use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class KeySet method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, InterruptedException {
Part regionNamePart = null;
String regionName = null;
serverConnection.setAsTrue(REQUIRES_RESPONSE);
serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
// Retrieve the region name from the message parts
regionNamePart = clientMessage.getPart(0);
regionName = regionNamePart.getString();
ChunkedMessage chunkedResponseMsg = serverConnection.getChunkedResponseMessage();
final boolean isDebugEnabled = logger.isDebugEnabled();
if (isDebugEnabled) {
logger.debug("{}: Received key set request ({} bytes) from {} for region {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName);
}
// Process the key set request
if (regionName == null) {
String message = null;
// if (regionName == null) (can only be null)
{
message = LocalizedStrings.KeySet_0_THE_INPUT_REGION_NAME_FOR_THE_KEY_SET_REQUEST_IS_NULL.toLocalizedString(serverConnection.getName());
logger.warn(LocalizedMessage.create(LocalizedStrings.KeySet_0_THE_INPUT_REGION_NAME_FOR_THE_KEY_SET_REQUEST_IS_NULL, serverConnection.getName()));
}
writeKeySetErrorResponse(clientMessage, MessageType.KEY_SET_DATA_ERROR, message, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName);
if (region == null) {
String reason = LocalizedStrings.KeySet__0_WAS_NOT_FOUND_DURING_KEY_SET_REQUEST.toLocalizedString(regionName);
writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
try {
this.securityService.authorizeRegionRead(regionName);
} catch (NotAuthorizedException ex) {
writeChunkedException(clientMessage, ex, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
KeySetOperationContext keySetContext = null;
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
try {
keySetContext = authzRequest.keySetAuthorize(regionName);
} catch (NotAuthorizedException ex) {
writeChunkedException(clientMessage, ex, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
}
// Update the statistics and write the reply
// bserverStats.incLong(processDestroyTimeId,
// DistributionStats.getStatTime() - start);
// start = DistributionStats.getStatTime();
// Send header
chunkedResponseMsg.setMessageType(MessageType.RESPONSE);
chunkedResponseMsg.setTransactionId(clientMessage.getTransactionId());
chunkedResponseMsg.sendHeader();
// Send chunk response
try {
fillAndSendKeySetResponseChunks(region, regionName, keySetContext, serverConnection);
serverConnection.setAsTrue(RESPONDED);
} catch (Exception e) {
// If an interrupted exception is thrown , rethrow it
checkForInterrupt(serverConnection, e);
// Otherwise, write an exception message and continue
writeChunkedException(clientMessage, e, serverConnection, serverConnection.getChunkedResponseMessage());
serverConnection.setAsTrue(RESPONDED);
return;
}
if (isDebugEnabled) {
// logger.fine(getName() + ": Sent chunk (1 of 1) of register interest
// response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
// region " + regionName + " key " + key);
logger.debug("{}: Sent key set response for the region {}", serverConnection.getName(), regionName);
}
// bserverStats.incLong(writeDestroyResponseTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyResponsesId, 1);
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class UnregisterInterestList method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, ClassNotFoundException {
Part regionNamePart = null, keyPart = null, numberOfKeysPart = null;
String regionName = null;
Object key = null;
List keys = null;
int numberOfKeys = 0, partNumber = 0;
serverConnection.setAsTrue(REQUIRES_RESPONSE);
// bserverStats.incLong(readDestroyRequestTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyRequestsId, 1);
// start = DistributionStats.getStatTime();
// Retrieve the data from the message parts
regionNamePart = clientMessage.getPart(0);
regionName = regionNamePart.getString();
Part isClosingListPart = clientMessage.getPart(1);
byte[] isClosingListPartBytes = (byte[]) isClosingListPart.getObject();
boolean isClosingList = isClosingListPartBytes[0] == 0x01;
boolean keepalive = false;
try {
Part keepalivePart = clientMessage.getPart(2);
byte[] keepalivePartBytes = (byte[]) keepalivePart.getObject();
keepalive = keepalivePartBytes[0] == 0x01;
} catch (Exception e) {
writeChunkedException(clientMessage, e, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
numberOfKeysPart = clientMessage.getPart(3);
numberOfKeys = numberOfKeysPart.getInt();
partNumber = 4;
keys = new ArrayList();
for (int i = 0; i < numberOfKeys; i++) {
keyPart = clientMessage.getPart(partNumber + i);
try {
key = keyPart.getStringOrObject();
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
keys.add(key);
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Received unregister interest request ({} bytes) from {} for the following {} keys in region {}: {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), numberOfKeys, regionName, keys);
}
// Process the unregister interest request
if (keys.isEmpty() || regionName == null) {
StringId errMessage = null;
if (keys.isEmpty() && regionName == null) {
errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_IS_EMPTY_AND_THE_INPUT_REGION_NAME_IS_NULL_FOR_THE_UNREGISTER_INTEREST_REQUEST;
} else if (keys.isEmpty()) {
errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_EMPTY;
} else if (regionName == null) {
errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_REGION_NAME_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
}
String s = errMessage.toLocalizedString();
logger.warn("{}: {}", serverConnection.getName(), s);
writeErrorResponse(clientMessage, MessageType.UNREGISTER_INTEREST_DATA_ERROR, s, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
try {
this.securityService.authorizeRegionRead(regionName);
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
try {
UnregisterInterestOperationContext unregisterContext = authzRequest.unregisterInterestListAuthorize(regionName, keys);
keys = (List) unregisterContext.getKey();
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
}
}
// Yogesh : bug fix for 36457 :
/*
* Region destroy message from server to client results in client calling unregister to server
* (an unnecessary callback). The unregister encounters an error because the region has been
* destroyed on the server and hence falsely marks the server dead.
