Merge lp:~mmcm/akiban-server/is-session-restrict into lp:~akiban-technologies/akiban-server/trunk
- is-session-restrict
- Merge into trunk
Status: | Merged |
---|---|
Approved by: | Nathan Williams |
Approved revision: | 2642 |
Merged at revision: | 2641 |
Proposed branch: | lp:~mmcm/akiban-server/is-session-restrict |
Merge into: | lp:~akiban-technologies/akiban-server/trunk |
Diff against target: |
469 lines (+91/-34) 9 files modified
src/main/java/com/akiban/server/service/is/ServerSchemaTablesServiceImpl.java (+50/-25) src/main/java/com/akiban/server/service/monitor/MonitorService.java (+7/-2) src/main/java/com/akiban/server/service/monitor/MonitorServiceImpl.java (+13/-2) src/main/java/com/akiban/server/service/security/SecurityService.java (+1/-0) src/main/java/com/akiban/server/service/security/SecurityServiceImpl.java (+7/-0) src/main/java/com/akiban/sql/embedded/JDBCConnection.java (+2/-2) src/main/java/com/akiban/sql/pg/PostgresServerConnection.java (+3/-3) src/main/java/com/akiban/sql/pg/PostgresServerStatement.java (+3/-0) src/test/java/com/akiban/sql/ServerSessionITBase.java (+5/-0) |
To merge this branch: | bzr merge lp:~mmcm/akiban-server/is-session-restrict |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Akiban Build User | Needs Fixing | ||
Nathan Williams | Approve | ||
Review via email: mp+160521@code.launchpad.net |
Commit message
Description of the change
Restrict session tables to own session when security enabled and not admin.
Restrict ALTER TABLE the same way.
Akiban Build User (build-akiban) wrote : | # |
There were 2 failures during build/test:
* job server-build failed at build number 3986: http://
* view must-pass failed: server-build is red
Akiban Build User (build-akiban) wrote : | # |
There were 2 failures during build/test:
* job server-build failed at build number 3990: http://
* view must-pass failed: server-build is yellow
Mike McMahon (mmcm) wrote : | # |
The order returned by full text seems to be non-deterministic, probably because the loading is asynchronous. But maybe we'll get lucky.
Akiban Build User (build-akiban) wrote : | # |
There were 2 failures during build/test:
* job server-build failed at build number 3992: http://
* view must-pass failed: server-build is yellow
Preview Diff
1 | === modified file 'src/main/java/com/akiban/server/service/is/ServerSchemaTablesServiceImpl.java' | |||
2 | --- src/main/java/com/akiban/server/service/is/ServerSchemaTablesServiceImpl.java 2013-03-22 20:05:57 +0000 | |||
3 | +++ src/main/java/com/akiban/server/service/is/ServerSchemaTablesServiceImpl.java 2013-04-24 20:46:27 +0000 | |||
4 | @@ -19,6 +19,8 @@ | |||
5 | 19 | import java.lang.management.GarbageCollectorMXBean; | 19 | import java.lang.management.GarbageCollectorMXBean; |
6 | 20 | import java.lang.management.ManagementFactory; | 20 | import java.lang.management.ManagementFactory; |
7 | 21 | import java.lang.management.MemoryPoolMXBean; | 21 | import java.lang.management.MemoryPoolMXBean; |
8 | 22 | import java.util.Collection; | ||
9 | 23 | import java.util.Collections; | ||
10 | 22 | import java.util.Iterator; | 24 | import java.util.Iterator; |
11 | 23 | import java.util.Map; | 25 | import java.util.Map; |
12 | 24 | 26 | ||
13 | @@ -42,6 +44,8 @@ | |||
14 | 42 | import com.akiban.server.service.monitor.PreparedStatementMonitor; | 44 | import com.akiban.server.service.monitor.PreparedStatementMonitor; |
15 | 43 | import com.akiban.server.service.monitor.ServerMonitor; | 45 | import com.akiban.server.service.monitor.ServerMonitor; |
16 | 44 | import com.akiban.server.service.monitor.SessionMonitor; | 46 | import com.akiban.server.service.monitor.SessionMonitor; |
17 | 47 | import com.akiban.server.service.security.SecurityService; | ||
18 | 48 | import com.akiban.server.service.session.Session; | ||
19 | 45 | import com.akiban.server.store.SchemaManager; | 49 | import com.akiban.server.store.SchemaManager; |
