You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by bs...@apache.org on 2018/11/14 23:20:36 UTC
[geode] 01/01: GEODE-5074 REST dev client should not access or
modify internal regions
This is an automated email from the ASF dual-hosted git repository.
bschuchardt pushed a commit to branch feature/GEODE-5074
in repository https://gitbox.apache.org/repos/asf/geode.git
commit f886b63594e3cafc2757d272a8c6f597b8948ff2
Author: Bruce Schuchardt <bs...@pivotal.io>
AuthorDate: Wed Nov 14 15:14:56 2018 -0800
GEODE-5074 REST dev client should not access or modify internal regions
The Developer REST API was accessing a raw cache for all operations.
I've switched it to use a filtered InternalCacheForClientAccess cache
instead for most operations. It needed to have the unfiltered cache in
order to find the __ParameterizedQueries__ region for accessing saved
queries.
---
.../geode/rest/internal/web/RestServersIntegrationTest.java | 7 +++++++
.../rest/internal/web/controllers/AbstractBaseController.java | 9 ++++++++-
.../rest/internal/web/controllers/CommonCrudController.java | 9 ++++++++-
.../rest/internal/web/controllers/QueryAccessController.java | 2 +-
.../rest/internal/web/controllers/support/CacheProvider.java | 3 +++
.../internal/web/controllers/support/CacheProviderImpl.java | 11 +++++++++++
6 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestServersIntegrationTest.java b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestServersIntegrationTest.java
index 25d5cb8..1804ad7 100644
--- a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestServersIntegrationTest.java
+++ b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestServersIntegrationTest.java
@@ -62,6 +62,13 @@ public class RestServersIntegrationTest {
}
@Test
+ public void testGetOnInternalRegion() {
+ assertResponse(
+ restClient.doGet("/__PR", null, null))
+ .hasStatusCode(HttpStatus.SC_NOT_FOUND);
+ }
+
+ @Test
public void testServerStartedOnDefaultPort() throws Exception {
JsonNode jsonArray = assertResponse(restClient.doGet("/servers", null, null))
.hasStatusCode(HttpStatus.SC_OK).getJsonObject();
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/AbstractBaseController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/AbstractBaseController.java
index 568a7b2..2135747 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/AbstractBaseController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/AbstractBaseController.java
@@ -62,6 +62,7 @@ import org.apache.geode.distributed.LeaseExpiredException;
import org.apache.geode.distributed.internal.ClusterDistributionManager;
import org.apache.geode.distributed.internal.membership.InternalDistributedMember;
import org.apache.geode.internal.cache.InternalCache;
+import org.apache.geode.internal.cache.InternalCacheForClientAccess;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.pdx.JSONFormatter;
import org.apache.geode.pdx.JSONFormatterException;
@@ -110,6 +111,12 @@ public abstract class AbstractBaseController implements InitializingBean {
}
protected InternalCache getCache() {
+ InternalCache cache = cacheProvider.getCacheForClientAccess();
+ Assert.state(cache != null, "The Gemfire Cache reference was not properly initialized");
+ return cache;
+ }
+
+ protected InternalCache getCacheForServerAccess() {
InternalCache cache = cacheProvider.getInternalCache();
Assert.state(cache != null, "The Gemfire Cache reference was not properly initialized");
return cache;
@@ -402,7 +409,7 @@ public abstract class AbstractBaseController implements InitializingBean {
}
Region<String, String> getQueryStore(final String namePath) {
- return ValidationUtils.returnValueThrowOnNull(getCache().<String, String>getRegion(namePath),
+ return ValidationUtils.returnValueThrowOnNull(getCacheForServerAccess().<String, String>getRegion(namePath),
new GemfireRestException(String.format("Query store does not exist!", namePath)));
}
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
index c5de53b..52737b3 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/CommonCrudController.java
@@ -15,6 +15,7 @@
package org.apache.geode.rest.internal.web.controllers;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -38,6 +39,7 @@ import org.apache.geode.cache.execute.Execution;
import org.apache.geode.cache.execute.FunctionException;
import org.apache.geode.cache.execute.FunctionService;
import org.apache.geode.cache.execute.ResultCollector;
+import org.apache.geode.internal.cache.InternalRegion;
import org.apache.geode.internal.cache.execute.util.FindRestEnabledServersFunction;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.rest.internal.web.controllers.support.RestServersResultCollector;
@@ -73,7 +75,12 @@ public abstract class CommonCrudController extends AbstractBaseController {
logger.debug("Listing all resources (Regions) in Geode...");
final HttpHeaders headers = new HttpHeaders();
headers.setLocation(toUri());
- final Set<Region<?, ?>> regions = getCache().rootRegions();
+ final Set<Region<?, ?>> regions = new HashSet<>();
+ for (InternalRegion region : getCache().getApplicationRegions()) {
+ if (region instanceof Region) {
+ regions.add(region);
+ }
+ } ;
String listRegionsAsJson = JSONUtils.formulateJsonForListRegions(regions, "regions");
return new ResponseEntity<>(listRegionsAsJson, headers, HttpStatus.OK);
}
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
index 18d0f81..a8c7038 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/QueryAccessController.java
@@ -244,7 +244,7 @@ public class QueryAccessController extends AbstractBaseController {
Query compiledQuery = compiledQueries.get(queryId);
if (compiledQuery == null) {
// This is first time the query is seen by this server.
- final String oql = getValue(PARAMETERIZED_QUERIES_REGION, queryId, false);
+ final String oql = getQueryStore(PARAMETERIZED_QUERIES_REGION).get(queryId);
ValidationUtils.returnValueThrowOnNull(oql, new ResourceNotFoundException(
String.format("No Query with ID (%1$s) was found!", queryId)));
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProvider.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProvider.java
index 19d2755..c99b5f7 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProvider.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProvider.java
@@ -14,9 +14,12 @@
*/
package org.apache.geode.rest.internal.web.controllers.support;
+import org.apache.geode.cache.Cache;
import org.apache.geode.internal.cache.InternalCache;
public interface CacheProvider {
InternalCache getInternalCache();
+
+ InternalCache getCacheForClientAccess();
}
diff --git a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProviderImpl.java b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProviderImpl.java
index 8c00923..f3e39fb 100644
--- a/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProviderImpl.java
+++ b/geode-web-api/src/main/java/org/apache/geode/rest/internal/web/controllers/support/CacheProviderImpl.java
@@ -16,8 +16,10 @@ package org.apache.geode.rest.internal.web.controllers.support;
import org.springframework.stereotype.Component;
+import org.apache.geode.cache.Cache;
import org.apache.geode.internal.cache.GemFireCacheImpl;
import org.apache.geode.internal.cache.InternalCache;
+import org.apache.geode.internal.cache.InternalCacheForClientAccess;
@Component("cacheProvider")
public class CacheProviderImpl implements CacheProvider {
@@ -26,4 +28,13 @@ public class CacheProviderImpl implements CacheProvider {
public InternalCache getInternalCache() {
return GemFireCacheImpl.getExisting();
}
+
+ @Override
+ public InternalCache getCacheForClientAccess() {
+ InternalCache result = getInternalCache();
+ if (result == null) {
+ return null;
+ }
+ return new InternalCacheForClientAccess(result);
+ }
}