Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 17700200B57 for ; Mon, 27 Jun 2016 23:20:59 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 16774160A74; Mon, 27 Jun 2016 21:20:59 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0EC59160A71 for ; Mon, 27 Jun 2016 23:20:57 +0200 (CEST) Received: (qmail 38468 invoked by uid 500); 27 Jun 2016 21:20:57 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 38442 invoked by uid 99); 27 Jun 2016 21:20:57 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Jun 2016 21:20:57 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id CADB71A04B8 for ; Mon, 27 Jun 2016 21:20:56 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.646 X-Spam-Level: X-Spam-Status: No, score=-4.646 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426] autolearn=disabled Received: from mx2-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id lG3hgbAf4Har for ; Mon, 27 Jun 2016 21:20:53 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with SMTP id 63C8D5FB37 for ; Mon, 27 Jun 2016 21:20:52 +0000 (UTC) Received: (qmail 35913 invoked by uid 99); 27 Jun 2016 21:20:51 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Jun 2016 21:20:51 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 5F7B5E95B7; Mon, 27 Jun 2016 21:20:51 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jinmeiliao@apache.org To: commits@geode.incubator.apache.org Date: Mon, 27 Jun 2016 21:20:58 -0000 Message-Id: <940763a29ebd4b389175ee96c2f3762b@git.apache.org> In-Reply-To: <24ba314e899c4361b472ed9567d1f7cb@git.apache.org> References: <24ba314e899c4361b472ed9567d1f7cb@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [08/50] [abbrv] incubator-geode git commit: Clear Region archived-at: Mon, 27 Jun 2016 21:20:59 -0000 Clear Region Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/dd1b04b0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/dd1b04b0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/dd1b04b0 Branch: refs/heads/feature/GEODE-1571 Commit: dd1b04b0a07e2d2ad61504498acc69f9133b1f72 Parents: 8076567 Author: Kevin J. Duling Authored: Tue Jun 21 16:30:09 2016 -0700 Committer: Kevin J. Duling Committed: Tue Jun 21 16:30:09 2016 -0700 ---------------------------------------------------------------------- .../cache/tier/sockets/command/ClearRegion.java | 139 +++++++++---------- .../security/IntegratedClientAuthDUnitTest.java | 69 ++++++--- 2 files changed, 120 insertions(+), 88 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/dd1b04b0/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/ClearRegion.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/ClearRegion.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/ClearRegion.java index f9531e7..093a322 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/ClearRegion.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/ClearRegion.java @@ -15,40 +15,45 @@ * limitations under the License. */ /** - * + * */ package com.gemstone.gemfire.internal.cache.tier.sockets.command; +import java.io.IOException; +import java.nio.ByteBuffer; + +import com.gemstone.gemfire.cache.operations.RegionClearOperationContext; +import com.gemstone.gemfire.distributed.internal.DistributionStats; import com.gemstone.gemfire.internal.cache.EventID; import com.gemstone.gemfire.internal.cache.LocalRegion; import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper; import com.gemstone.gemfire.internal.cache.tier.Command; import com.gemstone.gemfire.internal.cache.tier.MessageType; -import com.gemstone.gemfire.internal.cache.tier.sockets.*; +import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand; +import com.gemstone.gemfire.internal.cache.tier.sockets.CacheServerStats; +import com.gemstone.gemfire.internal.cache.tier.sockets.Message; +import com.gemstone.gemfire.internal.cache.tier.sockets.Part; +import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection; import com.gemstone.gemfire.internal.i18n.LocalizedStrings; import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage; import com.gemstone.gemfire.internal.security.AuthorizeRequest; -import com.gemstone.gemfire.cache.operations.RegionClearOperationContext; -import com.gemstone.gemfire.distributed.internal.DistributionStats; -import java.io.IOException; -import java.nio.ByteBuffer; +import com.gemstone.gemfire.internal.security.GeodeSecurityUtil; public class ClearRegion extends BaseCommand { private