[
https://issues.apache.org/jira/browse/GEODE-6930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
xiaojian zhou updated GEODE-6930:
---------------------------------
Description:
When playing lucene app, I noticed the query is rejected with following error
msg:
2019-06-14T10:24:29.83-0700 [APP/PROC/WEB/0] OUT Caused by:
org.apache.geode.security.NotAuthorizedException:
developer_jNnlmXMEdwsrmaDayfNKg not authorized for *
This is because all the lucene functions are implementing Internal Function but
forgot to override it's getRequiredPermissions method. So it requires to have
ResourcePermissions.ALL to execute.
There're following 9 lucene functions:
WaitUntilFlushedFunction (Need READ)
LuceneQueryFunction (Need READ)
IndexingInProgressFunction (Need READ)
LuceneCreateIndexFunction (used by gfsh only, no need to change)
LuceneDestroyIndexFunction (used by gfsh only, no need to change)
LuceneDescribeIndexFunction (used by gfsh only, no need to change)
LuceneSearchIndexFunction (used by gfsh only, no need to change)
LuceneListIndexFunction (used by gfsh only, no need to change)
LuceneGetPageFunction (Need READ)
The 5 of them are only used by gfsh, which is the real "internal function".
The other 4 will be called by client application, so they should specify
ResourcePermissions.READ.
was:
When playing lucene app in PCC, I noticed the query is rejected by PCC with
following error msg:
2019-06-14T10:24:29.83-0700 [APP/PROC/WEB/0] OUT Caused by:
org.apache.geode.security.NotAuthorizedException:
developer_jNnlmXMEdwsrmaDayfNKg not authorized for *
This is because all the lucene functions are implementing Internal Function but
forgot to override it's getRequiredPermissions method. So it requires to have
ResourcePermissions.ALL to execute.
There're following 9 lucene functions:
WaitUntilFlushedFunction (Need READ)
LuceneQueryFunction (Need READ)
IndexingInProgressFunction (Need READ)
LuceneCreateIndexFunction (used by gfsh only, no need to change)
LuceneDestroyIndexFunction (used by gfsh only, no need to change)
LuceneDescribeIndexFunction (used by gfsh only, no need to change)
LuceneSearchIndexFunction (used by gfsh only, no need to change)
LuceneListIndexFunction (used by gfsh only, no need to change)
LuceneGetPageFunction (Need READ)
The 5 of them are only used by gfsh, which is the real "internal function".
The other 4 will be called by client application, so they should specify
ResourcePermissions.READ.
> Lucene Functions specified using Internal Function's required permission,
> will be rejected by PCC
> -------------------------------------------------------------------------------------------------
>
> Key: GEODE-6930
> URL: https://issues.apache.org/jira/browse/GEODE-6930
> Project: Geode
> Issue Type: Bug
> Components: lucene
> Reporter: xiaojian zhou
> Assignee: xiaojian zhou
> Priority: Major
> Labels: GeodeCommons
> Fix For: 1.10.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> When playing lucene app, I noticed the query is rejected with following error
> msg:
> 2019-06-14T10:24:29.83-0700 [APP/PROC/WEB/0] OUT Caused by:
> org.apache.geode.security.NotAuthorizedException:
> developer_jNnlmXMEdwsrmaDayfNKg not authorized for *
> This is because all the lucene functions are implementing Internal Function
> but forgot to override it's getRequiredPermissions method. So it requires to
> have ResourcePermissions.ALL to execute.
> There're following 9 lucene functions:
> WaitUntilFlushedFunction (Need READ)
> LuceneQueryFunction (Need READ)
> IndexingInProgressFunction (Need READ)
> LuceneCreateIndexFunction (used by gfsh only, no need to change)
> LuceneDestroyIndexFunction (used by gfsh only, no need to change)
> LuceneDescribeIndexFunction (used by gfsh only, no need to change)
> LuceneSearchIndexFunction (used by gfsh only, no need to change)
> LuceneListIndexFunction (used by gfsh only, no need to change)
> LuceneGetPageFunction (Need READ)
> The 5 of them are only used by gfsh, which is the real "internal function".
> The other 4 will be called by client application, so they should specify
> ResourcePermissions.READ.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
