[jira] [Commented] (JENA-2055) handle properly the denied access generated by jena-permission security evaluator

Sun, 21 Feb 2021 02:39:03 -0800 


    [ 
https://issues.apache.org/jira/browse/JENA-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287906#comment-17287906
 ] 

Andy Seaborne commented on JENA-2055:
-------------------------------------

Thank for the patch!

There are other routes that can cause the same situation - accessing the 
protected data with graph store protocol or SPARQL Update. These are all be 
handled once if the {{OperationDeniedException}} exception is caught in the 
main loop of request processing: 
[ActionExecLib.java#L115|https://github.com/apache/jena/blob/b2d3991615d6ee87f89397b8dd13944487650fce/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/ActionExecLib.java#L115]
 with a general message "Request forbidden".

If you want per operation error strings, there'll need to catch in each 
operation operation, but I don't see that is useful in any way and a blunt "You 
can't do that" is fine. There ought to be handling in the main loop anyway to 
be robust to new operations being added.

> handle properly the denied access generated by jena-permission security 
> evaluator
> ---------------------------------------------------------------------------------
>
>                 Key: JENA-2055
>                 URL: https://issues.apache.org/jira/browse/JENA-2055
>             Project: Apache Jena
>          Issue Type: Bug
>          Components: Fuseki
>    Affects Versions: Jena 3.17.0
>         Environment: jena-fuseki 3.17.0
> openjdk version "1.8.0_275"
>            Reporter: info parlepeuple
>            Priority: Major
>              Labels: fuseki2, permission
>         Attachments: 
> 0001-handle-properly-the-denied-access-generated-by-jena-.patch
>
>
> When the dataset is secured with [jena 
> permission|https://jena.apache.org/documentation/permissions/] , and some 
> access is denied, an exception is thrown from the SecuredGraph.
> This exception is not catched in SPARQLQueryProcessor, which results in a 500 
> error returned to the HTTP client.
> exception OperationDeniedException should return a 403, not a 500.
>  
> attached is the patch !
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to