Alter permission to Cluster:Read for GetClientPartitionAttribute
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/0f8694c3 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/0f8694c3 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/0f8694c3 Branch: refs/heads/feature/GEODE-1571 Commit: 0f8694c3b0aec4950e21d198cca42ce9e7ec1925 Parents: 088e406 Author: gmeilen <gracemei...@gmail.com> Authored: Mon Jun 27 14:22:01 2016 -0700 Committer: gmeilen <gracemei...@gmail.com> Committed: Mon Jun 27 14:22:01 2016 -0700 ---------------------------------------------------------------------- .../GetClientPartitionAttributesCommand.java | 137 +++++++------- .../GetClientPartitionAttributesCommand66.java | 180 ++++++++++--------- ...ientPartitionAttrCmdAuthDistributedTest.java | 61 +++++++ 3 files changed, 228 insertions(+), 150 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0f8694c3/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand.java index 204391d..0873635 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand.java @@ -14,6 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + package com.gemstone.gemfire.internal.cache.tier.sockets.command; import java.io.IOException; @@ -34,12 +35,11 @@ import com.gemstone.gemfire.internal.cache.tier.sockets.Message; import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection; import com.gemstone.gemfire.internal.i18n.LocalizedStrings; import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; + /** - * {@link Command} for {@link GetClientPartitionAttributesOp} operation - * - * + * {@link Command} for {@link GetClientPartitionAttributesOp} operation * @since GemFire 6.5 - * */ public class GetClientPartitionAttributesCommand extends BaseCommand { @@ -55,7 +55,8 @@ public class GetClientPartitionAttributesCommand extends BaseCommand { @SuppressWarnings("unchecked") @Override public void cmdExecute(Message msg, ServerConnection servConn, long start) - throws IOException, ClassNotFoundException, InterruptedException { + throws IOException, ClassNotFoundException, InterruptedException + { String regionFullPath = null; CachedRegionHelper crHelper = servConn.getCachedRegionHelper(); regionFullPath = msg.getPart(0).getString(); @@ -63,77 +64,81 @@ public class GetClientPartitionAttributesCommand extends BaseCommand { if (regionFullPath == null) { logger.warn(LocalizedMessage.create(LocalizedStrings.GetClientPartitionAttributes_THE_INPUT_REGION_PATH_IS_NULL)); errMessage = LocalizedStrings.GetClientPartitionAttributes_THE_INPUT_REGION_PATH_IS_NULL - .toLocalizedString(); + .toLocalizedString(); writeErrorResponse(msg, - MessageType.GET_CLIENT_PARTITION_ATTRIBUTES_ERROR, errMessage - .toString(), servConn); + MessageType.GET_CLIENT_PARTITION_ATTRIBUTES_ERROR, errMessage + .toString(), servConn); servConn.setAsTrue(RESPONDED); + return; } - else { - Region region = crHelper.getRegion(regionFullPath); - if (region == null) { - logger.warn(LocalizedMessage.create(LocalizedStrings.GetClientPartitionAttributes_REGION_NOT_FOUND_FOR_SPECIFIED_REGION_PATH, regionFullPath)); - errMessage = LocalizedStrings.GetClientPartitionAttributes_REGION_NOT_FOUND - .toLocalizedString() - + regionFullPath; - writeErrorResponse(msg, - MessageType.GET_CLIENT_PARTITION_ATTRIBUTES_ERROR, errMessage - .toString(), servConn); - servConn.setAsTrue(RESPONDED); + Region region = crHelper.getRegion(regionFullPath); + if (region == null) { + logger.warn(LocalizedMessage + .create(LocalizedStrings.GetClientPartitionAttributes_REGION_NOT_FOUND_FOR_SPECIFIED_REGION_PATH, + regionFullPath)); + errMessage = LocalizedStrings.GetClientPartitionAttributes_REGION_NOT_FOUND + .toLocalizedString() + + regionFullPath; + writeErrorResponse(msg, + MessageType.GET_CLIENT_PARTITION_ATTRIBUTES_ERROR, errMessage + .toString(), servConn); + servConn.setAsTrue(RESPONDED); + return; + } + + try { + GeodeSecurityUtil.authorizeClusterRead(); + Message