[ignite] branch master updated: IGNITE-13676 Java thin client: Fix message read after SECURITY_VIOLATION error - Fixes #8428.

Thu, 05 Nov 2020 11:32:41 -0800 

This is an automated email from the ASF dual-hosted git repository.

alexpl pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git


The following commit(s) were added to refs/heads/master by this push:
     new 8ac005f  IGNITE-13676 Java thin client: Fix message read after 
SECURITY_VIOLATION error - Fixes #8428.
8ac005f is described below

commit 8ac005f94b6f15a82cd7b9dc3b5ced2352e389eb
Author: Aleksey Plekhanov <plehanov.a...@gmail.com>
AuthorDate: Thu Nov 5 17:57:41 2020 +0300

    IGNITE-13676 Java thin client: Fix message read after SECURITY_VIOLATION 
error - Fixes #8428.
    
    Signed-off-by: Aleksey Plekhanov <plehanov.a...@gmail.com>
---
 .../org/apache/ignite/internal/client/thin/TcpClientChannel.java | 6 ++++--
 .../security/client/ThinClientPermissionCheckTest.java           | 9 +++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git 
a/modules/core/src/main/java/org/apache/ignite/internal/client/thin/TcpClientChannel.java
 
b/modules/core/src/main/java/org/apache/ignite/internal/client/thin/TcpClientChannel.java
index 4f3ee40..c357672 100644
--- 
a/modules/core/src/main/java/org/apache/ignite/internal/client/thin/TcpClientChannel.java
+++ 
b/modules/core/src/main/java/org/apache/ignite/internal/client/thin/TcpClientChannel.java
@@ -461,9 +461,11 @@ class TcpClientChannel implements ClientChannel {
             if (msgSize > hdrSize)
                 res = dataInput.spinRead(msgSize - hdrSize);
         }
-        else if (status == ClientStatus.SECURITY_VIOLATION)
+        else if (status == ClientStatus.SECURITY_VIOLATION) {
+            dataInput.spinRead(msgSize - hdrSize); // Read message to the end.
+
             err = new ClientAuthorizationException();
-        else {
+        } else {
             resIn = new BinaryHeapInputStream(dataInput.spinRead(msgSize - 
hdrSize));
 
             String errMsg = ClientUtils.createBinaryReader(null, 
resIn).readString();
diff --git 
a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java
 
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java
index 1230aba..152e2570 100644
--- 
a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java
+++ 
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java
@@ -262,6 +262,15 @@ public class ThinClientPermissionCheckTest extends 
AbstractSecurityTest {
             assertThrowsWithCause(() -> runOperation(CLIENT, op), 
ClientAuthorizationException.class);
     }
 
+    /** */
+    @Test
+    public void testAllowedOperationAfterSecurityViolation() throws Exception {
+        try (IgniteClient client = startClient(CLIENT_READ)) {
+            assertThrowsWithCause(() -> client.cache(CACHE).put("key", 
"value"), ClientAuthorizationException.class);
+            assertNull(client.cache(CACHE).get("key"));
+        }
+    }
+
     /**
      * Gets all operations.
      *

Reply via email to