Akiban Server

Merge lp:~mmcm/akiban-server/is-session-restrict into lp:~akiban-technologies/akiban-server/trunk

  1. is-session-restrict
  2. Merge into trunk
Proposed by Mike McMahon
Status: Merged
Approved by: Nathan Williams
Approved revision: 2642
Merged at revision: 2641
Proposed branch: lp:~mmcm/akiban-server/is-session-restrict
Merge into: lp:~akiban-technologies/akiban-server/trunk
Diff against target: 469 lines (+91/-34)
9 files modified
src/main/java/com/akiban/server/service/is/ServerSchemaTablesServiceImpl.java (+50/-25)
src/main/java/com/akiban/server/service/monitor/MonitorService.java (+7/-2)
src/main/java/com/akiban/server/service/monitor/MonitorServiceImpl.java (+13/-2)
src/main/java/com/akiban/server/service/security/SecurityService.java (+1/-0)
src/main/java/com/akiban/server/service/security/SecurityServiceImpl.java (+7/-0)
src/main/java/com/akiban/sql/embedded/JDBCConnection.java (+2/-2)
src/main/java/com/akiban/sql/pg/PostgresServerConnection.java (+3/-3)
src/main/java/com/akiban/sql/pg/PostgresServerStatement.java (+3/-0)
src/test/java/com/akiban/sql/ServerSessionITBase.java (+5/-0)
To merge this branch: bzr merge lp:~mmcm/akiban-server/is-session-restrict
Reviewer Review Type Date Requested Status
Akiban Build User Needs Fixing
Nathan Williams Approve
Review via email: mp+160521@code.launchpad.net

Description of the change

Restrict session tables to own session when security enabled and not admin.
Restrict ALTER TABLE the same way.

To post a comment you must log in.
Revision history for this message
Nathan Williams (nwilliams) wrote :

Looks good.

review: Approve
Revision history for this message
Akiban Build User (build-akiban) wrote :

There were 2 failures during build/test:

* job server-build failed at build number 3986: http://172.16.20.104:8080/job/server-build/3986/

* view must-pass failed: server-build is red

review: Needs Fixing
Revision history for this message
Akiban Build User (build-akiban) wrote :

There were 2 failures during build/test:

* job server-build failed at build number 3990: http://172.16.20.104:8080/job/server-build/3990/

* view must-pass failed: server-build is yellow

review: Needs Fixing
Revision history for this message
Mike McMahon (mmcm) wrote :

The order returned by full text seems to be non-deterministic, probably because the loading is asynchronous. But maybe we'll get lucky.

Revision history for this message
Akiban Build User (build-akiban) wrote :

There were 2 failures during build/test:

* job server-build failed at build number 3992: http://172.16.20.104:8080/job/server-build/3992/

* view must-pass failed: server-build is yellow

review: Needs Fixing

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'src/main/java/com/akiban/server/service/is/ServerSchemaTablesServiceImpl.java'
--- src/main/java/com/akiban/server/service/is/ServerSchemaTablesServiceImpl.java 2013-03-22 20:05:57 +0000
+++ src/main/java/com/akiban/server/service/is/ServerSchemaTablesServiceImpl.java 2013-04-24 20:46:27 +0000
@@ -19,6 +19,8 @@
19import java.lang.management.GarbageCollectorMXBean;19import java.lang.management.GarbageCollectorMXBean;
20import java.lang.management.ManagementFactory;20import java.lang.management.ManagementFactory;
21import java.lang.management.MemoryPoolMXBean;21import java.lang.management.MemoryPoolMXBean;
22import java.util.Collection;
23import java.util.Collections;
22import java.util.Iterator;24import java.util.Iterator;
23import java.util.Map;25import java.util.Map;
2426
@@ -42,6 +44,8 @@
42import com.akiban.server.service.monitor.PreparedStatementMonitor;44import com.akiban.server.service.monitor.PreparedStatementMonitor;
43import com.akiban.server.service.monitor.ServerMonitor;45import com.akiban.server.service.monitor.ServerMonitor;
44import com.akiban.server.service.monitor.SessionMonitor;46import com.akiban.server.service.monitor.SessionMonitor;
47import com.akiban.server.service.security.SecurityService;
48import com.akiban.server.service.session.Session;
45import com.akiban.server.store.SchemaManager;49import com.akiban.server.store.SchemaManager;
46import com.akiban.server.types.AkType;50import com.akiban.server.types.AkType;
47import com.akiban.server.types.FromObjectValueSource;51import com.akiban.server.types.FromObjectValueSource;
@@ -63,20 +67,23 @@
63 static final TableName SERVER_TAPS = new TableName (SCHEMA_NAME, "server_taps");67 static final TableName SERVER_TAPS = new TableName (SCHEMA_NAME, "server_taps");
64 static final TableName SERVER_PREPARED_STATEMENTS = new TableName (SCHEMA_NAME, "server_prepared_statements");68 static final TableName SERVER_PREPARED_STATEMENTS = new TableName (SCHEMA_NAME, "server_prepared_statements");
65 static final TableName SERVER_CURSORS = new TableName (SCHEMA_NAME, "server_cursors");69 static final TableName SERVER_CURSORS = new TableName (SCHEMA_NAME, "server_cursors");
66 70
67 private final MonitorService monitor;71 private final MonitorService monitor;
68 private final ConfigurationService configService;72 private final ConfigurationService configService;
69 private final AkServerInterface serverInterface;73 private final AkServerInterface serverInterface;
74 private final SecurityService securityService;
70 75
71 @Inject76 @Inject
72 public ServerSchemaTablesServiceImpl (SchemaManager schemaManager, 77 public ServerSchemaTablesServiceImpl (SchemaManager schemaManager,
73 MonitorService monitor, 78 MonitorService monitor,
74 ConfigurationService configService,79 ConfigurationService configService,
75 AkServerInterface serverInterface) {80 AkServerInterface serverInterface,
81 SecurityService securityService) {
76 super(schemaManager);82 super(schemaManager);
77 this.monitor = monitor;83 this.monitor = monitor;
78 this.configService = configService;84 this.configService = configService;
79 this.serverInterface = serverInterface;85 this.serverInterface = serverInterface;
86 this.securityService = securityService;
80 }87 }
8188
82 @Override89 @Override
@@ -114,6 +121,21 @@
114 // nothing121 // nothing
115 }122 }
116 123
124 protected Collection<SessionMonitor> getAccessibleSessions(Session session) {
125 if (securityService.hasRestrictedAccess(session)) {
126 return monitor.getSessionMonitors();
127 }
128 else {
129 SessionMonitor sm = monitor.getSessionMonitor(session);
130 if (sm == null) {
131 return Collections.emptyList();
132 }
133 else {
134 return Collections.singletonList(sm);
135 }
