Example 41 with AuthorizeRequest
use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.
the class ExecuteRegionFunction65 method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection servConn, long start) throws IOException {
String regionName = null;
Object function = null;
Object args = null;
MemberMappedArgument memberMappedArg = null;
byte isReExecute = 0;
Set<Object> filter = null;
byte hasResult = 0;
int removedNodesSize = 0;
Set<Object> removedNodesSet = null;
int filterSize = 0, partNumber = 0;
CachedRegionHelper crHelper = servConn.getCachedRegionHelper();
byte functionState = 0;
try {
functionState = clientMessage.getPart(0).getSerializedForm()[0];
if (functionState != 1) {
hasResult = (byte) ((functionState & 2) - 1);
} else {
hasResult = functionState;
}
if (hasResult == 1) {
servConn.setAsTrue(REQUIRES_RESPONSE);
servConn.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
}
regionName = clientMessage.getPart(1).getString();
function = clientMessage.getPart(2).getStringOrObject();
args = clientMessage.getPart(3).getObject();
Part part = clientMessage.getPart(4);
if (part != null) {
Object obj = part.getObject();
if (obj instanceof MemberMappedArgument) {
memberMappedArg = (MemberMappedArgument) obj;
}
}
isReExecute = clientMessage.getPart(5).getSerializedForm()[0];
filterSize = clientMessage.getPart(6).getInt();
if (filterSize != 0) {
filter = new HashSet<Object>();
partNumber = 7;
for (int i = 0; i < filterSize; i++) {
filter.add(clientMessage.getPart(partNumber + i).getStringOrObject());
}
}
partNumber = 7 + filterSize;
removedNodesSize = clientMessage.getPart(partNumber).getInt();
if (removedNodesSize != 0) {
removedNodesSet = new HashSet<Object>();
partNumber = partNumber + 1;
for (int i = 0; i < removedNodesSize; i++) {
removedNodesSet.add(clientMessage.getPart(partNumber + i).getStringOrObject());
}
}
} catch (ClassNotFoundException exception) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), exception);
if (hasResult == 1) {
writeChunkedException(clientMessage, exception, servConn);
servConn.setAsTrue(RESPONDED);
return;
}
}
if (function == null || regionName == null) {
String message = null;
if (function == null) {
message = LocalizedStrings.ExecuteRegionFunction_THE_INPUT_0_FOR_THE_EXECUTE_FUNCTION_REQUEST_IS_NULL.toLocalizedString("function");
}
if (regionName == null) {
message = LocalizedStrings.ExecuteRegionFunction_THE_INPUT_0_FOR_THE_EXECUTE_FUNCTION_REQUEST_IS_NULL.toLocalizedString("region");
}
logger.warn("{}: {}", servConn.getName(), message);
sendError(hasResult, clientMessage, message, servConn);
return;
}
Region region = crHelper.getRegion(regionName);
if (region == null) {
String message = LocalizedStrings.ExecuteRegionFunction_THE_REGION_NAMED_0_WAS_NOT_FOUND_DURING_EXECUTE_FUNCTION_REQUEST.toLocalizedString(regionName);
logger.warn("{}: {}", servConn.getName(), message);
sendError(hasResult, clientMessage, message, servConn);
return;
}
HandShake handShake = (HandShake) servConn.getHandshake();
int earlierClientReadTimeout = handShake.getClientReadTimeout();
handShake.setClientReadTimeout(0);
ServerToClientFunctionResultSender resultSender = null;
Function functionObject = null;
try {
if (function instanceof String) {
functionObject = FunctionService.getFunction((String) function);
if (functionObject == null) {
String message = LocalizedStrings.ExecuteRegionFunction_THE_FUNCTION_0_HAS_NOT_BEEN_REGISTERED.toLocalizedString(function);
logger.warn("{}: {}", servConn.getName(), message);
sendError(hasResult, clientMessage, message, servConn);
return;
} else {
byte functionStateOnServerSide = AbstractExecution.getFunctionState(functionObject.isHA(), functionObject.hasResult(), functionObject.optimizeForWrite());
if (logger.isDebugEnabled()) {
logger.debug("Function State on server side: {} on client: {}", functionStateOnServerSide, functionState);
}
if (functionStateOnServerSide != functionState) {
String message = LocalizedStrings.FunctionService_FUNCTION_ATTRIBUTE_MISMATCH_CLIENT_SERVER.toLocalizedString(function);
logger.warn("{}: {}", servConn.getName(), message);
sendError(hasResult, clientMessage, message, servConn);
return;
}
}
} else {
functionObject = (Function) function;
}
this.securityService.authorizeDataWrite();
// check if the caller is authorized to do this operation on server