20 | 46 | import com.akiban.server.types.AkType; | 50 | import com.akiban.server.types.AkType; |
21 | 47 | import com.akiban.server.types.FromObjectValueSource; | 51 | import com.akiban.server.types.FromObjectValueSource; |
22 | @@ -63,20 +67,23 @@ | |||
23 | 63 | static final TableName SERVER_TAPS = new TableName (SCHEMA_NAME, "server_taps"); | 67 | static final TableName SERVER_TAPS = new TableName (SCHEMA_NAME, "server_taps"); |
24 | 64 | static final TableName SERVER_PREPARED_STATEMENTS = new TableName (SCHEMA_NAME, "server_prepared_statements"); | 68 | static final TableName SERVER_PREPARED_STATEMENTS = new TableName (SCHEMA_NAME, "server_prepared_statements"); |
25 | 65 | static final TableName SERVER_CURSORS = new TableName (SCHEMA_NAME, "server_cursors"); | 69 | static final TableName SERVER_CURSORS = new TableName (SCHEMA_NAME, "server_cursors"); |
27 | 66 | 70 | ||
28 | 67 | private final MonitorService monitor; | 71 | private final MonitorService monitor; |
29 | 68 | private final ConfigurationService configService; | 72 | private final ConfigurationService configService; |
30 | 69 | private final AkServerInterface serverInterface; | 73 | private final AkServerInterface serverInterface; |
31 | 74 | private final SecurityService securityService; | ||
32 | 70 | 75 | ||
33 | 71 | @Inject | 76 | @Inject |
34 | 72 | public ServerSchemaTablesServiceImpl (SchemaManager schemaManager, | 77 | public ServerSchemaTablesServiceImpl (SchemaManager schemaManager, |
35 | 73 | MonitorService monitor, | 78 | MonitorService monitor, |
36 | 74 | ConfigurationService configService, | 79 | ConfigurationService configService, |
38 | 75 | AkServerInterface serverInterface) { | 80 | AkServerInterface serverInterface, |
39 | 81 | SecurityService securityService) { | ||
40 | 76 | super(schemaManager); | 82 | super(schemaManager); |
41 | 77 | this.monitor = monitor; | 83 | this.monitor = monitor; |
42 | 78 | this.configService = configService; | 84 | this.configService = configService; |
43 | 79 | this.serverInterface = serverInterface; | 85 | this.serverInterface = serverInterface; |
44 | 86 | this.securityService = securityService; | ||
45 | 80 | } | 87 | } |
46 | 81 | 88 | ||
47 | 82 | @Override | 89 | @Override |
48 | @@ -114,6 +121,21 @@ | |||
49 | 114 | // nothing | 121 | // nothing |
50 | 115 | } | 122 | } |
51 | 116 | 123 | ||
52 | 124 | protected Collection<SessionMonitor> getAccessibleSessions(Session session) { | ||
53 | 125 | if (securityService.hasRestrictedAccess(session)) { | ||
54 | 126 | return monitor.getSessionMonitors(); | ||
55 | 127 | } | ||
56 | 128 | else { | ||
57 | 129 | SessionMonitor sm = monitor.getSessionMonitor(session); | ||
58 | 130 | if (sm == null) { | ||
59 | 131 | return Collections.emptyList(); | ||
60 | 132 | } | ||
61 | 133 | else { | ||
62 | 134 | return Collections.singletonList(sm); | ||
63 | 135 | } | ||
64 | 136 | } | ||
65 | 137 | } | ||
66 | 138 | |||
67 | 117 | private class InstanceSummary extends BasicFactoryBase { | 139 | private class InstanceSummary extends BasicFactoryBase { |
68 | 118 | 140 | ||
69 | 119 | public InstanceSummary(TableName sourceTable) { | 141 | public InstanceSummary(TableName sourceTable) { |
70 | @@ -122,7 +144,7 @@ | |||
71 | 122 | 144 | ||
72 | 123 | @Override | 145 | @Override |
73 | 124 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 146 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
75 | 125 | return new Scan(getRowType(adapter)); | 147 | return new Scan(adapter.getSession(), getRowType(adapter)); |
76 | 126 | } | 148 | } |
77 | 127 | 149 | ||
78 | 128 | @Override | 150 | @Override |
79 | @@ -132,7 +154,7 @@ | |||
80 | 132 | 154 | ||
81 | 133 | private class Scan extends BaseScan { | 155 | private class Scan extends BaseScan { |
82 | 134 | 156 | ||
84 | 135 | public Scan (RowType rowType) { | 157 | public Scan (Session session, RowType rowType) { |
