null; (redundant assignment)
    if (parts > 2) {
        valuePart = clientMessage.getPart(2);
        try {
            callbackArg = valuePart.getObject();
        } catch (Exception e) {
            writeException(clientMessage, e, false, serverConnection);
            // responded = true;
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
    }
    regionName = regionNamePart.getString();
    try {
        key = keyPart.getStringOrObject();
    } catch (Exception e) {
        writeException(clientMessage, e, false, serverConnection);
        // responded = true;
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received get request ({} bytes) from {} for region {} key {} txId {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key, clientMessage.getTransactionId());
    }
    // Process the get request
    if (key == null || regionName == null) {
        if ((key == null) && (regionName == null)) {
            errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_AND_KEY_FOR_THE_GET_REQUEST_ARE_NULL;
        } else if (key == null) {
            errMessage = LocalizedStrings.Request_THE_INPUT_KEY_FOR_THE_GET_REQUEST_IS_NULL;
        } else if (regionName == null) {
            errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_FOR_THE_GET_REQUEST_IS_NULL;
        }
        String s = errMessage.toLocalizedString();
        logger.warn("{}: {}", serverConnection.getName(), s);
        writeErrorResponse(clientMessage, MessageType.REQUESTDATAERROR, s, serverConnection);
        // responded = true;
        serverConnection.setAsTrue(RESPONDED);
    } else {
        Region region = serverConnection.getCache().getRegion(regionName);
        if (region == null) {
            String reason = LocalizedStrings.Request__0_WAS_NOT_FOUND_DURING_GET_REQUEST.toLocalizedString(regionName);
            writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
        } else {
            GetOperationContext getContext = null;
            try {
                this.securityService.authorizeRegionRead(regionName, key.toString());
                AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
                if (authzRequest != null) {
                    getContext = authzRequest.getAuthorize(regionName, key, callbackArg);
                    callbackArg = getContext.getCallbackArg();
                }
            } catch (NotAuthorizedException ex) {
                writeException(clientMessage, ex, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
            // Get the value and update the statistics. Do not deserialize
            // the value if it is a byte[].
            Object[] valueAndIsObject = new Object[3];
            try {
                getValueAndIsObject(region, key, callbackArg, serverConnection, valueAndIsObject);
            } catch (Exception e) {
                writeException(clientMessage, e, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
            Object data = valueAndIsObject[0];
            boolean isObject = ((Boolean) valueAndIsObject[1]).booleanValue();
            try {
                AuthorizeRequestPP postAuthzRequest = serverConnection.getPostAuthzRequest();
                if (postAuthzRequest != null) {
                    getContext = postAuthzRequest.getAuthorize(regionName, key, data, isObject, getContext);
                    byte[] serializedValue = getContext.getSerializedValue();
                    if (serializedValue == null) {
                        data = getContext.getObject();
                    } else {
                        data = serializedValue;
                    }
                    isObject = getContext.isObject();
                }
            } catch (NotAuthorizedException ex) {
                writeException(clientMessage, ex, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
            {
                long oldStart = start;
                start = DistributionStats.getStatTime();
                stats.incProcessGetTime(start - oldStart);
            }
            if (region instanceof PartitionedRegion) {
                PartitionedRegion pr = (PartitionedRegion) region;
                if (pr.getNetworkHopType() != PartitionedRegion.NETWORK_HOP_NONE) {
                    writeResponseWithRefreshMetadata(data, callbackArg, clientMessage, isObject, serverConnection, pr, pr.getNetworkHopType());
                    pr.clearNetworkHopData();
                } else {
                    writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
                }
            } else {
                writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
            }
            serverConnection.setAsTrue(RESPONDED);
            if (logger.isDebugEnabled()) {
                logger.debug("{}: Wrote get response back to {} for region {} key {} value: {}", serverConnection.getName(), serverConnection.getSocketString(), regionName, key, data);
            }
            stats.incWriteGetResponseTime(DistributionStats.getStatTime() - start);
        }
    }
}
Also used : AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) AuthorizeRequestPP(org.apache.geode.internal.security.AuthorizeRequestPP) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) GetOperationContext(org.apache.geode.cache.operations.GetOperationContext) CachedRegionHelper(org.apache.geode.internal.cache.tier.CachedRegionHelper) StringId(org.apache.geode.i18n.StringId) CacheServerStats(org.apache.geode.internal.cache.tier.sockets.CacheServerStats) Part(org.apache.geode.internal.cache.tier.sockets.Part) PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion) LocalRegion(org.apache.geode.internal.cache.LocalRegion) Region(org.apache.geode.cache.Region) PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion)

