use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class ContainsKey66 method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
Part regionNamePart = null, keyPart = null;
String regionName = null;
Object key = null;
ContainsKeyOp.MODE mode;
CacheServerStats stats = serverConnection.getCacheServerStats();
serverConnection.setAsTrue(REQUIRES_RESPONSE);
{
long oldStart = start;
start = DistributionStats.getStatTime();
stats.incReadContainsKeyRequestTime(start - oldStart);
}
// Retrieve the data from the message parts
regionNamePart = clientMessage.getPart(0);
keyPart = clientMessage.getPart(1);
mode = ContainsKeyOp.MODE.values()[(clientMessage.getPart(2).getInt())];
regionName = regionNamePart.getString();
try {
key = keyPart.getStringOrObject();
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Received containsKey request ({} bytes) from {} for region {} key {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key);
}
// Process the containsKey request
if (key == null || regionName == null) {
String errMessage = "";
if (key == null) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ContainsKey_0_THE_INPUT_KEY_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL, serverConnection.getName()));
errMessage = LocalizedStrings.ContainsKey_THE_INPUT_KEY_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL.toLocalizedString();
}
if (regionName == null) {
logger.warn(LocalizedMessage.create(LocalizedStrings.ContainsKey_0_THE_INPUT_REGION_NAME_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL, serverConnection.getName()));
errMessage = LocalizedStrings.ContainsKey_THE_INPUT_REGION_NAME_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL.toLocalizedString();
}
writeErrorResponse(clientMessage, MessageType.CONTAINS_KEY_DATA_ERROR, errMessage, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName);
if (region == null) {
String reason = LocalizedStrings.ContainsKey_WAS_NOT_FOUND_DURING_CONTAINSKEY_REQUEST.toLocalizedString();
writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
try {
this.securityService.authorizeRegionRead(regionName, key.toString());
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
try {
authzRequest.containsKeyAuthorize(regionName, key);
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
}
// Execute the containsKey
boolean containsKey;
switch(mode) {
case KEY:
containsKey = region.containsKey(key);
break;
case VALUE:
containsKey = region.containsValue(key);
break;
case VALUE_FOR_KEY:
containsKey = region.containsValueForKey(key);
break;
default:
containsKey = false;
break;
}
// Update the statistics and write the reply
{
long oldStart = start;
start = DistributionStats.getStatTime();
stats.incProcessContainsKeyTime(start - oldStart);
}
writeContainsKeyResponse(containsKey, clientMessage, serverConnection);
serverConnection.setAsTrue(RESPONDED);
if (logger.isDebugEnabled()) {
logger.debug("{}: Sent containsKey response for region {} key {}", serverConnection.getName(), regionName, key);
}
stats.incWriteContainsKeyResponseTime(DistributionStats.getStatTime() - start);
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class AuthorizeRequestPP method getAuthorize.
public GetOperationContext getAuthorize(String regionName, Object key, Object result, boolean isObject, GetOperationContext getContext) throws NotAuthorizedException {
if (getContext == null) {
getContext = new GetOperationContextImpl(key, true);
} else {
getContext.setPostOperation();
}
getContext.setObject(result, isObject);
if (!this.postAuthzCallback.authorizeOperation(regionName, getContext)) {
String errStr = LocalizedStrings.AuthorizeRequestPP_IN_POSTPROCESS_NOT_AUTHORIZED_TO_PERFORM_GET_OPERATION_ON_REGION_0.toLocalizedString(regionName);
this.logger.warning(LocalizedStrings.TWO_ARG_COLON, new Object[] { this.id, errStr });
if (this.isPrincipalSerializable) {
throw new NotAuthorizedException(errStr, this.principal);
} else {
throw new NotAuthorizedException(errStr);
}
} else {
if (this.logger.finestEnabled()) {
this.logger.finest(this.id + ": In post-process: authorized to perform GET operation on region [" + regionName + ']');
}
}
return getContext;
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class GfshExecutionStrategy method execute.
//////////////// ExecutionStrategy interface Methods Start ///////////////////
///////////////////////// Implemented Methods ////////////////////////////////
/**
* Executes the method indicated by the {@link ParseResult} which would always be
* {@link GfshParseResult} for GemFire defined commands. If the command Method is decorated with
* {@link CliMetaData#shellOnly()} set to <code>false</code>, {@link OperationInvoker} is used to
* send the command for processing on a remote GemFire node.
