Search in sources :

Example 26 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class ContainsKey66 method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
    Part regionNamePart = null, keyPart = null;
    String regionName = null;
    Object key = null;
    ContainsKeyOp.MODE mode;
    CacheServerStats stats = serverConnection.getCacheServerStats();
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    {
        long oldStart = start;
        start = DistributionStats.getStatTime();
        stats.incReadContainsKeyRequestTime(start - oldStart);
    }
    // Retrieve the data from the message parts
    regionNamePart = clientMessage.getPart(0);
    keyPart = clientMessage.getPart(1);
    mode = ContainsKeyOp.MODE.values()[(clientMessage.getPart(2).getInt())];
    regionName = regionNamePart.getString();
    try {
        key = keyPart.getStringOrObject();
    } catch (Exception e) {
        writeException(clientMessage, e, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received containsKey request ({} bytes) from {} for region {} key {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key);
    }
    // Process the containsKey request
    if (key == null || regionName == null) {
        String errMessage = "";
        if (key == null) {
            logger.warn(LocalizedMessage.create(LocalizedStrings.ContainsKey_0_THE_INPUT_KEY_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL, serverConnection.getName()));
            errMessage = LocalizedStrings.ContainsKey_THE_INPUT_KEY_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL.toLocalizedString();
        }
        if (regionName == null) {
            logger.warn(LocalizedMessage.create(LocalizedStrings.ContainsKey_0_THE_INPUT_REGION_NAME_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL, serverConnection.getName()));
            errMessage = LocalizedStrings.ContainsKey_THE_INPUT_REGION_NAME_FOR_THE_CONTAINSKEY_REQUEST_IS_NULL.toLocalizedString();
        }
        writeErrorResponse(clientMessage, MessageType.CONTAINS_KEY_DATA_ERROR, errMessage, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName);
    if (region == null) {
        String reason = LocalizedStrings.ContainsKey_WAS_NOT_FOUND_DURING_CONTAINSKEY_REQUEST.toLocalizedString();
        writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    try {
        this.securityService.authorizeRegionRead(regionName, key.toString());
    } catch (NotAuthorizedException ex) {
        writeException(clientMessage, ex, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
    if (authzRequest != null) {
        try {
            authzRequest.containsKeyAuthorize(regionName, key);
        } catch (NotAuthorizedException ex) {
            writeException(clientMessage, ex, false, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
    }
    // Execute the containsKey
    boolean containsKey;
    switch(mode) {
        case KEY:
            containsKey = region.containsKey(key);
            break;
        case VALUE:
            containsKey = region.containsValue(key);
            break;
        case VALUE_FOR_KEY:
            containsKey = region.containsValueForKey(key);
            break;
        default:
            containsKey = false;
            break;
    }
    // Update the statistics and write the reply
    {
        long oldStart = start;
        start = DistributionStats.getStatTime();
        stats.incProcessContainsKeyTime(start - oldStart);
    }
    writeContainsKeyResponse(containsKey, clientMessage, serverConnection);
    serverConnection.setAsTrue(RESPONDED);
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Sent containsKey response for region {} key {}", serverConnection.getName(), regionName, key);
    }
    stats.incWriteContainsKeyResponseTime(DistributionStats.getStatTime() - start);
}
Also used : ContainsKeyOp(org.apache.geode.cache.client.internal.ContainsKeyOp) CacheServerStats(org.apache.geode.internal.cache.tier.sockets.CacheServerStats) AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) Part(org.apache.geode.internal.cache.tier.sockets.Part) LocalRegion(org.apache.geode.internal.cache.LocalRegion) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)

Example 27 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class AuthorizeRequestPP method getAuthorize.

public GetOperationContext getAuthorize(String regionName, Object key, Object result, boolean isObject, GetOperationContext getContext) throws NotAuthorizedException {
    if (getContext == null) {
        getContext = new GetOperationContextImpl(key, true);
    } else {
        getContext.setPostOperation();
    }
    getContext.setObject(result, isObject);
    if (!this.postAuthzCallback.authorizeOperation(regionName, getContext)) {
        String errStr = LocalizedStrings.AuthorizeRequestPP_IN_POSTPROCESS_NOT_AUTHORIZED_TO_PERFORM_GET_OPERATION_ON_REGION_0.toLocalizedString(regionName);
        this.logger.warning(LocalizedStrings.TWO_ARG_COLON, new Object[] { this.id, errStr });
        if (this.isPrincipalSerializable) {
            throw new NotAuthorizedException(errStr, this.principal);
        } else {
            throw new NotAuthorizedException(errStr);
        }
    } else {
        if (this.logger.finestEnabled()) {
            this.logger.finest(this.id + ": In post-process: authorized to perform GET operation on region [" + regionName + ']');
        }
    }
    return getContext;
}
Also used : NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) GetOperationContextImpl(org.apache.geode.cache.operations.internal.GetOperationContextImpl)

Example 28 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class GfshExecutionStrategy method execute.

