[jira] [Commented] (GEODE-3787) Ambiguous exception thrown with method invoked in OQL query with new security configured

Mon, 09 Oct 2017 17:07:47 -0700 

    [ 
https://issues.apache.org/jira/browse/GEODE-3787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16197908#comment-16197908
 ] 

ASF subversion and git services commented on GEODE-3787:
--------------------------------------------------------

Commit 42b76583b1ac14e4caa4a1311620c0be2e2fb7de in geode's branch 
refs/heads/develop from [~huynhja]
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=42b7658 ]

GEODE-3787: Do not catch NotAuthorizedExceptions in CompiledIteratorDef

  * Fixed test where fail was not being called when needed
  * Queries that do not actually invoke a method but should be restricted
    are now reclassified into a new dunit test


> Ambiguous exception thrown with method invoked in OQL query with new security 
> configured
> ----------------------------------------------------------------------------------------
>
>                 Key: GEODE-3787
>                 URL: https://issues.apache.org/jira/browse/GEODE-3787
>             Project: Geode
>          Issue Type: Bug
>          Components: querying, security
>            Reporter: Diane Hardman
>
> I've configured my cluster using the new security (using 
> ExampleSecurityManager) with 1 locator and 1 server. After adding 3 key-value 
> pairs into the single partitioned region (region1), I use a second terminal 
> to connect as a user with read-only privilege to the region.
> When I enter a query that invokes a put method, I get an odd exception 
> message in gfsh.
> {noformat}
> gfsh>query --query="select * from /region1.put('xyz','abc')"
> Message : Exception in evaluating the Collection Expression in 
> getRuntimeIterator() even though the Collection is independent of any 
> RuntimeIterator
> Result  : false
> (noformat}
> Looking in the server log file, it looks like this exception is logged first 
> and later is followed by the more meaningful error:
> {noformat}
> [warning 2017/10/05 17:53:50.040 PDT serv1 <Function Execution Processor2> 
> tid=0x81] Exception in evaluating the Collection Expression in 
> getRuntimeIterator() even though the Collection is independent of any 
> RuntimeIterator
> org.apache.geode.cache.query.TypeMismatchException: Exception in evaluating 
> the Collection Expression in getRuntimeIterator() even though the Collection 
> is independent of any RuntimeIterator
>         at 
> org.apache.geode.cache.query.internal.CompiledIteratorDef.getRuntimeIterator(CompiledIteratorDef.java:127)
> ... <many lines removed>
> Caused by: org.apache.geode.security.NotAuthorizedException: Unauthorized 
> access to method: put
>         at 
> org.apache.geode.cache.query.internal.RestrictedMethodInvocationAuthorizer.authorizeMethodInvocation(RestrictedMethodInvocationAuthorizer.java:123)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to