Search in sources :

Example 1 with AccessControl

use of org.apache.geode.security.AccessControl in project geode by apache.

the class CacheClientNotifier method registerGFEClient.

protected void registerGFEClient(DataInputStream dis, DataOutputStream dos, Socket socket, boolean isPrimary, long startTime, Version clientVersion, long acceptorId, boolean notifyBySubscription) throws IOException {
    // Read the ports and throw them away. We no longer need them
    int numberOfPorts = dis.readInt();
    for (int i = 0; i < numberOfPorts; i++) {
        dis.readInt();
    }
    // Read the handshake identifier and convert it to a string member id
    ClientProxyMembershipID proxyID = null;
    CacheClientProxy proxy;
    AccessControl authzCallback = null;
    byte clientConflation = HandShake.CONFLATION_DEFAULT;
    try {
        proxyID = ClientProxyMembershipID.readCanonicalized(dis);
        if (getBlacklistedClient().contains(proxyID)) {
            writeException(dos, HandShake.REPLY_INVALID, new Exception("This client is blacklisted by server"), clientVersion);
            return;
        }
        proxy = getClientProxy(proxyID);
        DistributedMember member = proxyID.getDistributedMember();
        DistributedSystem system = this.getCache().getDistributedSystem();
        Properties sysProps = system.getProperties();
        String authenticator = sysProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
        if (clientVersion.compareTo(Version.GFE_603) >= 0) {
            byte[] overrides = HandShake.extractOverrides(new byte[] { (byte) dis.read() });
            clientConflation = overrides[0];
        } else {
            clientConflation = (byte) dis.read();
        }
        switch(clientConflation) {
            case HandShake.CONFLATION_DEFAULT:
            case HandShake.CONFLATION_OFF:
            case HandShake.CONFLATION_ON:
                break;
            default:
                writeException(dos, HandShake.REPLY_INVALID, new IllegalArgumentException("Invalid conflation byte"), clientVersion);
                return;
        }
        proxy = registerClient(socket, proxyID, proxy, isPrimary, clientConflation, clientVersion, acceptorId, notifyBySubscription);
        Properties credentials = HandShake.readCredentials(dis, dos, system);
        if (credentials != null && proxy != null) {
            if (securityLogWriter.fineEnabled()) {
                securityLogWriter.fine("CacheClientNotifier: verifying credentials for proxyID: " + proxyID);
            }
            Object subject = HandShake.verifyCredentials(authenticator, credentials, system.getSecurityProperties(), this.logWriter, this.securityLogWriter, member);
            if (subject instanceof Principal) {
                Principal principal = (Principal) subject;
                if (securityLogWriter.fineEnabled()) {
                    securityLogWriter.fine("CacheClientNotifier: successfully verified credentials for proxyID: " + proxyID + " having principal: " + principal.getName());
                }
                String postAuthzFactoryName = sysProps.getProperty(SECURITY_CLIENT_ACCESSOR_PP);
                if (postAuthzFactoryName != null && postAuthzFactoryName.length() > 0) {
                    if (principal == null) {
                        securityLogWriter.warning(LocalizedStrings.CacheClientNotifier_CACHECLIENTNOTIFIER_POST_PROCESS_AUTHORIZATION_CALLBACK_ENABLED_BUT_AUTHENTICATION_CALLBACK_0_RETURNED_WITH_NULL_CREDENTIALS_FOR_PROXYID_1, new Object[] { SECURITY_CLIENT_AUTHENTICATOR, proxyID });
                    }
                    Method authzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName);
                    authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
                    authzCallback.init(principal, member, this.getCache());
                }
                proxy.setPostAuthzCallback(authzCallback);
            } else if (subject instanceof Subject) {
                proxy.setSubject((Subject) subject);
            }
