[jira] [Closed] (GEODE-1797) No gfsh commands are available to readonly members

Fri, 20 Apr 2018 13:00:12 -0700 

     [ 
https://issues.apache.org/jira/browse/GEODE-1797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Anthony Baker closed GEODE-1797.
--------------------------------

> No gfsh commands are available to readonly members
> --------------------------------------------------
>
>                 Key: GEODE-1797
>                 URL: https://issues.apache.org/jira/browse/GEODE-1797
>             Project: Geode
>          Issue Type: Bug
>          Components: gfsh, security
>            Reporter: Barry Oglesby
>            Priority: Major
>
> All the list, fetch, view, show and queryData commands should be available to 
> a read-only user.
> The {{ReadOpFileAccessController}} controls access to these operations using:
> {noformat}
> invoke(ObjectName name, String operationName, Object params[], String 
> signature[])
> {noformat}
> That method compares the input operationName to a regular expression of 
> allowed read-only operations, but it always fails because the input 
> operationName is 'processCommand' instead of 'list members' (for example). 
> The first argument to the params is the real operation.
> I tried a quick hack that used params\[0\] instead of operationName, and it 
> worked ok.
> Test configuration:
> {noformat}
> gemfire-jmx-access.properties
> gemfireuser readonly
> gemfireadmin readwrite
> gemfire-jmx-users.properties:
> gemfireuser gemfireuser
> gemfireadmin gemfireadmin
> {noformat}
> With gemfireuser:
> {noformat}
> gfsh>connect --locator=localhost[23456] --user=gemfireuser 
> --password=gemfireuser
> Connecting to Locator at [host=localhost, port=23456] ..
> Connecting to Manager at [host=boglesbymac-2, port=1099] ..
> Successfully connected to: [host=boglesbymac-2, port=1099]
> gfsh>list members
> Exception occurred. Access denied! Invalid access level for requested 
> MBeanServer operation.
> {noformat}
> With gemfireadmin:
> {noformat}
> gfsh>connect --locator=localhost[23456] --user=gemfireadmin 
> --password=gemfireadmin
> Connecting to Locator at [host=localhost, port=23456] ..
> Connecting to Manager at [host=boglesbymac-2, port=1099] ..
> Successfully connected to: [host=boglesbymac-2, port=1099]
> gfsh>list members
>  Name   | Id
> ------- | -------------------------------------------------
> locator | boglesbymac-2(locator:52076:locator)<ec><v0>:1024
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to