[jira] [Updated] (TINKERPOP-2782) WebSocketAuthorizationHandler does not transfer the request's sessionId, needed in UnifiedHandler

Fri, 24 Mar 2023 12:49:06 -0700 


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-2782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yang Xia updated TINKERPOP-2782:
--------------------------------
    Affects Version/s:     (was: 3.6.0)
                           (was: 3.5.3)
                           (was: 3.5.4)
                           (was: 3.6.1)

> WebSocketAuthorizationHandler does not transfer the request's sessionId, 
> needed in UnifiedHandler
> -------------------------------------------------------------------------------------------------
>
>                 Key: TINKERPOP-2782
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2782
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.5.2
>            Reporter: Rusi Popov
>            Priority: Major
>
> When the gremlin-server.yaml configures the gremlin server to use the 
> UnifiedChannelizer with an explicit Authorizer:
> {code:yaml}
> channelizer: org.apache.tinkerpop.gremlin.server.channel.UnifiedChannelizer
> authorization: 
>      authorizer: <some class>
> {code}
> the UnifiedChannelizer registers 
> org.apache.tinkerpop.gremlin.server.handler.WebSocketAuthorizationHandler 
> before org.apache.tinkerpop.gremlin.server.handler.UnifiedHandler in the 
> pipeline.
> The WebSocketAuthorizationHandler uses the Authorizer to transform the 
> bytecode, builds a new request message with the transformed bytecode, and 
> pushes the new message down the pipeline for processing:
> (in 3.6.1 these are lines 66-77)
> {code:java}
> case Tokens.OPS_BYTECODE:
>     final Bytecode bytecode = (Bytecode) 
> requestMessage.getArgs().get(Tokens.ARGS_GREMLIN);
>     final Map<String, String> aliases = (Map<String, String>) 
> requestMessage.getArgs().get(Tokens.ARGS_ALIASES);
>     final Bytecode restrictedBytecode = authorizer.authorize(user, bytecode, 
> aliases);
>     final RequestMessage restrictedMsg = 
> RequestMessage.build(Tokens.OPS_BYTECODE).
>             overrideRequestId(requestMessage.getRequestId()).
>             processor("traversal").
>             addArg(Tokens.ARGS_GREMLIN, restrictedBytecode).
>             addArg(Tokens.ARGS_ALIASES, aliases).create();
>     ctx.fireChannelRead(restrictedMsg);
>     break;
> {code}
> Next is the org.apache.tinkerpop.gremlin.server.handler.UnifiedHandler, which 
> uses session ID for session detection:
> (lines 146-147)
> {code:java}
> final Optional<String> optMultiTaskSession = 
> msg.optionalArgs(Tokens.ARGS_SESSION);
> final String sessionId = 
> optMultiTaskSession.orElse(msg.getRequestId().toString());
> {code}
> *The problem:*
> WebSocketAuthorizationHandler does not transfer the Tokens.ARGS_SESSION to 
> the UnifiedHandler so it uses request's ID as every time a new session ID
> *Suggestion:*
> in WebSocketAuthorizationHandler iterate on the args and copy every arg but 
> ARGS_GREMLIN, then set the latter to the restricted bytecode.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to