You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/07/08 15:51:22 UTC
[02/50] [abbrv] incubator-geode git commit: GEODE-1751: putting
security checks in all applicable client-server commands.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/536c13bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
index e6c946b..a54775d 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RegisterInterest61.java
@@ -19,25 +19,30 @@
*/
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+
+import com.gemstone.gemfire.cache.DynamicRegionFactory;
+import com.gemstone.gemfire.cache.InterestResultPolicy;
+import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
+import com.gemstone.gemfire.i18n.StringId;
import com.gemstone.gemfire.internal.Version;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.InterestType;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.CacheClientProxy;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ChunkedMessage;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
import com.gemstone.gemfire.internal.cache.vmotion.VMotionObserver;
import com.gemstone.gemfire.internal.cache.vmotion.VMotionObserverHolder;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
-import com.gemstone.gemfire.cache.DynamicRegionFactory;
-import com.gemstone.gemfire.cache.InterestResultPolicy;
-import com.gemstone.gemfire.cache.operations.RegisterInterestOperationContext;
-import com.gemstone.gemfire.i18n.StringId;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-
-import java.io.IOException;
/**
* @since GemFire 6.1
*/
@@ -153,19 +158,6 @@ public class RegisterInterest61 extends BaseCommand {
VMotionObserver vmo = VMotionObserverHolder.getInstance();
vmo.vMotionBeforeRegisterInterest();
}
-
- /*
- AcceptorImpl acceptor = servConn.getAcceptor();
-
- // Check if the Server is running in NotifyBySubscription=true mode.
- if (!acceptor.getCacheClientNotifier().getNotifyBySubscription()) {
- // This should have been taken care at the client.
- String err = LocalizedStrings.RegisterInterest_INTEREST_REGISTRATION_IS_SUPPORTED_ONLY_FOR_SERVERS_WITH_NOTIFYBYSUBSCRIPTION_SET_TO_TRUE.toLocalizedString() ;
- writeChunkedErrorResponse(msg, MessageType.REGISTER_INTEREST_DATA_ERROR,
- err, servConn);
- servConn.setAsTrue(RESPONDED); return;
- }
- */
// Process the register interest request
if (key == null || regionName == null) {
@@ -183,10 +175,12 @@ public class RegisterInterest61 extends BaseCommand {
return;
}
- if(interestType == InterestType.REGULAR_EXPRESSION)
+ if(interestType == InterestType.REGULAR_EXPRESSION) {
GeodeSecurityUtil.authorizeRegionRead(regionName);
- else
+ }
+ else {
GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+ }
// input key not null
LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/536c13bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveAll.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveAll.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveAll.java
index d04a585..b5c5221 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveAll.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveAll.java
@@ -127,6 +127,8 @@ public class RemoveAll extends BaseCommand {
servConn.setAsTrue(RESPONDED);
return;
}
+
+ GeodeSecurityUtil.authorizeRegionWrite(regionName);
// part 1: eventID
eventPart = msg.getPart(1);
@@ -210,8 +212,6 @@ public class RemoveAll extends BaseCommand {
servConn.setRequestSpecificTimeout(timeout);
}
- GeodeSecurityUtil.authorizeRegionWrite(regionName);
-
AuthorizeRequest authzRequest = servConn.getAuthzRequest();
if (authzRequest != null) {
// TODO SW: This is to handle DynamicRegionFactory create
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/536c13bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterest.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterest.java
index eeaf286..7d07cd5 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterest.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterest.java
@@ -15,22 +15,26 @@
* limitations under the License.
