You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by zh...@apache.org on 2020/12/04 17:22:33 UTC
[geode] branch support/1.12 updated: GEODE-8764: Lucene Functions
should request data read permission only on the specified region (#5809)
This is an automated email from the ASF dual-hosted git repository.
zhouxj pushed a commit to branch support/1.12
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/support/1.12 by this push:
new d298595 GEODE-8764: Lucene Functions should request data read permission only on the specified region (#5809)
d298595 is described below
commit d2985950faf15a29d3f0f7a384dab27ca043a1f1
Author: Xiaojian Zhou <ge...@users.noreply.github.com>
AuthorDate: Thu Dec 3 22:41:01 2020 -0800
GEODE-8764: Lucene Functions should request data read permission only on the specified region (#5809)
(cherry picked from commit 9ccef088ed5df32afaae1ceb7725be561544716d)
---
.../geode/cache/lucene/test/LuceneFunctionSecurityTest.java | 8 ++++++--
.../lucene/internal/distributed/IndexingInProgressFunction.java | 4 ++--
.../cache/lucene/internal/distributed/LuceneQueryFunction.java | 4 ++--
.../lucene/internal/distributed/WaitUntilFlushedFunction.java | 4 ++--
.../cache/lucene/internal/results/LuceneGetPageFunction.java | 4 ++--
5 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java b/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
index a0448cf..39630de 100644
--- a/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
+++ b/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
@@ -86,8 +86,12 @@ public class LuceneFunctionSecurityTest {
for (Function function : functions) {
Collection<ResourcePermission> permissions = function
.getRequiredPermissions(REGION_NAME);
- if (permissions.contains(ResourcePermissions.DATA_READ)) {
- functionsWithDataRead.add(function);
+ for (ResourcePermission permission : permissions) {
+ if (permission.getResource().equals(ResourcePermission.Resource.DATA)
+ && permission.getOperation().equals(ResourcePermission.Operation.READ)) {
+ functionsWithDataRead.add(function);
+ break;
+ }
}
}
}
diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
index 33f1973..c1ba4abd 100644
--- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
+++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
@@ -27,7 +27,6 @@ import org.apache.geode.cache.lucene.LuceneIndex;
import org.apache.geode.cache.lucene.LuceneService;
import org.apache.geode.cache.lucene.LuceneServiceProvider;
import org.apache.geode.internal.cache.execute.InternalFunction;
-import org.apache.geode.management.internal.security.ResourcePermissions;
import org.apache.geode.security.ResourcePermission;
public class IndexingInProgressFunction implements InternalFunction<Object> {
@@ -68,6 +67,7 @@ public class IndexingInProgressFunction implements InternalFunction<Object> {
@Override
public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
- return Collections.singletonList(ResourcePermissions.DATA_READ);
+ return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA,
+ ResourcePermission.Operation.READ, regionName));
}
}
diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
index 3f87599..a414604 100644
--- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
+++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
@@ -52,7 +52,6 @@ import org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetE
import org.apache.geode.internal.cache.execute.PartitionedRegionFunctionResultSender;
import org.apache.geode.internal.serialization.Version;
import org.apache.geode.logging.internal.log4j.api.LogService;
-import org.apache.geode.management.internal.security.ResourcePermissions;
import org.apache.geode.security.ResourcePermission;
/**
@@ -234,6 +233,7 @@ public class LuceneQueryFunction implements InternalFunction<LuceneFunctionConte
@Override
public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
- return Collections.singletonList(ResourcePermissions.DATA_READ);
+ return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA,
+ ResourcePermission.Operation.READ, regionName));
}
}
diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
index 7d8281c..4d2146c 100644
--- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
+++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
@@ -27,7 +27,6 @@ import org.apache.geode.cache.execute.RegionFunctionContext;
import org.apache.geode.cache.execute.ResultSender;
import org.apache.geode.cache.lucene.internal.LuceneServiceImpl;
import org.apache.geode.internal.cache.execute.InternalFunction;
-import org.apache.geode.management.internal.security.ResourcePermissions;
import org.apache.geode.security.ResourcePermission;
/**
@@ -85,6 +84,7 @@ public class WaitUntilFlushedFunction implements InternalFunction<Object> {
@Override
public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
- return Collections.singletonList(ResourcePermissions.DATA_READ);
+ return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA,
+ ResourcePermission.Operation.READ, regionName));
}
}
diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
index d05c0ac..4ce7046 100644
--- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
+++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
@@ -33,7 +33,6 @@ import org.apache.geode.internal.cache.Token;
import org.apache.geode.internal.cache.execute.InternalFunction;
import org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException;
import org.apache.geode.logging.internal.log4j.api.LogService;
-import org.apache.geode.management.internal.security.ResourcePermissions;
import org.apache.geode.security.ResourcePermission;
/**
@@ -93,6 +92,7 @@ public class LuceneGetPageFunction implements InternalFunction<Object> {
@Override
public Collection<ResourcePermission> getRequiredPermissions(String regionName) {
- return Collections.singletonList(ResourcePermissions.DATA_READ);
+ return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA,
+ ResourcePermission.Operation.READ, regionName));
}
}