Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
Add concurrent distributed tests to make sure the following conditions are met once there is an API implemented to change the MethodInvocationAuthorizer in runtime:
- Once a query execution starts, the MethodInvocationAuthorizer used can not be changed for that particular query.
- Once the MethodInvocationAuthorizer is changed through the API or the alter-query-service command, all queries executed afterwards use the newly configured MethodInvocationAuthorizer.
- Any continuous query already running should pick up the new MethodInvocationAuthorizer the next time the query is internally executed to detect whether a cache event matches or not. If the continuous query has methods that are not authorized by the newly configured MethodInvocationAuthorizer, then any matching events from that moment on should invoke CqListener.onError instead of CqListener.onEvent.
- Any configured index should pick up the newly configured MethodInvocationAuthorizer the next time an entry is added or removed from the index (regular region operations), and the index should be marked as invalid if it uses method invocations not authorized by the newly configured MethodInvocationAuthorizer.
Attachments
Issue Links
- is a child of
-
GEODE-6983 Epic for OQL Method Invocation Security
-
- Closed
-
- is blocked by
-
GEODE-7486 IndexManager is not consistent
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- links to
