You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by nn...@apache.org on 2019/04/12 18:58:24 UTC
[geode] branch develop updated: Authorization is now called only on
unique context values
This is an automated email from the ASF dual-hosted git repository.
nnag pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new ff3fab4 Authorization is now called only on unique context values
ff3fab4 is described below
commit ff3fab46cb2bf638d5aaf71747db013763db8e2a
Author: Naburun Nag <na...@cs.wisc.edu>
AuthorDate: Thu Apr 4 11:02:52 2019 -0700
Authorization is now called only on unique context values
---
.../internal/security/MBeanServerWrapper.java | 45 ++++++++++++++--------
1 file changed, 29 insertions(+), 16 deletions(-)
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java b/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
index fc863b4..eb31a45 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
@@ -15,6 +15,7 @@
package org.apache.geode.management.internal.security;
import java.io.ObjectInputStream;
+import java.util.HashSet;
import java.util.Set;
import javax.management.Attribute;
@@ -175,18 +176,29 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
@Override
public AttributeList getAttributes(ObjectName name, String[] attributes)
throws InstanceNotFoundException, ReflectionException {
- AttributeList results = new AttributeList();
+ AttributeList results;
+ checkAuthorization(name, attributes);
+ try {
+ results = mbs.getAttributes(name, attributes);
+ } catch (Exception e) {
+ throw new GemFireSecurityException(
+ "error getting values of attributes :" + attributes + " from " + name,
+ e);
+ }
+ return results;
+ }
+
+ void checkAuthorization(ObjectName name, String[] attributes)
+ throws InstanceNotFoundException, ReflectionException {
+ Set<ResourcePermission> contextSet = new HashSet<>();
for (String attribute : attributes) {
- try {
- Object value = getAttribute(name, attribute);
- Attribute att = new Attribute(attribute, value);
- results.add(att);
- } catch (Exception e) {
- throw new GemFireSecurityException("error getting value of " + attribute + " from " + name,
- e);
+ ResourcePermission ctx = getOperationContext(name, attribute, false);
+ if (ctx != null) {
+ if (contextSet.add(ctx)) {
+ this.securityService.authorize(ctx);
+ }
}
}
- return results;
}
@Override
@@ -202,13 +214,14 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
public AttributeList setAttributes(ObjectName name, AttributeList attributes)
throws InstanceNotFoundException, ReflectionException {
// call setAttribute instead to use the authorization logic
- for (Attribute attribute : attributes.asList()) {
- try {
- setAttribute(name, attribute);
- } catch (Exception e) {
- throw new GemFireSecurityException("error setting attribute " + attribute + " of " + name,
- e);
- }
+ checkAuthorization(name,
+ (String[]) attributes.parallelStream().map(attribute -> ((Attribute) attribute).getName())
+ .toArray());
+ try {
+ mbs.setAttributes(name, attributes);
+ } catch (Exception e) {
+ throw new GemFireSecurityException("error setting attributes :" + attributes + " of " + name,
+ e);
}
return attributes;
}