Search in sources :

Example 66 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class ContainsKey method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
    Part regionNamePart = null;
    Part keyPart = null;
    String regionName = null;
    Object key = null;
    CacheServerStats stats = serverConnection.getCacheServerStats();
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    {
        long oldStart = start;
        start = DistributionStats.getStatTime();
        stats.incReadContainsKeyRequestTime(start - oldStart);
    }
    // Retrieve the data from the message parts
    regionNamePart = clientMessage.getPart(0);
    keyPart = clientMessage.getPart(1);
    regionName = regionNamePart.getString();
    try {
        key = keyPart.getStringOrObject();
    } catch (Exception e) {
        writeException(clientMessage, e, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received containsKey request ({} bytes) from {} for region {} key {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key);
    }
    // Process the containsKey request
    if (key == null || regionName == null) {
        String errMessage = "";
        if (key == null) {
            logger.warn(LocalizedMessage.create(LocalizedStrings.ContainsKey_0_THE_INPUT_KEY_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL, serverConnection.getName()));
            errMessage = LocalizedStrings.ContainsKey_THE_INPUT_KEY_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL.toLocalizedString();
        }
        if (regionName == null) {
            logger.warn(LocalizedMessage.create(LocalizedStrings.ContainsKey_0_THE_INPUT_REGION_NAME_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL, serverConnection.getName()));
            errMessage = LocalizedStrings.ContainsKey_THE_INPUT_REGION_NAME_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL.toLocalizedString();
        }
        writeErrorResponse(clientMessage, MessageType.CONTAINS_KEY_DATA_ERROR, errMessage, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName);
    if (region == null) {
        String reason = LocalizedStrings.ContainsKey_WAS_NOT_FOUND_DURING_CONTAINSKEY_REQUEST.toLocalizedString();
        writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    try {
        this.securityService.authorizeRegionRead(regionName, key.toString());
    } catch (NotAuthorizedException ex) {
        writeException(clientMessage, ex, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
    if (authzRequest != null) {
        try {
            authzRequest.containsKeyAuthorize(regionName, key);
        } catch (NotAuthorizedException ex) {
            writeException(clientMessage, ex, false, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
    }
    // Execute the containsKey
    boolean containsKey = region.containsKey(key);
    // Update the statistics and write the reply
    {
        long oldStart = start;
        start = DistributionStats.getStatTime();
        stats.incProcessContainsKeyTime(start - oldStart);
    }
    writeContainsKeyResponse(containsKey, clientMessage, serverConnection);
    serverConnection.setAsTrue(RESPONDED);
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Sent containsKey response for region {} key {}", serverConnection.getName(), regionName, key);
    }
    stats.incWriteContainsKeyResponseTime(DistributionStats.getStatTime() - start);
}
Also used : CacheServerStats(org.apache.geode.internal.cache.tier.sockets.CacheServerStats) AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) Part(org.apache.geode.internal.cache.tier.sockets.Part) LocalRegion(org.apache.geode.internal.cache.LocalRegion) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)