85 | 136 | super(rowType); | 158 | super(rowType); |
86 | 137 | } | 159 | } |
87 | 138 | 160 | ||
88 | @@ -158,7 +180,7 @@ | |||
89 | 158 | 180 | ||
90 | 159 | @Override | 181 | @Override |
91 | 160 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 182 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
93 | 161 | return new Scan (getRowType(adapter)); | 183 | return new Scan (adapter.getSession(), getRowType(adapter)); |
94 | 162 | } | 184 | } |
95 | 163 | 185 | ||
96 | 164 | @Override | 186 | @Override |
97 | @@ -168,7 +190,7 @@ | |||
98 | 168 | 190 | ||
99 | 169 | private class Scan extends BaseScan { | 191 | private class Scan extends BaseScan { |
100 | 170 | final Iterator<ServerMonitor> servers = monitor.getServerMonitors().values().iterator(); | 192 | final Iterator<ServerMonitor> servers = monitor.getServerMonitors().values().iterator(); |
102 | 171 | public Scan(RowType rowType) { | 193 | public Scan(Session session, RowType rowType) { |
103 | 172 | super(rowType); | 194 | super(rowType); |
104 | 173 | } | 195 | } |
105 | 174 | 196 | ||
106 | @@ -198,7 +220,7 @@ | |||
107 | 198 | 220 | ||
108 | 199 | @Override | 221 | @Override |
109 | 200 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 222 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
111 | 201 | return new Scan (getRowType(adapter)); | 223 | return new Scan (adapter.getSession(), getRowType(adapter)); |
112 | 202 | } | 224 | } |
113 | 203 | 225 | ||
114 | 204 | @Override | 226 | @Override |
115 | @@ -207,9 +229,10 @@ | |||
116 | 207 | } | 229 | } |
117 | 208 | 230 | ||
118 | 209 | private class Scan extends BaseScan { | 231 | private class Scan extends BaseScan { |
121 | 210 | final Iterator<SessionMonitor> sessions = monitor.getSessionMonitors().iterator(); | 232 | final Iterator<SessionMonitor> sessions; |
122 | 211 | public Scan(RowType rowType) { | 233 | public Scan(Session session, RowType rowType) { |
123 | 212 | super(rowType); | 234 | super(rowType); |
124 | 235 | sessions = getAccessibleSessions(session).iterator(); | ||
125 | 213 | } | 236 | } |
126 | 214 | 237 | ||
127 | 215 | @Override | 238 | @Override |
128 | @@ -252,7 +275,7 @@ | |||
129 | 252 | 275 | ||
130 | 253 | @Override | 276 | @Override |
131 | 254 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 277 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
133 | 255 | return new Scan (getRowType(adapter)); | 278 | return new Scan (adapter.getSession(), getRowType(adapter)); |
134 | 256 | } | 279 | } |
135 | 257 | 280 | ||
136 | 258 | @Override | 281 | @Override |
137 | @@ -263,7 +286,7 @@ | |||
138 | 263 | private class Scan extends BaseScan { | 286 | private class Scan extends BaseScan { |
139 | 264 | 287 | ||
140 | 265 | private final ErrorCode[] codes = ErrorCode.values(); | 288 | private final ErrorCode[] codes = ErrorCode.values(); |
142 | 266 | public Scan(RowType rowType) { | 289 | public Scan(Session session, RowType rowType) { |
143 | 267 | super(rowType); | 290 | super(rowType); |
144 | 268 | } | 291 | } |
145 | 269 | 292 | ||
146 | @@ -288,7 +311,7 @@ | |||
147 | 288 | 311 | ||
148 | 289 | @Override | 312 | @Override |
149 | 290 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 313 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
151 | 291 | return new Scan (getRowType(adapter)); | 314 | return new Scan (adapter.getSession(), getRowType(adapter)); |
152 | 292 | } | 315 | } |
153 | 293 | 316 | ||
154 | 294 | @Override | 317 | @Override |
155 | @@ -299,7 +322,7 @@ | |||
156 | 299 | private class Scan extends BaseScan { | 322 | private class Scan extends BaseScan { |
157 | 300 | private Iterator<Map.Entry<String,String>> propertyIt; | 323 | private Iterator<Map.Entry<String,String>> propertyIt; |
158 | 301 | 324 | ||
160 | 302 | public Scan(RowType rowType) { | 325 | public Scan(Session session, RowType rowType) { |
161 | 303 | super(rowType); | 326 | super(rowType); |
162 | 304 | propertyIt = configService.getProperties().entrySet().iterator(); | 327 | propertyIt = configService.getProperties().entrySet().iterator(); |
163 | 305 | } | 328 | } |
164 | @@ -324,7 +347,7 @@ | |||
165 | 324 | 347 | ||
166 | 325 | @Override | 348 | @Override |
167 | 326 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 349 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
169 | 327 | return new Scan (getRowType(adapter)); | 350 | return new Scan (adapter.getSession(), getRowType(adapter)); |
170 | 328 | } | 351 | } |
171 | 329 | 352 | ||
172 | 330 | @Override | 353 | @Override |
173 | @@ -335,7 +358,7 @@ | |||
174 | 335 | private class Scan extends BaseScan { | 358 | private class Scan extends BaseScan { |
175 | 336 | private final Iterator<MemoryPoolMXBean> it; | 359 | private final Iterator<MemoryPoolMXBean> it; |
176 | 337 | 360 | ||
178 | 338 | public Scan(RowType rowType) { | 361 | public Scan(Session session, RowType rowType) { |
179 | 339 | super(rowType); | 362 | super(rowType); |
180 | 340 | it = ManagementFactory.getMemoryPoolMXBeans().iterator(); | 363 | it = ManagementFactory.getMemoryPoolMXBeans().iterator(); |
181 | 341 | } | 364 | } |
182 | @@ -364,7 +387,7 @@ | |||
183 | 364 | 387 | ||
184 | 365 | @Override | 388 | @Override |
185 | 366 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 389 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
187 | 367 | return new Scan (getRowType(adapter)); | 390 | return new Scan (adapter.getSession(), getRowType(adapter)); |
188 | 368 | } | 391 | } |
189 | 369 | 392 | ||
190 | 370 | @Override | 393 | @Override |
191 | @@ -375,7 +398,7 @@ | |||
192 | 375 | private class Scan extends BaseScan { | 398 | private class Scan extends BaseScan { |
193 | 376 | private final Iterator<GarbageCollectorMXBean> it; | 399 | private final Iterator<GarbageCollectorMXBean> it; |
194 | 377 | 400 | ||
196 | 378 | public Scan(RowType rowType) { | 401 | public Scan(Session session, RowType rowType) { |
197 | 379 | super(rowType); | 402 | super(rowType); |
198 | 380 | it = ManagementFactory.getGarbageCollectorMXBeans().iterator(); | 403 | it = ManagementFactory.getGarbageCollectorMXBeans().iterator(); |
199 | 381 | } | 404 | } |
200 | @@ -406,7 +429,7 @@ | |||
201 | 406 | 429 | ||
202 | 407 | @Override | 430 | @Override |
203 | 408 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 431 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
205 | 409 | return new Scan (getRowType(adapter)); | 432 | return new Scan (adapter.getSession(), getRowType(adapter)); |
206 | 410 | } | 433 | } |
207 | 411 | 434 | ||
208 | 412 | @Override | 435 | @Override |
209 | @@ -418,7 +441,7 @@ | |||
210 | 418 | private final TapReport[] reports; | 441 | private final TapReport[] reports; |
211 | 419 | private int it = 0; | 442 | private int it = 0; |
212 | 420 | 443 | ||
214 | 421 | public Scan(RowType rowType) { | 444 | public Scan(Session session, RowType rowType) { |
215 | 422 | super(rowType); | 445 | super(rowType); |
216 | 423 | reports = getAllReports(); | 446 | reports = getAllReports(); |
217 | 424 | } | 447 | } |
218 | @@ -447,7 +470,7 @@ | |||
219 | 447 | 470 | ||
220 | 448 | @Override | 471 | @Override |
221 | 449 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 472 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
223 | 450 | return new Scan (getRowType(adapter)); | 473 | return new Scan (adapter.getSession(), getRowType(adapter)); |
224 | 451 | } | 474 | } |
225 | 452 | 475 | ||
226 | 453 | @Override | 476 | @Override |
227 | @@ -459,11 +482,12 @@ | |||
228 | 459 | } | 482 | } |
229 | 460 | 483 | ||
230 | 461 | private class Scan extends BaseScan { | 484 | private class Scan extends BaseScan { |
232 | 462 | final Iterator<SessionMonitor> sessions = monitor.getSessionMonitors().iterator(); | 485 | final Iterator<SessionMonitor> sessions; |