AuthorizeRequest authzRequest = servConn.getAuthzRequest();
final String functionName = functionObject.getId();
final String regionPath = region.getFullPath();
ExecuteFunctionOperationContext executeContext = null;
if (authzRequest != null) {
executeContext = authzRequest.executeFunctionAuthorize(functionName, regionPath, filter, args, functionObject.optimizeForWrite());
}
// Construct execution
AbstractExecution execution = (AbstractExecution) FunctionService.onRegion(region);
ChunkedMessage m = servConn.getFunctionResponseMessage();
m.setTransactionId(clientMessage.getTransactionId());
resultSender = new ServerToClientFunctionResultSender65(m, MessageType.EXECUTE_REGION_FUNCTION_RESULT, servConn, functionObject, executeContext);
if (execution instanceof PartitionedRegionFunctionExecutor) {
execution = new PartitionedRegionFunctionExecutor((PartitionedRegion) region, filter, args, memberMappedArg, resultSender, removedNodesSet, false);
} else {
execution = new DistributedRegionFunctionExecutor((DistributedRegion) region, filter, args, memberMappedArg, resultSender);
}
if (isReExecute == 1) {
execution = execution.setIsReExecute();
}
if (logger.isDebugEnabled()) {
logger.debug("Executing Function: {} on Server: {} with Execution: {} functionState={} reexecute={} hasResult={}", functionObject.getId(), servConn, execution, functionState, isReExecute, hasResult);
}
if (hasResult == 1) {
if (function instanceof String) {
switch(functionState) {
case AbstractExecution.NO_HA_HASRESULT_NO_OPTIMIZEFORWRITE:
execution.execute((String) function, true, false, false).getResult();
break;
case AbstractExecution.HA_HASRESULT_NO_OPTIMIZEFORWRITE:
execution.execute((String) function, true, true, false).getResult();
break;
case AbstractExecution.HA_HASRESULT_OPTIMIZEFORWRITE:
execution.execute((String) function, true, true, true).getResult();
break;
case AbstractExecution.NO_HA_HASRESULT_OPTIMIZEFORWRITE:
execution.execute((String) function, true, false, true).getResult();
break;
}
} else {
execution.execute(functionObject).getResult();
}
} else {
if (function instanceof String) {
switch(functionState) {
case AbstractExecution.NO_HA_NO_HASRESULT_NO_OPTIMIZEFORWRITE:
execution.execute((String) function, false, false, false);
break;
case AbstractExecution.NO_HA_NO_HASRESULT_OPTIMIZEFORWRITE:
execution.execute((String) function, false, false, true);
break;
}
} else {
execution.execute(functionObject);
}
}
} catch (IOException ioe) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), ioe);
final String message = LocalizedStrings.ExecuteRegionFunction_SERVER_COULD_NOT_SEND_THE_REPLY.toLocalizedString();
sendException(hasResult, clientMessage, message, servConn, ioe);
} catch (FunctionException fe) {
String message = fe.getMessage();
if (fe.getCause() instanceof FunctionInvocationTargetException) {
if (fe.getCause() instanceof InternalFunctionInvocationTargetException) {
// 4> in case of HA member departed
if (logger.isDebugEnabled()) {
logger.debug(LocalizedMessage.create(LocalizedStrings.ExecuteFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, new Object[] { function }), fe);
}
} else if (functionObject.isHA()) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function + " :" + message));
} else {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), fe);
}
resultSender.setException(fe);
} else {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), fe);
sendException(hasResult, clientMessage, message, servConn, fe);
}
} catch (Exception e) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), e);
String message = e.getMessage();
sendException(hasResult, clientMessage, message, servConn, e);
} finally {
handShake.setClientReadTimeout(earlierClientReadTimeout);
}
}
Also used :
AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest)
CachedRegionHelper(org.apache.geode.internal.cache.tier.CachedRegionHelper)
Function(org.apache.geode.cache.execute.Function)
HandShake(org.apache.geode.internal.cache.tier.sockets.HandShake)
MemberMappedArgument(org.apache.geode.internal.cache.execute.MemberMappedArgument)
DistributedRegion(org.apache.geode.internal.cache.DistributedRegion)
AbstractExecution(org.apache.geode.internal.cache.execute.AbstractExecution)
PartitionedRegionFunctionExecutor(org.apache.geode.internal.cache.execute.PartitionedRegionFunctionExecutor)