*/
/**
- *
+ *
*/
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+
+import com.gemstone.gemfire.cache.DynamicRegionFactory;
+import com.gemstone.gemfire.cache.operations.UnregisterInterestOperationContext;
+import com.gemstone.gemfire.i18n.StringId;
import com.gemstone.gemfire.internal.cache.tier.Command;
+import com.gemstone.gemfire.internal.cache.tier.InterestType;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import com.gemstone.gemfire.cache.DynamicRegionFactory;
-import com.gemstone.gemfire.cache.operations.UnregisterInterestOperationContext;
-import com.gemstone.gemfire.i18n.StringId;
-
-import java.io.IOException;
public class UnregisterInterest extends BaseCommand {
@@ -46,7 +50,7 @@ public class UnregisterInterest extends BaseCommand {
@Override
public void cmdExecute(Message msg, ServerConnection servConn, long start)
- throws ClassNotFoundException, IOException {
+ throws ClassNotFoundException, IOException {
Part regionNamePart = null, keyPart = null;
String regionName = null;
Object key = null;
@@ -58,68 +62,68 @@ public class UnregisterInterest extends BaseCommand {
interestType = msg.getPart(1).getInt();
keyPart = msg.getPart(2);
Part isClosingPart = msg.getPart(3);
- byte[] isClosingPartBytes = (byte[])isClosingPart.getObject();
+ byte[] isClosingPartBytes = (byte[]) isClosingPart.getObject();
boolean isClosing = isClosingPartBytes[0] == 0x01;
regionName = regionNamePart.getString();
try {
key = keyPart.getStringOrObject();
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
}
- boolean keepalive = false ;
+ boolean keepalive = false;
try {
Part keepalivePart = msg.getPart(4);
- byte[] keepaliveBytes = (byte[])keepalivePart.getObject();
+ byte[] keepaliveBytes = (byte[]) keepalivePart.getObject();
keepalive = keepaliveBytes[0] != 0x00;
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
}
if (logger.isDebugEnabled()) {
- logger.debug("{}: Received unregister interest request ({} bytes) from {} for region {} key {}", servConn.getName(), msg.getPayloadLength(), servConn.getSocketString(), regionName, key);
+ logger.debug("{}: Received unregister interest request ({} bytes) from {} for region {} key {}", servConn.getName(), msg
+ .getPayloadLength(), servConn.getSocketString(), regionName, key);
}
// Process the unregister interest request
if ((key == null) && (regionName == null)) {
errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_REGION_NAME_AND_KEY_FOR_THE_UNREGISTER_INTEREST_REQUEST_ARE_NULL;
} else if (key == null) {
- errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_KEY_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
+ errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_KEY_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
} else if (regionName == null) {
errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_REGION_NAME_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
String s = errMessage.toLocalizedString();
logger.warn("{}: {}", servConn.getName(), s);
- writeErrorResponse(msg, MessageType.UNREGISTER_INTEREST_DATA_ERROR,
- s, servConn);
+ writeErrorResponse(msg, MessageType.UNREGISTER_INTEREST_DATA_ERROR, s, servConn);
servConn.setAsTrue(RESPONDED);
return;
}
- GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+ if (interestType == InterestType.REGULAR_EXPRESSION) {
+ GeodeSecurityUtil.authorizeRegionRead(regionName);
+ } else {
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+ }
- AuthorizeRequest authzRequest = servConn.getAuthzRequest();
- if (authzRequest != null) {
- // TODO SW: This is a workaround for DynamicRegionFactory
- // registerInterest calls. Remove this when the semantics of
- // DynamicRegionFactory are cleaned up.
- if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
- try {
- UnregisterInterestOperationContext unregisterContext = authzRequest
- .unregisterInterestAuthorize(regionName, key, interestType);
- key = unregisterContext.getKey();
- }
- catch (NotAuthorizedException ex) {
- writeException(msg, ex, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
+ AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+ if (authzRequest != null) {
+ // TODO SW: This is a workaround for DynamicRegionFactory
+ // registerInterest calls. Remove this when the semantics of
+ // DynamicRegionFactory are cleaned up.
