This is an automated email from the ASF dual-hosted git repository.
wirebaron pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new 80ad2d7 GEODE-4270: remove race condition where CacheClientProxy
could be asked to (#1378)
80ad2d7 is described below
commit 80ad2d70435fb255a8a2d08c8866fbb30a7bedd3
Author: Brian Rowe <br...@pivotal.io>
AuthorDate: Fri Feb 2 11:50:21 2018 -0800
GEODE-4270: remove race condition where CacheClientProxy could be asked to
(#1378)
authorize a message prior to receiving its security subject.
---
.../cache/tier/sockets/CacheClientNotifier.java | 36 +++++++++++++---------
.../cache/tier/sockets/CacheClientProxy.java | 5 +--
2 files changed, 25 insertions(+), 16 deletions(-)
diff --git
a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientNotifier.java
b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientNotifier.java
index 81bad21..7d67b37 100755
---
a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientNotifier.java
+++
b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientNotifier.java
@@ -14,7 +14,8 @@
*/
package org.apache.geode.internal.cache.tier.sockets;
-import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static
org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_ACCESSOR_PP;
+import static
org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR;
import java.io.BufferedOutputStream;
import java.io.DataInputStream;
@@ -327,20 +328,25 @@ public class CacheClientNotifier {
new IllegalArgumentException("Invalid conflation byte"),
clientVersion);
return;
}
-
- proxy = registerClient(socket, proxyID, proxy, isPrimary,
clientConflation, clientVersion,
- acceptorId, notifyBySubscription);
-
+ Object subject = null;
Properties credentials =
HandShake.readCredentials(dis, dos, system,
this.cache.getSecurityService());
- if (credentials != null && proxy != null) {
+ if (credentials != null) {
if (securityLogWriter.fineEnabled()) {
securityLogWriter
.fine("CacheClientNotifier: verifying credentials for proxyID: "
+ proxyID);
}
- Object subject =
+ subject =
HandShake.verifyCredentials(authenticator, credentials,
system.getSecurityProperties(),
this.logWriter, this.securityLogWriter, member,
this.cache.getSecurityService());
+ }
+
+ Subject shiroSubject =
+ subject != null && subject instanceof Subject ? (Subject) subject :
null;
+ proxy = registerClient(socket, proxyID, proxy, isPrimary,
clientConflation, clientVersion,
+ acceptorId, notifyBySubscription, shiroSubject);
+
+ if (proxy != null && subject != null) {
if (subject instanceof Principal) {
Principal principal = (Principal) subject;
if (securityLogWriter.fineEnabled()) {
@@ -361,8 +367,6 @@ public class CacheClientNotifier {
authzCallback.init(principal, member, this.getCache());
}
proxy.setPostAuthzCallback(authzCallback);
- } else if (subject instanceof Subject) {
- proxy.setSubject((Subject) subject);
}
}
} catch (ClassNotFoundException e) {
@@ -413,7 +417,8 @@ public class CacheClientNotifier {
*/
private CacheClientProxy registerClient(Socket socket,
ClientProxyMembershipID proxyId,
CacheClientProxy proxy, boolean isPrimary, byte clientConflation,
Version clientVersion,
- long acceptorId, boolean notifyBySubscription) throws IOException,
CacheException {
+ long acceptorId, boolean notifyBySubscription, Subject subject)
+ throws IOException, CacheException {
CacheClientProxy l_proxy = proxy;
// Initialize the socket
@@ -456,10 +461,12 @@ public class CacheClientNotifier {
"CacheClientNotifier: No proxy exists for durable client with id
{}. It must be created.",
proxyId.getDurableId());
}
- l_proxy = new CacheClientProxy(this, socket, proxyId, isPrimary,
clientConflation,
- clientVersion, acceptorId, notifyBySubscription,
this.cache.getSecurityService());
+ l_proxy =
+ new CacheClientProxy(this, socket, proxyId, isPrimary,
clientConflation, clientVersion,
+ acceptorId, notifyBySubscription,
this.cache.getSecurityService(), subject);
successful = this.initializeProxy(l_proxy);
} else {
+ l_proxy.setSubject(subject);
if (proxy.isPrimary()) {
epType = (byte) 2;
} else {
@@ -534,8 +541,9 @@ public class CacheClientNotifier {
if (toCreateNewProxy) {
// Create the new proxy for this non-durable client
- l_proxy = new CacheClientProxy(this, socket, proxyId, isPrimary,
clientConflation,
- clientVersion, acceptorId, notifyBySubscription,
this.cache.getSecurityService());
+ l_proxy =
+ new CacheClientProxy(this, socket, proxyId, isPrimary,
clientConflation, clientVersion,
+ acceptorId, notifyBySubscription,
this.cache.getSecurityService(), subject);
successful = this.initializeProxy(l_proxy);
}
}
diff --git
a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java
b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java
index f915b0d..d584825 100644
---
a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java
+++
b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/CacheClientProxy.java
@@ -337,7 +337,7 @@ public class CacheClientProxy implements ClientSession {
protected CacheClientProxy(CacheClientNotifier ccn, Socket socket,
ClientProxyMembershipID proxyID, boolean isPrimary, byte
clientConflation,
Version clientVersion, long acceptorId, boolean notifyBySubscription,
- SecurityService securityService) throws CacheException {
+ SecurityService securityService, Subject subject) throws CacheException {
initializeTransientFields(socket, proxyID, isPrimary, clientConflation,
clientVersion);
this._cacheClientNotifier = ccn;
@@ -351,6 +351,7 @@ public class CacheClientProxy implements ClientSession {
this._statistics =
new CacheClientProxyStats(factory, "id_" +
this.proxyID.getDistributedMember().getId()
+ "_at_" + this._remoteHostAddress + ":" + this._socket.getPort());
+ this.subject = subject;
// Create the interest list
this.cils[RegisterInterestTracker.interestListIndex] =
@@ -392,7 +393,7 @@ public class CacheClientProxy implements ClientSession {
// TODO:hitesh synchronization
synchronized (this.clientUserAuthsLock) {
if (this.subject != null) {
- subject.logout();
+ this.subject.logout();
}
this.subject = subject;
}
--
To stop receiving notification emails like this one, please contact
wireba...@apache.org.
