Commit abb24db6 authored by chiaming2000's avatar chiaming2000
Browse files

Java simulator: 

Added RANGE operation Permission check. Client must be in the ACL scope
in order to perform an operation, including RANGE op.
parent 2d1e4ce1

kinetic-simulator/src/main/java/com/seagate/kinetic/simulator/persist/RangeOp.java

+13 −1
Original line number Diff line number Diff line
@@ -36,10 +36,11 @@ import com.google.protobuf.ByteString; 
import com.seagate.kinetic.common.lib.Hmac;

import com.seagate.kinetic.common.lib.KineticMessage;

import com.seagate.kinetic.proto.Kinetic.Command;



import com.seagate.kinetic.proto.Kinetic.Command.MessageType;

import com.seagate.kinetic.proto.Kinetic.Command.Range;

import com.seagate.kinetic.proto.Kinetic.Command.Security.ACL.Permission;

import com.seagate.kinetic.proto.Kinetic.Command.Status;

import com.seagate.kinetic.proto.Kinetic.Command.Status.StatusCode;

import com.seagate.kinetic.simulator.internal.Authorizer;

import com.seagate.kinetic.simulator.internal.InvalidRequestException;

import com.seagate.kinetic.simulator.internal.KVSecurityException;
@@ -110,6 +111,7 @@ public class RangeOp { 


                reverse = r.getReverse();





                if (n < 1) {

                    oops("the number of entries is <= 0");

                }
@@ -118,6 +120,14 @@ public class RangeOp { 


                switch (request.getCommand().getHeader().getMessageType()) {

                case GETKEYRANGE:



                    // check permission

                    Authorizer.checkPermission(aclMap, request.getMessage()

                            .getHmacAuth().getIdentity(), Permission.RANGE, k1);



                    Authorizer.checkPermission(aclMap, request.getMessage()

                            .getHmacAuth().getIdentity(), Permission.RANGE, k2);



                    if (reverse) {

                        List<KVKey> l = (ArrayList<KVKey>) store.getRangeReversed(

                                k1, i1, k2, i2, n);
@@ -162,6 +172,8 @@ public class RangeOp { 
            } catch (InvalidRequestException  ire) {

                oops(Status.StatusCode.INVALID_REQUEST,

                        ire.getMessage());

            } catch (KVSecurityException se) {

                oops(StatusCode.NOT_AUTHORIZED, se.getMessage());

            } catch (Exception e) {

                LOG.fine(e.toString());

                Writer writer = new StringWriter();

kinetic-test/src/test/java/com/seagate/kinetic/boundary/KineticBoundaryTest.java

+15 −11
Original line number Diff line number Diff line
@@ -19,19 +19,15 @@ 
 */

package com.seagate.kinetic.boundary;



import static org.testng.AssertJUnit.assertArrayEquals;

import static org.testng.AssertJUnit.assertEquals;

import static org.testng.AssertJUnit.assertFalse;

import static org.testng.AssertJUnit.assertTrue;

import static org.testng.AssertJUnit.assertNull;



import org.testng.annotations.Test;

import org.testng.Assert;



import static com.seagate.kinetic.KineticAssertions.assertEntryEquals;

import static com.seagate.kinetic.KineticAssertions.assertKeyNotFound;

import static com.seagate.kinetic.KineticTestHelpers.int32;

import static com.seagate.kinetic.KineticTestHelpers.toByteArray;

import static org.testng.AssertJUnit.assertEquals;

import static org.testng.AssertJUnit.assertFalse;

import static org.testng.AssertJUnit.assertNull;

import static org.testng.AssertJUnit.assertTrue;

import static org.testng.internal.junit.ArrayAsserts.assertArrayEquals;



import java.io.UnsupportedEncodingException;

import java.util.Arrays;
@@ -49,6 +45,9 @@ import kinetic.client.VersionMismatchException; 
import kinetic.client.advanced.AdvancedKineticClient;

import kinetic.simulator.SimulatorConfiguration;



import org.testng.Assert;

import org.testng.annotations.Test;



import com.google.common.collect.Lists;

import com.google.common.collect.Maps;

import com.google.protobuf.ByteString;
@@ -2319,8 +2318,11 @@ public class KineticBoundaryTest extends IntegrationTestCase { 


        KineticClient clientWithVisibilityGap = createClientWithSpecifiedRolesForEntries(clientName,entryToRoleMap);



        // XXX chiaming 01/27/2015: RANGE op throws Exception if no permission

        // for all keys.

        // for all domains.

        List<byte[]> keyRange = clientWithVisibilityGap.getKeyRange(

                entry02.getKey(), true, entry09.getKey(), true, 10);

                entry02.getKey(), true, entry03.getKey(), true, 10);

        assertEquals(2, keyRange.size());

        assertArrayEquals(entry02.getKey(), keyRange.get(0));

        assertArrayEquals(entry03.getKey(), keyRange.get(1));
@@ -2376,8 +2378,10 @@ public class KineticBoundaryTest extends IntegrationTestCase { 


        AdvancedKineticClient clientWithVisibilityGap = createClientWithSpecifiedRolesForEntries(clientName, entryToRoleMap);



        // XXX chiaming 01/27/2015: Range Op throws exception if no permission

        // for all keys.

        List<byte[]> keyRange = clientWithVisibilityGap.getKeyRangeReversed(

                entry01.getKey(), true, entry09.getKey(), true, 10);

                entry06.getKey(), true, entry08.getKey(), true, 10);

        assertEquals(3, keyRange.size());

        assertArrayEquals(entry08.getKey(), keyRange.get(0));

        assertArrayEquals(entry07.getKey(), keyRange.get(1));