final static ClearRegion singleton = new ClearRegion(); - public static Command getCommand() { - return singleton; + private ClearRegion() { } - private ClearRegion() { + public static Command getCommand() { + return singleton; } @Override - public void cmdExecute(Message msg, ServerConnection servConn, long start) - throws IOException, InterruptedException { - Part regionNamePart = null, callbackArgPart = null; + public void cmdExecute(Message msg, ServerConnection servConn, long start) throws IOException, InterruptedException { + Part regionNamePart = null, callbackArgPart = null; String regionName = null; Object callbackArg = null; Part eventPart = null; @@ -64,13 +69,12 @@ public class ClearRegion extends BaseCommand { // Retrieve the data from the message parts regionNamePart = msg.getPart(0); eventPart = msg.getPart(1); -// callbackArgPart = null; (redundant assignment) + // callbackArgPart = null; (redundant assignment) if (msg.getNumberOfParts() > 2) { callbackArgPart = msg.getPart(2); try { callbackArg = callbackArgPart.getObject(); - } - catch (Exception e) { + } catch (Exception e) { writeException(msg, e, false, servConn); servConn.setAsTrue(RESPONDED); return; @@ -78,73 +82,66 @@ public class ClearRegion extends BaseCommand { } regionName = regionNamePart.getString(); if (logger.isDebugEnabled()) { - logger.debug(servConn.getName() + ": Received clear region request (" + msg.getPayloadLength() + " bytes) from " + servConn.getSocketString() + " for region " + regionName); + logger.debug(servConn.getName() + ": Received clear region request (" + msg.getPayloadLength() + " bytes) from " + servConn + .getSocketString() + " for region " + regionName); } // Process the clear region request if (regionName == null) { - logger.warn(LocalizedMessage.create(LocalizedStrings.ClearRegion_0_THE_INPUT_REGION_NAME_FOR_THE_CLEAR_REGION_REQUEST_IS_NULL, servConn.getName())); + logger.warn(LocalizedMessage.create(LocalizedStrings.ClearRegion_0_THE_INPUT_REGION_NAME_FOR_THE_CLEAR_REGION_REQUEST_IS_NULL, servConn + .getName())); String errMessage = LocalizedStrings.ClearRegion_THE_INPUT_REGION_NAME_FOR_THE_CLEAR_REGION_REQUEST_IS_NULL.toLocalizedString(); - writeErrorResponse(msg, MessageType.CLEAR_REGION_DATA_ERROR, errMessage, - servConn); + writeErrorResponse(msg, MessageType.CLEAR_REGION_DATA_ERROR, errMessage, servConn); servConn.setAsTrue(RESPONDED); + return; } - else { - LocalRegion region = (LocalRegion)crHelper.getRegion(regionName); - if (region == null) { - String reason = LocalizedStrings.ClearRegion_WAS_NOT_FOUND_DURING_CLEAR_REGION_REGUEST.toLocalizedString(); - writeRegionDestroyedEx(msg, regionName, reason, servConn); - servConn.setAsTrue(RESPONDED); - } - else { - // Clear the region - - ByteBuffer eventIdPartsBuffer = ByteBuffer.wrap(eventPart - .getSerializedForm()); - long threadId = EventID - .readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer); - long sequenceId = EventID - .readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer); - EventID eventId = new EventID(servConn.getEventMemberIDByteArray(), - threadId, sequenceId); - - try { - AuthorizeRequest authzRequest = servConn.getAuthzRequest(); - if (authzRequest != null) { - RegionClearOperationContext clearContext = authzRequest - .clearAuthorize(regionName, callbackArg); - callbackArg = clearContext.getCallbackArg(); - } - region.basicBridgeClear(callbackArg, servConn.getProxyID(), - true /* boolean from cache Client */, eventId); - } - catch (Exception e) { - // If an interrupted exception is thrown , rethrow it - checkForInterrupt(servConn, e); - - // If an exception occurs during the clear, preserve the connection - writeException(msg, e, false, servConn); - servConn.setAsTrue(RESPONDED); - return; - } - - // Update the statistics and write the reply - { - long oldStart = start; - start = DistributionStats.getStatTime(); - stats.incProcessClearRegionTime(start - oldStart); - } - writeReply(msg, servConn); - servConn.setAsTrue(RESPONDED); - if (logger.isDebugEnabled()) { - logger.debug(servConn.getName() + ": Sent clear region response for region " + regionName); - } - stats.incWriteClearRegionResponseTime(DistributionStats.getStatTime() - - start); + + LocalRegion region = (LocalRegion) crHelper.getRegion(regionName); + if (region == null) { + String reason = LocalizedStrings.ClearRegion_WAS_NOT_FOUND_DURING_CLEAR_REGION_REGUEST.toLocalizedString(); + writeRegionDestroyedEx(msg, regionName, reason, servConn); + servConn.setAsTrue(RESPONDED); + return; + } + // Clear the region + GeodeSecurityUtil.authorizeRegionWrite(regionName); + + ByteBuffer eventIdPartsBuffer = ByteBuffer.wrap(eventPart.getSerializedForm()); + long threadId = EventID.readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer); + long sequenceId = EventID.readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer); + EventID eventId = new EventID(servConn.getEventMemberIDByteArray(), threadId, sequenceId); + + try { + AuthorizeRequest authzRequest = servConn.getAuthzRequest(); + if (authzRequest != null) { + RegionClearOperationContext clearContext = authzRequest.clearAuthorize(regionName, callbackArg); + callbackArg = clearContext.getCallbackArg(); } + region.basicBridgeClear(callbackArg, servConn.getProxyID(), true /* boolean from cache Client */, eventId); + } catch (Exception e) { + // If an interrupted exception is thrown , rethrow it + checkForInterrupt(servConn, e); + + // If an exception occurs during the clear, preserve the connection + writeException(msg, e, false, servConn); + servConn.setAsTrue(RESPONDED); + return; } + // Update the statistics and write the reply + { + long oldStart = start; + start = DistributionStats.getStatTime(); + stats.incProcessClearRegionTime(start - oldStart); + } + writeReply(msg, servConn); + servConn.setAsTrue(RESPONDED); + if (logger.isDebugEnabled()) { + logger.debug(servConn.getName() + ": Sent clear region response for region " + regionName); + } + stats.incWriteClearRegionResponseTime(DistributionStats.getStatTime() - start); } + } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/dd1b04b0/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java index 4e1f84c..a408c81 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java @@ -176,22 +176,7 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase { public void testDestroyInvalidate() throws InterruptedException { // First, load up 5 keys to work with - SerializableRunnable putKeys = new SerializableRunnable() { - @Override - public void run() { - Cache cache = getCache(); - Region region = cache.getRegion(SecurityTestUtils.REGION_NAME); - assertNotNull(region); - region.clear(); - for (int i = 0; i < 5; i++) { - String key = "key" + i; - String value = "value" + i; - region.put(key, value); - } - assertEquals(5, region.size()); - } - }; - server1.invoke(putKeys); + server1.invoke(generate5Keys()); // Delete one key and invalidate another key with an authorized user. AsyncInvocation ai1 = client1.invokeAsync(() -> { @@ -236,8 +221,58 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase { ai2.checkException(); } - public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString){ + public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) { assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString); } + private static SerializableRunnable generate5Keys() { + SerializableRunnable putKeys = new SerializableRunnable() { + @Override + public void run() { + Cache cache = getCache(); + Region region = cache.getRegion(SecurityTestUtils.REGION_NAME); + assertNotNull(region); + region.clear(); + for (int i = 0; i < 5; i++) { + String key = "key" + i; + String value = "value" + i; + region.put(key, value); + } + assertEquals(5, region.size()); + } + }; + return putKeys; + } + + @Test + public void testRegionClear() throws InterruptedException { + + // First, load up 5 keys to work with + server1.invoke(generate5Keys()); + + // Verify that an unauthorized user can't clear the region + SerializableRunnable clearUnauthorized = new SerializableRunnable() { + @Override + public void run() { + Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION); + final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME); + assertNotAuthorized(() -> region.clear(), "DATA:WRITE:AuthRegion"); + cache.close(); + } + }; + client1.invoke(clearUnauthorized); + + // Verify that an authorized user can clear the region + SerializableRunnable clearAuthorized = new SerializableRunnable() { + @Override + public void run() { + Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", serverPort, SecurityTestUtils.NO_EXCEPTION); + final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME); + assertNotAuthorized(() -> region.clear(), "DATA:WRITE:AuthRegion"); + cache.close(); + } + }; + client1.invoke(clearUnauthorized); + } + }