*/
/*
* Region region = crHelper.getRegion(regionName); if (region == null) {
* logger.warning(this.name + ": Region named " + regionName + " was not found during register
* interest list request"); writeErrorResponse(msg, MessageType.UNREGISTER_INTEREST_DATA_ERROR);
* responded = true; } else {
*/
// Register interest
serverConnection.getAcceptor().getCacheClientNotifier().unregisterClientInterest(regionName, keys, isClosingList, serverConnection.getProxyID(), keepalive);
// Update the statistics and write the reply
// bserverStats.incLong(processDestroyTimeId,
// DistributionStats.getStatTime() - start);
// start = DistributionStats.getStatTime(); WHY ARE GETTING START AND NOT
// USING IT?
writeReply(clientMessage, serverConnection);
serverConnection.setAsTrue(RESPONDED);
if (logger.isDebugEnabled()) {
logger.debug("{}: Sent unregister interest response for the following {} keys in region {}: {}", serverConnection.getName(), numberOfKeys, regionName, keys);
}
// bserverStats.incLong(writeDestroyResponseTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyResponsesId, 1);
// }
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class Request method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
Part regionNamePart = null, keyPart = null, valuePart = null;
String regionName = null;
Object callbackArg = null, key = null;
CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
CacheServerStats stats = serverConnection.getCacheServerStats();
StringId errMessage = null;
serverConnection.setAsTrue(REQUIRES_RESPONSE);
// requiresResponse = true;
{
long oldStart = start;
start = DistributionStats.getStatTime();
stats.incReadGetRequestTime(start - oldStart);
}
// Retrieve the data from the message parts
int parts = clientMessage.getNumberOfParts();
regionNamePart = clientMessage.getPart(0);
keyPart = clientMessage.getPart(1);
// valuePart = null; (redundant assignment)
if (parts > 2) {
valuePart = clientMessage.getPart(2);
try {
callbackArg = valuePart.getObject();
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
// responded = true;
serverConnection.setAsTrue(RESPONDED);
return;
}
}
regionName = regionNamePart.getString();
try {
key = keyPart.getStringOrObject();
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
// responded = true;
serverConnection.setAsTrue(RESPONDED);
return;
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Received get request ({} bytes) from {} for region {} key {} txId {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key, clientMessage.getTransactionId());
}
// Process the get request
if (key == null || regionName == null) {
if ((key == null) && (regionName == null)) {
errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_AND_KEY_FOR_THE_GET_REQUEST_ARE_NULL;
} else if (key == null) {
errMessage = LocalizedStrings.Request_THE_INPUT_KEY_FOR_THE_GET_REQUEST_IS_NULL;
} else if (regionName == null) {
errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_FOR_THE_GET_REQUEST_IS_NULL;
}
String s = errMessage.toLocalizedString();
logger.warn("{}: {}", serverConnection.getName(), s);
writeErrorResponse(clientMessage, MessageType.REQUESTDATAERROR, s, serverConnection);
// responded = true;
serverConnection.setAsTrue(RESPONDED);
} else {
Region region = serverConnection.getCache().getRegion(regionName);
if (region == null) {
String reason = LocalizedStrings.Request__0_WAS_NOT_FOUND_DURING_GET_REQUEST.toLocalizedString(regionName);
writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
serverConnection.setAsTrue(RESPONDED);
} else {
GetOperationContext getContext = null;
try {
this.securityService.authorizeRegionRead(regionName, key.toString());
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
getContext = authzRequest.getAuthorize(regionName, key, callbackArg);
callbackArg = getContext.getCallbackArg();
}
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
Object[] valueAndIsObject = new Object[3];
try {
getValueAndIsObject(region, key, callbackArg, serverConnection, valueAndIsObject);
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
Object data = valueAndIsObject[0];
boolean isObject = ((Boolean) valueAndIsObject[1]).booleanValue();
try {
AuthorizeRequestPP postAuthzRequest = serverConnection.getPostAuthzRequest();
if (postAuthzRequest != null) {
getContext = postAuthzRequest.getAuthorize(regionName, key, data, isObject, getContext);
byte[] serializedValue = getContext.getSerializedValue();
if (serializedValue == null) {
data = getContext.getObject();
} else {
data = serializedValue;
}
isObject = getContext.isObject();
}
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
{
long oldStart = start;
start = DistributionStats.getStatTime();
stats.incProcessGetTime(start - oldStart);
}
if (region instanceof PartitionedRegion) {
PartitionedRegion pr = (PartitionedRegion) region;
if (pr.getNetworkHopType() != PartitionedRegion.NETWORK_HOP_NONE) {
writeResponseWithRefreshMetadata(data, callbackArg, clientMessage, isObject, serverConnection, pr, pr.getNetworkHopType());
pr.clearNetworkHopData();
} else {
writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
}
} else {
writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
}
serverConnection.setAsTrue(RESPONDED);
if (logger.isDebugEnabled()) {
logger.debug("{}: Wrote get response back to {} for region {} key {} value: {}", serverConnection.getName(), serverConnection.getSocketString(), regionName, key, data);
}
stats.incWriteGetResponseTime(DistributionStats.getStatTime() - start);
}
}
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class AuthorizeRequestPP method getAuthorize.