Example 28 with AuthorizeRequest

use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.

the class ClientUserAuths method cleanUserAuth.

public void cleanUserAuth(UserAuthAttributes userAuth) {
    if (userAuth != null) {
        AuthorizeRequest authReq = userAuth.getAuthzRequest();
        try {
            if (authReq != null) {
                authReq.close();
                authReq = null;
            }
        } catch (Exception ex) {
        // TODO:hitesh
        /*
         * if (securityLogger.warningEnabled()) { securityLogger.warning( LocalizedStrings.
         * ServerConnection_0_AN_EXCEPTION_WAS_THROWN_WHILE_CLOSING_CLIENT_AUTHORIZATION_CALLBACK_1,
         * new Object[] {"", ex}); }
         */
        }
        try {
            AuthorizeRequestPP postAuthzReq = userAuth.getPostAuthzRequest();
            if (postAuthzReq != null) {
                postAuthzReq.close();
                postAuthzReq = null;
            }
        } catch (Exception ex) {
        // TODO:hitesh
        /*
         * if (securityLogger.warningEnabled()) { securityLogger.warning( LocalizedStrings.
         * ServerConnection_0_AN_EXCEPTION_WAS_THROWN_WHILE_CLOSING_CLIENT_POSTPROCESS_AUTHORIZATION_CALLBACK_1,
         * new Object[] {"", ex}); }
         */
        }
    }
}
Also used : AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) AuthorizeRequestPP(org.apache.geode.internal.security.AuthorizeRequestPP)

Example 29 with AuthorizeRequest

use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.

the class UnregisterInterest method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws ClassNotFoundException, IOException {
    Part regionNamePart = null, keyPart = null;
    String regionName = null;
    Object key = null;
    int interestType = 0;
    StringId errMessage = null;
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    regionNamePart = clientMessage.getPart(0);
    interestType = clientMessage.getPart(1).getInt();
    keyPart = clientMessage.getPart(2);
    Part isClosingPart = clientMessage.getPart(3);
    byte[] isClosingPartBytes = (byte[]) isClosingPart.getObject();
    boolean isClosing = isClosingPartBytes[0] == 0x01;
    regionName = regionNamePart.getString();
    try {
        key = keyPart.getStringOrObject();
    } catch (Exception e) {
        writeException(clientMessage, e, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    boolean keepalive = false;
    try {
        Part keepalivePart = clientMessage.getPart(4);
        byte[] keepaliveBytes = (byte[]) keepalivePart.getObject();
        keepalive = keepaliveBytes[0] != 0x00;
    } catch (Exception e) {
        writeException(clientMessage, e, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received unregister interest request ({} bytes) from {} for region {} key {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key);
    }
    // Process the unregister interest request
    if ((key == null) && (regionName == null)) {
        errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_REGION_NAME_AND_KEY_FOR_THE_UNREGISTER_INTEREST_REQUEST_ARE_NULL;
    } else if (key == null) {
        errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_KEY_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
    } else if (regionName == null) {
        errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_REGION_NAME_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
        String s = errMessage.toLocalizedString();
        logger.warn("{}: {}", serverConnection.getName(), s);
        writeErrorResponse(clientMessage, MessageType.UNREGISTER_INTEREST_DATA_ERROR, s, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    try {
        if (interestType == InterestType.REGULAR_EXPRESSION) {
            this.securityService.authorizeRegionRead(regionName);
        } else {
            this.securityService.authorizeRegionRead(regionName, key.toString());
        }
    } catch (NotAuthorizedException ex) {
        writeException(clientMessage, ex, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
    if (authzRequest != null) {
        if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
            try {
                UnregisterInterestOperationContext unregisterContext = authzRequest.unregisterInterestAuthorize(regionName, key, interestType);
                key = unregisterContext.getKey();
            } catch (NotAuthorizedException ex) {
                writeException(clientMessage, ex, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
        }
    }
    // Yogesh : bug fix for 36457 :
    /*
     * Region destroy message from server to client results in client calling unregister to server
     * (an unnecessary callback). The unregister encounters an error because the region has been
     * destroyed on the server and hence falsely marks the server dead.
     */
    /*
     * Region region = crHelper.getRegion(regionName); if (region == null) {
     * logger.warning(this.name + ": Region named " + regionName + " was not found during unregister
     * interest request"); writeErrorResponse(msg, MessageType.UNREGISTER_INTEREST_DATA_ERROR);
     * responded = true; } else {
     */
    // Unregister interest irrelevent of whether the region is present it or
    // not
    serverConnection.getAcceptor().getCacheClientNotifier().unregisterClientInterest(regionName, key, interestType, isClosing, serverConnection.getProxyID(), keepalive);
    // Update the statistics and write the reply
    // bserverStats.incLong(processDestroyTimeId,
    // DistributionStats.getStatTime() - start);
    // start = DistributionStats.getStatTime();
    writeReply(clientMessage, serverConnection);
    serverConnection.setAsTrue(RESPONDED);
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Sent unregister interest response for region {} key {}", serverConnection.getName(), regionName, key);
    }
// bserverStats.incLong(writeDestroyResponseTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyResponsesId, 1);
// }
}
Also used : StringId(org.apache.geode.i18n.StringId) AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) Part(org.apache.geode.internal.cache.tier.sockets.Part) UnregisterInterestOperationContext(org.apache.geode.cache.operations.UnregisterInterestOperationContext) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)

