geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Barry Oglesby (JIRA)" <j...@apache.org>
Subject [jira] [Created] (GEODE-1797) No gfsh commands are available to readonly members
Date Wed, 17 Aug 2016 17:54:20 GMT
Barry Oglesby created GEODE-1797:
------------------------------------

             Summary: No gfsh commands are available to readonly members
                 Key: GEODE-1797
                 URL: https://issues.apache.org/jira/browse/GEODE-1797
             Project: Geode
          Issue Type: Bug
          Components: gfsh, security
            Reporter: Barry Oglesby


All the list, fetch, view, show and queryData commands should be available to a read-only
user.

The {{ReadOpFileAccessController}} controls access to these operations using:
{noformat}
invoke(ObjectName name, String operationName, Object params[], String signature[])
{noformat}
That method compares the input operationName to a regular expression of allowed read-only
operations, but it always fails because the input operationName is 'processCommand' instead
of 'list members' (for example). The first argument to the params is the real operation.

I tried a quick hack that used params\[0\] instead of operationName, and it worked ok.

Test configuration:
{noformat}
gemfire-jmx-access.properties

gemfireuser readonly
gemfireadmin readwrite

gemfire-jmx-users.properties:

gemfireuser gemfireuser
gemfireadmin gemfireadmin
{noformat}

With gemfireuser:
{noformat}
gfsh>connect --locator=localhost[23456] --user=gemfireuser --password=gemfireuser
Connecting to Locator at [host=localhost, port=23456] ..
Connecting to Manager at [host=boglesbymac-2, port=1099] ..
Successfully connected to: [host=boglesbymac-2, port=1099]

gfsh>list members
Exception occurred. Access denied! Invalid access level for requested MBeanServer operation.
{noformat}

With gemfireadmin:
{noformat}
gfsh>connect --locator=localhost[23456] --user=gemfireadmin --password=gemfireadmin
Connecting to Locator at [host=localhost, port=23456] ..
Connecting to Manager at [host=boglesbymac-2, port=1099] ..
Successfully connected to: [host=boglesbymac-2, port=1099]

gfsh>list members
 Name   | Id
------- | -------------------------------------------------
locator | boglesbymac-2(locator:52076:locator)<ec><v0>:1024
{noformat}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message