You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/06/21 03:14:28 UTC
[7/9] incubator-geode git commit: client server
client server
client server
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/c6e7a3bd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/c6e7a3bd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/c6e7a3bd
Branch: refs/heads/feature/GEODE-1571
Commit: c6e7a3bd207a273898db901c048540339a58f3ee
Parents: f447023
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Wed Jun 15 14:37:42 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Mon Jun 20 12:13:55 2016 -0700
----------------------------------------------------------------------
.../client/internal/CloseConnectionOp.java | 4 +-
.../cache/tier/sockets/CacheClientNotifier.java | 134 +++--
.../internal/cache/tier/sockets/HandShake.java | 141 +++--
.../cache/tier/sockets/ServerConnection.java | 108 ++--
.../tier/sockets/ServerHandShakeProcessor.java | 88 +--
.../cache/tier/sockets/command/Get70.java | 15 +-
.../cache/tier/sockets/command/GetAll.java | 23 +-
.../cache/tier/sockets/command/GetAll651.java | 16 +-
.../cache/tier/sockets/command/GetAll70.java | 30 +-
.../cache/tier/sockets/command/KeySet.java | 25 +-
.../cache/tier/sockets/command/Put.java | 271 ++++-----
.../cache/tier/sockets/command/Put65.java | 592 +++++++++----------
.../cache/tier/sockets/command/PutAll80.java | 5 +-
.../cache/tier/sockets/command/Query.java | 42 +-
.../internal/security/GeodeSecurityUtil.java | 69 ++-
.../security/shiro/CustomAuthRealm.java | 16 +-
.../internal/cli/commands/DataCommands.java | 21 +-
.../cli/functions/DataCommandFunction.java | 23 +-
.../gemfire/security/GeodePermission.java | 41 +-
.../gemfire/security/PostProcessor.java | 26 +
.../templates/SampleJsonAuthorization.java | 20 +-
.../security/templates/SamplePostProcessor.java | 44 ++
.../internal/cli/GfshParserJUnitTest.java | 15 +-
.../security/CliCommandsSecurityTest.java | 13 +-
.../security/GfshCommandsPostProcessorTest.java | 70 +++
.../security/GfshCommandsSecurityTest.java | 26 +-
.../security/GfshShellConnectionRule.java | 4 +
.../JsonAuthorizationCacheStartRule.java | 24 +-
.../internal/security/MultiUserDUnitTest.java | 30 +-
.../security/IntegratedClientAuthDUnitTest.java | 179 ++++++
.../gemfire/security/SecurityTestUtils.java | 33 +-
.../com/gemstone/gemfire/test/dunit/Invoke.java | 22 +-
.../internal/JUnit4DistributedTestCase.java | 44 +-
.../internal/security/clientServer.json | 160 +++++
34 files changed, 1546 insertions(+), 828 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java b/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java
index c8990f4..2845ef9 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java
@@ -16,11 +16,11 @@
*/
package com.gemstone.gemfire.cache.client.internal;
+import java.io.EOFException;
+
import com.gemstone.gemfire.internal.cache.tier.MessageType;
import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
-import java.io.EOFException;
-
/**
* Tell a server that a connection is being closed
* @since GemFire 5.7
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
index 30ab4a4..11d3405 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
@@ -17,8 +17,50 @@
package com.gemstone.gemfire.internal.cache.tier.sockets;
-import com.gemstone.gemfire.*;
-import com.gemstone.gemfire.cache.*;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.BufferedOutputStream;
+import java.io.DataInput;
+import java.io.DataInputStream;
+import java.io.DataOutput;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.CopyOnWriteArraySet;
+import java.util.concurrent.ScheduledThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.logging.log4j.Logger;
+
+import com.gemstone.gemfire.CancelException;
+import com.gemstone.gemfire.DataSerializer;
+import com.gemstone.gemfire.Instantiator;
+import com.gemstone.gemfire.InternalGemFireError;
+import com.gemstone.gemfire.StatisticsFactory;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheEvent;
+import com.gemstone.gemfire.cache.CacheException;
+import com.gemstone.gemfire.cache.InterestRegistrationEvent;
+import com.gemstone.gemfire.cache.InterestRegistrationListener;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionDestroyedException;
+import com.gemstone.gemfire.cache.RegionExistsException;
+import com.gemstone.gemfire.cache.UnsupportedVersionException;
import com.gemstone.gemfire.cache.client.internal.PoolImpl;
import com.gemstone.gemfire.cache.client.internal.PoolImpl.PoolTask;
import com.gemstone.gemfire.cache.query.CqException;
@@ -29,11 +71,45 @@ import com.gemstone.gemfire.cache.query.internal.cq.ServerCQ;
import com.gemstone.gemfire.cache.server.CacheServer;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.distributed.internal.*;
-import com.gemstone.gemfire.internal.*;
-import com.gemstone.gemfire.internal.cache.*;
+import com.gemstone.gemfire.distributed.internal.DM;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.DistributionManager;
+import com.gemstone.gemfire.distributed.internal.HighPriorityDistributionMessage;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.MessageWithReply;
+import com.gemstone.gemfire.distributed.internal.ReplyMessage;
+import com.gemstone.gemfire.distributed.internal.ReplyProcessor21;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.DummyStatisticsFactory;
+import com.gemstone.gemfire.internal.InternalDataSerializer;
+import com.gemstone.gemfire.internal.InternalInstantiator;
+import com.gemstone.gemfire.internal.SocketCloser;
+import com.gemstone.gemfire.internal.SystemTimer;
+import com.gemstone.gemfire.internal.Version;
+import com.gemstone.gemfire.internal.VersionedDataInputStream;
+import com.gemstone.gemfire.internal.VersionedDataOutputStream;
