Search in sources :

Example 1 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class KeySet method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, InterruptedException {
    Part regionNamePart = null;
    String regionName = null;
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
    // Retrieve the region name from the message parts
    regionNamePart = clientMessage.getPart(0);
    regionName = regionNamePart.getString();
    ChunkedMessage chunkedResponseMsg = serverConnection.getChunkedResponseMessage();
    final boolean isDebugEnabled = logger.isDebugEnabled();
    if (isDebugEnabled) {
        logger.debug("{}: Received key set request ({} bytes) from {} for region {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName);
    }
    // Process the key set request
    if (regionName == null) {
        String message = null;
        // if (regionName == null) (can only be null)
        {
            message = LocalizedStrings.KeySet_0_THE_INPUT_REGION_NAME_FOR_THE_KEY_SET_REQUEST_IS_NULL.toLocalizedString(serverConnection.getName());
            logger.warn(LocalizedMessage.create(LocalizedStrings.KeySet_0_THE_INPUT_REGION_NAME_FOR_THE_KEY_SET_REQUEST_IS_NULL, serverConnection.getName()));
        }
        writeKeySetErrorResponse(clientMessage, MessageType.KEY_SET_DATA_ERROR, message, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName);
    if (region == null) {
        String reason = LocalizedStrings.KeySet__0_WAS_NOT_FOUND_DURING_KEY_SET_REQUEST.toLocalizedString(regionName);
        writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    try {
        this.securityService.authorizeRegionRead(regionName);
    } catch (NotAuthorizedException ex) {
        writeChunkedException(clientMessage, ex, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    KeySetOperationContext keySetContext = null;
    AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
    if (authzRequest != null) {
        try {
            keySetContext = authzRequest.keySetAuthorize(regionName);
        } catch (NotAuthorizedException ex) {
            writeChunkedException(clientMessage, ex, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
    }
    // Update the statistics and write the reply
    // bserverStats.incLong(processDestroyTimeId,
    // DistributionStats.getStatTime() - start);
    // start = DistributionStats.getStatTime();
    // Send header
    chunkedResponseMsg.setMessageType(MessageType.RESPONSE);
    chunkedResponseMsg.setTransactionId(clientMessage.getTransactionId());
    chunkedResponseMsg.sendHeader();
    // Send chunk response
    try {
        fillAndSendKeySetResponseChunks(region, regionName, keySetContext, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
    } catch (Exception e) {
        // If an interrupted exception is thrown , rethrow it
        checkForInterrupt(serverConnection, e);
        // Otherwise, write an exception message and continue
        writeChunkedException(clientMessage, e, serverConnection, serverConnection.getChunkedResponseMessage());
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    if (isDebugEnabled) {
        // logger.fine(getName() + ": Sent chunk (1 of 1) of register interest
        // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
        // region " + regionName + " key " + key);
        logger.debug("{}: Sent key set response for the region {}", serverConnection.getName(), regionName);
    }
// bserverStats.incLong(writeDestroyResponseTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyResponsesId, 1);
}
Also used : AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) Part(org.apache.geode.internal.cache.tier.sockets.Part) KeySetOperationContext(org.apache.geode.cache.operations.KeySetOperationContext) LocalRegion(org.apache.geode.internal.cache.LocalRegion) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) ChunkedMessage(org.apache.geode.internal.cache.tier.sockets.ChunkedMessage) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)

