[jira] [Commented] (GEODE-6930) Lucene Functions specified using Internal Function's required permission, will be rejected by PCC

Mon, 01 Jul 2019 14:09:44 -0700 


    [ 
https://issues.apache.org/jira/browse/GEODE-6930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16876502#comment-16876502
 ] 

ASF subversion and git services commented on GEODE-6930:
--------------------------------------------------------

Commit 0b32609181bbd3820edc2d7aa4ea04254f648363 in geode's branch 
refs/heads/feature/GEODE-6930 from zhouxh
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=0b32609 ]

GEODE-6930: Need to specify required resource permission DATA_READ for lucene 
user functions.

    Co-authored-by: Xiaojian Zhou Evans <[email protected]>
    Co-authored-by: Donal Evans <[email protected]>


> Lucene Functions specified using Internal Function's required permission, 
> will be rejected by PCC
> -------------------------------------------------------------------------------------------------
>
>                 Key: GEODE-6930
>                 URL: https://issues.apache.org/jira/browse/GEODE-6930
>             Project: Geode
>          Issue Type: Bug
>          Components: lucene
>            Reporter: xiaojian zhou
>            Assignee: xiaojian zhou
>            Priority: Major
>              Labels: GeodeCommons
>
> When playing lucene app in PCC, I noticed the query is rejected by PCC with 
> following error msg:
> 2019-06-14T10:24:29.83-0700 [APP/PROC/WEB/0] OUT Caused by: 
> org.apache.geode.security.NotAuthorizedException: 
> developer_jNnlmXMEdwsrmaDayfNKg not authorized for *
> This is because all the lucene functions are implementing Internal Function 
> but forgot to override it's getRequiredPermissions method. So it requires to 
> have ResourcePermissions.ALL to execute. 
> There're following 9 lucene functions:
> WaitUntilFlushedFunction (Need READ)
> LuceneQueryFunction (Need READ)
> IndexingInProgressFunction (Need READ)
> LuceneCreateIndexFunction (used by gfsh only, no need to change)
> LuceneDestroyIndexFunction (used by gfsh only, no need to change)
> LuceneDescribeIndexFunction (used by gfsh only, no need to change)
> LuceneSearchIndexFunction (used by gfsh only, no need to change)
> LuceneListIndexFunction (used by gfsh only, no need to change)
> LuceneGetPageFunction (Need READ)
> The 5 of them are only used by gfsh, which is the real "internal function". 
> The other 4 will be called by client application, so they should specify 
> ResourcePermissions.READ. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to