+import com.gemstone.gemfire.internal.cache.CacheClientStatus;
+import com.gemstone.gemfire.internal.cache.CacheDistributionAdvisor;
+import com.gemstone.gemfire.internal.cache.CacheServerImpl;
+import com.gemstone.gemfire.internal.cache.ClientRegionEventImpl;
+import com.gemstone.gemfire.internal.cache.ClientServerObserver;
+import com.gemstone.gemfire.internal.cache.ClientServerObserverHolder;
+import com.gemstone.gemfire.internal.cache.Conflatable;
+import com.gemstone.gemfire.internal.cache.DistributedRegion;
+import com.gemstone.gemfire.internal.cache.EntryEventImpl;
+import com.gemstone.gemfire.internal.cache.EnumListenerEvent;
+import com.gemstone.gemfire.internal.cache.EventID;
+import com.gemstone.gemfire.internal.cache.FilterProfile;
import com.gemstone.gemfire.internal.cache.FilterRoutingInfo.FilterInfo;
-import com.gemstone.gemfire.internal.cache.ha.*;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.cache.InternalCacheEvent;
+import com.gemstone.gemfire.internal.cache.LocalRegion;
+import com.gemstone.gemfire.internal.cache.RegionEventImpl;
+import com.gemstone.gemfire.internal.cache.ha.HAContainerMap;
+import com.gemstone.gemfire.internal.cache.ha.HAContainerRegion;
+import com.gemstone.gemfire.internal.cache.ha.HAContainerWrapper;
+import com.gemstone.gemfire.internal.cache.ha.HARegionQueue;
+import com.gemstone.gemfire.internal.cache.ha.ThreadIdentifier;
import com.gemstone.gemfire.internal.cache.tier.Acceptor;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
import com.gemstone.gemfire.internal.cache.versions.VersionTag;
@@ -44,17 +120,6 @@ import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.security.AccessControl;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.AuthenticationRequiredException;
-import org.apache.logging.log4j.Logger;
-
-import java.io.*;
-import java.lang.reflect.Method;
-import java.net.Socket;
-import java.net.SocketAddress;
-import java.security.Principal;
-import java.util.*;
-import java.util.concurrent.*;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
/**
* Class <code>CacheClientNotifier</code> works on the server and manages
@@ -344,26 +409,27 @@ public class CacheClientNotifier {
if (securityLogWriter.fineEnabled()) {
securityLogWriter.fine("CacheClientNotifier: verifying credentials for proxyID: " + proxyID);
}
- Principal principal = HandShake.verifyCredentials(authenticator,
+ Object subject = HandShake.verifyCredentials(authenticator,
credentials, system.getSecurityProperties(), this.logWriter,
this.securityLogWriter, member);
- if (securityLogWriter.fineEnabled()) {
- securityLogWriter.fine("CacheClientNotifier: successfully verified credentials for proxyID: " + proxyID + " having principal: " + principal.getName());
- }
- String postAuthzFactoryName = sysProps
- .getProperty(SECURITY_CLIENT_ACCESSOR_PP);
- if (postAuthzFactoryName != null && postAuthzFactoryName.length() > 0) {
- if (principal == null) {
- securityLogWriter.warning(
- LocalizedStrings.CacheClientNotifier_CACHECLIENTNOTIFIER_POST_PROCESS_AUTHORIZATION_CALLBACK_ENABLED_BUT_AUTHENTICATION_CALLBACK_0_RETURNED_WITH_NULL_CREDENTIALS_FOR_PROXYID_1,
- new Object[] {
- SECURITY_CLIENT_AUTHENTICATOR, proxyID });
+ if(subject instanceof Principal){
+ Principal principal = (Principal) subject;
+ if (securityLogWriter.fineEnabled()) {
+ securityLogWriter.fine("CacheClientNotifier: successfully verified credentials for proxyID: " + proxyID + " having principal: " + principal.getName());
+ }
+
+ String postAuthzFactoryName = sysProps
+ .getProperty(SECURITY_CLIENT_ACCESSOR_PP);
+ if (postAuthzFactoryName != null && postAuthzFactoryName.length() > 0) {
+ if (principal == null) {
+ securityLogWriter.warning(LocalizedStrings.CacheClientNotifier_CACHECLIENTNOTIFIER_POST_PROCESS_AUTHORIZATION_CALLBACK_ENABLED_BUT_AUTHENTICATION_CALLBACK_0_RETURNED_WITH_NULL_CREDENTIALS_FOR_PROXYID_1, new Object[] {
+ SECURITY_CLIENT_AUTHENTICATOR, proxyID
+ });
+ }
+ Method authzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName);
+ authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
+ authzCallback.init(principal, member, this.getCache());
}
- Method authzMethod = ClassLoadUtil
- .methodFromName(postAuthzFactoryName);
- authzCallback = (AccessControl)authzMethod.invoke(null,
- (Object[])null);
- authzCallback.init(principal, member, this.getCache());
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
index a926772..89a3fa8 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
@@ -17,6 +17,52 @@
package com.gemstone.gemfire.internal.cache.tier.sockets;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.DataOutput;
+import java.io.DataOutputStream;
+import java.io.EOFException;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.reflect.Method;
+import java.math.BigInteger;
+import java.net.Socket;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyAgreement;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import javax.net.ssl.SSLSocket;
+
+import org.apache.logging.log4j.Logger;
+
import com.gemstone.gemfire.CancelCriterion;
import com.gemstone.gemfire.DataSerializer;
import com.gemstone.gemfire.InternalGemFireException;
@@ -26,37 +72,32 @@ import com.gemstone.gemfire.cache.client.ServerRefusedConnectionException;
import com.gemstone.gemfire.cache.client.internal.Connection;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.distributed.internal.*;
+import com.gemstone.gemfire.distributed.internal.DM;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.LonerDistributionManager;
+import com.gemstone.gemfire.distributed.internal.ServerLocation;
import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
-import com.gemstone.gemfire.internal.*;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.HeapDataOutputStream;