public GetOperationContext getAuthorize(String regionName, Object key, Object result, boolean isObject, GetOperationContext getContext) throws NotAuthorizedException {
if (getContext == null) {
getContext = new GetOperationContextImpl(key, true);
} else {
getContext.setPostOperation();
}
getContext.setObject(result, isObject);
if (!this.postAuthzCallback.authorizeOperation(regionName, getContext)) {
String errStr = LocalizedStrings.AuthorizeRequestPP_IN_POSTPROCESS_NOT_AUTHORIZED_TO_PERFORM_GET_OPERATION_ON_REGION_0.toLocalizedString(regionName);
this.logger.warning(LocalizedStrings.TWO_ARG_COLON, new Object[] { this.id, errStr });
if (this.isPrincipalSerializable) {
throw new NotAuthorizedException(errStr, this.principal);
} else {
throw new NotAuthorizedException(errStr);
}
} else {
if (this.logger.finestEnabled()) {
this.logger.finest(this.id + ": In post-process: authorized to perform GET operation on region [" + regionName + ']');
}
}
return getContext;
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class GfshExecutionStrategy method execute.
//////////////// ExecutionStrategy interface Methods Start ///////////////////
///////////////////////// Implemented Methods ////////////////////////////////
/**
* Executes the method indicated by the {@link ParseResult} which would always be
* {@link GfshParseResult} for GemFire defined commands. If the command Method is decorated with
* {@link CliMetaData#shellOnly()} set to <code>false</code>, {@link OperationInvoker} is used to
* send the command for processing on a remote GemFire node.
*
* @param parseResult that should be executed (never presented as null)
* @return an object which will be rendered by the {@link Shell} implementation (may return null)
* @throws RuntimeException which is handled by the {@link Shell} implementation
*/
@Override
public Object execute(ParseResult parseResult) {
Result result = null;
Method method = parseResult.getMethod();
try {
// Check if it's a multi-step command
MultiStepCommand cmd = method.getAnnotation(MultiStepCommand.class);
if (cmd != null) {
return execCLISteps(logWrapper, shell, parseResult);
}
// check if it's a shell only command
if (isShellOnly(method)) {
Assert.notNull(parseResult, "Parse result required");
synchronized (mutex) {
Assert.isTrue(isReadyForCommands(), "ProcessManagerHostedExecutionStrategy not yet ready for commands");
return ReflectionUtils.invokeMethod(parseResult.getMethod(), parseResult.getInstance(), parseResult.getArguments());
}
}
// check if it's a GfshParseResult
if (!GfshParseResult.class.isInstance(parseResult)) {
throw new IllegalStateException("Configuration error!");
}
result = executeOnRemote((GfshParseResult) parseResult);
} catch (NotAuthorizedException e) {
result = ResultBuilder.createGemFireUnAuthorizedErrorResult("Unauthorized. Reason: " + e.getMessage());
} catch (JMXInvocationException | IllegalStateException e) {
Gfsh.getCurrentInstance().logWarning(e.getMessage(), e);
} catch (CommandProcessingException e) {
Gfsh.getCurrentInstance().logWarning(e.getMessage(), null);
Object errorData = e.getErrorData();
if (errorData != null && errorData instanceof Throwable) {
logWrapper.warning(e.getMessage(), (Throwable) errorData);
} else {
logWrapper.warning(e.getMessage());
}
} catch (Exception e) {
Gfsh.getCurrentInstance().logWarning("Unexpected exception occurred. " + e.getMessage(), e);
// Log other exceptions in gfsh log
logWrapper.warning("Unexpected error occurred while executing command : " + ((GfshParseResult) parseResult).getUserInput(), e);
}
return result;
}
Aggregations