in geode-dunit/src/main/java/org/apache/geode/security/templates/XmlAuthorization.java [285:388]
public boolean authorizeOperation(String regionName, final OperationContext context) {
Map<OperationCode, FunctionSecurityPrmsHolder> operationMap;
// Check GET permissions for updates from server to client
if (context.isClientUpdate()) {
operationMap = allowedOps.get(regionName);
if (operationMap == null && regionName.length() > 0) {
operationMap = allowedOps.get(EMPTY_VALUE);
}
if (operationMap != null) {
return operationMap.containsKey(OperationCode.GET);
}
return false;
}
OperationCode opCode = context.getOperationCode();
if (opCode.isQuery() || opCode.isExecuteCQ() || opCode.isCloseCQ() || opCode.isStopCQ()) {
// First check if cache-level permission has been provided
operationMap = allowedOps.get(EMPTY_VALUE);
boolean globalPermission = (operationMap != null && operationMap.containsKey(opCode));
Set<String> regionNames = ((QueryOperationContext) context).getRegionNames();
if (regionNames == null || regionNames.size() == 0) {
return globalPermission;
}
for (String r : regionNames) {
regionName = normalizeRegionName(r);
operationMap = allowedOps.get(regionName);
if (operationMap == null) {
if (!globalPermission) {
return false;
}
} else if (!operationMap.containsKey(opCode)) {
return false;
}
}
return true;
}
final String normalizedRegionName = normalizeRegionName(regionName);
operationMap = allowedOps.get(normalizedRegionName);
if (operationMap == null && normalizedRegionName.length() > 0) {
operationMap = allowedOps.get(EMPTY_VALUE);
}
if (operationMap != null) {
if (context.getOperationCode() != OperationCode.EXECUTE_FUNCTION) {
return operationMap.containsKey(context.getOperationCode());
} else {
if (!operationMap.containsKey(context.getOperationCode())) {
return false;
} else {
if (!context.isPostOperation()) {
FunctionSecurityPrmsHolder functionParameter =
operationMap.get(context.getOperationCode());
ExecuteFunctionOperationContext functionContext =
(ExecuteFunctionOperationContext) context;
// OnRegion execution
if (functionContext.getRegionName() != null) {
if (functionParameter.isOptimizeForWrite() != null && functionParameter
.isOptimizeForWrite() != functionContext.isOptimizeForWrite()) {
return false;
}
if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds()
.contains(functionContext.getFunctionId())) {
return false;
}
if (functionParameter.getKeySet() != null && functionContext.getKeySet() != null) {
return !functionContext.getKeySet().containsAll(functionParameter.getKeySet());
}
return true;
} else {// On Server execution
return functionParameter.getFunctionIds() == null
|| functionParameter.getFunctionIds()
.contains(functionContext.getFunctionId());
}
} else {
ExecuteFunctionOperationContext functionContext =
(ExecuteFunctionOperationContext) context;
FunctionSecurityPrmsHolder functionParameter =
operationMap.get(context.getOperationCode());
if (functionContext.getRegionName() != null) {
if (functionContext.getResult() instanceof ArrayList
&& functionParameter.getKeySet() != null) {
ArrayList<String> resultList = (ArrayList) functionContext.getResult();
Set<String> nonAllowedKeys = functionParameter.getKeySet();
return !resultList.containsAll(nonAllowedKeys);
}
return true;
} else {
ArrayList<String> resultList = (ArrayList) functionContext.getResult();
final String inSecureItem = "Insecure item";
return !resultList.contains(inSecureItem);
}
}
}
}
}
return false;
}