[
https://issues.apache.org/jira/browse/JENA-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy Seaborne resolved JENA-2055.
---------------------------------
Fix Version/s: Jena 4.0.0
Resolution: Fixed
> handle properly the denied access generated by jena-permission security
> evaluator
> ---------------------------------------------------------------------------------
>
> Key: JENA-2055
> URL: https://issues.apache.org/jira/browse/JENA-2055
> Project: Apache Jena
> Issue Type: Bug
> Components: Fuseki
> Affects Versions: Jena 3.17.0
> Environment: jena-fuseki 3.17.0
> openjdk version "1.8.0_275"
> Reporter: info parlepeuple
> Assignee: Andy Seaborne
> Priority: Major
> Labels: fuseki2, permission
> Fix For: Jena 4.0.0
>
> Attachments:
> 0001-handle-properly-the-denied-access-generated-by-jena.patch,
> ShiroEvaluator.java, localData.ttl, pom.xml
>
>
> When the dataset is secured with [jena
> permission|https://jena.apache.org/documentation/permissions/] , and some
> access is denied, an exception is thrown from the SecuredGraph.
> This exception is not catched in SPARQLQueryProcessor, which results in a 500
> error returned to the HTTP client.
> exception OperationDeniedException should return a 403, not a 500.
>
> attached is the patch !
>
> [2021-02-21 03:10:26] Fuseki WARN [3] RC = 500 : Model permissions violation:
> org.apache.jena.shared.ReadDeniedException: Model permissions violation:
> at
> org.apache.jena.permissions.impl.SecuredItemImpl.checkRead(SecuredItemImpl.java:683)
> ~[jena-permissions-3.17.0.jar:3.17.0]
> at
> org.apache.jena.permissions.graph.impl.SecuredGraphImpl.find(SecuredGraphImpl.java:154)
> ~[jena-permissions-3.17.0.jar:3.17.0]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_275]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_275]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_275]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_275]
> at
> org.apache.jena.permissions.impl.SecuredItemInvoker.invoke(SecuredItemInvoker.java:120)
> ~[jena-permissions-3.17.0.jar:3.17.0]
> at com.sun.proxy.$Proxy18.find(Unknown Source) ~[?:?]
> at
> org.apache.jena.sparql.graph.GraphUnionRead.graphBaseFind(GraphUnionRead.java:104)
> ~[fuseki-server.jar:3.17.0]
> at org.apache.jena.graph.impl.GraphBase.find(GraphBase.java:244)
> ~[fuseki-server.jar:3.17.0]
> at org.apache.jena.graph.impl.GraphBase.graphBaseFind(GraphBase.java:261)
> ~[fuseki-server.jar:3.17.0]
> at org.apache.jena.graph.impl.GraphBase.find(GraphBase.java:258)
> ~[fuseki-server.jar:3.17.0]
> at org.apache.jena.graph.impl.WrappedGraph.find(WrappedGraph.java:100)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIterTriplePattern$TripleMapper.<init>(QueryIterTriplePattern.java:83)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIterTriplePattern.nextStage(QueryIterTriplePattern.java:52)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIterRepeatApply.makeNextStage(QueryIterRepeatApply.java:108)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIterRepeatApply.hasNextBinding(QueryIterRepeatApply.java:65)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIterBlockTriplesStar.hasNextBinding(QueryIterBlockTriplesStar.java:54)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIterConvert.hasNextBinding(QueryIterConvert.java:58)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIteratorWrapper.hasNextBinding(QueryIteratorWrapper.java:38)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIteratorWrapper.hasNextBinding(QueryIteratorWrapper.java:38)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.ResultSetStream.hasNext(ResultSetStream.java:74)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.sparql.engine.ResultSetCheckCondition.hasNext(ResultSetCheckCondition.java:55)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.executeQuery(SPARQLQueryProcessor.java:324)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.execute(SPARQLQueryProcessor.java:273)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.executeWithParameter(SPARQLQueryProcessor.java:222)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.execute(SPARQLQueryProcessor.java:207)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.ActionService.executeLifecycle(ActionService.java:58)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.execPost(SPARQLQueryProcessor.java:83)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.ActionProcessor.process(ActionProcessor.java:34)
> ~[fuseki-server.jar:3.17.0]
> at org.apache.jena.fuseki.servlets.ActionBase.process(ActionBase.java:55)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.ActionExecLib.execAction(ActionExecLib.java:106)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.server.Dispatcher.dispatchAction(Dispatcher.java:118)
> ~[fuseki-server.jar:3.17.0]
> at org.apache.jena.fuseki.server.Dispatcher.process(Dispatcher.java:110)
> ~[fuseki-server.jar:3.17.0]
> at org.apache.jena.fuseki.server.Dispatcher.dispatch(Dispatcher.java:96)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.FusekiFilter.doFilter(FusekiFilter.java:51)
> ~[fuseki-server.jar:3.17.0]
> at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:450)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> ~[fuseki-server.jar:3.17.0]
> at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:284)
> ~[fuseki-server.jar:3.17.0]
> at
> org.apache.jena.fuseki.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:247)
> ~[fuseki-server.jar:3.17.0]
> at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1612)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
> ~[fuseki-server.jar:3.17.0]
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1582)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:716)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> ~[fuseki-server.jar:3.17.0]
> at org.eclipse.jetty.server.Server.handle(Server.java:516)
> ~[fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
> ~[fuseki-server.jar:3.17.0]
> at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
> [fuseki-server.jar:3.17.0]
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
> [fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
> [fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
> [fuseki-server.jar:3.17.0]
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
> [fuseki-server.jar:3.17.0]
> at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
> [fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
> [fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
> [fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
> [fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
> [fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
> [fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
> [fuseki-server.jar:3.17.0]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
> [fuseki-server.jar:3.17.0]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
> [2021-02-21 03:10:26] Fuseki INFO [3] 500 Server Error (18 ms)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
