Search in sources :

Example 31 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class Request method cmdExecute.

@Override
public void cmdExecute(Message clientMessage, ServerConnection serverConnection, long start) throws IOException {
    Part regionNamePart = null, keyPart = null, valuePart = null;
    String regionName = null;
    Object callbackArg = null, key = null;
    CachedRegionHelper crHelper = serverConnection.getCachedRegionHelper();
    CacheServerStats stats = serverConnection.getCacheServerStats();
    StringId errMessage = null;
    serverConnection.setAsTrue(REQUIRES_RESPONSE);
    // requiresResponse = true;
    {
        long oldStart = start;
        start = DistributionStats.getStatTime();
        stats.incReadGetRequestTime(start - oldStart);
    }
    // Retrieve the data from the message parts
    int parts = clientMessage.getNumberOfParts();
    regionNamePart = clientMessage.getPart(0);
    keyPart = clientMessage.getPart(1);
    // valuePart = null; (redundant assignment)
    if (parts > 2) {
        valuePart = clientMessage.getPart(2);
        try {
            callbackArg = valuePart.getObject();
        } catch (Exception e) {
            writeException(clientMessage, e, false, serverConnection);
            // responded = true;
            serverConnection.setAsTrue(RESPONDED);
            return;
        }
    }
    regionName = regionNamePart.getString();
    try {
        key = keyPart.getStringOrObject();
    } catch (Exception e) {
        writeException(clientMessage, e, false, serverConnection);
        // responded = true;
        serverConnection.setAsTrue(RESPONDED);
        return;
    }
    if (logger.isDebugEnabled()) {
        logger.debug("{}: Received get request ({} bytes) from {} for region {} key {} txId {}", serverConnection.getName(), clientMessage.getPayloadLength(), serverConnection.getSocketString(), regionName, key, clientMessage.getTransactionId());
    }
    // Process the get request
    if (key == null || regionName == null) {
        if ((key == null) && (regionName == null)) {
            errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_AND_KEY_FOR_THE_GET_REQUEST_ARE_NULL;
        } else if (key == null) {
            errMessage = LocalizedStrings.Request_THE_INPUT_KEY_FOR_THE_GET_REQUEST_IS_NULL;
        } else if (regionName == null) {
            errMessage = LocalizedStrings.Request_THE_INPUT_REGION_NAME_FOR_THE_GET_REQUEST_IS_NULL;
        }
        String s = errMessage.toLocalizedString();
        logger.warn("{}: {}", serverConnection.getName(), s);
        writeErrorResponse(clientMessage, MessageType.REQUESTDATAERROR, s, serverConnection);
        // responded = true;
        serverConnection.setAsTrue(RESPONDED);
    } else {
        Region region = serverConnection.getCache().getRegion(regionName);
        if (region == null) {
            String reason = LocalizedStrings.Request__0_WAS_NOT_FOUND_DURING_GET_REQUEST.toLocalizedString(regionName);
            writeRegionDestroyedEx(clientMessage, regionName, reason, serverConnection);
            serverConnection.setAsTrue(RESPONDED);
        } else {
            GetOperationContext getContext = null;
            try {
                this.securityService.authorizeRegionRead(regionName, key.toString());
                AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
                if (authzRequest != null) {
                    getContext = authzRequest.getAuthorize(regionName, key, callbackArg);
                    callbackArg = getContext.getCallbackArg();
                }
            } catch (NotAuthorizedException ex) {
                writeException(clientMessage, ex, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
            // Get the value and update the statistics. Do not deserialize
            // the value if it is a byte[].
            Object[] valueAndIsObject = new Object[3];
            try {
                getValueAndIsObject(region, key, callbackArg, serverConnection, valueAndIsObject);
            } catch (Exception e) {
                writeException(clientMessage, e, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
            Object data = valueAndIsObject[0];
            boolean isObject = ((Boolean) valueAndIsObject[1]).booleanValue();
            try {
                AuthorizeRequestPP postAuthzRequest = serverConnection.getPostAuthzRequest();
                if (postAuthzRequest != null) {
                    getContext = postAuthzRequest.getAuthorize(regionName, key, data, isObject, getContext);
                    byte[] serializedValue = getContext.getSerializedValue();
                    if (serializedValue == null) {
                        data = getContext.getObject();
                    } else {
                        data = serializedValue;
                    }
                    isObject = getContext.isObject();
                }
            } catch (NotAuthorizedException ex) {
                writeException(clientMessage, ex, false, serverConnection);
                serverConnection.setAsTrue(RESPONDED);
                return;
            }
            {
                long oldStart = start;
                start = DistributionStats.getStatTime();
                stats.incProcessGetTime(start - oldStart);
            }
            if (region instanceof PartitionedRegion) {
                PartitionedRegion pr = (PartitionedRegion) region;
                if (pr.getNetworkHopType() != PartitionedRegion.NETWORK_HOP_NONE) {
                    writeResponseWithRefreshMetadata(data, callbackArg, clientMessage, isObject, serverConnection, pr, pr.getNetworkHopType());
                    pr.clearNetworkHopData();
                } else {
                    writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
                }
            } else {
                writeResponse(data, callbackArg, clientMessage, isObject, serverConnection);
            }
            serverConnection.setAsTrue(RESPONDED);
            if (logger.isDebugEnabled()) {
                logger.debug("{}: Wrote get response back to {} for region {} key {} value: {}", serverConnection.getName(), serverConnection.getSocketString(), regionName, key, data);
            }
            stats.incWriteGetResponseTime(DistributionStats.getStatTime() - start);
        }
    }
}
Also used : AuthorizeRequest(org.apache.geode.internal.security.AuthorizeRequest) AuthorizeRequestPP(org.apache.geode.internal.security.AuthorizeRequestPP) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) IOException(java.io.IOException) NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) GetOperationContext(org.apache.geode.cache.operations.GetOperationContext) CachedRegionHelper(org.apache.geode.internal.cache.tier.CachedRegionHelper) StringId(org.apache.geode.i18n.StringId) CacheServerStats(org.apache.geode.internal.cache.tier.sockets.CacheServerStats) Part(org.apache.geode.internal.cache.tier.sockets.Part) PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion) LocalRegion(org.apache.geode.internal.cache.LocalRegion) Region(org.apache.geode.cache.Region) PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion)