ExecuteFunctionOperationContext(org.apache.geode.cache.operations.ExecuteFunctionOperationContext)
ServerToClientFunctionResultSender65(org.apache.geode.internal.cache.execute.ServerToClientFunctionResultSender65)
FunctionException(org.apache.geode.cache.execute.FunctionException)
IOException(java.io.IOException)
DistributedRegionFunctionExecutor(org.apache.geode.internal.cache.execute.DistributedRegionFunctionExecutor)
FunctionInvocationTargetException(org.apache.geode.cache.execute.FunctionInvocationTargetException)
FunctionException(org.apache.geode.cache.execute.FunctionException)
IOException(java.io.IOException)
InternalFunctionInvocationTargetException(org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException)
Part(org.apache.geode.internal.cache.tier.sockets.Part)
PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion)
InternalFunctionInvocationTargetException(org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException)
FunctionInvocationTargetException(org.apache.geode.cache.execute.FunctionInvocationTargetException)
InternalFunctionInvocationTargetException(org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException)
DistributedRegion(org.apache.geode.internal.cache.DistributedRegion)
Region(org.apache.geode.cache.Region)
PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion)
ServerToClientFunctionResultSender(org.apache.geode.internal.cache.execute.ServerToClientFunctionResultSender)
ChunkedMessage(org.apache.geode.internal.cache.tier.sockets.ChunkedMessage)
Example 42 with AuthorizeRequest
use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.
the class ExecuteRegionFunction66 method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection servConn, long start) throws IOException {
String regionName = null;
Object function = null;
Object args = null;
MemberMappedArgument memberMappedArg = null;
final boolean isBucketsAsFilter;
final byte isReExecute;
Set<Object> filter = null;
byte hasResult = 0;
int removedNodesSize = 0;
Set<Object> removedNodesSet = null;
int filterSize = 0, partNumber = 0;
CachedRegionHelper crHelper = servConn.getCachedRegionHelper();
byte functionState = 0;
int functionTimeout = ConnectionImpl.DEFAULT_CLIENT_FUNCTION_TIMEOUT;
try {
byte[] bytes = clientMessage.getPart(0).getSerializedForm();
functionState = bytes[0];
if (bytes.length >= 5 && servConn.getClientVersion().ordinal() >= Version.GFE_8009.ordinal()) {
functionTimeout = Part.decodeInt(bytes, 1);
}
if (functionState != 1) {
hasResult = (byte) ((functionState & 2) - 1);
} else {
hasResult = functionState;
}
if (hasResult == 1) {
servConn.setAsTrue(REQUIRES_RESPONSE);
servConn.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
}
regionName = clientMessage.getPart(1).getString();
function = clientMessage.getPart(2).getStringOrObject();
args = clientMessage.getPart(3).getObject();
Part part = clientMessage.getPart(4);
if (part != null) {
Object obj = part.getObject();
if (obj instanceof MemberMappedArgument) {
memberMappedArg = (MemberMappedArgument) obj;
}
}
byte[] flags = clientMessage.getPart(5).getSerializedForm();
if (servConn.getClientVersion().ordinal() > Version.GFE_81.ordinal()) {
isBucketsAsFilter = (flags[0] & ExecuteFunctionHelper.BUCKETS_AS_FILTER_MASK) != 0;
isReExecute = (flags[0] & ExecuteFunctionHelper.IS_REXECUTE_MASK) != 0 ? (byte) 1 : 0;
} else {
isReExecute = flags[0];
isBucketsAsFilter = false;
}
filterSize = clientMessage.getPart(6).getInt();
if (filterSize != 0) {
filter = new HashSet<Object>();
partNumber = 7;
for (int i = 0; i < filterSize; i++) {
filter.add(clientMessage.getPart(partNumber + i).getStringOrObject());
}
}
partNumber = 7 + filterSize;
removedNodesSize = clientMessage.getPart(partNumber).getInt();
if (removedNodesSize != 0) {
removedNodesSet = new HashSet<Object>();
partNumber = partNumber + 1;
for (int i = 0; i < removedNodesSize; i++) {
removedNodesSet.add(clientMessage.getPart(partNumber + i).getStringOrObject());
}
}
} catch (ClassNotFoundException exception) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), exception);
if (hasResult == 1) {
writeChunkedException(clientMessage, exception, servConn);
} else {
writeException(clientMessage, exception, false, servConn);
}
servConn.setAsTrue(RESPONDED);
return;
}
if (function == null || regionName == null) {
String message = null;
if (function == null) {
message = LocalizedStrings.ExecuteRegionFunction_THE_INPUT_0_FOR_THE_EXECUTE_FUNCTION_REQUEST_IS_NULL.toLocalizedString("function");
}
if (regionName == null) {
message = LocalizedStrings.ExecuteRegionFunction_THE_INPUT_0_FOR_THE_EXECUTE_FUNCTION_REQUEST_IS_NULL.toLocalizedString("region");
}
logger.warn("{}: {}", servConn.getName(), message);
sendError(hasResult, clientMessage, message, servConn);
return;
}
Region region = crHelper.getRegion(regionName);
if (region == null) {
String message = LocalizedStrings.ExecuteRegionFunction_THE_REGION_NAMED_0_WAS_NOT_FOUND_DURING_EXECUTE_FUNCTION_REQUEST.toLocalizedString(regionName);
logger.warn("{}: {}", servConn.getName(), message);
sendError(hasResult, clientMessage, message, servConn);
return;
}
HandShake handShake = (HandShake) servConn.getHandshake();
int earlierClientReadTimeout = handShake.getClientReadTimeout();
handShake.setClientReadTimeout(functionTimeout);
ServerToClientFunctionResultSender resultSender = null;
Function functionObject = null;
try {
if (function instanceof String) {
functionObject = FunctionService.getFunction((String) function);
if (functionObject == null) {
String message = LocalizedStrings.ExecuteRegionFunction_THE_FUNCTION_0_HAS_NOT_BEEN_REGISTERED.toLocalizedString(function);
logger.warn("{}: {}", servConn.getName(), message);
sendError(hasResult, clientMessage, message, servConn);
return;
} else {
byte functionStateOnServerSide = AbstractExecution.getFunctionState(functionObject.isHA(), functionObject.hasResult(), functionObject.optimizeForWrite());
if (logger.isDebugEnabled()) {
logger.debug("Function State on server side: {} on client: {}", functionStateOnServerSide, functionState);
}
if (functionStateOnServerSide != functionState) {
String message = LocalizedStrings.FunctionService_FUNCTION_ATTRIBUTE_MISMATCH_CLIENT_SERVER.toLocalizedString(function);
logger.warn("{}: {}", servConn.getName(), message);
sendError(hasResult, clientMessage, message, servConn);
return;
}
}
} else {
functionObject = (Function) function;
}
this.securityService.authorizeDataWrite();
// check if the caller is authorized to do this operation on server
AuthorizeRequest authzRequest = servConn.getAuthzRequest();
final String functionName = functionObject.getId();
final String regionPath = region.getFullPath();
ExecuteFunctionOperationContext executeContext = null;
if (authzRequest != null) {
executeContext = authzRequest.executeFunctionAuthorize(functionName, regionPath, filter, args, functionObject.optimizeForWrite());
}
// Construct execution
AbstractExecution execution = (AbstractExecution) FunctionService.onRegion(region);
ChunkedMessage m = servConn.getFunctionResponseMessage();
m.setTransactionId(clientMessage.getTransactionId());
resultSender = new ServerToClientFunctionResultSender65(m, MessageType.EXECUTE_REGION_FUNCTION_RESULT, servConn, functionObject, executeContext);
if (execution instanceof PartitionedRegionFunctionExecutor) {
if ((hasResult == 1) && filter != null && filter.size() == 1) {
ServerConnection.executeFunctionOnLocalNodeOnly((byte) 1);
}
execution = new PartitionedRegionFunctionExecutor((PartitionedRegion) region, filter, args, memberMappedArg, resultSender, removedNodesSet, isBucketsAsFilter);
} else {
execution = new DistributedRegionFunctionExecutor((DistributedRegion) region, filter, args, memberMappedArg, resultSender);
}
if (isReExecute == 1) {
execution = execution.setIsReExecute();
}
if (logger.isDebugEnabled()) {
logger.debug("Executing Function: {} on Server: {} with Execution: {} functionState={} reExecute={} hasResult={}", functionObject.getId(), servConn, execution, functionState, isReExecute, hasResult);
}
if (hasResult == 1) {
if (function instanceof String) {
switch(functionState) {
case AbstractExecution.NO_HA_HASRESULT_NO_OPTIMIZEFORWRITE:
execution.execute((String) function, true, false, false).getResult();
break;
case AbstractExecution.HA_HASRESULT_NO_OPTIMIZEFORWRITE:
execution.execute((String) function, true, true, false).getResult();
break;
case AbstractExecution.HA_HASRESULT_OPTIMIZEFORWRITE:
execution.execute((String) function, true, true, true).getResult();
break;
case AbstractExecution.NO_HA_HASRESULT_OPTIMIZEFORWRITE:
execution.execute((String) function, true, false, true).getResult();
break;
}
} else {
execution.execute(functionObject).getResult();