+ if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
+ try {
+ UnregisterInterestOperationContext unregisterContext = authzRequest.unregisterInterestAuthorize(regionName, key, interestType);
+ key = unregisterContext.getKey();
+ } catch (NotAuthorizedException ex) {
+ writeException(msg, ex, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
}
}
- // Yogesh : bug fix for 36457 :
+ }
+ // Yogesh : bug fix for 36457 :
/*
* Region destroy message from server to client results in client calling
* unregister to server (an unnecessary callback). The unregister
@@ -132,24 +136,25 @@ public class UnregisterInterest extends BaseCommand {
* found during unregister interest request"); writeErrorResponse(msg,
* MessageType.UNREGISTER_INTEREST_DATA_ERROR); responded = true; } else {
*/
- // Unregister interest irrelevent of whether the region is present it or
- // not
- servConn.getAcceptor().getCacheClientNotifier().unregisterClientInterest(
- regionName, key, interestType, isClosing, servConn.getProxyID(), keepalive);
+ // Unregister interest irrelevent of whether the region is present it or
+ // not
+ servConn.getAcceptor()
+ .getCacheClientNotifier()
+ .unregisterClientInterest(regionName, key, interestType, isClosing, servConn.getProxyID(), keepalive);
- // Update the statistics and write the reply
- // bserverStats.incLong(processDestroyTimeId,
- // DistributionStats.getStatTime() - start);
- // start = DistributionStats.getStatTime();
- writeReply(msg, servConn);
- servConn.setAsTrue(RESPONDED);
- if (logger.isDebugEnabled()) {
- logger.debug("{}: Sent unregister interest response for region {} key {}", servConn.getName(), regionName, key);
- }
- // bserverStats.incLong(writeDestroyResponseTimeId,
- // DistributionStats.getStatTime() - start);
- // bserverStats.incInt(destroyResponsesId, 1);
- // }
+ // Update the statistics and write the reply
+ // bserverStats.incLong(processDestroyTimeId,
+ // DistributionStats.getStatTime() - start);
+ // start = DistributionStats.getStatTime();
+ writeReply(msg, servConn);
+ servConn.setAsTrue(RESPONDED);
+ if (logger.isDebugEnabled()) {
+ logger.debug("{}: Sent unregister interest response for region {} key {}", servConn.getName(), regionName, key);
+ }
+ // bserverStats.incLong(writeDestroyResponseTimeId,
+ // DistributionStats.getStatTime() - start);
+ // bserverStats.incInt(destroyResponsesId, 1);
+ // }
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/536c13bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterestList.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterestList.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterestList.java
index 932a602..7cb29d4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterestList.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/UnregisterInterestList.java
@@ -15,23 +15,27 @@
* limitations under the License.
*/
/**
- *
+ *
*/
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.gemstone.gemfire.cache.DynamicRegionFactory;
+import com.gemstone.gemfire.cache.operations.UnregisterInterestOperationContext;
+import com.gemstone.gemfire.i18n.StringId;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import com.gemstone.gemfire.cache.DynamicRegionFactory;
-import com.gemstone.gemfire.cache.operations.UnregisterInterestOperationContext;
-import com.gemstone.gemfire.i18n.StringId;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
public class UnregisterInterestList extends BaseCommand {
@@ -47,7 +51,7 @@ public class UnregisterInterestList extends BaseCommand {
@Override
public void cmdExecute(Message msg, ServerConnection servConn, long start)
- throws IOException, ClassNotFoundException {
+ throws IOException, ClassNotFoundException {
Part regionNamePart = null, keyPart = null, numberOfKeysPart = null;
String regionName = null;
Object key = null;
@@ -64,15 +68,14 @@ public class UnregisterInterestList extends BaseCommand {
regionName = regionNamePart.getString();
Part isClosingListPart = msg.getPart(1);
- byte[] isClosingListPartBytes = (byte[])isClosingListPart.getObject();
+ byte[] isClosingListPartBytes = (byte[]) isClosingListPart.getObject();
boolean isClosingList = isClosingListPartBytes[0] == 0x01;
- boolean keepalive = false ;
+ boolean keepalive = false;
try {
Part keepalivePart = msg.getPart(2);