*
* @param parseResult that should be executed (never presented as null)
* @return an object which will be rendered by the {@link Shell} implementation (may return null)
* @throws RuntimeException which is handled by the {@link Shell} implementation
*/
@Override
public Object execute(ParseResult parseResult) {
Result result = null;
Method method = parseResult.getMethod();
try {
// Check if it's a multi-step command
MultiStepCommand cmd = method.getAnnotation(MultiStepCommand.class);
if (cmd != null) {
return execCLISteps(logWrapper, shell, parseResult);
}
// check if it's a shell only command
if (isShellOnly(method)) {
Assert.notNull(parseResult, "Parse result required");
synchronized (mutex) {
Assert.isTrue(isReadyForCommands(), "ProcessManagerHostedExecutionStrategy not yet ready for commands");
return ReflectionUtils.invokeMethod(parseResult.getMethod(), parseResult.getInstance(), parseResult.getArguments());
}
}
// check if it's a GfshParseResult
if (!GfshParseResult.class.isInstance(parseResult)) {
throw new IllegalStateException("Configuration error!");
}
result = executeOnRemote((GfshParseResult) parseResult);
} catch (NotAuthorizedException e) {
result = ResultBuilder.createGemFireUnAuthorizedErrorResult("Unauthorized. Reason: " + e.getMessage());
} catch (JMXInvocationException | IllegalStateException e) {
Gfsh.getCurrentInstance().logWarning(e.getMessage(), e);
} catch (CommandProcessingException e) {
Gfsh.getCurrentInstance().logWarning(e.getMessage(), null);
Object errorData = e.getErrorData();
if (errorData != null && errorData instanceof Throwable) {
logWrapper.warning(e.getMessage(), (Throwable) errorData);
} else {
logWrapper.warning(e.getMessage());
}
} catch (Exception e) {
Gfsh.getCurrentInstance().logWarning("Unexpected exception occurred. " + e.getMessage(), e);
// Log other exceptions in gfsh log
logWrapper.warning("Unexpected error occurred while executing command : " + ((GfshParseResult) parseResult).getUserInput(), e);
}
return result;
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class KeySet method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, InterruptedException {
Part regionNamePart = null;
String regionName = null;
serverConnection.setAsTrue(REQUIRES_RESPONSE);
serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
// Retrieve the region name from the message parts
regionNamePart = clientMessage.getPart(0);
regionName = regionNamePart.getString();
ChunkedMessage chunkedResponseMsg = serverConnection.getChunkedResponseMessage();
final boolean isDebugEnabled = logger.isDebugEnabled();
if (isDebugEnabled) {
logger.debug("{}: Received key set request ({} bytes) from {} for region {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName);
}
// Process the key set request
if (regionName == null) {
String message = null;
// if (regionName == null) (can only be null)
{
message = LocalizedStrings.KeySet_0_THE_INPUT_REGION_NAME_FOR_THE_KEY_SET_REQUEST_IS_NULL.toLocalizedString(serverConnection.getName());
logger.warn(LocalizedMessage.create(LocalizedStrings.KeySet_0_THE_INPUT_REGION_NAME_FOR_THE_KEY_SET_REQUEST_IS_NULL, serverConnection.getName()));
}
writeKeySetErrorResponse(clientMessage, MessageType.KEY_SET_DATA_ERROR, message, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName);
if (region == null) {
String reason = LocalizedStrings.KeySet__0_WAS_NOT_FOUND_DURING_KEY_SET_REQUEST.toLocalizedString(regionName);
writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
try {
this.securityService.authorizeRegionRead(regionName);
} catch (NotAuthorizedException ex) {
writeChunkedException(clientMessage, ex, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
KeySetOperationContext keySetContext = null;
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
try {
keySetContext = authzRequest.keySetAuthorize(regionName);
} catch (NotAuthorizedException ex) {
writeChunkedException(clientMessage, ex, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
}
// Update the statistics and write the reply
// bserverStats.incLong(processDestroyTimeId,
// DistributionStats.getStatTime() - start);
// start = DistributionStats.getStatTime();
// Send header
chunkedResponseMsg.setMessageType(MessageType.RESPONSE);
chunkedResponseMsg.setTransactionId(clientMessage.getTransactionId());
chunkedResponseMsg.sendHeader();
// Send chunk response
try {
fillAndSendKeySetResponseChunks(region, regionName, keySetContext, serverConnection);
serverConnection.setAsTrue(RESPONDED);
} catch (Exception e) {
// If an interrupted exception is thrown , rethrow it
checkForInterrupt(serverConnection, e);
// Otherwise, write an exception message and continue
writeChunkedException(clientMessage, e, serverConnection, serverConnection.getChunkedResponseMessage());