}
} else {
if (function instanceof String) {
switch(functionState) {
case AbstractExecution.NO_HA_NO_HASRESULT_NO_OPTIMIZEFORWRITE:
execution.execute((String) function, false, false, false);
break;
case AbstractExecution.NO_HA_NO_HASRESULT_OPTIMIZEFORWRITE:
execution.execute((String) function, false, false, true);
break;
}
} else {
execution.execute(functionObject);
}
writeReply(clientMessage, servConn);
}
} catch (IOException ioe) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), ioe);
final String message = LocalizedStrings.ExecuteRegionFunction_SERVER_COULD_NOT_SEND_THE_REPLY.toLocalizedString();
sendException(hasResult, clientMessage, message, servConn, ioe);
} catch (FunctionException fe) {
String message = fe.getMessage();
Object cause = fe.getCause();
if (cause instanceof FunctionInvocationTargetException || cause instanceof QueryInvocationTargetException) {
if (cause instanceof InternalFunctionInvocationTargetException) {
// 4> in case of HA member departed
if (logger.isDebugEnabled()) {
logger.debug(LocalizedMessage.create(LocalizedStrings.ExecuteFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, new Object[] { function }), fe);
}
} else if (functionObject.isHA()) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function + " :" + message));
} else {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), fe);
}
resultSender.setException(fe);
} else {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), fe);
sendException(hasResult, clientMessage, message, servConn, fe);
}
} catch (Exception e) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ExecuteRegionFunction_EXCEPTION_ON_SERVER_WHILE_EXECUTIONG_FUNCTION_0, function), e);
String message = e.getMessage();
sendException(hasResult, clientMessage, message, servConn, e);
} finally {
handShake.setClientReadTimeout(earlierClientReadTimeout);
ServerConnection.executeFunctionOnLocalNodeOnly((byte) 0);
}
}
Also used :
AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest)
CachedRegionHelper(org.apache.geode.internal.cache.tier.CachedRegionHelper)
Function(org.apache.geode.cache.execute.Function)
HandShake(org.apache.geode.internal.cache.tier.sockets.HandShake)
MemberMappedArgument(org.apache.geode.internal.cache.execute.MemberMappedArgument)
DistributedRegion(org.apache.geode.internal.cache.DistributedRegion)
AbstractExecution(org.apache.geode.internal.cache.execute.AbstractExecution)
PartitionedRegionFunctionExecutor(org.apache.geode.internal.cache.execute.PartitionedRegionFunctionExecutor)
ExecuteFunctionOperationContext(org.apache.geode.cache.operations.ExecuteFunctionOperationContext)
ServerToClientFunctionResultSender65(org.apache.geode.internal.cache.execute.ServerToClientFunctionResultSender65)
FunctionException(org.apache.geode.cache.execute.FunctionException)
QueryInvocationTargetException(org.apache.geode.cache.query.QueryInvocationTargetException)
IOException(java.io.IOException)
DistributedRegionFunctionExecutor(org.apache.geode.internal.cache.execute.DistributedRegionFunctionExecutor)
FunctionInvocationTargetException(org.apache.geode.cache.execute.FunctionInvocationTargetException)
FunctionException(org.apache.geode.cache.execute.FunctionException)
IOException(java.io.IOException)
InternalFunctionInvocationTargetException(org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException)
QueryInvocationTargetException(org.apache.geode.cache.query.QueryInvocationTargetException)
Part(org.apache.geode.internal.cache.tier.sockets.Part)
PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion)
InternalFunctionInvocationTargetException(org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException)
FunctionInvocationTargetException(org.apache.geode.cache.execute.FunctionInvocationTargetException)
InternalFunctionInvocationTargetException(org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException)
DistributedRegion(org.apache.geode.internal.cache.DistributedRegion)
Region(org.apache.geode.cache.Region)
PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion)
ServerToClientFunctionResultSender(org.apache.geode.internal.cache.execute.ServerToClientFunctionResultSender)
ChunkedMessage(org.apache.geode.internal.cache.tier.sockets.ChunkedMessage)
Example 43 with AuthorizeRequest
use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.
