[
https://issues.apache.org/jira/browse/GEODE-3974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16329402#comment-16329402
]
ASF GitHub Bot commented on GEODE-3974:
---------------------------------------
PurelyApplied commented on a change in pull request #1287: GEODE-3974: function
security improvement
URL: https://github.com/apache/geode/pull/1287#discussion_r162164739
##########
File path:
geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/UserFunctionExecution.java
##########
@@ -31,138 +34,149 @@
import org.apache.geode.internal.ClassPathLoader;
import org.apache.geode.internal.InternalEntity;
import org.apache.geode.internal.cache.InternalCache;
+import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.security.AuthenticationRequiredException;
/**
* @since GemFire 7.0
*/
public class UserFunctionExecution implements Function<Object[]>,
InternalEntity {
public static final String ID = UserFunctionExecution.class.getName();
+ private static Logger logger = LogService.getLogger();
private static final long serialVersionUID = 1L;
@Override
public void execute(FunctionContext<Object[]> context) {
Cache cache = context.getCache();
DistributedMember member =
cache.getDistributedSystem().getDistributedMember();
- try {
- String[] functionArgs = null;
- Object[] args = context.getArguments();
- if (args == null) {
- context.getResultSender().lastResult(new
CliFunctionResult(member.getId(), false,
- CliStrings.EXECUTE_FUNCTION__MSG__COULD_NOT_RETRIEVE_ARGUMENTS));
- return;
- }
+ String[] functionArgs = null;
+ Object[] args = context.getArguments();
+ if (args == null) {
+ context.getResultSender().lastResult(new
CliFunctionResult(member.getId(), false,
+ CliStrings.EXECUTE_FUNCTION__MSG__COULD_NOT_RETRIEVE_ARGUMENTS));
+ return;
+ }
- String functionId = ((String) args[0]);
- String filterString = ((String) args[1]);
- String resultCollectorName = ((String) args[2]);
- String argumentsString = ((String) args[3]);
- String onRegion = ((String) args[4]);
- Properties credentials = (Properties) args[5];
+ String functionId = ((String) args[0]);
+ String filterString = ((String) args[1]);
+ String resultCollectorName = ((String) args[2]);
+ String argumentsString = ((String) args[3]);
+ String onRegion = ((String) args[4]);
+ Properties credentials = (Properties) args[5];
- SecurityService securityService = ((InternalCache)
context.getCache()).getSecurityService();
+ SecurityService securityService = ((InternalCache)
context.getCache()).getSecurityService();
+ boolean loginNeeded = false;
+ try {
+ // if the function is executed on a server with jmx-manager that user is
already logged into
+ // then we do not need to do login/logout here.
+ Subject subject = securityService.getSubject();
+ loginNeeded = subject == null || !subject.isAuthenticated();
+ } catch (AuthenticationRequiredException e) {
+ loginNeeded = true;
+ }
Review comment:
This logic seems like it could belong to the `SecurityService`, if we think
we might be able to reuse it in the future.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> improve permission for Internal functions
> -----------------------------------------
>
> Key: GEODE-3974
> URL: https://issues.apache.org/jira/browse/GEODE-3974
> Project: Geode
> Issue Type: Bug
> Components: docs, management
> Reporter: Jinmei Liao
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.5.0
>
>
> Internal functions needs to be updated to require appropriate permissions
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