233 | 463 | Iterator<PreparedStatementMonitor> statements = null; | 486 | Iterator<PreparedStatementMonitor> statements = null; |
234 | 464 | 487 | ||
236 | 465 | public Scan(RowType rowType) { | 488 | public Scan(Session session, RowType rowType) { |
237 | 466 | super(rowType); | 489 | super(rowType); |
238 | 490 | sessions = getAccessibleSessions(session).iterator(); | ||
239 | 467 | } | 491 | } |
240 | 468 | 492 | ||
241 | 469 | @Override | 493 | @Override |
242 | @@ -497,7 +521,7 @@ | |||
243 | 497 | 521 | ||
244 | 498 | @Override | 522 | @Override |
245 | 499 | public GroupScan getGroupScan(MemoryAdapter adapter) { | 523 | public GroupScan getGroupScan(MemoryAdapter adapter) { |
247 | 500 | return new Scan (getRowType(adapter)); | 524 | return new Scan (adapter.getSession(), getRowType(adapter)); |
248 | 501 | } | 525 | } |
249 | 502 | 526 | ||
250 | 503 | @Override | 527 | @Override |
251 | @@ -509,11 +533,12 @@ | |||
252 | 509 | } | 533 | } |
253 | 510 | 534 | ||
254 | 511 | private class Scan extends BaseScan { | 535 | private class Scan extends BaseScan { |
256 | 512 | final Iterator<SessionMonitor> sessions = monitor.getSessionMonitors().iterator(); | 536 | final Iterator<SessionMonitor> sessions; |
257 | 513 | Iterator<CursorMonitor> statements = null; | 537 | Iterator<CursorMonitor> statements = null; |
258 | 514 | 538 | ||
260 | 515 | public Scan(RowType rowType) { | 539 | public Scan(Session session, RowType rowType) { |
261 | 516 | super(rowType); | 540 | super(rowType); |
262 | 541 | sessions = getAccessibleSessions(session).iterator(); | ||
263 | 517 | } | 542 | } |
264 | 518 | 543 | ||
265 | 519 | @Override | 544 | @Override |
266 | 520 | 545 | ||
267 | === modified file 'src/main/java/com/akiban/server/service/monitor/MonitorService.java' | |||
268 | --- src/main/java/com/akiban/server/service/monitor/MonitorService.java 2013-03-22 20:05:57 +0000 | |||
269 | +++ src/main/java/com/akiban/server/service/monitor/MonitorService.java 2013-04-24 20:46:27 +0000 | |||
270 | @@ -17,6 +17,8 @@ | |||
271 | 17 | 17 | ||
272 | 18 | package com.akiban.server.service.monitor; | 18 | package com.akiban.server.service.monitor; |
273 | 19 | 19 | ||
274 | 20 | import com.akiban.server.service.session.Session; | ||
275 | 21 | |||
276 | 20 | import java.util.Collection; | 22 | import java.util.Collection; |
277 | 21 | import java.util.Map; | 23 | import java.util.Map; |
278 | 22 | 24 | ||
279 | @@ -34,14 +36,17 @@ | |||
280 | 34 | int allocateSessionId(); | 36 | int allocateSessionId(); |
281 | 35 | 37 | ||
282 | 36 | /** Register the given session monitor. */ | 38 | /** Register the given session monitor. */ |
284 | 37 | void registerSessionMonitor(SessionMonitor sessionMonitor); | 39 | void registerSessionMonitor(SessionMonitor sessionMonitor, Session session); |
285 | 38 | 40 | ||
286 | 39 | /** Deregister the given session monitor. */ | 41 | /** Deregister the given session monitor. */ |
288 | 40 | void deregisterSessionMonitor(SessionMonitor sessionMonitor); | 42 | void deregisterSessionMonitor(SessionMonitor sessionMonitor, Session session); |
289 | 41 | 43 | ||
290 | 42 | /** Get the session monitor for the given session id. */ | 44 | /** Get the session monitor for the given session id. */ |
291 | 43 | SessionMonitor getSessionMonitor(int sessionId); | 45 | SessionMonitor getSessionMonitor(int sessionId); |
292 | 44 | 46 | ||
293 | 47 | /** Get the session monitor for the given session. */ | ||
294 | 48 | SessionMonitor getSessionMonitor(Session session); | ||
295 | 49 | |||
296 | 45 | /** Get all registered session monitors. */ | 50 | /** Get all registered session monitors. */ |
297 | 46 | Collection<SessionMonitor> getSessionMonitors(); | 51 | Collection<SessionMonitor> getSessionMonitors(); |
298 | 47 | 52 | ||
299 | 48 | 53 | ||