the class GetAll method fillAndSendGetAllResponseChunks.
private void fillAndSendGetAllResponseChunks(Region region, String regionName, Object[] keys, ServerConnection servConn) throws IOException {
// Interpret null keys object as a request to get all key,value entry pairs
// of the region; otherwise iterate each key and perform the get behavior.
Iterator allKeysIter;
int numKeys;
if (keys != null) {
allKeysIter = null;
numKeys = keys.length;
} else {
Set allKeys = region.keySet();
allKeysIter = allKeys.iterator();
numKeys = allKeys.size();
}
ObjectPartList values = new ObjectPartList(MAXIMUM_CHUNK_SIZE, keys == null);
AuthorizeRequest authzRequest = servConn.getAuthzRequest();
AuthorizeRequestPP postAuthzRequest = servConn.getPostAuthzRequest();
Request request = (Request) Request.getCommand();
Object[] valueAndIsObject = new Object[3];
for (int i = 0; i < numKeys; i++) {
// Send the intermediate chunk if necessary
if (values.size() == MAXIMUM_CHUNK_SIZE) {
// Send the chunk and clear the list
sendGetAllResponseChunk(region, values, false, servConn);
values.clear();
}
Object key;
if (keys != null) {
key = keys[i];
} else {
key = allKeysIter.next();
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Getting value for key={}", servConn.getName(), key);
}
// Determine if the user authorized to get this key
GetOperationContext getContext = null;
if (authzRequest != null) {
try {
getContext = authzRequest.getAuthorize(regionName, key, null);
if (logger.isDebugEnabled()) {
logger.debug("{}: Passed GET pre-authorization for key={}", servConn.getName(), key);
}
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[] { servConn.getName(), key }), ex);
values.addExceptionPart(key, ex);
continue;
}
}
try {
this.securityService.authorizeRegionRead(regionName, key.toString());
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[] { servConn.getName(), key }), ex);
values.addExceptionPart(key, ex);
continue;
}
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
// Getting a value in serialized form is pretty nasty. I split this out
// so the logic can be re-used by the CacheClientProxy.
request.getValueAndIsObject(region, key, null, servConn, valueAndIsObject);
Object value = valueAndIsObject[0];
boolean isObject = ((Boolean) valueAndIsObject[1]).booleanValue();
if (logger.isDebugEnabled()) {
logger.debug("{}: Retrieved value for key={}: {}", servConn.getName(), key, value);
}
if (postAuthzRequest != null) {
try {
getContext = postAuthzRequest.getAuthorize(regionName, key, value, isObject, getContext);
byte[] serializedValue = getContext.getSerializedValue();
if (serializedValue == null) {
value = getContext.getObject();
} else {
value = serializedValue;
}
isObject = getContext.isObject();
if (logger.isDebugEnabled()) {
logger.debug("{}: Passed GET post-authorization for key={}: {}", servConn.getName(), key, value);
}
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[] { servConn.getName(), key }), ex);
values.addExceptionPart(key, ex);
continue;
}
}
// post process
value = this.securityService.postProcess(regionName, key, value, isObject);
if (logger.isDebugEnabled()) {
logger.debug("{}: Returning value for key={}: {}", servConn.getName(), key, value);
}
// Add the value to the list of values
values.addObjectPart(key, value, isObject, null);
}
// Send the last chunk even if the list is of zero size.
sendGetAllResponseChunk(region, values, true, servConn);
servConn.setAsTrue(RESPONDED);
}
Also used :
Set(java.util.Set)
ObjectPartList(org.apache.geode.internal.cache.tier.sockets.ObjectPartList)
AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest)
AuthorizeRequestPP(org.apache.geode.internal.security.AuthorizeRequestPP)
AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest)
NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)
GetOperationContext(org.apache.geode.cache.operations.GetOperationContext)
Iterator(java.util.Iterator)
Example 44 with AuthorizeRequest
use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.
the class GetAll651 method fillAndSendGetAllResponseChunks.
private void fillAndSendGetAllResponseChunks(Region region, String regionName, Object[] keys, ServerConnection servConn) throws IOException {
// Interpret null keys object as a request to get all key,value entry pairs
// of the region; otherwise iterate each key and perform the get behavior.