- byte[] keepalivePartBytes = (byte[])keepalivePart.getObject();
+ byte[] keepalivePartBytes = (byte[]) keepalivePart.getObject();
keepalive = keepalivePartBytes[0] == 0x01;
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeChunkedException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
@@ -86,8 +89,7 @@ public class UnregisterInterestList extends BaseCommand {
keyPart = msg.getPart(partNumber + i);
try {
key = keyPart.getStringOrObject();
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
@@ -95,45 +97,46 @@ public class UnregisterInterestList extends BaseCommand {
keys.add(key);
}
if (logger.isDebugEnabled()) {
- logger.debug("{}: Received unregister interest request ({} bytes) from {} for the following {} keys in region {}: {}", servConn.getName(), msg.getPayloadLength(), servConn.getSocketString(), numberOfKeys, regionName, keys);
+ logger.debug("{}: Received unregister interest request ({} bytes) from {} for the following {} keys in region {}: {}", servConn
+ .getName(), msg.getPayloadLength(), servConn.getSocketString(), numberOfKeys, regionName, keys);
}
// Process the unregister interest request
if (keys.isEmpty() || regionName == null) {
StringId errMessage = null;
if (keys.isEmpty() && regionName == null) {
- errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_IS_EMPTY_AND_THE_INPUT_REGION_NAME_IS_NULL_FOR_THE_UNREGISTER_INTEREST_REQUEST;
+ errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_IS_EMPTY_AND_THE_INPUT_REGION_NAME_IS_NULL_FOR_THE_UNREGISTER_INTEREST_REQUEST;
} else if (keys.isEmpty()) {
- errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_EMPTY;
+ errMessage = LocalizedStrings.UnRegisterInterestList_THE_INPUT_LIST_OF_KEYS_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_EMPTY;
} else if (regionName == null) {
errMessage = LocalizedStrings.UnRegisterInterest_THE_INPUT_REGION_NAME_FOR_THE_UNREGISTER_INTEREST_REQUEST_IS_NULL;
}
String s = errMessage.toLocalizedString();
logger.warn("{}: {}", servConn.getName(), s);
- writeErrorResponse(msg, MessageType.UNREGISTER_INTEREST_DATA_ERROR,
- s, servConn);
+ writeErrorResponse(msg, MessageType.UNREGISTER_INTEREST_DATA_ERROR, s, servConn);
servConn.setAsTrue(RESPONDED);
+ return;
}
- else {
- AuthorizeRequest authzRequest = servConn.getAuthzRequest();
- if (authzRequest != null) {
- // TODO SW: This is a workaround for DynamicRegionFactory
- // registerInterest calls. Remove this when the semantics of
- // DynamicRegionFactory are cleaned up.
- if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
- try {
- UnregisterInterestOperationContext unregisterContext = authzRequest
- .unregisterInterestListAuthorize(regionName, keys);
- keys = (List)unregisterContext.getKey();
- }
- catch (NotAuthorizedException ex) {
- writeException(msg, ex, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
+
+ GeodeSecurityUtil.authorizeRegionRead(regionName);
+
+ AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+ if (authzRequest != null) {
+ // TODO SW: This is a workaround for DynamicRegionFactory
+ // registerInterest calls. Remove this when the semantics of
+ // DynamicRegionFactory are cleaned up.
+ if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
+ try {
+ UnregisterInterestOperationContext unregisterContext = authzRequest.unregisterInterestListAuthorize(regionName, keys);
+ keys = (List) unregisterContext.getKey();
+ } catch (NotAuthorizedException ex) {
+ writeException(msg, ex, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
}
}
- // Yogesh : bug fix for 36457 :
+ }
+ // Yogesh : bug fix for 36457 :
/*
* Region destroy message from server to client results in client calling
* unregister to server (an unnecessary callback). The unregister
@@ -146,25 +149,25 @@ public class UnregisterInterestList extends BaseCommand {
* found during register interest list request"); writeErrorResponse(msg,
* MessageType.UNREGISTER_INTEREST_DATA_ERROR); responded = true; } else {
*/
- // Register interest
- servConn.getAcceptor().getCacheClientNotifier().unregisterClientInterest(
- regionName, keys, isClosingList, servConn.getProxyID(), keepalive);
-
- // Update the statistics and write the reply
- // bserverStats.incLong(processDestroyTimeId,
- // DistributionStats.getStatTime() - start);
- // start = DistributionStats.getStatTime(); WHY ARE GETTING START AND NOT
- // USING IT?