300 | === modified file 'src/main/java/com/akiban/server/service/monitor/MonitorServiceImpl.java' | |||
301 | --- src/main/java/com/akiban/server/service/monitor/MonitorServiceImpl.java 2013-03-22 20:05:57 +0000 | |||
302 | +++ src/main/java/com/akiban/server/service/monitor/MonitorServiceImpl.java 2013-04-24 20:46:27 +0000 | |||
303 | @@ -21,6 +21,7 @@ | |||
304 | 21 | import com.akiban.server.service.Service; | 21 | import com.akiban.server.service.Service; |
305 | 22 | import com.akiban.server.service.config.ConfigurationService; | 22 | import com.akiban.server.service.config.ConfigurationService; |
306 | 23 | import com.akiban.server.service.jmx.JmxManageable; | 23 | import com.akiban.server.service.jmx.JmxManageable; |
307 | 24 | import com.akiban.server.service.session.Session; | ||
308 | 24 | 25 | ||
309 | 25 | import com.google.inject.Inject; | 26 | import com.google.inject.Inject; |
310 | 26 | import org.slf4j.Logger; | 27 | import org.slf4j.Logger; |
311 | @@ -45,6 +46,9 @@ | |||
312 | 45 | 46 | ||
313 | 46 | private static final Logger logger = LoggerFactory.getLogger(MonitorServiceImpl.class); | 47 | private static final Logger logger = LoggerFactory.getLogger(MonitorServiceImpl.class); |
314 | 47 | 48 | ||
315 | 49 | public static final Session.Key<SessionMonitor> SESSION_KEY = | ||
316 | 50 | Session.Key.named("SESSION_MONITOR"); | ||
317 | 51 | |||
318 | 48 | private final ConfigurationService config; | 52 | private final ConfigurationService config; |
319 | 49 | 53 | ||
320 | 50 | private Map<String,ServerMonitor> servers; | 54 | private Map<String,ServerMonitor> servers; |
321 | @@ -124,15 +128,17 @@ | |||
322 | 124 | } | 128 | } |
323 | 125 | 129 | ||
324 | 126 | @Override | 130 | @Override |
326 | 127 | public void registerSessionMonitor(SessionMonitor sessionMonitor) { | 131 | public void registerSessionMonitor(SessionMonitor sessionMonitor, Session session) { |
327 | 128 | SessionMonitor old = sessions.put(sessionMonitor.getSessionId(), sessionMonitor); | 132 | SessionMonitor old = sessions.put(sessionMonitor.getSessionId(), sessionMonitor); |
328 | 129 | assert ((old == null) || (old == sessionMonitor)); | 133 | assert ((old == null) || (old == sessionMonitor)); |
329 | 134 | session.put(SESSION_KEY, sessionMonitor); | ||
330 | 130 | } | 135 | } |
331 | 131 | 136 | ||
332 | 132 | @Override | 137 | @Override |
334 | 133 | public void deregisterSessionMonitor(SessionMonitor sessionMonitor) { | 138 | public void deregisterSessionMonitor(SessionMonitor sessionMonitor, Session session) { |
335 | 134 | SessionMonitor old = sessions.remove(sessionMonitor.getSessionId()); | 139 | SessionMonitor old = sessions.remove(sessionMonitor.getSessionId()); |
336 | 135 | assert ((old == null) || (old == sessionMonitor)); | 140 | assert ((old == null) || (old == sessionMonitor)); |
337 | 141 | session.remove(SESSION_KEY); | ||
338 | 136 | } | 142 | } |
339 | 137 | 143 | ||
340 | 138 | @Override | 144 | @Override |
341 | @@ -141,6 +147,11 @@ | |||
342 | 141 | } | 147 | } |
343 | 142 | 148 | ||
344 | 143 | @Override | 149 | @Override |
345 | 150 | public SessionMonitor getSessionMonitor(Session session) { | ||
346 | 151 | return session.get(SESSION_KEY); | ||
347 | 152 | } | ||
348 | 153 | |||
349 | 154 | @Override | ||
350 | 144 | public Collection<SessionMonitor> getSessionMonitors() { | 155 | public Collection<SessionMonitor> getSessionMonitors() { |
351 | 145 | return sessions.values(); | 156 | return sessions.values(); |
352 | 146 | } | 157 | } |
353 | 147 | 158 | ||
354 | === modified file 'src/main/java/com/akiban/server/service/security/SecurityService.java' | |||
355 | --- src/main/java/com/akiban/server/service/security/SecurityService.java 2013-03-22 20:05:57 +0000 | |||
356 | +++ src/main/java/com/akiban/server/service/security/SecurityService.java 2013-04-24 20:46:27 +0000 | |||
357 | @@ -36,6 +36,7 @@ | |||
358 | 36 | 36 | ||