Iterator allKeysIter;
int numKeys;
if (keys != null) {
allKeysIter = null;
numKeys = keys.length;
} else {
Set allKeys = region.keySet();
allKeysIter = allKeys.iterator();
numKeys = allKeys.size();
}
ObjectPartList651 values = getObjectPartsList(keys == null);
AuthorizeRequest authzRequest = servConn.getAuthzRequest();
AuthorizeRequestPP postAuthzRequest = servConn.getPostAuthzRequest();
Request request = (Request) Request.getCommand();
Object[] valueAndIsObject = new Object[3];
final boolean isDebugEnabled = logger.isDebugEnabled();
for (int i = 0; i < numKeys; i++) {
// Send the intermediate chunk if necessary
if (values.size() == MAXIMUM_CHUNK_SIZE) {
// Send the chunk and clear the list
sendGetAllResponseChunk(region, values, false, servConn);
values.clear();
}
Object key;
boolean keyNotPresent = false;
if (keys != null) {
key = keys[i];
} else {
key = allKeysIter.next();
}
if (isDebugEnabled) {
logger.debug("{}: Getting value for key={}", servConn.getName(), key);
}
// Determine if the user authorized to get this key
GetOperationContext getContext = null;
if (authzRequest != null) {
try {
getContext = authzRequest.getAuthorize(regionName, key, null);
if (isDebugEnabled) {
logger.debug("{}: Passed GET pre-authorization for key={}", servConn.getName(), key);
}
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[] { servConn.getName(), key }), ex);
values.addExceptionPart(key, ex);
continue;
}
}
try {
this.securityService.authorizeRegionRead(regionName, key.toString());
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[] { servConn.getName(), key }), ex);
values.addExceptionPart(key, ex);
continue;
}
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
// Getting a value in serialized form is pretty nasty. I split this out
// so the logic can be re-used by the CacheClientProxy.
request.getValueAndIsObject(region, key, null, servConn, valueAndIsObject);
Object value = valueAndIsObject[0];
boolean isObject = ((Boolean) valueAndIsObject[1]).booleanValue();
keyNotPresent = ((Boolean) valueAndIsObject[2]).booleanValue();
;
if (isDebugEnabled) {
logger.debug("{}: Retrieved value for key={}: {}", servConn.getName(), key, value);
}
if (postAuthzRequest != null) {
try {
getContext = postAuthzRequest.getAuthorize(regionName, key, value, isObject, getContext);
byte[] serializedValue = getContext.getSerializedValue();
if (serializedValue == null) {
value = getContext.getObject();
} else {
value = serializedValue;
}
isObject = getContext.isObject();
if (isDebugEnabled) {
logger.debug("{}: Passed GET post-authorization for key={}: {}", servConn.getName(), key, value);
}
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[] { servConn.getName(), key }), ex);
values.addExceptionPart(key, ex);
continue;
}
}
value = this.securityService.postProcess(regionName, key, value, isObject);
if (isDebugEnabled) {
logger.debug("{}: Returning value for key={}: {}", servConn.getName(), key, value);
}
// Add the value to the list of values
if (keyNotPresent) {
if (logger.isDebugEnabled()) {
logger.debug("{}: key={} is not present on server.", servConn.getName(), key);
}
values.addObjectPartForAbsentKey(key, value);
} else {
values.addObjectPart(key, value, isObject, null);
}
}
// Send the last chunk even if the list is of zero size.
sendGetAllResponseChunk(region, values, true, servConn);
servConn.setAsTrue(RESPONDED);
}
Also used :
Set(java.util.Set)
AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest)
ObjectPartList651(org.apache.geode.internal.cache.tier.sockets.ObjectPartList651)
AuthorizeRequestPP(org.apache.geode.internal.security.AuthorizeRequestPP)
AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest)
NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)
GetOperationContext(org.apache.geode.cache.operations.GetOperationContext)
Iterator(java.util.Iterator)
Example 45 with AuthorizeRequest
use of org.apache.geode.internal.security.AuthorizeRequest in project geode by apache.