136 }
137 }
138
117 private class InstanceSummary extends BasicFactoryBase {139 private class InstanceSummary extends BasicFactoryBase {
118140
119 public InstanceSummary(TableName sourceTable) {141 public InstanceSummary(TableName sourceTable) {
@@ -122,7 +144,7 @@
122144
123 @Override145 @Override
124 public GroupScan getGroupScan(MemoryAdapter adapter) {146 public GroupScan getGroupScan(MemoryAdapter adapter) {
125 return new Scan(getRowType(adapter));147 return new Scan(adapter.getSession(), getRowType(adapter));
126 }148 }
127149
128 @Override150 @Override
@@ -132,7 +154,7 @@
132 154
133 private class Scan extends BaseScan {155 private class Scan extends BaseScan {
134 156
135 public Scan (RowType rowType) {157 public Scan (Session session, RowType rowType) {
136 super(rowType);158 super(rowType);
137 }159 }
138160
@@ -158,7 +180,7 @@
158180
159 @Override181 @Override
160 public GroupScan getGroupScan(MemoryAdapter adapter) {182 public GroupScan getGroupScan(MemoryAdapter adapter) {
161 return new Scan (getRowType(adapter));183 return new Scan (adapter.getSession(), getRowType(adapter));
162 }184 }
163185
164 @Override186 @Override
@@ -168,7 +190,7 @@
168 190
169 private class Scan extends BaseScan {191 private class Scan extends BaseScan {
170 final Iterator<ServerMonitor> servers = monitor.getServerMonitors().values().iterator(); 192 final Iterator<ServerMonitor> servers = monitor.getServerMonitors().values().iterator();
171 public Scan(RowType rowType) {193 public Scan(Session session, RowType rowType) {
172 super(rowType);194 super(rowType);
173 }195 }
174196
@@ -198,7 +220,7 @@
198220
199 @Override221 @Override
200 public GroupScan getGroupScan(MemoryAdapter adapter) {222 public GroupScan getGroupScan(MemoryAdapter adapter) {
201 return new Scan (getRowType(adapter));223 return new Scan (adapter.getSession(), getRowType(adapter));
202 }224 }
203225
204 @Override226 @Override
@@ -207,9 +229,10 @@
207 }229 }
208 230
209 private class Scan extends BaseScan {231 private class Scan extends BaseScan {
210 final Iterator<SessionMonitor> sessions = monitor.getSessionMonitors().iterator(); 232 final Iterator<SessionMonitor> sessions;
211 public Scan(RowType rowType) {233 public Scan(Session session, RowType rowType) {
212 super(rowType);234 super(rowType);
235 sessions = getAccessibleSessions(session).iterator();
213 }236 }
214237
215 @Override238 @Override
@@ -252,7 +275,7 @@
252275
253 @Override276 @Override
254 public GroupScan getGroupScan(MemoryAdapter adapter) {277 public GroupScan getGroupScan(MemoryAdapter adapter) {
255 return new Scan (getRowType(adapter));278 return new Scan (adapter.getSession(), getRowType(adapter));
256 }279 }
257280
258 @Override281 @Override
@@ -263,7 +286,7 @@
263 private class Scan extends BaseScan {286 private class Scan extends BaseScan {
264287
265 private final ErrorCode[] codes = ErrorCode.values();288 private final ErrorCode[] codes = ErrorCode.values();
266 public Scan(RowType rowType) {289 public Scan(Session session, RowType rowType) {
267 super(rowType);290 super(rowType);
268 }291 }
269292
@@ -288,7 +311,7 @@
288311
289 @Override312 @Override
290 public GroupScan getGroupScan(MemoryAdapter adapter) {313 public GroupScan getGroupScan(MemoryAdapter adapter) {
291 return new Scan (getRowType(adapter));314 return new Scan (adapter.getSession(), getRowType(adapter));
292 }315 }
293316
294 @Override317 @Override
@@ -299,7 +322,7 @@
299 private class Scan extends BaseScan {322 private class Scan extends BaseScan {
300 private Iterator<Map.Entry<String,String>> propertyIt;323 private Iterator<Map.Entry<String,String>> propertyIt;
301324
302 public Scan(RowType rowType) {325 public Scan(Session session, RowType rowType) {
303 super(rowType);326 super(rowType);
304 propertyIt = configService.getProperties().entrySet().iterator();327 propertyIt = configService.getProperties().entrySet().iterator();
305 }328 }
@@ -324,7 +347,7 @@
324347
325 @Override348 @Override
326 public GroupScan getGroupScan(MemoryAdapter adapter) {349 public GroupScan getGroupScan(MemoryAdapter adapter) {
327 return new Scan (getRowType(adapter));350 return new Scan (adapter.getSession(), getRowType(adapter));
328 }351 }
329352
330 @Override353 @Override
@@ -335,7 +358,7 @@
335 private class Scan extends BaseScan {358 private class Scan extends BaseScan {
336 private final Iterator<MemoryPoolMXBean> it;359 private final Iterator<MemoryPoolMXBean> it;
337360
338 public Scan(RowType rowType) {361 public Scan(Session session, RowType rowType) {
339 super(rowType);362 super(rowType);
340 it = ManagementFactory.getMemoryPoolMXBeans().iterator();363 it = ManagementFactory.getMemoryPoolMXBeans().iterator();
341 }364 }
@@ -364,7 +387,7 @@
364387
365 @Override388 @Override
366 public GroupScan getGroupScan(MemoryAdapter adapter) {389 public GroupScan getGroupScan(MemoryAdapter adapter) {
367 return new Scan (getRowType(adapter));390 return new Scan (adapter.getSession(), getRowType(adapter));
368 }391 }
369392
370 @Override393 @Override
@@ -375,7 +398,7 @@
375 private class Scan extends BaseScan {398 private class Scan extends BaseScan {
376 private final Iterator<GarbageCollectorMXBean> it;399 private final Iterator<GarbageCollectorMXBean> it;
377400
378 public Scan(RowType rowType) {401 public Scan(Session session, RowType rowType) {
379 super(rowType);402 super(rowType);
380 it = ManagementFactory.getGarbageCollectorMXBeans().iterator();403 it = ManagementFactory.getGarbageCollectorMXBeans().iterator();
381 }404 }
@@ -406,7 +429,7 @@
406429
407 @Override430 @Override
408 public GroupScan getGroupScan(MemoryAdapter adapter) {431 public GroupScan getGroupScan(MemoryAdapter adapter) {
409 return new Scan (getRowType(adapter));432 return new Scan (adapter.getSession(), getRowType(adapter));
410 }433 }
411434
412 @Override435 @Override
@@ -418,7 +441,7 @@
418 private final TapReport[] reports;441 private final TapReport[] reports;
419 private int it = 0;442 private int it = 0;
420443
421 public Scan(RowType rowType) {444 public Scan(Session session, RowType rowType) {
422 super(rowType);445 super(rowType);
423 reports = getAllReports();446 reports = getAllReports();
424 }447 }
@@ -447,7 +470,7 @@
447470
448 @Override471 @Override
449 public GroupScan getGroupScan(MemoryAdapter adapter) {472 public GroupScan getGroupScan(MemoryAdapter adapter) {
450 return new Scan (getRowType(adapter));473 return new Scan (adapter.getSession(), getRowType(adapter));
451 }474 }
452475
453 @Override476 @Override
@@ -459,11 +482,12 @@
459 }482 }
460 483
461 private class Scan extends BaseScan {484 private class Scan extends BaseScan {
462 final Iterator<SessionMonitor> sessions = monitor.getSessionMonitors().iterator(); 485 final Iterator<SessionMonitor> sessions;
463 Iterator<PreparedStatementMonitor> statements = null;486 Iterator<PreparedStatementMonitor> statements = null;
464487
465 public Scan(RowType rowType) {488 public Scan(Session session, RowType rowType) {
466 super(rowType);489 super(rowType);
490 sessions = getAccessibleSessions(session).iterator();
467 }491 }
468492
469 @Override493 @Override
@@ -497,7 +521,7 @@
497521
498 @Override522 @Override
499 public GroupScan getGroupScan(MemoryAdapter adapter) {523 public GroupScan getGroupScan(MemoryAdapter adapter) {
500 return new Scan (getRowType(adapter));524 return new Scan (adapter.getSession(), getRowType(adapter));
501 }525 }
502526
503 @Override527 @Override
@@ -509,11 +533,12 @@
509 }533 }
510 534
511 private class Scan extends BaseScan {535 private class Scan extends BaseScan {
512 final Iterator<SessionMonitor> sessions = monitor.getSessionMonitors().iterator(); 536 final Iterator<SessionMonitor> sessions;