//////////////// ExecutionStrategy interface Methods Start ///////////////////
///////////////////////// Implemented Methods ////////////////////////////////
/**
   * Executes the method indicated by the {@link ParseResult} which would always be
   * {@link GfshParseResult} for GemFire defined commands. If the command Method is decorated with
   * {@link CliMetaData#shellOnly()} set to <code>false</code>, {@link OperationInvoker} is used to
   * send the command for processing on a remote GemFire node.
   * 
   * @param parseResult that should be executed (never presented as null)
   * @return an object which will be rendered by the {@link Shell} implementation (may return null)
   * @throws RuntimeException which is handled by the {@link Shell} implementation
   */
@Override
public Object execute(ParseResult parseResult) {
    Result result = null;
    Method method = parseResult.getMethod();
    try {
        // Check if it's a multi-step command
        MultiStepCommand cmd = method.getAnnotation(MultiStepCommand.class);
        if (cmd != null) {
            return execCLISteps(logWrapper, shell, parseResult);
        }
        // check if it's a shell only command
        if (isShellOnly(method)) {
            Assert.notNull(parseResult, "Parse result required");
            synchronized (mutex) {
                Assert.isTrue(isReadyForCommands(), "ProcessManagerHostedExecutionStrategy not yet ready for commands");
                return ReflectionUtils.invokeMethod(parseResult.getMethod(), parseResult.getInstance(), parseResult.getArguments());
            }
        }
        // check if it's a GfshParseResult
        if (!GfshParseResult.class.isInstance(parseResult)) {
            throw new IllegalStateException("Configuration error!");
        }
        result = executeOnRemote((GfshParseResult) parseResult);
    } catch (NotAuthorizedException e) {
        result = ResultBuilder.createGemFireUnAuthorizedErrorResult("Unauthorized. Reason: " + e.getMessage());
    } catch (JMXInvocationException | IllegalStateException e) {
        Gfsh.getCurrentInstance().logWarning(e.getMessage(), e);
    } catch (CommandProcessingException e) {
        Gfsh.getCurrentInstance().logWarning(e.getMessage(), null);
        Object errorData = e.getErrorData();
        if (errorData != null && errorData instanceof Throwable) {
            logWrapper.warning(e.getMessage(), (Throwable) errorData);
        } else {
            logWrapper.warning(e.getMessage());
        }
    } catch (Exception e) {
        Gfsh.getCurrentInstance().logWarning("Unexpected exception occurred. " + e.getMessage(), e);
        // Log other exceptions in gfsh log
        logWrapper.warning("Unexpected error occurred while executing command : " + ((GfshParseResult) parseResult).getUserInput(), e);
    }
    return result;
}
Also used : MultiStepCommand(org.apache.geode.management.internal.cli.multistep.MultiStepCommand) GfshParseResult(org.apache.geode.management.internal.cli.GfshParseResult) Method(java.lang.reflect.Method) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) CommandProcessingException(org.apache.geode.management.cli.CommandProcessingException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) CommandProcessingException(org.apache.geode.management.cli.CommandProcessingException) ParseResult(org.springframework.shell.event.ParseResult) GfshParseResult(org.apache.geode.management.internal.cli.GfshParseResult) Result(org.apache.geode.management.cli.Result) FileResult(org.apache.geode.management.internal.cli.result.FileResult)

