Repository: ignite Updated Branches: refs/heads/master 8a48c5cb2 -> 241136537
IGNITE-6856: SQL: Fixed query handling from thin client side. This closes #5238. Project: http://git-wip-us.apache.org/repos/asf/ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/24113653 Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/24113653 Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/24113653 Branch: refs/heads/master Commit: 241136537e13a9a6cf9396977dfeb257368c26c9 Parents: 8a48c5c Author: devozerov <voze...@gridgain.com> Authored: Fri Nov 2 14:56:41 2018 +0300 Committer: devozerov <voze...@gridgain.com> Committed: Fri Nov 2 14:56:41 2018 +0300 ---------------------------------------------------------------------- .../processors/query/h2/IgniteH2Indexing.java | 30 ++++++++++++++++++++ .../query/h2/sql/GridSqlQueryParser.java | 22 ++++++++++++++ 2 files changed, 52 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ignite/blob/24113653/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java ---------------------------------------------------------------------- diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java index fcd3483..2337047 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java @@ -65,6 +65,7 @@ import org.apache.ignite.internal.processors.affinity.AffinityTopologyVersion; import org.apache.ignite.internal.processors.cache.CacheEntryImpl; import org.apache.ignite.internal.processors.cache.CacheObjectUtils; import org.apache.ignite.internal.processors.cache.CacheObjectValueContext; +import org.apache.ignite.internal.processors.cache.DynamicCacheDescriptor; import org.apache.ignite.internal.processors.cache.GridCacheContext; import org.apache.ignite.internal.processors.cache.GridCacheSharedContext; import org.apache.ignite.internal.processors.cache.QueryCursorImpl; @@ -179,6 +180,7 @@ import org.apache.ignite.lang.IgniteUuid; import org.apache.ignite.marshaller.Marshaller; import org.apache.ignite.marshaller.jdk.JdkMarshaller; import org.apache.ignite.plugin.extensions.communication.Message; +import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.resources.LoggerResource; import org.apache.ignite.spi.indexing.IndexingQueryFilter; import org.apache.ignite.spi.indexing.IndexingQueryFilterImpl; @@ -1120,6 +1122,14 @@ public class IgniteH2Indexing implements GridQueryIndexing { throw new IgniteSQLException("SELECT FOR UPDATE query requires transactional " + "cache with MVCC enabled.", IgniteQueryErrorCode.UNSUPPORTED_OPERATION); + if (this.ctx.security().enabled()) { + GridSqlQueryParser parser = new GridSqlQueryParser(false); + + parser.parse(p); + + checkSecurity(parser.cacheIds()); + } + GridNearTxSelectForUpdateFuture sfuFut = null; int opTimeout = qryTimeout; @@ -2309,6 +2319,9 @@ public class IgniteH2Indexing implements GridQueryIndexing { checkQueryType(qry, true); + if (ctx.security().enabled()) + checkSecurity(twoStepQry.cacheIds()); + return Collections.singletonList(doRunDistributedQuery(schemaName, qry, twoStepQry, meta, keepBinary, startTx, tracker, cancel)); } @@ -2324,6 +2337,23 @@ public class IgniteH2Indexing implements GridQueryIndexing { } /** + * Check security access for caches. + * + * @param cacheIds Cache IDs. + */ + private void checkSecurity(Collection<Integer> cacheIds) { + if (F.isEmpty(cacheIds)) + return; + + for (Integer cacheId : cacheIds) { + DynamicCacheDescriptor desc = ctx.cache().cacheDescriptor(cacheId); + + if (desc != null) + ctx.security().authorize(desc.cacheName(), SecurityPermission.CACHE_READ, null); + } + } + + /** * Parse and split query if needed, cache either two-step query or statement. * @param schemaName Schema name. * @param qry Query. http://git-wip-us.apache.org/repos/asf/ignite/blob/24113653/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/sql/GridSqlQueryParser.java ---------------------------------------------------------------------- diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/sql/GridSqlQueryParser.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/sql/GridSqlQueryParser.java index 26a8dcc..37d2983 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/sql/GridSqlQueryParser.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/sql/GridSqlQueryParser.java @@ -21,6 +21,7 @@ import java.lang.reflect.Field; import java.sql.PreparedStatement; import java.sql.SQLException; import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; import java.util.HashMap; import java.util.IdentityHashMap; @@ -1763,6 +1764,27 @@ public class GridSqlQueryParser { } /** + * @return All known cache IDs. + */ + public Collection<Integer> cacheIds() { + ArrayList<Integer> res = new ArrayList<>(1); + + for (Object o : h2ObjToGridObj.values()) { + if (o instanceof GridSqlAlias) + o = GridSqlAlias.unwrap((GridSqlAst)o); + + if (o instanceof GridSqlTable) { + GridH2Table tbl = ((GridSqlTable)o).dataTable(); + + if (tbl != null) + res.add(tbl.cacheId()); + } + } + + return res; + } + + /** * @param stmt Prepared statement. * @return Parsed AST. */