513 Iterator<CursorMonitor> statements = null;537 Iterator<CursorMonitor> statements = null;
514538
515 public Scan(RowType rowType) {539 public Scan(Session session, RowType rowType) {
516 super(rowType);540 super(rowType);
541 sessions = getAccessibleSessions(session).iterator();
517 }542 }
518543
519 @Override544 @Override
520545
=== modified file 'src/main/java/com/akiban/server/service/monitor/MonitorService.java'
--- src/main/java/com/akiban/server/service/monitor/MonitorService.java 2013-03-22 20:05:57 +0000
+++ src/main/java/com/akiban/server/service/monitor/MonitorService.java 2013-04-24 20:46:27 +0000
@@ -17,6 +17,8 @@
1717
18package com.akiban.server.service.monitor;18package com.akiban.server.service.monitor;
1919
20import com.akiban.server.service.session.Session;
21
20import java.util.Collection;22import java.util.Collection;
21import java.util.Map;23import java.util.Map;
2224
@@ -34,14 +36,17 @@
34 int allocateSessionId();36 int allocateSessionId();
3537
36 /** Register the given session monitor. */38 /** Register the given session monitor. */
37 void registerSessionMonitor(SessionMonitor sessionMonitor);39 void registerSessionMonitor(SessionMonitor sessionMonitor, Session session);
3840
39 /** Deregister the given session monitor. */41 /** Deregister the given session monitor. */
40 void deregisterSessionMonitor(SessionMonitor sessionMonitor);42 void deregisterSessionMonitor(SessionMonitor sessionMonitor, Session session);
4143
42 /** Get the session monitor for the given session id. */44 /** Get the session monitor for the given session id. */
43 SessionMonitor getSessionMonitor(int sessionId);45 SessionMonitor getSessionMonitor(int sessionId);
4446
47 /** Get the session monitor for the given session. */
48 SessionMonitor getSessionMonitor(Session session);
49
45 /** Get all registered session monitors. */50 /** Get all registered session monitors. */
46 Collection<SessionMonitor> getSessionMonitors();51 Collection<SessionMonitor> getSessionMonitors();
47 52
4853
=== modified file 'src/main/java/com/akiban/server/service/monitor/MonitorServiceImpl.java'
--- src/main/java/com/akiban/server/service/monitor/MonitorServiceImpl.java 2013-03-22 20:05:57 +0000
+++ src/main/java/com/akiban/server/service/monitor/MonitorServiceImpl.java 2013-04-24 20:46:27 +0000
@@ -21,6 +21,7 @@
21import com.akiban.server.service.Service;21import com.akiban.server.service.Service;
22import com.akiban.server.service.config.ConfigurationService;22import com.akiban.server.service.config.ConfigurationService;
23import com.akiban.server.service.jmx.JmxManageable;23import com.akiban.server.service.jmx.JmxManageable;
24import com.akiban.server.service.session.Session;
2425
25import com.google.inject.Inject;26import com.google.inject.Inject;
26import org.slf4j.Logger;27import org.slf4j.Logger;
@@ -45,6 +46,9 @@
45 46
46 private static final Logger logger = LoggerFactory.getLogger(MonitorServiceImpl.class);47 private static final Logger logger = LoggerFactory.getLogger(MonitorServiceImpl.class);
4748
49 public static final Session.Key<SessionMonitor> SESSION_KEY =
50 Session.Key.named("SESSION_MONITOR");
51
48 private final ConfigurationService config;52 private final ConfigurationService config;
4953
50 private Map<String,ServerMonitor> servers;54 private Map<String,ServerMonitor> servers;
@@ -124,15 +128,17 @@
124 }128 }
125129
126 @Override130 @Override
127 public void registerSessionMonitor(SessionMonitor sessionMonitor) {131 public void registerSessionMonitor(SessionMonitor sessionMonitor, Session session) {
128 SessionMonitor old = sessions.put(sessionMonitor.getSessionId(), sessionMonitor);132 SessionMonitor old = sessions.put(sessionMonitor.getSessionId(), sessionMonitor);
129 assert ((old == null) || (old == sessionMonitor));133 assert ((old == null) || (old == sessionMonitor));