the class ContainsKey method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
Part regionNamePart = null;
Part keyPart = null;
String regionName = null;
Object key = null;
CacheServerStats stats = serverConnection.getCacheServerStats();
serverConnection.setAsTrue(REQUIRES_RESPONSE);
{
long oldStart = start;
start = DistributionStats.getStatTime();
stats.incReadContainsKeyRequestTime(start - oldStart);
}
// Retrieve the data from the message parts
regionNamePart = clientMessage.getPart(0);
keyPart = clientMessage.getPart(1);
regionName = regionNamePart.getString();
try {
key = keyPart.getStringOrObject();
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Received containsKey request ({} bytes) from {} for region {} key {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key);
}
// Process the containsKey request
if (key == null || regionName == null) {
String errMessage = "";
if (key == null) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ContainsKey_0_THE_INPUT_KEY_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL, serverConnection.getName()));
errMessage = LocalizedStrings.ContainsKey_THE_INPUT_KEY_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL.toLocalizedString();
}
if (regionName == null) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ContainsKey_0_THE_INPUT_REGION_NAME_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL, serverConnection.getName()));
errMessage = LocalizedStrings.ContainsKey_THE_INPUT_REGION_NAME_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL.toLocalizedString();
}
writeErrorResponse(clientMessage, MessageType.CONTAINS_KEY_DATA_ERROR, errMessage, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName);
if (region == null) {
String reason = LocalizedStrings.ContainsKey_WAS_NOT_FOUND_DURING_CONTAINSKEY_REQUEST.toLocalizedString();
writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
try {
this.securityService.authorizeRegionRead(regionName, key.toString());
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
try {
authzRequest.containsKeyAuthorize(regionName, key);
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
}
// Execute the containsKey
boolean containsKey = region.containsKey(key);
// Update the statistics and write the reply
{
long oldStart = start;
start = DistributionStats.getStatTime();
stats.incProcessContainsKeyTime(start - oldStart);
}
writeContainsKeyResponse(containsKey, clientMessage, serverConnection);
serverConnection.setAsTrue(RESPONDED);
if (logger.isDebugEnabled()) {
logger.debug("{}: Sent containsKey response for region {} key {}", serverConnection.getName(), regionName, key);
}
stats.incWriteContainsKeyResponseTime(DistributionStats.getStatTime() - start);
}
Also used :
CacheServerStats(org.apache.geode.internal.cache.tier.sockets.CacheServerStats)
AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest)
Part(org.apache.geode.internal.cache.tier.sockets.Part)
LocalRegion(org.apache.geode.internal.cache.LocalRegion)
NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)
IOException(java.io.IOException)
NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)
Aggregations
AuthorizeRequest (org.apache.geode.internal.security.AuthorizeRequest)48
IOException (java.io.IOException)40
Part (org.apache.geode.internal.cache.tier.sockets.Part)33
CachedRegionHelper (org.apache.geode.internal.cache.tier.CachedRegionHelper)26
LocalRegion (org.apache.geode.internal.cache.LocalRegion)23
CacheServerStats (org.apache.geode.internal.cache.tier.sockets.CacheServerStats)21
PartitionedRegion (org.apache.geode.internal.cache.PartitionedRegion)16
EventID (org.apache.geode.internal.cache.EventID)13
ByteBuffer (java.nio.ByteBuffer)12
ChunkedMessage (org.apache.geode.internal.cache.tier.sockets.ChunkedMessage)12
NotAuthorizedException (org.apache.geode.security.NotAuthorizedException)12
Set (java.util.Set)11
RegionDestroyedException (org.apache.geode.cache.RegionDestroyedException)11
StringId (org.apache.geode.i18n.StringId)11
Region (org.apache.geode.cache.Region)8
Function (org.apache.geode.cache.execute.Function)8
FunctionException (org.apache.geode.cache.execute.FunctionException)8
ExecuteFunctionOperationContext (org.apache.geode.cache.operations.ExecuteFunctionOperationContext)8
InternalFunctionInvocationTargetException (org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException)8
MemberMappedArgument (org.apache.geode.internal.cache.execute.MemberMappedArgument)8