359 | 37 | public boolean isAccessible(Session session, String schema); | 37 | public boolean isAccessible(Session session, String schema); |
360 | 38 | public boolean isAccessible(HttpServletRequest request, String schema); | 38 | public boolean isAccessible(HttpServletRequest request, String schema); |
361 | 39 | public boolean hasRestrictedAccess(Session session); | ||
362 | 39 | 40 | ||
363 | 40 | public void addRole(String name); | 41 | public void addRole(String name); |
364 | 41 | public void deleteRole(String name); | 42 | public void deleteRole(String name); |
365 | 42 | 43 | ||
366 | === modified file 'src/main/java/com/akiban/server/service/security/SecurityServiceImpl.java' | |||
367 | --- src/main/java/com/akiban/server/service/security/SecurityServiceImpl.java 2013-04-22 22:50:40 +0000 | |||
368 | +++ src/main/java/com/akiban/server/service/security/SecurityServiceImpl.java 2013-04-24 20:46:27 +0000 | |||
369 | @@ -481,6 +481,13 @@ | |||
370 | 481 | TableName.SYS_SCHEMA.equals(schema); | 481 | TableName.SYS_SCHEMA.equals(schema); |
371 | 482 | } | 482 | } |
372 | 483 | 483 | ||
373 | 484 | @Override | ||
374 | 485 | public boolean hasRestrictedAccess(Session session) { | ||
375 | 486 | User user = session.get(SESSION_KEY); | ||
376 | 487 | if (user == null) return true; // Not authenticated = open. | ||
377 | 488 | return user.hasRole(ADMIN_ROLE); | ||
378 | 489 | } | ||
379 | 490 | |||
380 | 484 | /* Service */ | 491 | /* Service */ |
381 | 485 | 492 | ||
382 | 486 | @Override | 493 | @Override |
383 | 487 | 494 | ||
384 | === modified file 'src/main/java/com/akiban/sql/embedded/JDBCConnection.java' | |||
385 | --- src/main/java/com/akiban/sql/embedded/JDBCConnection.java 2013-03-22 20:05:57 +0000 | |||
386 | +++ src/main/java/com/akiban/sql/embedded/JDBCConnection.java 2013-04-24 20:46:27 +0000 | |||
387 | @@ -281,12 +281,12 @@ | |||
388 | 281 | 281 | ||
389 | 282 | // Register as a result of beginning a transaction (which is implicit). | 282 | // Register as a result of beginning a transaction (which is implicit). |
390 | 283 | protected void registerSessionMonitor() { | 283 | protected void registerSessionMonitor() { |
392 | 284 | reqs.monitor().registerSessionMonitor(sessionMonitor); | 284 | reqs.monitor().registerSessionMonitor(sessionMonitor, session); |
393 | 285 | } | 285 | } |
394 | 286 | 286 | ||
395 | 287 | // Deregister when transaction is committed, rolled back, or connection closed. | 287 | // Deregister when transaction is committed, rolled back, or connection closed. |
396 | 288 | protected void deregisterSessionMonitor() { | 288 | protected void deregisterSessionMonitor() { |
398 | 289 | reqs.monitor().deregisterSessionMonitor(sessionMonitor); | 289 | reqs.monitor().deregisterSessionMonitor(sessionMonitor, session); |
399 | 290 | } | 290 | } |
400 | 291 | 291 | ||
401 | 292 | protected AkServerInterface getAkServer() { | 292 | protected AkServerInterface getAkServer() { |
402 | 293 | 293 | ||
403 | === modified file 'src/main/java/com/akiban/sql/pg/PostgresServerConnection.java' | |||
404 | --- src/main/java/com/akiban/sql/pg/PostgresServerConnection.java 2013-04-19 21:33:50 +0000 | |||
405 | +++ src/main/java/com/akiban/sql/pg/PostgresServerConnection.java 2013-04-24 20:46:27 +0000 | |||
406 | @@ -133,7 +133,8 @@ | |||
407 | 133 | } | 133 | } |
408 | 134 | }; | 134 | }; |
409 | 135 | sessionMonitor.setRemoteAddress(socket.getInetAddress().getHostAddress()); | 135 | sessionMonitor.setRemoteAddress(socket.getInetAddress().getHostAddress()); |
411 | 136 | reqs.monitor().registerSessionMonitor(sessionMonitor); | 136 | session = reqs.sessionService().createSession(); |
412 | 137 | reqs.monitor().registerSessionMonitor(sessionMonitor, session); | ||
413 | 137 | } | 138 | } |
414 | 138 | 139 | ||
415 | 139 | public void start() { | 140 | public void start() { |
416 | @@ -328,7 +329,7 @@ | |||