134 session.put(SESSION_KEY, sessionMonitor);
130 }135 }
131136
132 @Override137 @Override
133 public void deregisterSessionMonitor(SessionMonitor sessionMonitor) {138 public void deregisterSessionMonitor(SessionMonitor sessionMonitor, Session session) {
134 SessionMonitor old = sessions.remove(sessionMonitor.getSessionId());139 SessionMonitor old = sessions.remove(sessionMonitor.getSessionId());
135 assert ((old == null) || (old == sessionMonitor));140 assert ((old == null) || (old == sessionMonitor));
141 session.remove(SESSION_KEY);
136 }142 }
137143
138 @Override144 @Override
@@ -141,6 +147,11 @@
141 }147 }
142148
143 @Override149 @Override
150 public SessionMonitor getSessionMonitor(Session session) {
151 return session.get(SESSION_KEY);
152 }
153
154 @Override
144 public Collection<SessionMonitor> getSessionMonitors() {155 public Collection<SessionMonitor> getSessionMonitors() {
145 return sessions.values();156 return sessions.values();
146 }157 }
147158
=== modified file 'src/main/java/com/akiban/server/service/security/SecurityService.java'
--- src/main/java/com/akiban/server/service/security/SecurityService.java 2013-03-22 20:05:57 +0000
+++ src/main/java/com/akiban/server/service/security/SecurityService.java 2013-04-24 20:46:27 +0000
@@ -36,6 +36,7 @@
3636
37 public boolean isAccessible(Session session, String schema);37 public boolean isAccessible(Session session, String schema);
38 public boolean isAccessible(HttpServletRequest request, String schema);38 public boolean isAccessible(HttpServletRequest request, String schema);
39 public boolean hasRestrictedAccess(Session session);
3940
40 public void addRole(String name);41 public void addRole(String name);
41 public void deleteRole(String name);42 public void deleteRole(String name);
4243
=== modified file 'src/main/java/com/akiban/server/service/security/SecurityServiceImpl.java'
--- src/main/java/com/akiban/server/service/security/SecurityServiceImpl.java 2013-04-22 22:50:40 +0000
+++ src/main/java/com/akiban/server/service/security/SecurityServiceImpl.java 2013-04-24 20:46:27 +0000
@@ -481,6 +481,13 @@
481 TableName.SYS_SCHEMA.equals(schema);481 TableName.SYS_SCHEMA.equals(schema);
482 }482 }
483483
484 @Override
485 public boolean hasRestrictedAccess(Session session) {
486 User user = session.get(SESSION_KEY);
487 if (user == null) return true; // Not authenticated = open.
488 return user.hasRole(ADMIN_ROLE);
489 }
490
484 /* Service */491 /* Service */
485 492
486 @Override493 @Override
487494
=== modified file 'src/main/java/com/akiban/sql/embedded/JDBCConnection.java'
--- src/main/java/com/akiban/sql/embedded/JDBCConnection.java 2013-03-22 20:05:57 +0000
+++ src/main/java/com/akiban/sql/embedded/JDBCConnection.java 2013-04-24 20:46:27 +0000
@@ -281,12 +281,12 @@
281281
282 // Register as a result of beginning a transaction (which is implicit).282 // Register as a result of beginning a transaction (which is implicit).
283 protected void registerSessionMonitor() {283 protected void registerSessionMonitor() {
284 reqs.monitor().registerSessionMonitor(sessionMonitor);284 reqs.monitor().registerSessionMonitor(sessionMonitor, session);
285 }285 }
286286
287 // Deregister when transaction is committed, rolled back, or connection closed.287 // Deregister when transaction is committed, rolled back, or connection closed.
288 protected void deregisterSessionMonitor() {288 protected void deregisterSessionMonitor() {
289 reqs.monitor().deregisterSessionMonitor(sessionMonitor);289 reqs.monitor().deregisterSessionMonitor(sessionMonitor, session);
290 }290 }
291291
292 protected AkServerInterface getAkServer() {292 protected AkServerInterface getAkServer() {
293293
=== modified file 'src/main/java/com/akiban/sql/pg/PostgresServerConnection.java'