Example 29 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class KeySet method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, InterruptedException {
    Part regionNamePart = null;
    String regionName = null;
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    serverConnection.setAsTrue(REQUIRES_CHUNKED_RESPONSE);
    // Retrieve the region name from the message parts
    regionNamePart = clientMessage.getPart(0);
    regionName = regionNamePart.getString();
    ChunkedMessage chunkedResponseMsg = serverConnection.getChunkedResponseMessage();
    final boolean isDebugEnabled = logger.isDebugEnabled();
    if (isDebugEnabled) {
        logger.debug("{}: Received key set request ({} bytes) from {} for region {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName);
    }
    // Process the key set request
    if (regionName == null) {
        String message = null;
        // if (regionName == null) (can only be null)
        {
            message = LocalizedStrings.KeySet_0_THE_INPUT_REGION_NAME_FOR_THE_KEY_SET_REQUEST_IS_NULL.toLocalizedString(serverConnection.getName());
            logger.warn(LocalizedMessage.create(LocalizedStrings.KeySet_0_THE_INPUT_REGION_NAME_FOR_THE_KEY_SET_REQUEST_IS_NULL, serverConnection.getName()));
        }
        writeKeySetErrorResponse(clientMessage, MessageType.KEY_SET_DATA_ERROR, message, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    LocalRegion region = (LocalRegion) serverConnection.getCache().getRegion(regionName);
    if (region == null) {
        String reason = LocalizedStrings.KeySet__0_WAS_NOT_FOUND_DURING_KEY_SET_REQUEST.toLocalizedString(regionName);
        writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    try {
        this.securityService.authorizeRegionRead(regionName);
    } catch (NotAuthorizedException ex) {
        writeChunkedException(clientMessage, ex, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    KeySetOperationContext keySetContext = null;
    AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
    if (authzRequest != null) {
        try {
            keySetContext = authzRequest.keySetAuthorize(regionName);
        } catch (NotAuthorizedException ex) {
            writeChunkedException(clientMessage, ex, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
    }
    // Update the statistics and write the reply
    // bserverStats.incLong(processDestroyTimeId,
    // DistributionStats.getStatTime() - start);
    // start = DistributionStats.getStatTime();
    // Send header
    chunkedResponseMsg.setMessageType(MessageType.RESPONSE);
    chunkedResponseMsg.setTransactionId(clientMessage.getTransactionId());
    chunkedResponseMsg.sendHeader();
    // Send chunk response
    try {
        fillAndSendKeySetResponseChunks(region, regionName, keySetContext, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
    } catch (Exception e) {
        // If an interrupted exception is thrown , rethrow it
        checkForInterrupt(serverConnection, e);
        // Otherwise, write an exception message and continue
        writeChunkedException(clientMessage, e, serverConnection, serverConnection.getChunkedResponseMessage());
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    if (isDebugEnabled) {
        // logger.fine(getName() + ": Sent chunk (1 of 1) of register interest
        // response (" + chunkedResponseMsg.getBufferLength() + " bytes) for
        // region " + regionName + " key " + key);
        logger.debug("{}: Sent key set response for the region {}", serverConnection.getName(), regionName);
    }
// bserverStats.incLong(writeDestroyResponseTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyResponsesId, 1);
}
Also used : AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) Part(org.apache.geode.internal.cache.tier.sockets.Part) KeySetOperationContext(org.apache.geode.cache.operations.KeySetOperationContext) LocalRegion(org.apache.geode.internal.cache.LocalRegion) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) ChunkedMessage(org.apache.geode.internal.cache.tier.sockets.ChunkedMessage) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException)