417 | 328 | transaction = null; | 329 | transaction = null; |
418 | 329 | } | 330 | } |
419 | 330 | server.removeConnection(sessionId); | 331 | server.removeConnection(sessionId); |
421 | 331 | reqs.monitor().deregisterSessionMonitor(sessionMonitor); | 332 | reqs.monitor().deregisterSessionMonitor(sessionMonitor, session); |
422 | 332 | } | 333 | } |
423 | 333 | } | 334 | } |
424 | 334 | 335 | ||
425 | @@ -431,7 +432,6 @@ | |||
426 | 431 | logger.debug("Properties: {}", clientProperties); | 432 | logger.debug("Properties: {}", clientProperties); |
427 | 432 | setProperties(clientProperties); | 433 | setProperties(clientProperties); |
428 | 433 | 434 | ||
429 | 434 | session = reqs.sessionService().createSession(); | ||
430 | 435 | // TODO: Not needed right now and not a convenient time to | 435 | // TODO: Not needed right now and not a convenient time to |
431 | 436 | // encounter schema lock from long-running DDL. | 436 | // encounter schema lock from long-running DDL. |
432 | 437 | // But see comment in initParser(): what if we wanted to warn | 437 | // But see comment in initParser(): what if we wanted to warn |
433 | 438 | 438 | ||
434 | === modified file 'src/main/java/com/akiban/sql/pg/PostgresServerStatement.java' | |||
435 | --- src/main/java/com/akiban/sql/pg/PostgresServerStatement.java 2013-04-04 21:44:13 +0000 | |||
436 | +++ src/main/java/com/akiban/sql/pg/PostgresServerStatement.java 2013-04-24 20:46:27 +0000 | |||
437 | @@ -34,6 +34,7 @@ | |||
438 | 34 | import com.akiban.server.error.AkibanInternalException; | 34 | import com.akiban.server.error.AkibanInternalException; |
439 | 35 | import com.akiban.server.error.ConnectionTerminatedException; | 35 | import com.akiban.server.error.ConnectionTerminatedException; |
440 | 36 | import com.akiban.server.error.InvalidOperationException; | 36 | import com.akiban.server.error.InvalidOperationException; |
441 | 37 | import com.akiban.server.error.SecurityException; | ||
442 | 37 | import com.akiban.server.error.UnsupportedConfigurationException; | 38 | import com.akiban.server.error.UnsupportedConfigurationException; |
443 | 38 | import com.akiban.sql.parser.AlterServerNode; | 39 | import com.akiban.sql.parser.AlterServerNode; |
444 | 39 | 40 | ||
445 | @@ -135,6 +136,8 @@ | |||
446 | 135 | } | 136 | } |
447 | 136 | 137 | ||
448 | 137 | protected void doOperation (PostgresServerSession session) throws Exception { | 138 | protected void doOperation (PostgresServerSession session) throws Exception { |
449 | 139 | if (!session.getSecurityService().hasRestrictedAccess(session.getSession())) | ||
450 | 140 | throw new SecurityException("Operation not allowed"); | ||
451 | 138 | PostgresServerConnection current = (PostgresServerConnection)session; | 141 | PostgresServerConnection current = (PostgresServerConnection)session; |
452 | 139 | PostgresServer server = current.getServer(); | 142 | PostgresServer server = current.getServer(); |
453 | 140 | Integer sessionId = statement.getSessionID(); | 143 | Integer sessionId = statement.getSessionID(); |
454 | 141 | 144 | ||
455 | === modified file 'src/test/java/com/akiban/sql/ServerSessionITBase.java' | |||
456 | --- src/test/java/com/akiban/sql/ServerSessionITBase.java 2013-03-22 20:05:57 +0000 | |||
457 | +++ src/test/java/com/akiban/sql/ServerSessionITBase.java 2013-04-24 20:46:27 +0000 | |||
458 | @@ -114,6 +114,11 @@ | |||
459 | 114 | } | 114 | } |
460 | 115 | 115 | ||
461 | 116 | @Override | 116 | @Override |
462 | 117 | public boolean hasRestrictedAccess(com.akiban.server.service.session.Session session) { | ||
463 | 118 | return true; | ||
464 | 119 | } | ||
465 | 120 | |||
466 | 121 | @Override | ||
467 | 117 | public void addRole(String name) { | 122 | public void addRole(String name) { |
468 | 118 | throw new UnsupportedOperationException(); | 123 | throw new UnsupportedOperationException(); |
469 | 119 | } | 124 | } |
Looks good.