Example 32 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class DestroyRegionTest method oldSecurityShouldFailIfNotAuthorized.

@Test
public void oldSecurityShouldFailIfNotAuthorized() throws Exception {
    when(this.securityService.isClientSecurityRequired()).thenReturn(true);
    when(this.securityService.isIntegratedSecurity()).thenReturn(false);
    doThrow(new NotAuthorizedException("")).when(this.authzRequest).destroyRegionAuthorize(eq(REGION_NAME), eq(CALLBACK_ARG));
    this.destroyRegion.cmdExecute(this.message, this.serverConnection, 0);
    verify(this.authzRequest).destroyRegionAuthorize(eq(REGION_NAME), eq(CALLBACK_ARG));
    verify(this.errorResponseMessage).send(this.serverConnection);
}
Also used : NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) Test(org.junit.Test) UnitTest(org.apache.geode.test.junit.categories.UnitTest)

Example 33 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class DestroyTest method oldSecurityShouldFailIfNotAuthorized.

@Test
public void oldSecurityShouldFailIfNotAuthorized() throws Exception {
    when(this.securityService.isClientSecurityRequired()).thenReturn(true);
    when(this.securityService.isIntegratedSecurity()).thenReturn(false);
    doThrow(new NotAuthorizedException("")).when(this.authzRequest).destroyAuthorize(eq(REGION_NAME), eq(KEY), eq(CALLBACK_ARG));
    this.destroy.cmdExecute(this.message, this.serverConnection, 0);
    verify(this.authzRequest).destroyAuthorize(eq(REGION_NAME), eq(KEY), eq(CALLBACK_ARG));
    verify(this.errorResponseMessage).send(eq(this.serverConnection));
}
Also used : NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) Test(org.junit.Test) UnitTest(org.apache.geode.test.junit.categories.UnitTest)

Example 34 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class ExecuteFunction65Test method withIntegratedSecurityShouldThrowIfNotAuthorized.

@Test
public void withIntegratedSecurityShouldThrowIfNotAuthorized() throws Exception {
    when(this.securityService.isClientSecurityRequired()).thenReturn(true);
    when(this.securityService.isIntegratedSecurity()).thenReturn(true);
    doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataWrite();
    this.executeFunction65.cmdExecute(this.message, this.serverConnection, 0);
    verify(this.securityService).authorizeDataWrite();
// verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
Also used : NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) UnitTest(org.apache.geode.test.junit.categories.UnitTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 35 with NotAuthorizedException

use of org.apache.geode.security.NotAuthorizedException in project geode by apache.

the class ExecuteFunction66Test method withIntegratedSecurityShouldThrowIfNotAuthorized.

@Test
public void withIntegratedSecurityShouldThrowIfNotAuthorized() throws Exception {
    when(this.securityService.isClientSecurityRequired()).thenReturn(true);
    when(this.securityService.isIntegratedSecurity()).thenReturn(true);
    doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataWrite();
    assertThatThrownBy(() -> this.executeFunction66.cmdExecute(this.message, this.serverConnection, 0)).isExactlyInstanceOf(NullPointerException.class);
    verify(this.securityService).authorizeDataWrite();
// verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
Also used : NotAuthorizedException(org.apache.geode.security.NotAuthorizedException) UnitTest(org.apache.geode.test.junit.categories.UnitTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Aggregations

NotAuthorizedException (org.apache.geode.security.NotAuthorizedException)75 UnitTest (org.apache.geode.test.junit.categories.UnitTest)54 Test (org.junit.Test)54 AuthorizeRequest (org.apache.geode.internal.security.AuthorizeRequest)12 IOException (java.io.IOException)9 ObjectPartList (org.apache.geode.internal.cache.tier.sockets.ObjectPartList)9 Part (org.apache.geode.internal.cache.tier.sockets.Part)8 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)8 GetOperationContext (org.apache.geode.cache.operations.GetOperationContext)6 AuthorizeRequestPP (org.apache.geode.internal.security.AuthorizeRequestPP)6 LocalRegion (org.apache.geode.internal.cache.LocalRegion)5 GetOperationContextImpl (org.apache.geode.cache.operations.internal.GetOperationContextImpl)4 StringId (org.apache.geode.i18n.StringId)4 CacheServerStats (org.apache.geode.internal.cache.tier.sockets.CacheServerStats)4 Result (org.apache.geode.management.cli.Result)4 HashSet (java.util.HashSet)3 Iterator (java.util.Iterator)3 Set (java.util.Set)3 Region (org.apache.geode.cache.Region)3 VersionTag (org.apache.geode.internal.cache.versions.VersionTag)3