+import com.gemstone.gemfire.internal.InternalDataSerializer;
+import com.gemstone.gemfire.internal.InternalInstantiator;
+import com.gemstone.gemfire.internal.Version;
+import com.gemstone.gemfire.internal.VersionedDataInputStream;
+import com.gemstone.gemfire.internal.VersionedDataOutputStream;
import com.gemstone.gemfire.internal.cache.tier.Acceptor;
import com.gemstone.gemfire.internal.cache.tier.ClientHandShake;
import com.gemstone.gemfire.internal.cache.tier.ConnectionProxy;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.pdx.internal.PeerTypeRegistration;
-import com.gemstone.gemfire.security.*;
-import org.apache.logging.log4j.Logger;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-import javax.net.ssl.SSLSocket;
-import java.io.*;
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.net.Socket;
-import java.security.*;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.*;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import com.gemstone.gemfire.security.AuthInitialize;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.AuthenticationRequiredException;
+import com.gemstone.gemfire.security.Authenticator;
+import com.gemstone.gemfire.security.GemFireSecurityException;
public class HandShake implements ClientHandShake
{
@@ -1747,40 +1788,54 @@ public class HandShake implements ClientHandShake
}
return credentials;
}
-
- public static Principal verifyCredentials(String authenticatorMethod,
+
+ /**
+ * this could return either a Subject or a Principal depending on if it's integrated security or not
+ * @param authenticatorMethod
+ * @param credentials
+ * @param securityProperties
+ * @param logWriter
+ * @param securityLogWriter
+ * @param member
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthenticationFailedException
+ */
+ public static Object verifyCredentials(String authenticatorMethod,
Properties credentials, Properties securityProperties, InternalLogWriter logWriter,
InternalLogWriter securityLogWriter, DistributedMember member)
throws AuthenticationRequiredException, AuthenticationFailedException {
+ if (authenticatorMethod == null || authenticatorMethod.length() == 0) {
+ return null;
+ }
+
Authenticator auth = null;
try {
- if (authenticatorMethod == null || authenticatorMethod.length() == 0) {
- return null;
+ if(AcceptorImpl.isIntegratedSecurity()){
+ String username = credentials.getProperty("security-username");
+ String password = credentials.getProperty("security-password");
+ return GeodeSecurityUtil.login(username, password);
+ }
+ else {
+ Method instanceGetter = ClassLoadUtil.methodFromName(authenticatorMethod);
+ auth = (Authenticator) instanceGetter.invoke(null, (Object[]) null);
+ auth.init(securityProperties, logWriter, securityLogWriter);
+ return auth.authenticate(credentials, member);
}
- Method instanceGetter = ClassLoadUtil.methodFromName(authenticatorMethod);
- auth = (Authenticator)instanceGetter.invoke(null, (Object[])null);
- }
- catch (Exception ex) {
- throw new AuthenticationFailedException(
- LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);
}
- if (auth == null) {
- throw new AuthenticationFailedException(
- LocalizedStrings.HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString());
+ catch(AuthenticationFailedException ex){
+ throw ex;
}
- auth.init(securityProperties, logWriter, securityLogWriter);
- Principal principal;
- try {
- principal = auth.authenticate(credentials, member);
+ catch (Exception ex) {
+ throw new AuthenticationFailedException(ex.getMessage(), ex);
}
finally {
- auth.close();
+ if(auth!=null) auth.close();
}
- return principal;
}
- public Principal verifyCredentials() throws AuthenticationRequiredException,
+ public Object verifyCredentials() throws AuthenticationRequiredException,
AuthenticationFailedException {
String methodName = this.system.getProperties().getProperty(
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
index 7bb35da..3a6cadb 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
@@ -35,6 +35,10 @@ import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.LinkedBlockingQueue;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadState;
+
import com.gemstone.gemfire.CancelException;
import com.gemstone.gemfire.DataSerializer;
import com.gemstone.gemfire.SystemFailure;
@@ -67,10 +71,6 @@ import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.AuthenticationRequiredException;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import org.apache.logging.log4j.Logger;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.ThreadState;
-
/**
* Provides an implementation for the server socket end of the hierarchical
* cache connection. Each server connection runs in its own thread to maximize
@@ -413,6 +413,10 @@ public class ServerConnection implements Runnable {
public Version getClientVersion() {
return this.handshake.getVersion();
}
+
+ public ClientUserAuths getClientUserAuths(){
+ return this.clientUserAuths;
+ }
protected void setProxyId(ClientProxyMembershipID proxyId) {
this.proxyId = proxyId;
@@ -429,14 +433,6 @@ public class ServerConnection implements Runnable {
protected void setPrincipal(Principal principal) {
this.principal = principal;
}
-
- protected void setAuthorizeRequest(AuthorizeRequest authzRequest) {
- this.authzRequest = authzRequest;
- }
-
- protected void setPostAuthorizeRequest(AuthorizeRequestPP postAuthzRequest) {
- this.postAuthzRequest = postAuthzRequest;
- }
//hitesh:this is for backward compability
public long setUserAuthorizeAndPostAuthorizeRequest(
@@ -456,23 +452,6 @@ public class ServerConnection implements Runnable {
throw npe;
}
}
- //this is backward compability only, if any race condition happens.
- //where server is unregistering the client and client is creating new connection.
- private void resetUserAuthorizeAndPostAuthorizeRequest()
- {
- if (AcceptorImpl.isAuthenticationRequired()
- && (this.handshake.getVersion().compareTo(Version.GFE_65) < 0
- || this.getCommunicationMode() == Acceptor.GATEWAY_TO_GATEWAY))
- {
- ClientUserAuths cua = proxyIdVsClientUserAuths.get(this.proxyId);
- if (cua != this.clientUserAuths)
- {
- UserAuthAttributes uaa = this.clientUserAuths.getUserAuthAttributes(this.userAuthId);
- initializeClientUserAuths();
- this.userAuthId = this.clientUserAuths.putUserAuth(uaa);
- }
- }
- }
public InternalLogWriter getSecurityLogWriter() {
return this.securityLogWriter;
@@ -806,10 +785,14 @@ public class ServerConnection implements Runnable {
}
// if a subject exists for this uniqueId, binds the subject to this thread so that we can do authorization later
- if(AcceptorImpl.isIntegratedSecurity()) {
+ if(AcceptorImpl.isIntegratedSecurity() && !isInternalMessage()) {
long uniqueId = getUniqueId();
+ logger.info(command + " received with uniqueId "+uniqueId);
Subject subject = this.clientUserAuths.getSubject(uniqueId);
- threadState = GeodeSecurityUtil.bindSubject(subject);
+ if(subject!=null) {
+ threadState = GeodeSecurityUtil.bindSubject(subject);
+ logger.info("binding " + subject.getPrincipal() + " to the current thread");
+ }
}
command.execute(msg, this);
@@ -1061,30 +1044,27 @@ public class ServerConnection implements Runnable {
DataInputStream dinp = new DataInputStream(bis);
Properties credentials = DataSerializer.readProperties(dinp);
- String username = credentials.getProperty("security-username");
- String password = credentials.getProperty("security-password");
-
// When here, security is enfored on server, if login returns a subject, then it's the newly integrated security, otherwise, do it the old way.
long uniqueId;
- Subject subject = GeodeSecurityUtil.login(username, password);
- if(subject!=null){
+
+ DistributedSystem system = this.getDistributedSystem();
+ String methodName = system.getProperties().getProperty(
+ SECURITY_CLIENT_AUTHENTICATOR);
+
+ Object principal = HandShake.verifyCredentials(methodName, credentials,
+ system.getSecurityProperties(), (InternalLogWriter) system.getLogWriter(), (InternalLogWriter) system
+ .getSecurityLogWriter(), this.proxyId.getDistributedMember());
+ if(principal instanceof Subject){
+ Subject subject = (Subject)principal;
uniqueId = this.clientUserAuths.putSubject(subject);
+ logger.info("Put subject in Map: "+uniqueId+" for "+ subject.getPrincipal());
}
else {
- DistributedSystem system = this.getDistributedSystem();
- String methodName = system.getProperties().getProperty(
- SECURITY_CLIENT_AUTHENTICATOR);
-
- Principal principal = HandShake.verifyCredentials(methodName, credentials,
- system.getSecurityProperties(), (InternalLogWriter) system.getLogWriter(), (InternalLogWriter) system
- .getSecurityLogWriter(), this.proxyId.getDistributedMember());
-
//this sets principal in map as well....
- uniqueId = ServerHandShakeProcessor.getUniqueId(this, principal);
+ uniqueId = ServerHandShakeProcessor.getUniqueId(this, (Principal)principal);
}
-
- //create secure part which will be send in respones
-
+
+ //create secure part which will be send in respones
return encryptId(uniqueId, this);
} catch (AuthenticationFailedException afe) {
throw afe;
@@ -1124,11 +1104,25 @@ public class ServerConnection implements Runnable {
&& this.handshake.getVersion().compareTo(Version.GFE_65) >= 0
&& (this.communicationMode != Acceptor.GATEWAY_TO_GATEWAY)
&& (!this.requestMsg.getAndResetIsMetaRegion())
- && (!(this.requestMsg.msgType == MessageType.CLIENT_READY
+ && (!isInternalMessage())) {
+ setSecurityPart();
+ return this.securePart;
+ }
+ else {
+ if (AcceptorImpl.isAuthenticationRequired() && logger.isDebugEnabled()) {
+ logger.debug("ServerConnection.updateAndGetSecurityPart() not adding security part for msg type {}",
+ MessageType.getString(this.requestMsg.msgType));
+ }
+ }
+ return null;
+ }
+
+ private boolean isInternalMessage(){
+ return (this.requestMsg.msgType == MessageType.CLIENT_READY
|| this.requestMsg.msgType == MessageType.CLOSE_CONNECTION
|| this.requestMsg.msgType == MessageType.GETCQSTATS_MSG_TYPE
|| this.requestMsg.msgType == MessageType.GET_CLIENT_PARTITION_ATTRIBUTES
- || this.requestMsg.msgType == MessageType.GET_CLIENT_PR_METADATA
+ || this.requestMsg.msgType == MessageType.GET_CLIENT_PR_METADATA
|| this.requestMsg.msgType == MessageType.INVALID
|| this.requestMsg.msgType == MessageType.MAKE_PRIMARY
|| this.requestMsg.msgType == MessageType.MONITORCQ_MSG_TYPE
@@ -1150,18 +1144,8 @@ public class ServerConnection implements Runnable {
|| this.requestMsg.msgType == MessageType.GET_PDX_TYPES
|| this.requestMsg.msgType == MessageType.GET_PDX_ENUMS
|| this.requestMsg.msgType == MessageType.COMMIT
- || this.requestMsg.msgType == MessageType.ROLLBACK))) {
- setSecurityPart();
- return this.securePart;
- }
- else {
- if (AcceptorImpl.isAuthenticationRequired() && logger.isDebugEnabled()) {
- logger.debug("ServerConnection.updateAndGetSecurityPart() not adding security part for msg type {}",
- MessageType.getString(this.requestMsg.msgType));
- }
- }
- return null;
- }
+ || this.requestMsg.msgType == MessageType.ROLLBACK);
+ }
public void run() {
setOwner();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
index 425b4bd..b24b00c 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
@@ -17,6 +17,23 @@
package com.gemstone.gemfire.internal.cache.tier.sockets;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.DataOutputStream;
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.SocketException;
+import java.net.SocketTimeoutException;
+import java.security.Principal;
+import java.util.Properties;
+
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
+
import com.gemstone.gemfire.DataSerializer;
import com.gemstone.gemfire.cache.IncompatibleVersionException;
import com.gemstone.gemfire.cache.UnsupportedVersionException;
@@ -36,17 +53,6 @@ import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.AuthenticationRequiredException;
-import org.apache.logging.log4j.Logger;
-
-import java.io.*;
-import java.net.Socket;
-import java.net.SocketAddress;
-import java.net.SocketException;
-import java.net.SocketTimeoutException;
-import java.security.Principal;
-import java.util.Properties;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
/**
* A <code>ServerHandShakeProcessor</code> verifies the client's version compatibility with server.
@@ -219,55 +225,11 @@ public class ServerHandShakeProcessor {
ClientProxyMembershipID proxyId = handshake.getMembership();
connection.setProxyId(proxyId);
//hitesh: it gets principals
- //Hitesh:for older version we should set this
+ //Hitesh:for older version we should set this
if (clientVersion.compareTo(Version.GFE_65) < 0
|| connection.getCommunicationMode() == Acceptor.GATEWAY_TO_GATEWAY) {
- /* Principal principal = handshake.verifyCredentials();
- connection.setPrincipal(principal);
- if (principal != null) {
- if (connection.getSecurityLogger().fineEnabled())
- securityLogger.fine(connection.getName()
- + ": successfully verified credentials for proxyID [" + proxyId
- + "] having principal: " + principal.getName());
- } else if (socket instanceof SSLSocket) {
- // Test whether we are using SSL connection in mutual authentication
- // mode and use its principal.
- SSLSocket sslSocket = (SSLSocket) socket;
- SSLSession sslSession = sslSocket.getSession();
- if (!sslSession.getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL")
- && sslSocket.getNeedClientAuth()) {
- try {
- Certificate[] certs = sslSession.getPeerCertificates();
- if (certs[0] instanceof X509Certificate) {
- principal = ((X509Certificate) certs[0])
- .getSubjectX500Principal();
- if (securityLogger.fineEnabled())
- securityLogger.fine(connection.getName()
- + ": successfully verified credentials for proxyID ["
- + proxyId
- + "] using SSL mutual authentication with principal: "
- + principal.getName());
- } else {
- if (securityLogger.warningEnabled())
- securityLogger.warning(
- LocalizedStrings.ServerHandShakeProcessor_0_UNEXPECTED_CERTIFICATE_TYPE_1_FOR_PROXYID_2,
- new Object[] {connection.getName(), certs[0].getType(), proxyId});
- }
- } catch (SSLPeerUnverifiedException ex) {
- // this is the case where client has not verified itself
- // i.e. not in mutual authentication mode
- if (securityLogger.errorEnabled())
- securityLogger.error(
- LocalizedStrings.ServerHandShakeProcessor_SSL_EXCEPTION_SHOULD_NOT_HAVE_HAPPENED,
- ex);
- connection.setPrincipal(null);//TODO:hitesh ??
- }
- }
- }
- */
long uniqueId = setAuthAttributes(connection);
connection.setUserAuthId(uniqueId);//for older clients < 6.5
-
}
}
catch (SocketTimeoutException timeout) {
@@ -347,9 +309,17 @@ public class ServerHandShakeProcessor {
throws Exception{
try {
logger.debug("setAttributes()");
- Principal principal = ((HandShake)connection.getHandshake()).verifyCredentials();
- connection.setPrincipal(principal);//TODO:hitesh is this require now ???
- return getUniqueId(connection, principal);
+ Object principal = ((HandShake)connection.getHandshake()).verifyCredentials();
+
+ long uniqueId;
+ if(principal instanceof Subject){
+ uniqueId = connection.getClientUserAuths().putSubject((Subject)principal);
+ }
+ else {
+ //this sets principal in map as well....
+ uniqueId = getUniqueId(connection, (Principal)principal);
+ }
+ return uniqueId;
}catch(Exception ex) {
throw ex;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
index 5154652..f6e17ae 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
@@ -145,7 +145,7 @@ public class Get70 extends BaseCommand {
}
// for integrated security
- GeodeSecurityUtil.authorizeRegionRead(regionName);
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
Region region = crHelper.getRegion(regionName);
if (region == null) {
@@ -189,7 +189,6 @@ public class Get70 extends BaseCommand {
VersionTag versionTag = entry.versionTag;
boolean keyNotPresent = entry.keyNotPresent;
-
try {
AuthorizeRequestPP postAuthzRequest = servConn.getPostAuthzRequest();
if (postAuthzRequest != null) {
@@ -216,11 +215,13 @@ public class Get70 extends BaseCommand {
servConn.setAsTrue(RESPONDED);
return;
}
- {
- long oldStart = start;
- start = DistributionStats.getStatTime();
- stats.incProcessGetTime(start - oldStart);
- }
+
+ // post process
+ data = GeodeSecurityUtil.postProcess(regionName, key, data);
+
+ long oldStart = start;
+ start = DistributionStats.getStatTime();
+ stats.incProcessGetTime(start - oldStart);
if (region instanceof PartitionedRegion) {
PartitionedRegion pr = (PartitionedRegion) region;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java
index 9f2a8e2..a807440 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java
@@ -17,24 +17,29 @@
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Set;
+
import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.cache.operations.GetOperationContext;
-import com.gemstone.gemfire.i18n.LogWriterI18n;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ChunkedMessage;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ObjectPartList;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import java.io.IOException;
-import java.util.Iterator;
-import java.util.Set;
-
public class GetAll extends BaseCommand {
private final static GetAll singleton = new GetAll();
@@ -156,6 +161,7 @@ public class GetAll extends BaseCommand {
allKeysIter = allKeys.iterator();
numKeys = allKeys.size();
}
+
ObjectPartList values = new ObjectPartList(maximumChunkSize, keys == null);
AuthorizeRequest authzRequest = servConn.getAuthzRequest();
AuthorizeRequestPP postAuthzRequest = servConn.getPostAuthzRequest();
@@ -195,6 +201,8 @@ public class GetAll extends BaseCommand {
}
}
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
// Getting a value in serialized form is pretty nasty. I split this out
@@ -230,6 +238,9 @@ public class GetAll extends BaseCommand {
}
}
+ // post process
+ value = GeodeSecurityUtil.postProcess(regionName, key, value);
+
if (logger.isDebugEnabled()) {
logger.debug("{}: Returning value for key={}: {}", servConn.getName(), key, value);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java
index ad61c69..9cea674 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java
@@ -17,9 +17,12 @@
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Set;
+
import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.cache.operations.GetOperationContext;
-import com.gemstone.gemfire.i18n.LogWriterI18n;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
@@ -34,12 +37,9 @@ import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import java.io.IOException;
-import java.util.Iterator;
-import java.util.Set;
-
public class GetAll651 extends BaseCommand {
private final static GetAll651 singleton = new GetAll651();
@@ -200,6 +200,8 @@ public class GetAll651 extends BaseCommand {
}
}
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
// Getting a value in serialized form is pretty nasty. I split this out
@@ -236,13 +238,13 @@ public class GetAll651 extends BaseCommand {
}
}
+ value = GeodeSecurityUtil.postProcess(regionName, key, value);
+
if (isDebugEnabled) {
logger.debug("{}: Returning value for key={}: {}", servConn.getName(), key, value);
}
// Add the value to the list of values
-
-
if(keyNotPresent) {
if (logger.isDebugEnabled()) {
logger.debug("{}: key={} is not present on server.", servConn.getName(), key);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java
index 4c79a27..007d583 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java
@@ -17,16 +17,25 @@
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Set;
+
import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.cache.operations.GetOperationContext;
import com.gemstone.gemfire.cache.operations.internal.GetOperationContextImpl;
-import com.gemstone.gemfire.i18n.LogWriterI18n;
import com.gemstone.gemfire.internal.Version;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ChunkedMessage;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ObjectPartList;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
+import com.gemstone.gemfire.internal.cache.tier.sockets.VersionedObjectList;
import com.gemstone.gemfire.internal.cache.versions.VersionTag;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
@@ -34,12 +43,9 @@ import com.gemstone.gemfire.internal.offheap.OffHeapHelper;
import com.gemstone.gemfire.internal.offheap.annotations.Retained;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import java.io.IOException ;
-import java.util.Iterator;
-import java.util.Set;
-
public class GetAll70 extends BaseCommand {
private final static GetAll70 singleton = new GetAll70();
@@ -210,6 +216,15 @@ public class GetAll70 extends BaseCommand {
}
}
+ try {
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+ }
+ catch (NotAuthorizedException ex) {
+ logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[]{servConn.getName(), key}), ex);
+ values.addExceptionPart(key, ex);
+ continue;
+ }
+
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
// Getting a value in serialized form is pretty nasty. I split this out
@@ -248,6 +263,9 @@ public class GetAll70 extends BaseCommand {
}
}
}
+
+ data = GeodeSecurityUtil.postProcess(regionName, key, data);
+
// Add the entry to the list that will be returned to the client
if (keyNotPresent) {
values.addObjectPartForAbsentKey(key, data, versionTag);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java
index cf8d483..8da7af9 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java
@@ -19,25 +19,29 @@
*/
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
-import com.gemstone.gemfire.i18n.LogWriterI18n;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.operations.KeySetOperationContext;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ChunkedMessage;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
-import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.operations.KeySetOperationContext;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
public class KeySet extends BaseCommand {
@@ -161,6 +165,7 @@ public class KeySet extends BaseCommand {
final boolean isTraceEnabled = logger.isTraceEnabled();
for (Iterator it = keySet.iterator(); it.hasNext();) {
Object entryKey = it.next();
+ GeodeSecurityUtil.authorizeRegionRead(regionName, entryKey.toString());
keyList.add(entryKey);
if (isTraceEnabled) {
logger.trace("{}: fillAndSendKeySetResponseKey <{}>; list size was {}; region: {}", servConn.getName(), entryKey, keyList.size(), region.getFullPath());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java
index 21c1b02..54c4a6c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java
@@ -15,31 +15,35 @@
* limitations under the License.
*/
/**
- *
+ *
*/
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
-import com.gemstone.gemfire.internal.cache.EntryEventImpl;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+import com.gemstone.gemfire.cache.DynamicRegionFactory;
+import com.gemstone.gemfire.cache.RegionDestroyedException;
+import com.gemstone.gemfire.cache.ResourceException;
+import com.gemstone.gemfire.cache.operations.PutOperationContext;
+import com.gemstone.gemfire.distributed.internal.DistributionStats;
+import com.gemstone.gemfire.i18n.StringId;
import com.gemstone.gemfire.internal.cache.EventID;
import com.gemstone.gemfire.internal.cache.EventIDHolder;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.CacheServerStats;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.cache.DynamicRegionFactory;
-import com.gemstone.gemfire.cache.RegionDestroyedException;
-import com.gemstone.gemfire.cache.ResourceException;
-import com.gemstone.gemfire.cache.operations.PutOperationContext;
-import com.gemstone.gemfire.distributed.internal.DistributionStats;
-import com.gemstone.gemfire.i18n.StringId;
-
-import java.io.IOException;
-import java.nio.ByteBuffer;
public class Put extends BaseCommand {
@@ -53,8 +57,7 @@ public class Put extends BaseCommand {
}
@Override
- public void cmdExecute(Message msg, ServerConnection servConn, long start)
- throws IOException, InterruptedException {
+ public void cmdExecute(Message msg, ServerConnection servConn, long start) throws IOException, InterruptedException {
Part regionNamePart = null, keyPart = null, valuePart = null, callbackArgPart = null;
String regionName = null;
Object callbackArg = null, key = null;
@@ -67,11 +70,9 @@ public class Put extends BaseCommand {
boolean interrupted = Thread.interrupted();
try {
Thread.sleep(crHelper.emulateSlowServer());
- }
- catch (InterruptedException ugh) {
+ } catch (InterruptedException ugh) {
interrupted = true;
- }
- finally {
+ } finally {
if (interrupted) {
Thread.currentThread().interrupt();
}
@@ -91,13 +92,12 @@ public class Put extends BaseCommand {
keyPart = msg.getPart(1);
valuePart = msg.getPart(2);
eventPart = msg.getPart(3);
-// callbackArgPart = null; (redundant assignment)
+ // callbackArgPart = null; (redundant assignment)
if (msg.getNumberOfParts() > 4) {
callbackArgPart = msg.getPart(4);
try {
callbackArg = callbackArgPart.getObject();
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
@@ -107,15 +107,15 @@ public class Put extends BaseCommand {
try {
key = keyPart.getStringOrObject();
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
}
if (logger.isTraceEnabled()) {
- logger.trace("{}: Received put request ({} bytes) from {} for region {} key {} value {}", servConn.getName(), msg.getPayloadLength(), servConn.getSocketString(), regionName, key, valuePart);
+ logger.trace("{}: Received put request ({} bytes) from {} for region {} key {} value {}", servConn.getName(), msg.getPayloadLength(), servConn
+ .getSocketString(), regionName, key, valuePart);
}
// Process the put request
@@ -125,138 +125,123 @@ public class Put extends BaseCommand {
errMessage = LocalizedStrings.Put_THE_INPUT_KEY_FOR_THE_PUT_REQUEST_IS_NULL.toLocalizedString();
}
if (regionName == null) {
- logger.warn(LocalizedMessage.create(LocalizedStrings.Put_0_THE_INPUT_REGION_NAME_FOR_THE_PUT_REQUEST_IS_NULL, servConn.getName()));
+ logger.warn(LocalizedMessage.create(LocalizedStrings.Put_0_THE_INPUT_REGION_NAME_FOR_THE_PUT_REQUEST_IS_NULL, servConn
+ .getName()));
errMessage = LocalizedStrings.Put_THE_INPUT_REGION_NAME_FOR_THE_PUT_REQUEST_IS_NULL.toLocalizedString();
}
- writeErrorResponse(msg, MessageType.PUT_DATA_ERROR,
- errMessage.toString(), servConn);
+ writeErrorResponse(msg, MessageType.PUT_DATA_ERROR, errMessage.toString(), servConn);
servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+ LocalRegion region = (LocalRegion) crHelper.getRegion(regionName);
+ if (region == null) {
+ String reason = LocalizedStrings.Put_REGION_WAS_NOT_FOUND_DURING_PUT_REQUEST.toLocalizedString();
+ writeRegionDestroyedEx(msg, regionName, reason, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
}
- else {
- LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
- if (region == null) {
- String reason = LocalizedStrings.Put_REGION_WAS_NOT_FOUND_DURING_PUT_REQUEST.toLocalizedString();
- writeRegionDestroyedEx(msg, regionName, reason, servConn);
- servConn.setAsTrue(RESPONDED);
- }
- else if (valuePart.isNull() && region.containsKey(key)) {
- // Invalid to 'put' a null value in an existing key
- logger.info(LocalizedMessage.create(LocalizedStrings.Put_0_ATTEMPTED_TO_PUT_A_NULL_VALUE_FOR_EXISTING_KEY_1, new Object[] {servConn.getName(), key}));
- errMessage = LocalizedStrings.Put_ATTEMPTED_TO_PUT_A_NULL_VALUE_FOR_EXISTING_KEY_0.toLocalizedString();
- writeErrorResponse(msg, MessageType.PUT_DATA_ERROR, errMessage,
- servConn);
- servConn.setAsTrue(RESPONDED);
- }
- else {
- // try {
- // this.eventId = (EventID)eventPart.getObject();
- ByteBuffer eventIdPartsBuffer = ByteBuffer.wrap(eventPart
- .getSerializedForm());
- long threadId = EventID
- .readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
- long sequenceId = EventID
- .readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
- EventID eventId = new EventID(servConn.getEventMemberIDByteArray(),
- threadId, sequenceId);
- // } catch (Exception e) {
- // writeException(msg, e, false);
- // responded = true;
- // continue;
- // }
- try {
- byte[] value = valuePart.getSerializedForm();
- boolean isObject = valuePart.isObject();
- AuthorizeRequest authzRequest = servConn.getAuthzRequest();
- if (authzRequest != null) {
- // TODO SW: This is to handle DynamicRegionFactory create
- // calls. Rework this when the semantics of DynamicRegionFactory are
- // cleaned up.
- if (DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
- authzRequest.createRegionAuthorize((String)key);
- }
- // Allow PUT operations on meta regions (bug #38961)
- else if (!region.isUsedForMetaRegion()) {
- PutOperationContext putContext = authzRequest.putAuthorize(
- regionName, key, value, isObject, callbackArg);
- value = putContext.getSerializedValue();
- isObject = putContext.isObject();
- callbackArg = putContext.getCallbackArg();
- }
- }
- // If the value is 1 byte and the byte represents null,
- // attempt to create the entry. This test needs to be
- // moved to DataSerializer or DataSerializer.NULL needs
- // to be publicly accessible.
- boolean result = false;
- if (value == null) {
- // Create the null entry. Since the value is null, the value of the
- // isObject
- // the true after null doesn't matter and is not used.
- result = region.basicBridgeCreate(key, null, true, callbackArg,
- servConn.getProxyID(), true, new EventIDHolder(eventId), false);
- }
- else {
- // Put the entry
- result = region.basicBridgePut(key, value, null, isObject, callbackArg,
- servConn.getProxyID(), true, new EventIDHolder(eventId));
- }
- if (result) {
- servConn.setModificationInfo(true, regionName, key);
- }
- else {
- StringId message = LocalizedStrings.PUT_0_FAILED_TO_PUT_ENTRY_FOR_REGION_1_KEY_2_VALUE_3;
- Object[] messageArgs = new Object[] {servConn.getName(), regionName, key, valuePart};
- String s = message.toLocalizedString(messageArgs);
- logger.info(s);
- throw new Exception(s);
- }
- }
- catch (RegionDestroyedException rde) {
- writeException(msg, rde, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
- catch (ResourceException re) {
- writeException(msg, re, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
- catch (Exception ce) {
- // If an interrupted exception is thrown , rethrow it
- checkForInterrupt(servConn, ce);
- // If an exception occurs during the put, preserve the connection
- writeException(msg, ce, false, servConn);
- servConn.setAsTrue(RESPONDED);
- if (ce instanceof GemFireSecurityException) {
- // Fine logging for security exceptions since these are already
- // logged by the security logger
- if (logger.isDebugEnabled()) {
- logger.debug("{}: Unexpected Security exception", servConn.getName(), ce);
- }
- }
- else {
- logger.warn(LocalizedMessage.create(LocalizedStrings.PUT_0_UNEXPECTED_EXCEPTION, servConn.getName()), ce);
- }
- return;
+ if (valuePart.isNull() && region.containsKey(key)) {
+ // Invalid to 'put' a null value in an existing key
+ logger.info(LocalizedMessage.create(LocalizedStrings.Put_0_ATTEMPTED_TO_PUT_A_NULL_VALUE_FOR_EXISTING_KEY_1, new Object[] {
+ servConn.getName(),
+ key
+ }));
+ errMessage = LocalizedStrings.Put_ATTEMPTED_TO_PUT_A_NULL_VALUE_FOR_EXISTING_KEY_0.toLocalizedString();
+ writeErrorResponse(msg, MessageType.PUT_DATA_ERROR, errMessage, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+ GeodeSecurityUtil.authorizeRegionWrite(regionName, key.toString());
+
+ ByteBuffer eventIdPartsBuffer = ByteBuffer.wrap(eventPart.getSerializedForm());
+ long threadId = EventID.readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
+ long sequenceId = EventID.readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
+ EventID eventId = new EventID(servConn.getEventMemberIDByteArray(), threadId, sequenceId);
+
+ try {
+ byte[] value = valuePart.getSerializedForm();
+ boolean isObject = valuePart.isObject();
+ AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+ if (authzRequest != null) {
+ // TODO SW: This is to handle DynamicRegionFactory create
+ // calls. Rework this when the semantics of DynamicRegionFactory are
+ // cleaned up.
+ if (DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
+ authzRequest.createRegionAuthorize((String) key);
}
- finally {
- long oldStart = start;
- start = DistributionStats.getStatTime();
- stats.incProcessPutTime(start - oldStart);
+ // Allow PUT operations on meta regions (bug #38961)
+ else if (!region.isUsedForMetaRegion()) {
+ PutOperationContext putContext = authzRequest.putAuthorize(regionName, key, value, isObject, callbackArg);
+ value = putContext.getSerializedValue();
+ isObject = putContext.isObject();
+ callbackArg = putContext.getCallbackArg();
}
+ }
+ // If the value is 1 byte and the byte represents null,
+ // attempt to create the entry. This test needs to be
+ // moved to DataSerializer or DataSerializer.NULL needs
+ // to be publicly accessible.
+ boolean result = false;
+ if (value == null) {
+ // Create the null entry. Since the value is null, the value of the
+ // isObject
+ // the true after null doesn't matter and is not used.
+ result = region.basicBridgeCreate(key, null, true, callbackArg, servConn.getProxyID(), true, new EventIDHolder(eventId), false);
+ } else {
+ // Put the entry
+ result = region.basicBridgePut(key, value, null, isObject, callbackArg, servConn.getProxyID(), true, new EventIDHolder(eventId));
+ }
+ if (result) {
+ servConn.setModificationInfo(true, regionName, key);
+ } else {
+ StringId message = LocalizedStrings.PUT_0_FAILED_TO_PUT_ENTRY_FOR_REGION_1_KEY_2_VALUE_3;
+ Object[] messageArgs = new Object[] { servConn.getName(), regionName, key, valuePart };
+ String s = message.toLocalizedString(messageArgs);
+ logger.info(s);
+ throw new Exception(s);
+ }
+ } catch (RegionDestroyedException rde) {
+ writeException(msg, rde, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ } catch (ResourceException re) {
+ writeException(msg, re, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ } catch (Exception ce) {
+ // If an interrupted exception is thrown , rethrow it
+ checkForInterrupt(servConn, ce);
- // Increment statistics and write the reply
- writeReply(msg, servConn);
-
- servConn.setAsTrue(RESPONDED);
+ // If an exception occurs during the put, preserve the connection
+ writeException(msg, ce, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ if (ce instanceof GemFireSecurityException) {
+ // Fine logging for security exceptions since these are already
+ // logged by the security logger
if (logger.isDebugEnabled()) {
- logger.debug("{}: Sent put response back to {} for region {} key {} value {}", servConn.getName(), servConn.getSocketString(), regionName, key, valuePart);
+ logger.debug("{}: Unexpected Security exception", servConn.getName(), ce);
}
- stats.incWritePutResponseTime(DistributionStats.getStatTime() - start);
+ } else {
+ logger.warn(LocalizedMessage.create(LocalizedStrings.PUT_0_UNEXPECTED_EXCEPTION, servConn.getName()), ce);
}
+ return;
+ } finally {
+ long oldStart = start;
+ start = DistributionStats.getStatTime();
+ stats.incProcessPutTime(start - oldStart);
}
+ // Increment statistics and write the reply
+ writeReply(msg, servConn);
+
+ servConn.setAsTrue(RESPONDED);
+ if (logger.isDebugEnabled()) {
+ logger.debug("{}: Sent put response back to {} for region {} key {} value {}", servConn.getName(), servConn.getSocketString(), regionName, key, valuePart);
+ }
+ stats.incWritePutResponseTime(DistributionStats.getStatTime() - start);
}
}