- writeReply(msg, servConn);
- servConn.setAsTrue(RESPONDED);
- if (logger.isDebugEnabled()) {
- logger.debug("{}: Sent unregister interest response for the following {} keys in region {}: {}", servConn.getName(), numberOfKeys, regionName, keys);
- }
- // bserverStats.incLong(writeDestroyResponseTimeId,
- // DistributionStats.getStatTime() - start);
- // bserverStats.incInt(destroyResponsesId, 1);
- // }
+ // Register interest
+ servConn.getAcceptor()
+ .getCacheClientNotifier()
+ .unregisterClientInterest(regionName, keys, isClosingList, servConn.getProxyID(), keepalive);
+
+ // Update the statistics and write the reply
+ // bserverStats.incLong(processDestroyTimeId,
+ // DistributionStats.getStatTime() - start);
+ // start = DistributionStats.getStatTime(); WHY ARE GETTING START AND NOT
+ // USING IT?
+ writeReply(msg, servConn);
+ servConn.setAsTrue(RESPONDED);
+ if (logger.isDebugEnabled()) {
+ logger.debug("{}: Sent unregister interest response for the following {} keys in region {}: {}", servConn.getName(), numberOfKeys, regionName, keys);
}
+ // bserverStats.incLong(writeDestroyResponseTimeId,
+ // DistributionStats.getStatTime() - start);
+ // bserverStats.incInt(destroyResponsesId, 1);
+ // }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/536c13bd/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 0ae3f7d..7cc7dbf 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -237,6 +237,13 @@ public class GeodeSecurityUtil {
authorize("DATA", "READ", regionName, key);
}
+ public static void authorizeFunctionExec(String function){
+ authorize("FUNCTION", "EXEC", function);
+ }
+ public static void authorizeFunctionRead(String function){
+ authorize("FUNCTION", "READ", function);
+ }
+
public static void authorize(String resource, String operation) {
authorize(resource, operation, null);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/536c13bd/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
index fab8b74..b1aad84 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
@@ -27,14 +27,16 @@ public class GeodePermission extends WildcardPermission {
public enum Resource {
NULL,
CLUSTER,
- DATA
+ DATA,
+ FUNCTION
}
public enum Operation {
NULL,
MANAGE,
WRITE,
- READ;
+ READ,
+ EXEC
}
public Resource getResource() {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/536c13bd/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
index 854e2f6..4bd7191 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
@@ -16,7 +16,7 @@
*/
package com.gemstone.gemfire.security;
-import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.*;
import java.util.ArrayList;
import java.util.HashMap;
@@ -24,14 +24,14 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.test.dunit.AsyncInvocation;
import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
@Category(DistributedTest.class)
public class IntegratedClientGetPutAuthDistributedTest extends AbstractIntegratedClientAuthDistributedTest {
@@ -60,8 +60,7 @@ public class IntegratedClientGetPutAuthDistributedTest extends AbstractIntegrate
Map keyValues = region.getAll(keys);
assertEquals(0, keyValues.size());
- Set keySet = region.keySet();
- assertEquals(0, keySet.size());
+ assertNotAuthorized(()->region.keySetOnServer(), "DATA:READ:AuthRegion");
});
@@ -81,8 +80,8 @@ public class IntegratedClientGetPutAuthDistributedTest extends AbstractIntegrate
assertEquals(2, keyValues.size());
// keyset
- Set keySet = region.keySet();
- assertEquals(3, keySet.size());
+ Set keySet = region.keySetOnServer();
+ assertEquals(5, keySet.size());
});
// client3 connects to user as a user authorized to use key1 in AuthRegion region
@@ -100,8 +99,7 @@ public class IntegratedClientGetPutAuthDistributedTest extends AbstractIntegrate
assertEquals(1, keyValues.size());
// keyset
- Set keySet = region.keySet();
- assertEquals(1, keySet.size());
+ assertNotAuthorized(()->region.keySetOnServer(), "DATA:READ:AuthRegion");
});
ai1.join();