This is an automated email from the ASF dual-hosted git repository.
nnag pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new ff3fab4 Authorization is now called only on unique context values
ff3fab4 is described below
commit ff3fab46cb2bf638d5aaf71747db013763db8e2a
Author: Naburun Nag <[email protected]>
AuthorDate: Thu Apr 4 11:02:52 2019 -0700
Authorization is now called only on unique context values
---
.../internal/security/MBeanServerWrapper.java | 45 ++++++++++++++--------
1 file changed, 29 insertions(+), 16 deletions(-)
diff --git
a/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
b/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
index fc863b4..eb31a45 100644
---
a/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
+++
b/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
@@ -15,6 +15,7 @@
package org.apache.geode.management.internal.security;
import java.io.ObjectInputStream;
+import java.util.HashSet;
import java.util.Set;
import javax.management.Attribute;
@@ -175,18 +176,29 @@ public class MBeanServerWrapper implements
MBeanServerForwarder {
@Override
public AttributeList getAttributes(ObjectName name, String[] attributes)
throws InstanceNotFoundException, ReflectionException {
- AttributeList results = new AttributeList();
+ AttributeList results;
+ checkAuthorization(name, attributes);
+ try {
+ results = mbs.getAttributes(name, attributes);
+ } catch (Exception e) {
+ throw new GemFireSecurityException(
+ "error getting values of attributes :" + attributes + " from " +
name,
+ e);
+ }
+ return results;
+ }
+
+ void checkAuthorization(ObjectName name, String[] attributes)
+ throws InstanceNotFoundException, ReflectionException {
+ Set<ResourcePermission> contextSet = new HashSet<>();
for (String attribute : attributes) {
- try {
- Object value = getAttribute(name, attribute);
- Attribute att = new Attribute(attribute, value);
- results.add(att);
- } catch (Exception e) {
- throw new GemFireSecurityException("error getting value of " +
attribute + " from " + name,
- e);
+ ResourcePermission ctx = getOperationContext(name, attribute, false);
+ if (ctx != null) {
+ if (contextSet.add(ctx)) {
+ this.securityService.authorize(ctx);
+ }
}
}
- return results;
}
@Override
@@ -202,13 +214,14 @@ public class MBeanServerWrapper implements
MBeanServerForwarder {
public AttributeList setAttributes(ObjectName name, AttributeList attributes)
throws InstanceNotFoundException, ReflectionException {
// call setAttribute instead to use the authorization logic
- for (Attribute attribute : attributes.asList()) {
- try {
- setAttribute(name, attribute);
- } catch (Exception e) {
- throw new GemFireSecurityException("error setting attribute " +
attribute + " of " + name,
- e);
- }
+ checkAuthorization(name,
+ (String[]) attributes.parallelStream().map(attribute -> ((Attribute)
attribute).getName())
+ .toArray());
+ try {
+ mbs.setAttributes(name, attributes);
+ } catch (Exception e) {
+ throw new GemFireSecurityException("error setting attributes :" +
attributes + " of " + name,
+ e);
}
return attributes;
}