serverConnection.setAsTrue(RESPONDED);
return;
}
if (isDebugEnabled) {
// logger.fine(getName() + ": Sent chunk (1 of 1) of register interest
// response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
// region " + regionName + " key " + key);
logger.debug("{}: Sent key set response for the region {}", serverConnection.getName(), regionName);
}
// bserverStats.incLong(writeDestroyResponseTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyResponsesId, 1);
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class UnregisterInterestList method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, ClassNotFoundException {
Part regionNamePart = null, keyPart = null, numberOfKeysPart = null;
String regionName = null;
Object key = null;
List keys = null;
int numberOfKeys = 0, partNumber = 0;
serverConnection.setAsTrue(REQUIRES_RESPONSE);
// bserverStats.incLong(readDestroyRequestTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyRequestsId, 1);
// start = DistributionStats.getStatTime();
// Retrieve the data from the message parts
regionNamePart = clientMessage.getPart(0);
regionName = regionNamePart.getString();
Part isClosingListPart = clientMessage.getPart(1);
byte[] isClosingListPartBytes = (byte[]) isClosingListPart.getObject();
boolean isClosingList = isClosingListPartBytes[0] == 0x01;
boolean keepalive = false;
try {
Part keepalivePart = clientMessage.getPart(2);
byte[] keepalivePartBytes = (byte[]) keepalivePart.getObject();
keepalive = keepalivePartBytes[0] == 0x01;
} catch (Exception e) {
writeChunkedException(clientMessage, e, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
numberOfKeysPart = clientMessage.getPart(3);
numberOfKeys = numberOfKeysPart.getInt();
partNumber = 4;
keys = new ArrayList();
for (int i = 0; i < numberOfKeys; i++) {
keyPart = clientMessage.getPart(partNumber + i);
try {
key = keyPart.getStringOrObject();
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
keys.add(key);
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Received unregister interest request ({} bytes) from {} for the following {} keys in region {}: {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), numberOfKeys, regionName, keys);
}
// Process the unregister interest request
if (keys.isEmpty() || regionName == null) {
StringId errMessage = null;
if (keys.isEmpty() && regionName == null) {
errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_IS_EMPTY_AND_THE_INPUT_REGION_NAME_IS_NULL_FOR_THE_UNREGISTER_INTEREST_REQUEST;
} else if (keys.isEmpty()) {
errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_EMPTY;
} else if (regionName == null) {
errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_REGION_NAME_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
}
String s = errMessage.toLocalizedString();
logger.warn("{}: {}", serverConnection.getName(), s);
writeErrorResponse(clientMessage, MessageType.UNREGISTER_INTEREST_DATA_ERROR, s, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
try {
this.securityService.authorizeRegionRead(regionName);
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
try {
UnregisterInterestOperationContext unregisterContext = authzRequest.unregisterInterestListAuthorize(regionName, keys);
keys = (List) unregisterContext.getKey();
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
}
}
// Yogesh : bug fix for 36457 :
/*
* Region destroy message from server to client results in client calling unregister to server
* (an unnecessary callback). The unregister encounters an error because the region has been
* destroyed on the server and hence falsely marks the server dead.
*/
/*
* Region region = crHelper.getRegion(regionName); if (region == null) {
* logger.warning(this.name + ": Region named " + regionName + " was not found during register
* interest list request"); writeErrorResponse(msg, MessageType.UNREGISTER_INTEREST_DATA_ERROR);
* responded = true; } else {
*/
// Register interest
serverConnection.getAcceptor().getCacheClientNotifier().unregisterClientInterest(regionName, keys, isClosingList, serverConnection.getProxyID(), keepalive);
// Update the statistics and write the reply
// bserverStats.incLong(processDestroyTimeId,
// DistributionStats.getStatTime() - start);
// start = DistributionStats.getStatTime(); WHY ARE GETTING START AND NOT
// USING IT?
writeReply(clientMessage, serverConnection);
serverConnection.setAsTrue(RESPONDED);
if (logger.isDebugEnabled()) {
logger.debug("{}: Sent unregister interest response for the following {} keys in region {}: {}", serverConnection.getName(), numberOfKeys, regionName, keys);
}
// bserverStats.incLong(writeDestroyResponseTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyResponsesId, 1);
// }
}
Aggregations