responseMsg = servConn.getResponseMessage(); + responseMsg.setTransactionId(msg.getTransactionId()); + responseMsg + .setMessageType(MessageType.RESPONSE_CLIENT_PARTITION_ATTRIBUTES); + + PartitionedRegion prRgion = (PartitionedRegion) region; + + PartitionResolver partitionResolver = prRgion.getPartitionResolver(); + int numParts = 2; // MINUMUM PARTS + if (partitionResolver != null) { + numParts++; } - else { - try { - Message responseMsg = servConn.getResponseMessage(); - responseMsg.setTransactionId(msg.getTransactionId()); - responseMsg - .setMessageType(MessageType.RESPONSE_CLIENT_PARTITION_ATTRIBUTES); + responseMsg.setNumberOfParts(numParts); + // PART 1 + responseMsg.addObjPart(prRgion.getTotalNumberOfBuckets()); - PartitionedRegion prRgion = (PartitionedRegion)region; + // PART 2 + if (partitionResolver != null) { + responseMsg.addObjPart(partitionResolver.getClass().toString() + .substring(6)); + } - PartitionResolver partitionResolver = prRgion.getPartitionResolver(); - int numParts = 2; // MINUMUM PARTS - if (partitionResolver != null) { - numParts++; - } - responseMsg.setNumberOfParts(numParts); - // PART 1 - responseMsg.addObjPart(prRgion.getTotalNumberOfBuckets()); - - // PART 2 - if (partitionResolver != null) { - responseMsg.addObjPart(partitionResolver.getClass().toString() - .substring(6)); + // PART 3 + String leaderRegionPath = null; + PartitionedRegion leaderRegion = null; + String leaderRegionName = prRgion.getColocatedWith(); + if (leaderRegionName != null) { + Cache cache = prRgion.getCache(); + while (leaderRegionName != null) { + leaderRegion = (PartitionedRegion) cache + .getRegion(leaderRegionName); + if (leaderRegion.getColocatedWith() == null) { + leaderRegionPath = leaderRegion.getFullPath(); + break; } - - // PART 3 - String leaderRegionPath=null; - PartitionedRegion leaderRegion = null; - String leaderRegionName = prRgion.getColocatedWith(); - if (leaderRegionName != null) { - Cache cache = prRgion.getCache(); - while (leaderRegionName != null) { - leaderRegion = (PartitionedRegion)cache - .getRegion(leaderRegionName); - if (leaderRegion.getColocatedWith() == null) { - leaderRegionPath=leaderRegion.getFullPath(); - break; - } else { - leaderRegionName = leaderRegion.getColocatedWith(); - } - } + else { + leaderRegionName = leaderRegion.getColocatedWith(); } - responseMsg.addObjPart(leaderRegionPath); - responseMsg.send(); - msg.clearParts(); - } - catch (Exception e) { - writeException(msg, e, false, servConn); - } - finally { - servConn.setAsTrue(Command.RESPONDED); } } + responseMsg.addObjPart(leaderRegionPath); + responseMsg.send(); + msg.clearParts(); + } + catch (Exception e) { + writeException(msg, e, false, servConn); + } + finally { + servConn.setAsTrue(Command.RESPONDED); } } - } + + http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0f8694c3/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand66.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand66.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand66.java index 3eca123..72cdcf2 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand66.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetClientPartitionAttributesCommand66.java @@ -14,6 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + package com.gemstone.gemfire.internal.cache.tier.sockets.command; import java.io.IOException; @@ -34,13 +35,12 @@ import com.gemstone.gemfire.internal.cache.tier.sockets.Message; import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection; import com.gemstone.gemfire.internal.i18n.LocalizedStrings; import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; /** * {@link Command} for {@link GetClientPartitionAttributesOp} operation for 6.6 * clients - * * @since GemFire 6.6 - * */ public class GetClientPartitionAttributesCommand66 extends BaseCommand { @@ -56,7 +56,8 @@ public class GetClientPartitionAttributesCommand66 extends BaseCommand { @SuppressWarnings("unchecked") @Override public void cmdExecute(Message msg, ServerConnection servConn, long start) - throws IOException, ClassNotFoundException, InterruptedException { + throws IOException, ClassNotFoundException, InterruptedException + { String regionFullPath = null; CachedRegionHelper crHelper = servConn.getCachedRegionHelper(); regionFullPath = msg.getPart(0).getString(); @@ -64,95 +65,106 @@ public class GetClientPartitionAttributesCommand66 extends BaseCommand { if (regionFullPath == null) { logger.warn(LocalizedMessage.create(LocalizedStrings.GetClientPartitionAttributes_THE_INPUT_REGION_PATH_IS_NULL)); errMessage = LocalizedStrings.GetClientPartitionAttributes_THE_INPUT_REGION_PATH_IS_NULL - .toLocalizedString(); + .toLocalizedString(); writeErrorResponse(msg, - MessageType.GET_CLIENT_PARTITION_ATTRIBUTES_ERROR, - errMessage.toString(), servConn); + MessageType.GET_CLIENT_PARTITION_ATTRIBUTES_ERROR, + errMessage.toString(), servConn); servConn.setAsTrue(RESPONDED); - } else { - Region region = crHelper.getRegion(regionFullPath); - if (region == null) { - logger.warn(LocalizedMessage.create(LocalizedStrings.GetClientPartitionAttributes_REGION_NOT_FOUND_FOR_SPECIFIED_REGION_PATH, regionFullPath)); - errMessage = LocalizedStrings.GetClientPartitionAttributes_REGION_NOT_FOUND - .toLocalizedString() + regionFullPath; - writeErrorResponse(msg, - MessageType.GET_CLIENT_PARTITION_ATTRIBUTES_ERROR, - errMessage.toString(), servConn); - servConn.setAsTrue(RESPONDED); - } else { - try { - Message responseMsg = servConn.getResponseMessage(); - responseMsg.setTransactionId(msg.getTransactionId()); - responseMsg - .setMessageType(MessageType.RESPONSE_CLIENT_PARTITION_ATTRIBUTES); - - if (!(region instanceof PartitionedRegion)) { - responseMsg.setNumberOfParts(2); - responseMsg.addObjPart(-1); - responseMsg.addObjPart(region.getFullPath()); - } else { - - PartitionedRegion prRgion = (PartitionedRegion)region; - - PartitionResolver partitionResolver = prRgion - .getPartitionResolver(); - int numParts = 2; // MINUMUM PARTS - if (partitionResolver != null) { - numParts++; - } - if (prRgion.isFixedPartitionedRegion()) { - numParts++; - } - responseMsg.setNumberOfParts(numParts); - // PART 1 - responseMsg.addObjPart(prRgion.getTotalNumberOfBuckets()); - - // PART 2 - String leaderRegionPath = null; - PartitionedRegion leaderRegion = null; - String leaderRegionName = prRgion.getColocatedWith(); - if (leaderRegionName != null) { - Cache cache = prRgion.getCache(); - while (leaderRegionName != null) { - leaderRegion = (PartitionedRegion)cache - .getRegion(leaderRegionName); - if (leaderRegion.getColocatedWith() == null) { - leaderRegionPath = leaderRegion.getFullPath(); - break; - } else { - leaderRegionName = leaderRegion.getColocatedWith(); - } - } - } - responseMsg.addObjPart(leaderRegionPath); + return; + } + Region region = crHelper.getRegion(regionFullPath); + if (region == null) { + logger.warn(LocalizedMessage + .create(LocalizedStrings.GetClientPartitionAttributes_REGION_NOT_FOUND_FOR_SPECIFIED_REGION_PATH, + regionFullPath)); + errMessage = LocalizedStrings.GetClientPartitionAttributes_REGION_NOT_FOUND + .toLocalizedString() + regionFullPath; + writeErrorResponse(msg, + MessageType.GET_CLIENT_PARTITION_ATTRIBUTES_ERROR, + errMessage.toString(), servConn); + servConn.setAsTrue(RESPONDED); + return; + } + + try { + GeodeSecurityUtil.authorizeClusterRead(); + Message responseMsg = servConn.getResponseMessage(); + responseMsg.setTransactionId(msg.getTransactionId()); + responseMsg + .setMessageType(MessageType.RESPONSE_CLIENT_PARTITION_ATTRIBUTES); + + if (!