Example 67 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class CreateRegion method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
    Part regionNamePart = null;
    String regionName = null;
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    // bserverStats.incLong(readDestroyRequestTimeId,
    // DistributionStats.getStatTime() - start);
    // bserverStats.incInt(destroyRequestsId, 1);
    // start = DistributionStats.getStatTime();
    // Retrieve the data from the message parts
    Part parentRegionNamePart = clientMessage.getPart(0);
    String parentRegionName = parentRegionNamePart.getString();
    regionNamePart = clientMessage.getPart(1);
    regionName = regionNamePart.getString();
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received create region request ({} bytes) from {} for parent region {} region {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), parentRegionName, regionName);
    }
    // Process the create region request
    if (parentRegionName == null || regionName == null) {
        String errMessage = "";
        if (parentRegionName == null) {
            logger.warn(LocalizedMessage.create(LocalizedStrings.CreateRegion_0_THE_INPUT_PARENT_REGION_NAME_FOR_THE_CREATE_REGION_REQUEST_IS_NULL, serverConnection.getName()));
            errMessage = LocalizedStrings.CreateRegion_THE_INPUT_PARENT_REGION_NAME_FOR_THE_CREATE_REGION_REQUEST_IS_NULL.toLocalizedString();
        }
        if (regionName == null) {
            logger.warn(LocalizedMessage.create(LocalizedStrings.CreateRegion_0_THE_INPUT_REGION_NAME_FOR_THE_CREATE_REGION_REQUEST_IS_NULL, serverConnection.getName()));
            errMessage = LocalizedStrings.CreateRegion_THE_INPUT_REGION_NAME_FOR_THE_CREATE_REGION_REQUEST_IS_NULL.toLocalizedString();
        }
        writeErrorResponse(clientMessage, MessageType.CREATE_REGION_DATA_ERROR, errMessage, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    Region parentRegion = serverConnection.getCache().getRegion(parentRegionName);
    if (parentRegion == null) {
        String reason = LocalizedStrings.CreateRegion__0_WAS_NOT_FOUND_DURING_SUBREGION_CREATION_REQUEST.toLocalizedString(parentRegionName);
        writeRegionDestroyedEx(clientMessage, parentRegionName, reason, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    try {
        this.securityService.authorizeDataManage();
    } catch (NotAuthorizedException ex) {
        writeException(clientMessage, ex, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
    if (authzRequest != null) {
        try {
            authzRequest.createRegionAuthorize(parentRegionName + '/' + regionName);
        } catch (NotAuthorizedException ex) {
            writeException(clientMessage, ex, false, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
    }
    // Create or get the subregion
    Region region = parentRegion.getSubregion(regionName);
    if (region == null) {
        AttributesFactory factory = new AttributesFactory(parentRegion.getAttributes());
        region = parentRegion.createSubregion(regionName, factory.create());
        if (logger.isDebugEnabled()) {
            logger.debug("{}: Created region {}", serverConnection.getName(), region);
        }
    } else {
        if (logger.isDebugEnabled()) {
            logger.debug("{}: Retrieved region {}", serverConnection.getName(), region);
        }
    }
    // Update the statistics and write the reply
    // start = DistributionStats.getStatTime(); WHY ARE WE GETTING START AND
    // NOT USING IT
    // bserverStats.incLong(processDestroyTimeId,
    // DistributionStats.getStatTime() - start);
    writeReply(clientMessage, serverConnection);
    serverConnection.setAsTrue(RESPONDED);
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Sent create region response for parent region {} region {}", serverConnection.getName(), parentRegionName, regionName);
    }
}
Also used : AttributesFactory(org.apache.geode.cache.AttributesFactory) AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) Part(org.apache.geode.internal.cache.tier.sockets.Part) Region(org.apache.geode.cache.Region) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)

Example 68 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class AuthorizeRequest method executeCQAuthorize.

public ExecuteCQOperationContext executeCQAuthorize(String cqName, String queryString, Set regionNames) throws NotAuthorizedException {
    if (regionNames == null) {
        regionNames = new HashSet();
    }
    ExecuteCQOperationContext executeCQContext = new ExecuteCQOperationContext(cqName, queryString, regionNames, false);
    if (!this.authzCallback.authorizeOperation(null, executeCQContext)) {
        String errStr = LocalizedStrings.AuthorizeRequest_NOT_AUTHORIZED_TO_PERFOM_EXECUTE_CQ_OPERATION_0_ON_THE_CACHE.toLocalizedString(queryString);
        this.logger.warning(LocalizedStrings.TWO_ARG_COLON, new Object[] { this, errStr });
        if (this.isPrincipalSerializable) {
            throw new NotAuthorizedException(errStr, this.principal);
        } else {
            throw new NotAuthorizedException(errStr);
        }
    } else {
        if (this.logger.finestEnabled()) {
            this.logger.finest(toString() + ": Authorized to perform EXECUTE_CQ operation [" + queryString + "] on cache");
        }
    }
    return executeCQContext;
}
Also used : NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) HashSet(java.util.HashSet)

Example 69 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class AuthorizeRequest method containsKeyAuthorize.

public void containsKeyAuthorize(String regionName, Object key) throws NotAuthorizedException {
    ContainsKeyOperationContext containsKeyContext = new ContainsKeyOperationContext(key);
    if (!this.authzCallback.authorizeOperation(regionName, containsKeyContext)) {
        String errStr = LocalizedStrings.AuthorizeRequest_NOT_AUTHORIZED_TO_PERFORM_CONTAINS_KEY_OPERATION_ON_REGION_0.toLocalizedString(regionName);
        this.logger.warning(LocalizedStrings.TWO_ARG_COLON, new Object[] { this, errStr });
        if (this.isPrincipalSerializable) {
            throw new NotAuthorizedException(errStr, this.principal);
        } else {
            throw new NotAuthorizedException(errStr);
        }
    } else {
        if (this.logger.finestEnabled()) {
            this.logger.finest(toString() + ": Authorized to perform CONTAINS_KEY operation on region [" + regionName + ']');
        }
    }
}
Also used : NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) ContainsKeyOperationContext(org.apache.geode.internal.cache.operations.ContainsKeyOperationContext)

Example 70 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class AuthorizeRequest method queryAuthorize.

public QueryOperationContext queryAuthorize(String queryString, Set regionNames, Object[] queryParams) throws NotAuthorizedException {
    if (regionNames == null) {
        regionNames = new HashSet();
    }
    QueryOperationContext queryContext = new QueryOperationContext(queryString, regionNames, false, queryParams);
    if (!this.authzCallback.authorizeOperation(null, queryContext)) {
        String errStr = LocalizedStrings.AuthorizeRequest_NOT_AUTHORIZED_TO_PERFOM_QUERY_OPERATION_0_ON_THE_CACHE.toLocalizedString(queryString);
        this.logger.warning(LocalizedStrings.TWO_ARG_COLON, new Object[] { this, errStr });
        if (this.isPrincipalSerializable) {
            throw new NotAuthorizedException(errStr, this.principal);
        } else {
            throw new NotAuthorizedException(errStr);
        }
    } else {
        if (this.logger.finestEnabled()) {
            this.logger.finest(toString() + ": Authorized to perform QUERY operation [" + queryString + "] on cache");
        }
    }
    return queryContext;
}
Also used : NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) HashSet(java.util.HashSet)

Aggregations

NotAuthorizedException (org.apache.geode.security.NotAuthorizedException)75 UnitTest (org.apache.geode.test.junit.categories.UnitTest)54 Test (org.junit.Test)54 AuthorizeRequest (org.apache.geode.internal.security.AuthorizeRequest)12 IOException (java.io.IOException)9 ObjectPartList (org.apache.geode.internal.cache.tier.sockets.ObjectPartList)9 Part (org.apache.geode.internal.cache.tier.sockets.Part)8 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)8 GetOperationContext (org.apache.geode.cache.operations.GetOperationContext)6 AuthorizeRequestPP (org.apache.geode.internal.security.AuthorizeRequestPP)6 LocalRegion (org.apache.geode.internal.cache.LocalRegion)5 GetOperationContextImpl (org.apache.geode.cache.operations.internal.GetOperationContextImpl)4 StringId (org.apache.geode.i18n.StringId)4 CacheServerStats (org.apache.geode.internal.cache.tier.sockets.CacheServerStats)4 Result (org.apache.geode.management.cli.Result)4 HashSet (java.util.HashSet)3 Iterator (java.util.Iterator)3 Set (java.util.Set)3 Region (org.apache.geode.cache.Region)3 VersionTag (org.apache.geode.internal.cache.versions.VersionTag)3