Uploaded image for project: 'Apache Jena'
  1. Apache Jena
  2. JENA-2055

handle properly the denied access generated by jena-permission security evaluator

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Jena 3.17.0
    • Jena 4.0.0
    • Fuseki
    • jena-fuseki 3.17.0

      openjdk version "1.8.0_275"

    • Patch, Important

    Description

      When the dataset is secured with jena permission , and some access is denied, an exception is thrown from the SecuredGraph.

      This exception is not catched in SPARQLQueryProcessor, which results in a 500 error returned to the HTTP client.

      exception OperationDeniedException should return a 403, not a 500.

       

      attached is the patch !

       

      [2021-02-21 03:10:26] Fuseki WARN [3] RC = 500 : Model permissions violation:
      org.apache.jena.shared.ReadDeniedException: Model permissions violation:
      at org.apache.jena.permissions.impl.SecuredItemImpl.checkRead(SecuredItemImpl.java:683) ~[jena-permissions-3.17.0.jar:3.17.0]
      at org.apache.jena.permissions.graph.impl.SecuredGraphImpl.find(SecuredGraphImpl.java:154) ~[jena-permissions-3.17.0.jar:3.17.0]
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_275]
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_275]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_275]
      at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_275]
      at org.apache.jena.permissions.impl.SecuredItemInvoker.invoke(SecuredItemInvoker.java:120) ~[jena-permissions-3.17.0.jar:3.17.0]
      at com.sun.proxy.$Proxy18.find(Unknown Source) ~[?:?]
      at org.apache.jena.sparql.graph.GraphUnionRead.graphBaseFind(GraphUnionRead.java:104) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.graph.impl.GraphBase.find(GraphBase.java:244) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.graph.impl.GraphBase.graphBaseFind(GraphBase.java:261) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.graph.impl.GraphBase.find(GraphBase.java:258) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.graph.impl.WrappedGraph.find(WrappedGraph.java:100) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIterTriplePattern$TripleMapper.<init>(QueryIterTriplePattern.java:83) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIterTriplePattern.nextStage(QueryIterTriplePattern.java:52) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIterRepeatApply.makeNextStage(QueryIterRepeatApply.java:108) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIterRepeatApply.hasNextBinding(QueryIterRepeatApply.java:65) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIterBlockTriplesStar.hasNextBinding(QueryIterBlockTriplesStar.java:54) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIterConvert.hasNextBinding(QueryIterConvert.java:58) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIteratorWrapper.hasNextBinding(QueryIteratorWrapper.java:38) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIteratorWrapper.hasNextBinding(QueryIteratorWrapper.java:38) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.ResultSetStream.hasNext(ResultSetStream.java:74) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.sparql.engine.ResultSetCheckCondition.hasNext(ResultSetCheckCondition.java:55) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.executeQuery(SPARQLQueryProcessor.java:324) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.execute(SPARQLQueryProcessor.java:273) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.executeWithParameter(SPARQLQueryProcessor.java:222) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.execute(SPARQLQueryProcessor.java:207) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.ActionService.executeLifecycle(ActionService.java:58) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.execPost(SPARQLQueryProcessor.java:83) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.ActionProcessor.process(ActionProcessor.java:34) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.ActionBase.process(ActionBase.java:55) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.ActionExecLib.execAction(ActionExecLib.java:106) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.server.Dispatcher.dispatchAction(Dispatcher.java:118) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.server.Dispatcher.process(Dispatcher.java:110) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.server.Dispatcher.dispatch(Dispatcher.java:96) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.FusekiFilter.doFilter(FusekiFilter.java:51) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:450) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) ~[fuseki-server.jar:3.17.0]
      at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:284) ~[fuseki-server.jar:3.17.0]
      at org.apache.jena.fuseki.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:247) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1612) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1582) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:716) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) ~[fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) [fuseki-server.jar:3.17.0]
      at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) [fuseki-server.jar:3.17.0]
      at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275]
      [2021-02-21 03:10:26] Fuseki INFO [3] 500 Server Error (18 ms)

      Attachments

        1. 0001-handle-properly-the-denied-access-generated-by-jena.patch
          3 kB
          info parlepeuple
        2. pom.xml
          3 kB
          info parlepeuple
        3. localData.ttl
          2 kB
          info parlepeuple
        4. ShiroEvaluator.java
          3 kB
          info parlepeuple

        Issue Links

          Activity

            People

              andy Andy Seaborne
              infoplp info parlepeuple
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: