You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by bs...@apache.org on 2018/11/14 23:20:36 UTC

[geode] 01/01: GEODE-5074 REST dev client should not access or modify internal regions

This is an automated email from the ASF dual-hosted git repository.

bschuchardt pushed a commit to branch feature/GEODE-5074
in repository https://gitbox.apache.org/repos/asf/geode.git

commit f886b63594e3cafc2757d272a8c6f597b8948ff2
Author: Bruce Schuchardt <bs...@pivotal.io>
AuthorDate: Wed Nov 14 15:14:56 2018 -0800

    GEODE-5074 REST dev client should not access or modify internal regions
    
    The Developer REST API was accessing a raw cache for all operations.
    I've switched it to use a filtered InternalCacheForClientAccess cache
    instead for most operations.  It needed to have the unfiltered cache in
    order to find the __ParameterizedQueries__ region for accessing saved
    queries.
---
 .../geode/rest/internal/web/RestServersIntegrationTest.java   |  7 +++++++
 .../rest/internal/web/controllers/AbstractBaseController.java |  9 ++++++++-
 .../rest/internal/web/controllers/CommonCrudController.java   |  9 ++++++++-
 .../rest/internal/web/controllers/QueryAccessController.java  |  2 +-
 .../rest/internal/web/controllers/support/CacheProvider.java  |  3 +++
 .../internal/web/controllers/support/CacheProviderImpl.java   | 11 +++++++++++
 6 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestServersIntegrationTest.java b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestServersIntegrationTest.java
index 25d5cb8..1804ad7 100644
--- a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestServersIntegrationTest.java
+++ b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestServersIntegrationTest.java
@@ -62,6 +62,13 @@ public class RestServersIntegrationTest {
   }
 
   @Test
+  public void testGetOnInternalRegion() {
+    assertResponse(
+        restClient.doGet("/__PR", null, null))
+            .hasStatusCode(HttpStatus.SC_NOT_FOUND);
+  }
+
+  @Test
   public void testServerStartedOnDefaultPort() throws Exception {
     JsonNode jsonArray = assertResponse(restClient.doGet("/servers", null, null))
         .hasStatusCode(HttpStatus.SC_OK).getJsonObject();
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/AbstractBaseController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/AbstractBaseController.java
index 568a7b2..2135747 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/AbstractBaseController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/AbstractBaseController.java
@@ -62,6 +62,7 @@ import org.apache.geode.distributed.LeaseExpiredException;
 import org.apache.geode.distributed.internal.ClusterDistributionManager;
 import org.apache.geode.distributed.internal.membership.InternalDistributedMember;
 import org.apache.geode.internal.cache.InternalCache;
+import org.apache.geode.internal.cache.InternalCacheForClientAccess;
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.pdx.JSONFormatter;
 import org.apache.geode.pdx.JSONFormatterException;
@@ -110,6 +111,12 @@ public abstract class AbstractBaseController implements InitializingBean {
   }
 
   protected InternalCache getCache() {
+    InternalCache cache = cacheProvider.getCacheForClientAccess();
+    Assert.state(cache != null, "The Gemfire Cache reference was not properly initialized");
+    return cache;
+  }
+
+  protected InternalCache getCacheForServerAccess() {
     InternalCache cache = cacheProvider.getInternalCache();
     Assert.state(cache != null, "The Gemfire Cache reference was not properly initialized");
     return cache;
@@ -402,7 +409,7 @@ public abstract class AbstractBaseController implements InitializingBean {
   }
 
   Region<String, String> getQueryStore(final String namePath) {
-    return ValidationUtils.returnValueThrowOnNull(getCache().<String, String>getRegion(namePath),
+    return ValidationUtils.returnValueThrowOnNull(getCacheForServerAccess().<String, String>getRegion(namePath),
         new GemfireRestException(String.format("Query store does not exist!", namePath)));
   }
 
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
index c5de53b..52737b3 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
@@ -15,6 +15,7 @@
 package org.apache.geode.rest.internal.web.controllers;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
@@ -38,6 +39,7 @@ import org.apache.geode.cache.execute.Execution;
 import org.apache.geode.cache.execute.FunctionException;
 import org.apache.geode.cache.execute.FunctionService;
 import org.apache.geode.cache.execute.ResultCollector;
+import org.apache.geode.internal.cache.InternalRegion;
 import org.apache.geode.internal.cache.execute.util.FindRestEnabledServersFunction;
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.rest.internal.web.controllers.support.RestServersResultCollector;
@@ -73,7 +75,12 @@ public abstract class CommonCrudController extends AbstractBaseController {
     logger.debug("Listing all resources (Regions) in Geode...");
     final HttpHeaders headers = new HttpHeaders();
     headers.setLocation(toUri());
-    final Set<Region<?, ?>> regions = getCache().rootRegions();
+    final Set<Region<?, ?>> regions = new HashSet<>();
+    for (InternalRegion region : getCache().getApplicationRegions()) {
+      if (region instanceof Region) {
+        regions.add(region);
+      }
+    } ;
     String listRegionsAsJson = JSONUtils.formulateJsonForListRegions(regions, "regions");
     return new ResponseEntity<>(listRegionsAsJson, headers, HttpStatus.OK);
   }
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
index 18d0f81..a8c7038 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
@@ -244,7 +244,7 @@ public class QueryAccessController extends AbstractBaseController {
       Query compiledQuery = compiledQueries.get(queryId);
       if (compiledQuery == null) {
         // This is first time the query is seen by this server.
-        final String oql = getValue(PARAMETERIZED_QUERIES_REGION, queryId, false);
+        final String oql = getQueryStore(PARAMETERIZED_QUERIES_REGION).get(queryId);
 
         ValidationUtils.returnValueThrowOnNull(oql, new ResourceNotFoundException(
             String.format("No Query with ID (%1$s) was found!", queryId)));
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProvider.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProvider.java
index 19d2755..c99b5f7 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProvider.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProvider.java
@@ -14,9 +14,12 @@
  */
 package org.apache.geode.rest.internal.web.controllers.support;
 
+import org.apache.geode.cache.Cache;
 import org.apache.geode.internal.cache.InternalCache;
 
 public interface CacheProvider {
 
   InternalCache getInternalCache();
+
+  InternalCache getCacheForClientAccess();
 }
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProviderImpl.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProviderImpl.java
index 8c00923..f3e39fb 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProviderImpl.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProviderImpl.java
@@ -16,8 +16,10 @@ package org.apache.geode.rest.internal.web.controllers.support;
 
 import org.springframework.stereotype.Component;
 
+import org.apache.geode.cache.Cache;
 import org.apache.geode.internal.cache.GemFireCacheImpl;
 import org.apache.geode.internal.cache.InternalCache;
+import org.apache.geode.internal.cache.InternalCacheForClientAccess;
 
 @Component("cacheProvider")
 public class CacheProviderImpl implements CacheProvider {
@@ -26,4 +28,13 @@ public class CacheProviderImpl implements CacheProvider {
   public InternalCache getInternalCache() {
     return GemFireCacheImpl.getExisting();
   }
+
+  @Override
+  public InternalCache getCacheForClientAccess() {
+    InternalCache result = getInternalCache();
+    if (result == null) {
+      return null;
+    }
+    return new InternalCacheForClientAccess(result);
+  }
 }