Example 30 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class UnregisterInterestList method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException, ClassNotFoundException {
    Part regionNamePart = null, keyPart = null, numberOfKeysPart = null;
    String regionName = null;
    Object key = null;
    List keys = null;
    int numberOfKeys = 0, partNumber = 0;
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    // bserverStats.incLong(readDestroyRequestTimeId,
    // DistributionStats.getStatTime() - start);
    // bserverStats.incInt(destroyRequestsId, 1);
    // start = DistributionStats.getStatTime();
    // Retrieve the data from the message parts
    regionNamePart = clientMessage.getPart(0);
    regionName = regionNamePart.getString();
    Part isClosingListPart = clientMessage.getPart(1);
    byte[] isClosingListPartBytes = (byte[]) isClosingListPart.getObject();
    boolean isClosingList = isClosingListPartBytes[0] == 0x01;
    boolean keepalive = false;
    try {
        Part keepalivePart = clientMessage.getPart(2);
        byte[] keepalivePartBytes = (byte[]) keepalivePart.getObject();
        keepalive = keepalivePartBytes[0] == 0x01;
    } catch (Exception e) {
        writeChunkedException(clientMessage, e, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    numberOfKeysPart = clientMessage.getPart(3);
    numberOfKeys = numberOfKeysPart.getInt();
    partNumber = 4;
    keys = new ArrayList();
    for (int i = 0; i < numberOfKeys; i++) {
        keyPart = clientMessage.getPart(partNumber + i);
        try {
            key = keyPart.getStringOrObject();
        } catch (Exception e) {
            writeException(clientMessage, e, false, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
        keys.add(key);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received unregister interest request ({} bytes) from {} for the following {} keys in region {}: {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), numberOfKeys, regionName, keys);
    }
    // Process the unregister interest request
    if (keys.isEmpty() || regionName == null) {
        StringId errMessage = null;
        if (keys.isEmpty() && regionName == null) {
            errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_IS_EMPTY_AND_THE_INPUT_REGION_NAME_IS_NULL_FOR_THE_UNREGISTER_INTEREST_REQUEST;
        } else if (keys.isEmpty()) {
            errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_EMPTY;
        } else if (regionName == null) {
            errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_REGION_NAME_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
        }
        String s = errMessage.toLocalizedString();
        logger.warn("{}: {}", serverConnection.getName(), s);
        writeErrorResponse(clientMessage, MessageType.UNREGISTER_INTEREST_DATA_ERROR, s, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    try {
        this.securityService.authorizeRegionRead(regionName);
    } catch (NotAuthorizedException ex) {
        writeException(clientMessage, ex, false, serverConnection);
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
    if (authzRequest != null) {
        if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
            try {
                UnregisterInterestOperationContext unregisterContext = authzRequest.unregisterInterestListAuthorize(regionName, keys);
                keys = (List) unregisterContext.getKey();
            } catch (NotAuthorizedException ex) {
                writeException(clientMessage, ex, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
        }
    }
    // Yogesh : bug fix for 36457 :
    /*
     * Region destroy message from server to client results in client calling unregister to server
     * (an unnecessary callback). The unregister encounters an error because the region has been
     * destroyed on the server and hence falsely marks the server dead.
     */
    /*
     * Region region = crHelper.getRegion(regionName); if (region == null) {
     * logger.warning(this.name + ": Region named " + regionName + " was not found during register
     * interest list request"); writeErrorResponse(msg, MessageType.UNREGISTER_INTEREST_DATA_ERROR);
     * responded = true; } else {
     */
    // Register interest
    serverConnection.getAcceptor().getCacheClientNotifier().unregisterClientInterest(regionName, keys, isClosingList, serverConnection.getProxyID(), keepalive);
    // Update the statistics and write the reply
    // bserverStats.incLong(processDestroyTimeId,
    // DistributionStats.getStatTime() - start);
    // start = DistributionStats.getStatTime(); WHY ARE GETTING START AND NOT
    // USING IT?
    writeReply(clientMessage, serverConnection);
    serverConnection.setAsTrue(RESPONDED);
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Sent unregister interest response for the following {} keys in region {}: {}", serverConnection.getName(), numberOfKeys, regionName, keys);
    }
// bserverStats.incLong(writeDestroyResponseTimeId,
// DistributionStats.getStatTime() - start);
// bserverStats.incInt(destroyResponsesId, 1);
// }
}
Also used : AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) ArrayList(java.util.ArrayList) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) StringId(org.apache.geode.i18n.StringId) Part(org.apache.geode.internal.cache.tier.sockets.Part) UnregisterInterestOperationContext(org.apache.geode.cache.operations.UnregisterInterestOperationContext) ArrayList(java.util.ArrayList) List(java.util.List)

Aggregations

NotAuthorizedException (org.apache.geode.security.NotAuthorizedException)75 UnitTest (org.apache.geode.test.junit.categories.UnitTest)54 Test (org.junit.Test)54 AuthorizeRequest (org.apache.geode.internal.security.AuthorizeRequest)12 IOException (java.io.IOException)9 ObjectPartList (org.apache.geode.internal.cache.tier.sockets.ObjectPartList)9 Part (org.apache.geode.internal.cache.tier.sockets.Part)8 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)8 GetOperationContext (org.apache.geode.cache.operations.GetOperationContext)6 AuthorizeRequestPP (org.apache.geode.internal.security.AuthorizeRequestPP)6 LocalRegion (org.apache.geode.internal.cache.LocalRegion)5 GetOperationContextImpl (org.apache.geode.cache.operations.internal.GetOperationContextImpl)4 StringId (org.apache.geode.i18n.StringId)4 CacheServerStats (org.apache.geode.internal.cache.tier.sockets.CacheServerStats)4 Result (org.apache.geode.management.cli.Result)4 HashSet (java.util.HashSet)3 Iterator (java.util.Iterator)3 Set (java.util.Set)3 Region (org.apache.geode.cache.Region)3 VersionTag (org.apache.geode.internal.cache.versions.VersionTag)3