Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GEODE-3974: function security improvement #1287

Merged
merged 5 commits into from
Jan 19, 2018

Conversation

jinmeiliao
Copy link
Member

  • function executed on a local member does not log out user accidentally
  • Mark some internal functions as InternalEntity
  • test refactor

Copy link
Member

@PurelyApplied PurelyApplied left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only the comment surrounding the securityService.logout is pressing.

String[] functionArgs = null;
Object[] args = context.getArguments();
if (args == null) {
context.getResultSender().lastResult(new CliFunctionResult(member.getId(), false,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would sendException be preferable to lastResult here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would lean to not messing with the previous behavior on this front for now.

loginNeeded = subject == null || !subject.isAuthenticated();
} catch (AuthenticationRequiredException e) {
loginNeeded = true;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic seems like it could belong to the SecurityService, if we think we might be able to reuse it in the future.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's see how it would get reused before we make it a public facing api.

.lastResult(new CliFunctionResult(member.getId(), false, "Exception: " + e.getMessage()));
} finally {
if (loginNeeded) {
securityService.logout();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could get weird if the securityService.login (line 84) fails. A new boolean indicating successful login might be a better gate.

81:
boolean loginSuccessful = false;
try{
  if (loginNeeded) { 
    securityService.login(credentials);
    loginSuccessful = true;
  }
...
} finally {
  if (loginSuccessful) {
    securityService.logout();
  }
}

Alternatively, if the block in my other comment was a method on the SecurityService, we might be able to just check that here: if (!securityService.loginRequired()){. Although I'm not sure I like how that reads, so maybe not.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

"execute function --region=" + regionName + " --id=" + thisFunction.getId())
.containsOutput("not authorized for " + thisMissingPermission.toString()).statusIsError();
@ConnectionConfiguration(user = "user", password = "user")
public void functionRequireExpectedPermission() throws Exception {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that the testing of the security service itself is rather beyond the scope of this test class, but do we have any positive-tests for permissions with region-level specificity? ExecuteFunctionCommandSecurityTest and ExecuteFunctionCommandWitSecurityDUnitTest appear to stop at the second tier, i.e., clusterManage and dataRead.

I think we need the positive-test coverage that these testValid* tests have, even if they belong in a different class / ticket.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have plenty of unit tests that tests implies to target level. I will add a few more here if needed.

* function executed on a local member does not log out user accidentally
* Mark some internal functions as InternalEntity
* test refactor
@jinmeiliao jinmeiliao merged commit 00be4f9 into apache:develop Jan 19, 2018
@jinmeiliao jinmeiliao deleted the function2 branch January 19, 2018 07:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants