use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class Request method cmdExecute.
@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
Part regionNamePart = null, keyPart = null, valuePart = null;
String regionName = null;
Object callbackArg = null, key = null;
CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
CacheServerStats stats = serverConnection.getCacheServerStats();
StringId errMessage = null;
serverConnection.setAsTrue(REQUIRES_RESPONSE);
// requiresResponse = true;
{
long oldStart = start;
start = DistributionStats.getStatTime();
stats.incReadGetRequestTime(start - oldStart);
}
// Retrieve the data from the message parts
int parts = clientMessage.getNumberOfParts();
regionNamePart = clientMessage.getPart(0);
keyPart = clientMessage.getPart(1);
// valuePart = null; (redundant assignment)
if (parts > 2) {
valuePart = clientMessage.getPart(2);
try {
callbackArg = valuePart.getObject();
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
// responded = true;
serverConnection.setAsTrue(RESPONDED);
return;
}
}
regionName = regionNamePart.getString();
try {
key = keyPart.getStringOrObject();
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
// responded = true;
serverConnection.setAsTrue(RESPONDED);
return;
}
if (logger.isDebugEnabled()) {
logger.debug("{}: Received get request ({} bytes) from {} for region {} key {} txId {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key, clientMessage.getTransactionId());
}
// Process the get request
if (key == null || regionName == null) {
if ((key == null) && (regionName == null)) {
errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_AND_KEY_FOR_THE_GET_REQUEST_ARE_NULL;
} else if (key == null) {
errMessage = LocalizedStrings.Request_THE_INPUT_KEY_FOR_THE_GET_REQUEST_IS_NULL;
} else if (regionName == null) {
errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_FOR_THE_GET_REQUEST_IS_NULL;
}
String s = errMessage.toLocalizedString();
logger.warn("{}: {}", serverConnection.getName(), s);
writeErrorResponse(clientMessage, MessageType.REQUESTDATAERROR, s, serverConnection);
// responded = true;
serverConnection.setAsTrue(RESPONDED);
} else {
Region region = serverConnection.getCache().getRegion(regionName);
if (region == null) {
String reason = LocalizedStrings.Request__0_WAS_NOT_FOUND_DURING_GET_REQUEST.toLocalizedString(regionName);
writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
serverConnection.setAsTrue(RESPONDED);
} else {
GetOperationContext getContext = null;
try {
this.securityService.authorizeRegionRead(regionName, key.toString());
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
getContext = authzRequest.getAuthorize(regionName, key, callbackArg);
callbackArg = getContext.getCallbackArg();
}
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
Object[] valueAndIsObject = new Object[3];
try {
getValueAndIsObject(region, key, callbackArg, serverConnection, valueAndIsObject);
} catch (Exception e) {
writeException(clientMessage, e, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
Object data = valueAndIsObject[0];
boolean isObject = ((Boolean) valueAndIsObject[1]).booleanValue();
try {
AuthorizeRequestPP postAuthzRequest = serverConnection.getPostAuthzRequest();
if (postAuthzRequest != null) {
getContext = postAuthzRequest.getAuthorize(regionName, key, data, isObject, getContext);
byte[] serializedValue = getContext.getSerializedValue();
if (serializedValue == null) {
data = getContext.getObject();
} else {
data = serializedValue;
}
isObject = getContext.isObject();
}
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
return;
}
{
long oldStart = start;
start = DistributionStats.getStatTime();
stats.incProcessGetTime(start - oldStart);
}
if (region instanceof PartitionedRegion) {
PartitionedRegion pr = (PartitionedRegion) region;
if (pr.getNetworkHopType() != PartitionedRegion.NETWORK_HOP_NONE) {
writeResponseWithRefreshMetadata(data, callbackArg, clientMessage, isObject, serverConnection, pr, pr.getNetworkHopType());
pr.clearNetworkHopData();
} else {
writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
}
} else {
writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
}
serverConnection.setAsTrue(RESPONDED);
if (logger.isDebugEnabled()) {
logger.debug("{}: Wrote get response back to {} for region {} key {} value: {}", serverConnection.getName(), serverConnection.getSocketString(), regionName, key, data);
}
stats.incWriteGetResponseTime(DistributionStats.getStatTime() - start);
}
}
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class DestroyRegionTest method oldSecurityShouldFailIfNotAuthorized.
@Test
public void oldSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(false);
doThrow(new NotAuthorizedException("")).when(this.authzRequest).destroyRegionAuthorize(eq(REGION_NAME), eq(CALLBACK_ARG));
this.destroyRegion.cmdExecute(this.message, this.serverConnection, 0);
verify(this.authzRequest).destroyRegionAuthorize(eq(REGION_NAME), eq(CALLBACK_ARG));
verify(this.errorResponseMessage).send(this.serverConnection);
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class DestroyTest method oldSecurityShouldFailIfNotAuthorized.
@Test
public void oldSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(false);
doThrow(new NotAuthorizedException("")).when(this.authzRequest).destroyAuthorize(eq(REGION_NAME), eq(KEY), eq(CALLBACK_ARG));
this.destroy.cmdExecute(this.message, this.serverConnection, 0);
verify(this.authzRequest).destroyAuthorize(eq(REGION_NAME), eq(KEY), eq(CALLBACK_ARG));
verify(this.errorResponseMessage).send(eq(this.serverConnection));
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class ExecuteFunction65Test method withIntegratedSecurityShouldThrowIfNotAuthorized.
@Test
public void withIntegratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataWrite();
this.executeFunction65.cmdExecute(this.message, this.serverConnection, 0);
verify(this.securityService).authorizeDataWrite();
// verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
use of org.apache.geode.security.NotAuthorizedException in project geode by apache.
the class ExecuteFunction66Test method withIntegratedSecurityShouldThrowIfNotAuthorized.
@Test
public void withIntegratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataWrite();
assertThatThrownBy(() -> this.executeFunction66.cmdExecute(this.message, this.serverConnection, 0)).isExactlyInstanceOf(NullPointerException.class);
verify(this.securityService).authorizeDataWrite();
// verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
Aggregations