Example 2 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class UnregisterInterestList method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, ClassNotFoundException {
    Part regionNamePart = null, keyPart = null, numberOfKeysPart = null;
    String regionName = null;
    Object key = null;
    List keys = null;
    int numberOfKeys = 0, partNumber = 0;
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    // bserverStats.incLong(readDestroyRequestTimeId,
    // DistributionStats.getStatTime() - start);
    // bserverStats.incInt(destroyRequestsId, 1);
    // start = DistributionStats.getStatTime();
    // Retrieve the data from the message parts
    regionNamePart = clientMessage.getPart(0);
    regionName = regionNamePart.getString();
    Part isClosingListPart = clientMessage.getPart(1);
    byte[] isClosingListPartBytes = (byte[]) isClosingListPart.getObject();
    boolean isClosingList = isClosingListPartBytes[0] == 0x01;
    boolean keepalive = false;
    try {
        Part keepalivePart = clientMessage.getPart(2);
        byte[] keepalivePartBytes = (byte[]) keepalivePart.getObject();
        keepalive = keepalivePartBytes[0] == 0x01;
    } catch (Exception e) {
        writeChunkedException(clientMessage, e, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    numberOfKeysPart = clientMessage.getPart(3);
    numberOfKeys = numberOfKeysPart.getInt();
    partNumber = 4;
    keys = new ArrayList();
    for (int i = 0; i < numberOfKeys; i++) {
        keyPart = clientMessage.getPart(partNumber + i);
        try {
            key = keyPart.getStringOrObject();
        } catch (Exception e) {
            writeException(clientMessage, e, false, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
        keys.add(key);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received unregister interest request ({} bytes) from {} for the following {} keys in region {}: {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), numberOfKeys, regionName, keys);
    }
    // Process the unregister interest request
    if (keys.isEmpty() || regionName == null) {
        StringId errMessage = null;
        if (keys.isEmpty() && regionName == null) {
            errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_IS_EMPTY_AND_THE_INPUT_REGION_NAME_IS_NULL_FOR_THE_UNREGISTER_INTEREST_REQUEST;
        } else if (keys.isEmpty()) {
            errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_EMPTY;
        } else if (regionName == null) {
            errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_REGION_NAME_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
        }
        String s = errMessage.toLocalizedString();
        logger.warn("{}: {}", serverConnection.getName(), s);
        writeErrorResponse(clientMessage, MessageType.UNREGISTER_INTEREST_DATA_ERROR, s, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    try {
        this.securityService.authorizeRegionRead(regionName);
    } catch (NotAuthorizedException ex) {
        writeException(clientMessage, ex, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
    if (authzRequest != null) {
        if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
            try {
                UnregisterInterestOperationContext unregisterContext = authzRequest.unregisterInterestListAuthorize(regionName, keys);
                keys = (List) unregisterContext.getKey();
            } catch (NotAuthorizedException ex) {
                writeException(clientMessage, ex, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
        }
    }
    // Yogesh : bug fix for 36457 :
    /*
     * Region destroy message from server to client results in client calling unregister to server
     * (an unnecessary callback). The unregister encounters an error because the region has been
     * destroyed on the server and hence falsely marks the server dead.
     */
    /*
     * Region region = crHelper.getRegion(regionName); if (region == null) {
     * logger.warning(this.name + ": Region named " + regionName + " was not found during register
     * interest list request"); writeErrorResponse(msg, MessageType.UNREGISTER_INTEREST_DATA_ERROR);
     * responded = true; } else {
     */
    // Register interest
    serverConnection.getAcceptor().getCacheClientNotifier().unregisterClientInterest(regionName, keys, isClosingList, serverConnection.getProxyID(), keepalive);
    // Update the statistics and write the reply
    // bserverStats.incLong(processDestroyTimeId,
    // DistributionStats.getStatTime() - start);
    // start = DistributionStats.getStatTime(); WHY ARE GETTING START AND NOT
    // USING IT?
    writeReply(clientMessage, serverConnection);
    serverConnection.setAsTrue(RESPONDED);
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Sent unregister interest response for the following {} keys in region {}: {}", serverConnection.getName(), numberOfKeys, regionName, keys);
    }
// bserverStats.incLong(writeDestroyResponseTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyResponsesId, 1);
// }
}
Also used : AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) ArrayList(java.util.ArrayList) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) StringId(org.apache.geode.i18n.StringId) Part(org.apache.geode.internal.cache.tier.sockets.Part) UnregisterInterestOperationContext(org.apache.geode.cache.operations.UnregisterInterestOperationContext) ArrayList(java.util.ArrayList) List(java.util.List)