--- src/main/java/com/akiban/sql/pg/PostgresServerConnection.java 2013-04-19 21:33:50 +0000
+++ src/main/java/com/akiban/sql/pg/PostgresServerConnection.java 2013-04-24 20:46:27 +0000
@@ -133,7 +133,8 @@
133 }133 }
134 };134 };
135 sessionMonitor.setRemoteAddress(socket.getInetAddress().getHostAddress());135 sessionMonitor.setRemoteAddress(socket.getInetAddress().getHostAddress());
136 reqs.monitor().registerSessionMonitor(sessionMonitor);136 session = reqs.sessionService().createSession();
137 reqs.monitor().registerSessionMonitor(sessionMonitor, session);
137 }138 }
138139
139 public void start() {140 public void start() {
@@ -328,7 +329,7 @@
328 transaction = null;329 transaction = null;
329 }330 }
330 server.removeConnection(sessionId);331 server.removeConnection(sessionId);
331 reqs.monitor().deregisterSessionMonitor(sessionMonitor);332 reqs.monitor().deregisterSessionMonitor(sessionMonitor, session);
332 }333 }
333 }334 }
334335
@@ -431,7 +432,6 @@
431 logger.debug("Properties: {}", clientProperties);432 logger.debug("Properties: {}", clientProperties);
432 setProperties(clientProperties);433 setProperties(clientProperties);
433434
434 session = reqs.sessionService().createSession();
435 // TODO: Not needed right now and not a convenient time to435 // TODO: Not needed right now and not a convenient time to
436 // encounter schema lock from long-running DDL.436 // encounter schema lock from long-running DDL.
437 // But see comment in initParser(): what if we wanted to warn437 // But see comment in initParser(): what if we wanted to warn
438438
=== modified file 'src/main/java/com/akiban/sql/pg/PostgresServerStatement.java'
--- src/main/java/com/akiban/sql/pg/PostgresServerStatement.java 2013-04-04 21:44:13 +0000
+++ src/main/java/com/akiban/sql/pg/PostgresServerStatement.java 2013-04-24 20:46:27 +0000
@@ -34,6 +34,7 @@
34import com.akiban.server.error.AkibanInternalException;34import com.akiban.server.error.AkibanInternalException;
35import com.akiban.server.error.ConnectionTerminatedException;35import com.akiban.server.error.ConnectionTerminatedException;
36import com.akiban.server.error.InvalidOperationException;36import com.akiban.server.error.InvalidOperationException;
37import com.akiban.server.error.SecurityException;
37import com.akiban.server.error.UnsupportedConfigurationException;38import com.akiban.server.error.UnsupportedConfigurationException;
38import com.akiban.sql.parser.AlterServerNode;39import com.akiban.sql.parser.AlterServerNode;
3940
@@ -135,6 +136,8 @@
135 }136 }
136137
137 protected void doOperation (PostgresServerSession session) throws Exception {138 protected void doOperation (PostgresServerSession session) throws Exception {
139 if (!session.getSecurityService().hasRestrictedAccess(session.getSession()))
140 throw new SecurityException("Operation not allowed");
138 PostgresServerConnection current = (PostgresServerConnection)session;141 PostgresServerConnection current = (PostgresServerConnection)session;
139 PostgresServer server = current.getServer();142 PostgresServer server = current.getServer();
140 Integer sessionId = statement.getSessionID();143 Integer sessionId = statement.getSessionID();
141144
=== modified file 'src/test/java/com/akiban/sql/ServerSessionITBase.java'
--- src/test/java/com/akiban/sql/ServerSessionITBase.java 2013-03-22 20:05:57 +0000
+++ src/test/java/com/akiban/sql/ServerSessionITBase.java 2013-04-24 20:46:27 +0000
@@ -114,6 +114,11 @@
114 }114 }
115115
116 @Override116 @Override
117 public boolean hasRestrictedAccess(com.akiban.server.service.session.Session session) {
118 return true;
119 }
120
121 @Override
117 public void addRole(String name) {122 public void addRole(String name) {
118 throw new UnsupportedOperationException();123 throw new UnsupportedOperationException();
119 }124 }

Subscribers

People subscribed via source and target branches