diff options
author | Christian W. Damus | 2013-11-05 13:51:14 +0000 |
---|---|---|
committer | Christian W. Damus | 2013-11-06 17:39:23 +0000 |
commit | 344d002745d0f9e24c4bae1ab1b57a3a90d7aa3d (patch) | |
tree | 8daffc4bae05c285de0a868fc4dd45f4e5381b25 /plugins/org.eclipse.emf.cdo.server | |
parent | 760c663f68b4f8f745898a25e925ba7fd5da9e18 (diff) | |
download | cdo-344d002745d0f9e24c4bae1ab1b57a3a90d7aa3d.tar.gz cdo-344d002745d0f9e24c4bae1ab1b57a3a90d7aa3d.tar.xz cdo-344d002745d0f9e24c4bae1ab1b57a3a90d7aa3d.zip |
[399487] [Security] Changes to the security realm should be verified before being applied
https://bugs.eclipse.org/bugs/show_bug.cgi?id=399487
Initial implementation of critical security realm integrity checking. Includes:
- security realm constraints and generated validator
- write-access handler step in the SecurityManager to validate
changes to the security realm on detection of IMPACT_REALM
- CDO protocol enhancement to notify client of rollback due to
semantic validation checks
- CDOEditor enhancement to report the new rollback reason
- basic JUnit coverage of realm-edit transaction validation
Change-Id: If2c2727652760409d497145b5465fb3c5748c3b8
Diffstat (limited to 'plugins/org.eclipse.emf.cdo.server')
2 files changed, 51 insertions, 2 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java index 32681ac6e1..d8d68d94f0 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/TransactionCommitContext.java @@ -9,6 +9,7 @@ * Simon McDuff - initial API and implementation * Eike Stepper - maintenance * Martin Fluegge - maintenance, bug 318518 + * Christian W. Damus (CEA LIST) - bug 399487 */ package org.eclipse.emf.cdo.internal.server; @@ -48,6 +49,7 @@ import org.eclipse.emf.cdo.internal.common.model.CDOPackageRegistryImpl; import org.eclipse.emf.cdo.internal.server.bundle.OM; import org.eclipse.emf.cdo.server.IStoreAccessor; import org.eclipse.emf.cdo.server.IStoreAccessor.QueryXRefsContext; +import org.eclipse.emf.cdo.server.IRepository; import org.eclipse.emf.cdo.server.IView; import org.eclipse.emf.cdo.server.StoreThreadLocal; import org.eclipse.emf.cdo.spi.common.commit.CDOCommitInfoUtil; @@ -709,8 +711,16 @@ public class TransactionCommitContext implements InternalCommitContext TRACER.trace(ex); } - String storeClass = repository.getStore().getClass().getSimpleName(); - rollback("Rollback in " + storeClass + ": " + StringUtil.formatException(ex)); //$NON-NLS-1$ //$NON-NLS-2$ + if (ex instanceof IRepository.WriteAccessHandler.TransactionValidationException) + { + rollbackReason = CDOProtocolConstants.ROLLBACK_REASON_VALIDATION_ERROR; + rollback(ex.getLocalizedMessage()); + } + else + { + String storeClass = repository.getStore().getClass().getSimpleName(); + rollback("Rollback in " + storeClass + ": " + StringUtil.formatException(ex)); //$NON-NLS-1$ //$NON-NLS-2$ + } } catch (Exception ex1) { diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IRepository.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IRepository.java index 2c87f7acc8..34db6f611d 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IRepository.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/server/IRepository.java @@ -7,6 +7,7 @@ * * Contributors: * Eike Stepper - initial API and implementation + * Christian W. Damus (CEA LIST) - bug 399487 */ package org.eclipse.emf.cdo.server; @@ -227,6 +228,10 @@ public interface IRepository extends CDOCommonRepository, IQueryHandlerProvider, * internal state of the commit context in any way!</b> * @param monitor * A monitor that should be used by the implementor to avoid timeouts. + * @throws TransactionValidationException + * to indicate that the commit operation must not be executed against the backend store because some + * semantic validation checks failed. The message should describe the validation failure and will be + * passed through to the client * @throws RuntimeException * to indicate that the commit operation must not be executed against the backend store. This exception * will be visible at the client side! @@ -249,6 +254,40 @@ public interface IRepository extends CDOCommonRepository, IQueryHandlerProvider, */ public void handleTransactionAfterCommitted(ITransaction transaction, IStoreAccessor.CommitContext commitContext, OMMonitor monitor); + + /** + * An exception that a {@link WriteAccessHandler} may throw to indicate that a + * {@linkplain WriteAccessHandler#handleTransactionBeforeCommitting(ITransaction, org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext, OMMonitor) transaction commit} + * was rejected because one or more semantic validation checks reported errors. + * + * @author Christian W. Damus (CEA LIST) + * + * @since 4.3 + */ + public static final class TransactionValidationException extends RuntimeException + { + private static final long serialVersionUID = 1L; + + public TransactionValidationException() + { + } + + public TransactionValidationException(String message, Throwable cause) + { + super(message, cause); + } + + public TransactionValidationException(String message) + { + super(message); + } + + public TransactionValidationException(Throwable cause) + { + super(cause); + } + + } } /** |