geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GEODE-3787) Ambiguous exception thrown with method invoked in OQL query with new security configured
Date Tue, 10 Oct 2017 00:07:00 GMT

    [ https://issues.apache.org/jira/browse/GEODE-3787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16197908#comment-16197908
] 

ASF subversion and git services commented on GEODE-3787:
--------------------------------------------------------

Commit 42b76583b1ac14e4caa4a1311620c0be2e2fb7de in geode's branch refs/heads/develop from
[~huynhja]
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=42b7658 ]

GEODE-3787: Do not catch NotAuthorizedExceptions in CompiledIteratorDef

  * Fixed test where fail was not being called when needed
  * Queries that do not actually invoke a method but should be restricted
    are now reclassified into a new dunit test


> Ambiguous exception thrown with method invoked in OQL query with new security configured
> ----------------------------------------------------------------------------------------
>
>                 Key: GEODE-3787
>                 URL: https://issues.apache.org/jira/browse/GEODE-3787
>             Project: Geode
>          Issue Type: Bug
>          Components: querying, security
>            Reporter: Diane Hardman
>
> I've configured my cluster using the new security (using ExampleSecurityManager) with
1 locator and 1 server. After adding 3 key-value pairs into the single partitioned region
(region1), I use a second terminal to connect as a user with read-only privilege to the region.
> When I enter a query that invokes a put method, I get an odd exception message in gfsh.
> {noformat}
> gfsh>query --query="select * from /region1.put('xyz','abc')"
> Message : Exception in evaluating the Collection Expression in getRuntimeIterator() even
though the Collection is independent of any RuntimeIterator
> Result  : false
> (noformat}
> Looking in the server log file, it looks like this exception is logged first and later
is followed by the more meaningful error:
> {noformat}
> [warning 2017/10/05 17:53:50.040 PDT serv1 <Function Execution Processor2> tid=0x81]
Exception in evaluating the Collection Expression in getRuntimeIterator() even though the
Collection is independent of any RuntimeIterator
> org.apache.geode.cache.query.TypeMismatchException: Exception in evaluating the Collection
Expression in getRuntimeIterator() even though the Collection is independent of any RuntimeIterator
>         at org.apache.geode.cache.query.internal.CompiledIteratorDef.getRuntimeIterator(CompiledIteratorDef.java:127)
> ... <many lines removed>
> Caused by: org.apache.geode.security.NotAuthorizedException: Unauthorized access to method:
put
>         at org.apache.geode.cache.query.internal.RestrictedMethodInvocationAuthorizer.authorizeMethodInvocation(RestrictedMethodInvocationAuthorizer.java:123)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message