(region instanceof PartitionedRegion)) { + responseMsg.setNumberOfParts(2); + responseMsg.addObjPart(-1); + responseMsg.addObjPart(region.getFullPath()); + } + else { + + PartitionedRegion prRgion = (PartitionedRegion) region; + + PartitionResolver partitionResolver = prRgion + .getPartitionResolver(); + int numParts = 2; // MINUMUM PARTS + if (partitionResolver != null) { + numParts++; + } + if (prRgion.isFixedPartitionedRegion()) { + numParts++; + } + responseMsg.setNumberOfParts(numParts); + // PART 1 + responseMsg.addObjPart(prRgion.getTotalNumberOfBuckets()); - // PART 3 - if (partitionResolver != null) { - responseMsg.addObjPart(partitionResolver.getClass().toString() - .substring(6)); + // PART 2 + String leaderRegionPath = null; + PartitionedRegion leaderRegion = null; + String leaderRegionName = prRgion.getColocatedWith(); + if (leaderRegionName != null) { + Cache cache = prRgion.getCache(); + while (leaderRegionName != null) { + leaderRegion = (PartitionedRegion) cache + .getRegion(leaderRegionName); + if (leaderRegion.getColocatedWith() == null) { + leaderRegionPath = leaderRegion.getFullPath(); + break; } - // PART 4 - if (prRgion.isFixedPartitionedRegion()) { - Set<FixedPartitionAttributes> fpaSet = null; - if (leaderRegion != null) { - fpaSet = PartitionedRegionHelper - .getAllFixedPartitionAttributes(leaderRegion); - } else { - fpaSet = PartitionedRegionHelper - .getAllFixedPartitionAttributes(prRgion); - } - responseMsg.addObjPart(fpaSet); + else { + leaderRegionName = leaderRegion.getColocatedWith(); } } - responseMsg.send(); - msg.clearParts(); - } catch (Exception e) { - writeException(msg, e, false, servConn); - } finally { - servConn.setAsTrue(Command.RESPONDED); + } + responseMsg.addObjPart(leaderRegionPath); + + // PART 3 + if (partitionResolver != null) { + responseMsg.addObjPart(partitionResolver.getClass().toString() + .substring(6)); + } + // PART 4 + if (prRgion.isFixedPartitionedRegion()) { + Set<FixedPartitionAttributes> fpaSet = null; + if (leaderRegion != null) { + fpaSet = PartitionedRegionHelper + .getAllFixedPartitionAttributes(leaderRegion); + } + else { + fpaSet = PartitionedRegionHelper + .getAllFixedPartitionAttributes(prRgion); + } + responseMsg.addObjPart(fpaSet); } } + responseMsg.send(); + msg.clearParts(); + } + catch (Exception e) { + writeException(msg, e, false, servConn); + } + finally { + servConn.setAsTrue(Command.RESPONDED); } - } + } } + + http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/0f8694c3/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java new file mode 100644 index 0000000..fbbdc05 --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import java.util.Arrays; + +import com.gemstone.gemfire.cache.Region; +import com.gemstone.gemfire.cache.client.ClientCache; +import com.gemstone.gemfire.cache.client.ClientCacheFactory; +import com.gemstone.gemfire.cache.client.ClientRegionShortcut; +import com.gemstone.gemfire.cache.client.internal.GetClientPartitionAttributesOp; +import com.gemstone.gemfire.cache.client.internal.PoolImpl; +import com.gemstone.gemfire.test.junit.categories.DistributedTest; + +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category(DistributedTest.class) +public class IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest extends AbstractIntegratedClientAuthDistributedTest { + + @Test + public void testGetClientPartitionAttrCmd() { + client1.invoke("logging in super-user with correct password", () -> { + ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")) + .setPoolSubscriptionEnabled(true) + .addPoolServer("localhost", serverPort) + .create(); + + Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + + assertNotAuthorized(() -> GetClientPartitionAttributesOp.execute((PoolImpl)cache.getDefaultPool(), REGION_NAME), "CLUSTER:READ"); + }); + + client2.invoke("logging in super-user with correct password", () -> { + ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567")) + .setPoolSubscriptionEnabled(true) + .addPoolServer("localhost", serverPort) + .create(); + + Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); + + GetClientPartitionAttributesOp.execute((PoolImpl)cache.getDefaultPool(), REGION_NAME); + }); + } +} + +