You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tinkerpop.apache.org by "Rusi Popov (Jira)" <ji...@apache.org> on 2022/08/07 08:17:00 UTC

[jira] [Created] (TINKERPOP-2782) WebSocketAuthorizationHandler does not transfer the request's sessionId, needed in UnifiedHandler

Rusi Popov created TINKERPOP-2782:
-------------------------------------

             Summary: WebSocketAuthorizationHandler does not transfer the request's sessionId, needed in UnifiedHandler
                 Key: TINKERPOP-2782
                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2782
             Project: TinkerPop
          Issue Type: Bug
          Components: server
    Affects Versions: 3.5.4, 3.6.1, 3.5.3, 3.5.2, 3.6.0
            Reporter: Rusi Popov


When the gremlin-server.yaml configures the gremlin server to use the UnifiedChannelizer with an explicit Authorizer:

{code:yaml}
channelizer: org.apache.tinkerpop.gremlin.server.channel.UnifiedChannelizer
authorization:

     authorizer: <some class>
{code}
the UnifiedChannelizer registers org.apache.tinkerpop.gremlin.server.handler.WebSocketAuthorizationHandler before org.apache.tinkerpop.gremlin.server.handler.UnifiedHandler in the pipeline.

The WebSocketAuthorizationHandler uses the Authorizer to transform the bytecode, builds a new request message with the transformed bytecode, and pushes the new message down the pipeline for processing:
(in 3.6.1 these are lines) 
{code:java}
case Tokens.OPS_BYTECODE:
    final Bytecode bytecode = (Bytecode) requestMessage.getArgs().get(Tokens.ARGS_GREMLIN);
    final Map<String, String> aliases = (Map<String, String>) requestMessage.getArgs().get(Tokens.ARGS_ALIASES);
    final Bytecode restrictedBytecode = authorizer.authorize(user, bytecode, aliases);
    final RequestMessage restrictedMsg = RequestMessage.build(Tokens.OPS_BYTECODE).
            overrideRequestId(requestMessage.getRequestId()).
            processor("traversal").
            addArg(Tokens.ARGS_GREMLIN, restrictedBytecode).
            addArg(Tokens.ARGS_ALIASES, aliases).create();
    ctx.fireChannelRead(restrictedMsg);
    break;
{code}

Next is the  org.apache.tinkerpop.gremlin.server.handler.UnifiedHandler, which uses session ID for session detection:
(lines 146-147)
{code:java}
final Optional<String> optMultiTaskSession = msg.optionalArgs(Tokens.ARGS_SESSION);
final String sessionId = optMultiTaskSession.orElse(msg.getRequestId().toString());
{code}

*The problem:*
WebSocketAuthorizationHandler does not transfer the Tokens.ARGS_SESSION to the UnifiedHandler so it uses request's ID as every time a new session ID 

*Suggestion:*
in WebSocketAuthorizationHandler iterate on the args and copy every arg but ARGS_GREMLIN, then set the latter to the restricted bytecode.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)