Example 3 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class Request method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
    Part regionNamePart = null, keyPart = null, valuePart = null;
    String regionName = null;
    Object callbackArg = null, key = null;
    CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
    CacheServerStats stats = serverConnection.getCacheServerStats();
    StringId errMessage = null;
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    // requiresResponse = true;
    {
        long oldStart = start;
        start = DistributionStats.getStatTime();
        stats.incReadGetRequestTime(start - oldStart);
    }
    // Retrieve the data from the message parts
    int parts = clientMessage.getNumberOfParts();
    regionNamePart = clientMessage.getPart(0);
    keyPart = clientMessage.getPart(1);
    // valuePart = null; (redundant assignment)
    if (parts > 2) {
        valuePart = clientMessage.getPart(2);
        try {
            callbackArg = valuePart.getObject();
        } catch (Exception e) {
            writeException(clientMessage, e, false, serverConnection);
            // responded = true;
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
    }
    regionName = regionNamePart.getString();
    try {
        key = keyPart.getStringOrObject();
    } catch (Exception e) {
        writeException(clientMessage, e, false, serverConnection);
        // responded = true;
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received get request ({} bytes) from {} for region {} key {} txId {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key, clientMessage.getTransactionId());
    }
    // Process the get request
    if (key == null || regionName == null) {
        if ((key == null) && (regionName == null)) {
            errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_AND_KEY_FOR_THE_GET_REQUEST_ARE_NULL;
        } else if (key == null) {
            errMessage = LocalizedStrings.Request_THE_INPUT_KEY_FOR_THE_GET_REQUEST_IS_NULL;
        } else if (regionName == null) {
            errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_FOR_THE_GET_REQUEST_IS_NULL;
        }
        String s = errMessage.toLocalizedString();
        logger.warn("{}: {}", serverConnection.getName(), s);
        writeErrorResponse(clientMessage, MessageType.REQUESTDATAERROR, s, serverConnection);
        // responded = true;
        serverConnection.setAsTrue(RESPONDED);
    } else {
        Region region = serverConnection.getCache().getRegion(regionName);
        if (region == null) {
            String reason = LocalizedStrings.Request__0_WAS_NOT_FOUND_DURING_GET_REQUEST.toLocalizedString(regionName);
            writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
        } else {
            GetOperationContext getContext = null;
            try {
                this.securityService.authorizeRegionRead(regionName, key.toString());
                AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
                if (authzRequest != null) {
                    getContext = authzRequest.getAuthorize(regionName, key, callbackArg);
                    callbackArg = getContext.getCallbackArg();
                }
            } catch (NotAuthorizedException ex) {
                writeException(clientMessage, ex, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
            // Get the value and update the statistics. Do not deserialize
            // the value if it is a byte[].
            Object[] valueAndIsObject = new Object[3];
            try {
                getValueAndIsObject(region, key, callbackArg, serverConnection, valueAndIsObject);
            } catch (Exception e) {
                writeException(clientMessage, e, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
            Object data = valueAndIsObject[0];
            boolean isObject = ((Boolean) valueAndIsObject[1]).booleanValue();
            try {
                AuthorizeRequestPP postAuthzRequest = serverConnection.getPostAuthzRequest();
                if (postAuthzRequest != null) {
                    getContext = postAuthzRequest.getAuthorize(regionName, key, data, isObject, getContext);
                    byte[] serializedValue = getContext.getSerializedValue();
                    if (serializedValue == null) {
                        data = getContext.getObject();
                    } else {
                        data = serializedValue;
                    }
                    isObject = getContext.isObject();
                }
            } catch (NotAuthorizedException ex) {
                writeException(clientMessage, ex, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
            {
                long oldStart = start;
                start = DistributionStats.getStatTime();
                stats.incProcessGetTime(start - oldStart);
            }
            if (region instanceof PartitionedRegion) {
                PartitionedRegion pr = (PartitionedRegion) region;
                if (pr.getNetworkHopType() != PartitionedRegion.NETWORK_HOP_NONE) {
                    writeResponseWithRefreshMetadata(data, callbackArg, clientMessage, isObject, serverConnection, pr, pr.getNetworkHopType());
                    pr.clearNetworkHopData();
                } else {
                    writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
                }
            } else {
                writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
            }
            serverConnection.setAsTrue(RESPONDED);
            if (logger.isDebugEnabled()) {
                logger.debug("{}: Wrote get response back to {} for region {} key {} value: {}", serverConnection.getName(), serverConnection.getSocketString(), regionName, key, data);
            }
            stats.incWriteGetResponseTime(DistributionStats.getStatTime() - start);
        }
    }
}
Also used : AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) AuthorizeRequestPP(org.apache.geode.internal.security.AuthorizeRequestPP) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) GetOperationContext(org.apache.geode.cache.operations.GetOperationContext) CachedRegionHelper(org.apache.geode.internal.cache.tier.CachedRegionHelper) StringId(org.apache.geode.i18n.StringId) CacheServerStats(org.apache.geode.internal.cache.tier.sockets.CacheServerStats) Part(org.apache.geode.internal.cache.tier.sockets.Part) PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion) LocalRegion(org.apache.geode.internal.cache.LocalRegion) Region(org.apache.geode.cache.Region) PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion)

Example 4 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class AuthorizeRequestPP method getAuthorize.

public GetOperationContext getAuthorize(String regionName, Object key, Object result, boolean isObject, GetOperationContext getContext) throws NotAuthorizedException {
    if (getContext == null) {
        getContext = new GetOperationContextImpl(key, true);
    } else {
        getContext.setPostOperation();
    }
    getContext.setObject(result, isObject);
    if (!this.postAuthzCallback.authorizeOperation(regionName, getContext)) {
        String errStr = LocalizedStrings.AuthorizeRequestPP_IN_POSTPROCESS_NOT_AUTHORIZED_TO_PERFORM_GET_OPERATION_ON_REGION_0.toLocalizedString(regionName);
        this.logger.warning(LocalizedStrings.TWO_ARG_COLON, new Object[] { this.id, errStr });
        if (this.isPrincipalSerializable) {
            throw new NotAuthorizedException(errStr, this.principal);
        } else {
            throw new NotAuthorizedException(errStr);
        }
    } else {
        if (this.logger.finestEnabled()) {
            this.logger.finest(this.id + ": In post-process: authorized to perform GET operation on region [" + regionName + ']');
        }
    }
    return getContext;
}
Also used : NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) GetOperationContextImpl(org.apache.geode.cache.operations.internal.GetOperationContextImpl)

Example 5 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class GfshExecutionStrategy method execute.