        }
    } catch (ClassNotFoundException e) {
        throw new IOException(LocalizedStrings.CacheClientNotifier_CLIENTPROXYMEMBERSHIPID_OBJECT_COULD_NOT_BE_CREATED_EXCEPTION_OCCURRED_WAS_0.toLocalizedString(e));
    } catch (AuthenticationRequiredException ex) {
        securityLogWriter.warning(LocalizedStrings.CacheClientNotifier_AN_EXCEPTION_WAS_THROWN_FOR_CLIENT_0_1, new Object[] { proxyID, ex });
        writeException(dos, HandShake.REPLY_EXCEPTION_AUTHENTICATION_REQUIRED, ex, clientVersion);
        return;
    } catch (AuthenticationFailedException ex) {
        securityLogWriter.warning(LocalizedStrings.CacheClientNotifier_AN_EXCEPTION_WAS_THROWN_FOR_CLIENT_0_1, new Object[] { proxyID, ex });
        writeException(dos, HandShake.REPLY_EXCEPTION_AUTHENTICATION_FAILED, ex, clientVersion);
        return;
    } catch (CacheException e) {
        logger.warn(LocalizedMessage.create(LocalizedStrings.CacheClientNotifier_0_REGISTERCLIENT_EXCEPTION_ENCOUNTERED_IN_REGISTRATION_1, new Object[] { this, e }), e);
        IOException io = new IOException(LocalizedStrings.CacheClientNotifier_EXCEPTION_OCCURRED_WHILE_TRYING_TO_REGISTER_INTEREST_DUE_TO_0.toLocalizedString(e.getMessage()));
        io.initCause(e);
        throw io;
    } catch (Exception ex) {
        logger.warn(LocalizedMessage.create(LocalizedStrings.CacheClientNotifier_AN_EXCEPTION_WAS_THROWN_FOR_CLIENT_0_1, new Object[] { proxyID, "" }), ex);
        writeException(dos, Acceptor.UNSUCCESSFUL_SERVER_TO_CLIENT, ex, clientVersion);
        return;
    }
    this.statistics.endClientRegistration(startTime);
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) CacheException(org.apache.geode.cache.CacheException) Method(java.lang.reflect.Method) IOException(java.io.IOException) AuthenticationRequiredException(org.apache.geode.security.AuthenticationRequiredException) ConfigurationProperties(org.apache.geode.distributed.ConfigurationProperties) Properties(java.util.Properties) InternalDistributedSystem(org.apache.geode.distributed.internal.InternalDistributedSystem) DistributedSystem(org.apache.geode.distributed.DistributedSystem) AccessControl(org.apache.geode.security.AccessControl) CqException(org.apache.geode.cache.query.CqException) RegionDestroyedException(org.apache.geode.cache.RegionDestroyedException) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) IOException(java.io.IOException) CacheException(org.apache.geode.cache.CacheException) UnsupportedVersionException(org.apache.geode.cache.UnsupportedVersionException) RegionExistsException(org.apache.geode.cache.RegionExistsException) CancelException(org.apache.geode.CancelException) AuthenticationRequiredException(org.apache.geode.security.AuthenticationRequiredException) Subject(org.apache.shiro.subject.Subject) DistributedMember(org.apache.geode.distributed.DistributedMember) Principal(java.security.Principal)

Aggregations

IOException (java.io.IOException)1 Method (java.lang.reflect.Method)1 Principal (java.security.Principal)1 Properties (java.util.Properties)1 CancelException (org.apache.geode.CancelException)1 CacheException (org.apache.geode.cache.CacheException)1 RegionDestroyedException (org.apache.geode.cache.RegionDestroyedException)1 RegionExistsException (org.apache.geode.cache.RegionExistsException)1 UnsupportedVersionException (org.apache.geode.cache.UnsupportedVersionException)1 CqException (org.apache.geode.cache.query.CqException)1 ConfigurationProperties (org.apache.geode.distributed.ConfigurationProperties)1 DistributedMember (org.apache.geode.distributed.DistributedMember)1 DistributedSystem (org.apache.geode.distributed.DistributedSystem)1 InternalDistributedSystem (org.apache.geode.distributed.internal.InternalDistributedSystem)1 AccessControl (org.apache.geode.security.AccessControl)1 AuthenticationFailedException (org.apache.geode.security.AuthenticationFailedException)1 AuthenticationRequiredException (org.apache.geode.security.AuthenticationRequiredException)1 Subject (org.apache.shiro.subject.Subject)1