Example 30 with AuthorizeRequest

use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.

the class Query method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, InterruptedException {
    // Based on MessageType.DESTROY
    // Added by gregp 10/18/05
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
    // Retrieve the data from the message parts
    String queryString = clientMessage.getPart(0).getString();
    if (clientMessage.getNumberOfParts() == 3) {
        int timeout = clientMessage.getPart(2).getInt();
        serverConnection.setRequestSpecificTimeout(timeout);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received query request from {} queryString: {}", serverConnection.getName(), serverConnection.getSocketString(), queryString);
    }
    try {
        // Create query
        QueryService queryService = serverConnection.getCachedRegionHelper().getCache().getLocalQueryService();
        org.apache.geode.cache.query.Query query = queryService.newQuery(queryString);
        Set regionNames = ((DefaultQuery) query).getRegionsInQuery(null);
        // Authorization check
        QueryOperationContext queryContext = null;
        AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
        if (authzRequest != null) {
            queryContext = authzRequest.queryAuthorize(queryString, regionNames);
            String newQueryString = queryContext.getQuery();
            if (queryString != null && !queryString.equals(newQueryString)) {
                query = queryService.newQuery(newQueryString);
                queryString = newQueryString;
                regionNames = queryContext.getRegionNames();
                if (regionNames == null) {
                    regionNames = ((DefaultQuery) query).getRegionsInQuery(null);
                }
            }
        }
        processQuery(clientMessage, query, queryString, regionNames, start, null, queryContext, serverConnection, true);
    } catch (QueryInvalidException e) {
        throw new QueryInvalidException(e.getMessage() + queryString);
    } catch (QueryExecutionLowMemoryException e) {
        writeQueryResponseException(clientMessage, e, serverConnection);
    }
}
Also used : Set(java.util.Set) DefaultQuery(org.apache.geode.cache.query.internal.DefaultQuery) AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) QueryExecutionLowMemoryException(org.apache.geode.cache.query.QueryExecutionLowMemoryException) QueryInvalidException(org.apache.geode.cache.query.QueryInvalidException) QueryOperationContext(org.apache.geode.cache.operations.QueryOperationContext) QueryService(org.apache.geode.cache.query.QueryService)

Aggregations

AuthorizeRequest (org.apache.geode.internal.security.AuthorizeRequest)48 IOException (java.io.IOException)40 Part (org.apache.geode.internal.cache.tier.sockets.Part)33 CachedRegionHelper (org.apache.geode.internal.cache.tier.CachedRegionHelper)26 LocalRegion (org.apache.geode.internal.cache.LocalRegion)23 CacheServerStats (org.apache.geode.internal.cache.tier.sockets.CacheServerStats)21 PartitionedRegion (org.apache.geode.internal.cache.PartitionedRegion)16 EventID (org.apache.geode.internal.cache.EventID)13 ByteBuffer (java.nio.ByteBuffer)12 ChunkedMessage (org.apache.geode.internal.cache.tier.sockets.ChunkedMessage)12 NotAuthorizedException (org.apache.geode.security.NotAuthorizedException)12 Set (java.util.Set)11 RegionDestroyedException (org.apache.geode.cache.RegionDestroyedException)11 StringId (org.apache.geode.i18n.StringId)11 Region (org.apache.geode.cache.Region)8 Function (org.apache.geode.cache.execute.Function)8 FunctionException (org.apache.geode.cache.execute.FunctionException)8 ExecuteFunctionOperationContext (org.apache.geode.cache.operations.ExecuteFunctionOperationContext)8 InternalFunctionInvocationTargetException (org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException)8 MemberMappedArgument (org.apache.geode.internal.cache.execute.MemberMappedArgument)8