//////////////// ExecutionStrategy interface Methods Start ///////////////////
///////////////////////// Implemented Methods ////////////////////////////////
/**
   * Executes the method indicated by the {@link ParseResult} which would always be
   * {@link GfshParseResult} for GemFire defined commands. If the command Method is decorated with
   * {@link CliMetaData#shellOnly()} set to <code>false</code>, {@link OperationInvoker} is used to
   * send the command for processing on a remote GemFire node.
   * 
   * @param parseResult that should be executed (never presented as null)
   * @return an object which will be rendered by the {@link Shell} implementation (may return null)
   * @throws RuntimeException which is handled by the {@link Shell} implementation
   */
@Override
public Object execute(ParseResult parseResult) {
    Result result = null;
    Method method = parseResult.getMethod();
    try {
        // Check if it's a multi-step command
        MultiStepCommand cmd = method.getAnnotation(MultiStepCommand.class);
        if (cmd != null) {
            return execCLISteps(logWrapper, shell, parseResult);
        }
        // check if it's a shell only command
        if (isShellOnly(method)) {
            Assert.notNull(parseResult, "Parse result required");
            synchronized (mutex) {
                Assert.isTrue(isReadyForCommands(), "ProcessManagerHostedExecutionStrategy not yet ready for commands");
                return ReflectionUtils.invokeMethod(parseResult.getMethod(), parseResult.getInstance(), parseResult.getArguments());
            }
        }
        // check if it's a GfshParseResult
        if (!GfshParseResult.class.isInstance(parseResult)) {
            throw new IllegalStateException("Configuration error!");
        }
        result = executeOnRemote((GfshParseResult) parseResult);
    } catch (NotAuthorizedException e) {
        result = ResultBuilder.createGemFireUnAuthorizedErrorResult("Unauthorized. Reason: " + e.getMessage());
    } catch (JMXInvocationException | IllegalStateException e) {
        Gfsh.getCurrentInstance().logWarning(e.getMessage(), e);
    } catch (CommandProcessingException e) {
        Gfsh.getCurrentInstance().logWarning(e.getMessage(), null);
        Object errorData = e.getErrorData();
        if (errorData != null && errorData instanceof Throwable) {
            logWrapper.warning(e.getMessage(), (Throwable) errorData);
        } else {
            logWrapper.warning(e.getMessage());
        }
    } catch (Exception e) {
        Gfsh.getCurrentInstance().logWarning("Unexpected exception occurred. " + e.getMessage(), e);
        // Log other exceptions in gfsh log
        logWrapper.warning("Unexpected error occurred while executing command : " + ((GfshParseResult) parseResult).getUserInput(), e);
    }
    return result;
}
Also used : MultiStepCommand(org.apache.geode.management.internal.cli.multistep.MultiStepCommand) GfshParseResult(org.apache.geode.management.internal.cli.GfshParseResult) Method(java.lang.reflect.Method) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) CommandProcessingException(org.apache.geode.management.cli.CommandProcessingException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) CommandProcessingException(org.apache.geode.management.cli.CommandProcessingException) ParseResult(org.springframework.shell.event.ParseResult) GfshParseResult(org.apache.geode.management.internal.cli.GfshParseResult) Result(org.apache.geode.management.cli.Result) FileResult(org.apache.geode.management.internal.cli.result.FileResult)

Aggregations

NotAuthorizedException (org.apache.geode.security.NotAuthorizedException)75 UnitTest (org.apache.geode.test.junit.categories.UnitTest)54 Test (org.junit.Test)54 AuthorizeRequest (org.apache.geode.internal.security.AuthorizeRequest)12 IOException (java.io.IOException)9 ObjectPartList (org.apache.geode.internal.cache.tier.sockets.ObjectPartList)9 Part (org.apache.geode.internal.cache.tier.sockets.Part)8 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)8 GetOperationContext (org.apache.geode.cache.operations.GetOperationContext)6 AuthorizeRequestPP (org.apache.geode.internal.security.AuthorizeRequestPP)6 LocalRegion (org.apache.geode.internal.cache.LocalRegion)5 GetOperationContextImpl (org.apache.geode.cache.operations.internal.GetOperationContextImpl)4 StringId (org.apache.geode.i18n.StringId)4 CacheServerStats (org.apache.geode.internal.cache.tier.sockets.CacheServerStats)4 Result (org.apache.geode.management.cli.Result)4 HashSet (java.util.HashSet)3 Iterator (java.util.Iterator)3 Set (java.util.Set)3 Region (org.apache.geode.cache.Region)3 VersionTag (org.apache.geode.internal.cache.versions.VersionTag)3