[jira] [Created] (GEODE-5618) FunctionService.onServer() and FunctionService.onRegion() fail when multiuser-authentication=true

Wed, 22 Aug 2018 04:46:15 -0700 

Juan José Ramos Cassella created GEODE-5618:
-----------------------------------------------

             Summary: FunctionService.onServer() and FunctionService.onRegion() 
fail when multiuser-authentication=true
                 Key: GEODE-5618
                 URL: https://issues.apache.org/jira/browse/GEODE-5618
             Project: Geode
          Issue Type: Bug
          Components: functions, security
            Reporter: Juan José Ramos Cassella


The problem resides within the {{ServerFunctionExecutor}} class, specifically 
in the following section of code:

{code:title=ServerFunctionExecutor.java|borderStyle=solid}
public ResultCollector execute(final String functionName) {
(...)
 byte[] functionAttributes = getFunctionAttributes(functionName);
 if (functionAttributes == null) {
 Object obj = GetFunctionAttributeOp.execute(this.pool, functionName);
 functionAttributes = (byte[]) obj;
 addFunctionAttributes(functionName, functionAttributes);
 }
(..)
}
{code}

We are specifically executing an internal function (namely 
{{GetFunctionAttributeOp}}) to retrieve the metadata for the function executed 
by the client *without setting the user attributes* required by the 
authentication mechanism and, as such, the execution fails for this particular 
function instead of the one executed by the client (it's not even part of the 
stack trace):

{noformat}
Exception in thread "main" java.lang.UnsupportedOperationException: Use Pool 
APIs for doing operations when multiuser-secure-mode-enabled is set to true.
 at 
org.apache.geode.cache.client.internal.PoolImpl.authenticateIfRequired(PoolImpl.java:1549)
 at 
org.apache.geode.cache.client.internal.PoolImpl.authenticateIfRequired(PoolImpl.java:1531)
 at org.apache.geode.cache.client.internal.PoolImpl.execute(PoolImpl.java:781)
 at 
org.apache.geode.cache.client.internal.GetFunctionAttributeOp.execute(GetFunctionAttributeOp.java:24)
 at 
org.apache.geode.internal.cache.execute.ServerFunctionExecutor.execute(ServerFunctionExecutor.java:310)
{noformat}

The other top-level methods from {{ServerFunctionExecutor}} and 
{{ServerRegionFunctionExecutor}} configure the user attributes before actually 
executing the function, that's why (as a workaround), the user can use 
{{FunctionService.onServer(regionService).execute(new MyFunction())}}, works as 
expected:

{code}
 if (proxyCache != null) {
 if (this.proxyCache.isClosed()) {
 throw proxyCache.getCacheClosedException("Cache is closed for this user.");
 }
 UserAttributes.userAttributes.set(this.proxyCache.getUserAttributes());
 }
{code}

The solution would be to add the same _pre-operation logic_ to the buggy method.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to