Fixed issue #4165

orientechnologies · May 21, 2015 · eda3685 · eda3685
1 parent 20c8553
commit eda3685
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 36 deletions.
diff --git a/...buted/src/main/java/com/orientechnologies/orient/server/hazelcast/ODistributedWorker.java b/...buted/src/main/java/com/orientechnologies/orient/server/hazelcast/ODistributedWorker.java
@@ -33,11 +33,11 @@
 import com.orientechnologies.orient.core.metadata.security.OUser;
 import com.orientechnologies.orient.core.record.ORecord;
 import com.orientechnologies.orient.server.config.OServerUserConfiguration;
+import com.orientechnologies.orient.server.distributed.ODiscardedResponse;
 import com.orientechnologies.orient.server.distributed.ODistributedAbstractPlugin;
 import com.orientechnologies.orient.server.distributed.ODistributedException;
 import com.orientechnologies.orient.server.distributed.ODistributedRequest;
 import com.orientechnologies.orient.server.distributed.ODistributedResponse;
-import com.orientechnologies.orient.server.distributed.ODiscardedResponse;
 import com.orientechnologies.orient.server.distributed.ODistributedServerLog;
 import com.orientechnologies.orient.server.distributed.ODistributedServerLog.DIRECTION;
 import com.orientechnologies.orient.server.distributed.task.OAbstractRemoteTask;
@@ -289,8 +289,8 @@ protected void onMessage(final ODistributedRequest iRequest) {
         if (database != null) {
           origin = database.getUser();
           try {
-            if (lastUser == null || !(lastUser.getName()).equals(iRequest.getUserName()))
-              lastUser = database.getMetadata().getSecurity().getUser(iRequest.getUserName());
+            if (lastUser == null || !(lastUser.getIdentity()).equals(iRequest.getUserRID()))
+              lastUser = database.getMetadata().getSecurity().getUser(iRequest.getUserRID());
             database.setUser(lastUser);// set to new user
           } catch (Throwable ex) {
             OLogManager.instance().error(this, "failed to convert to OUser " + ex.getMessage());

diff --git a/...main/java/com/orientechnologies/orient/server/hazelcast/OHazelcastDistributedRequest.java b/...main/java/com/orientechnologies/orient/server/hazelcast/OHazelcastDistributedRequest.java
@@ -1,24 +1,25 @@
 /*
-  *
-  *  *  Copyright 2014 Orient Technologies LTD (info(at)orientechnologies.com)
-  *  *
-  *  *  Licensed under the Apache License, Version 2.0 (the "License");
-  *  *  you may not use this file except in compliance with the License.
-  *  *  You may obtain a copy of the License at
-  *  *
-  *  *       http://www.apache.org/licenses/LICENSE-2.0
-  *  *
-  *  *  Unless required by applicable law or agreed to in writing, software
-  *  *  distributed under the License is distributed on an "AS IS" BASIS,
-  *  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  *  *  See the License for the specific language governing permissions and
-  *  *  limitations under the License.
-  *  *
-  *  * For more information: http://www.orientechnologies.com
-  *
-  */
+ *
+ *  *  Copyright 2014 Orient Technologies LTD (info(at)orientechnologies.com)
+ *  *
+ *  *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  *  you may not use this file except in compliance with the License.
+ *  *  You may obtain a copy of the License at
+ *  *
+ *  *       http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  *  Unless required by applicable law or agreed to in writing, software
+ *  *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  *  See the License for the specific language governing permissions and
+ *  *  limitations under the License.
+ *  *
+ *  * For more information: http://www.orientechnologies.com
+ *
+ */
 package com.orientechnologies.orient.server.hazelcast;
 
+import com.orientechnologies.orient.core.id.ORID;
 import com.orientechnologies.orient.server.distributed.ODistributedRequest;
 import com.orientechnologies.orient.server.distributed.task.OAbstractRemoteTask;
 
@@ -40,7 +41,7 @@ public class OHazelcastDistributedRequest implements ODistributedRequest, Extern
   private String              databaseName;
   private long                senderThreadId;
   private OAbstractRemoteTask task;
-  private String              userName = "";
+  private ORID                userRID;       // KEEP ALSO THE RID TO AVOID SECURITY PROBLEM ON DELETE & RECREATE USERS
 
   /**
    * Constructor used by serializer.
@@ -97,12 +98,12 @@ public OHazelcastDistributedRequest setSenderNodeName(final String senderNodeNam
     return this;
   }
 
-  public String getUserName() {
-    return userName;
+  public ORID getUserRID() {
+    return userRID;
   }
 
-  public void setUserName(final String userName) {
-    this.userName = userName;
+  public void setUserRID(final ORID iUserRID) {
+    this.userRID = iUserRID;
   }
 
   @Override
@@ -121,9 +122,8 @@ public void writeExternal(final ObjectOutput out) throws IOException {
     out.writeUTF(senderNodeName);
     out.writeLong(senderThreadId);
     out.writeUTF(databaseName);
-    out.writeUTF(userName);
     out.writeObject(task);
-    out.writeUTF(userName);
+    out.writeObject(userRID);
   }
 
   @Override
@@ -132,9 +132,8 @@ public void readExternal(final ObjectInput in) throws IOException, ClassNotFound
     senderNodeName = in.readUTF();
     senderThreadId = in.readLong();
     databaseName = in.readUTF();
-    userName = in.readUTF();
     task = (OAbstractRemoteTask) in.readObject();
-    userName = in.readUTF();
+    userRID = (ORID) in.readObject();
   }
 
   @Override
@@ -148,9 +147,9 @@ public String toString() {
       buffer.append(" task=");
       buffer.append(task.toString());
     }
-    if (userName != null) {
-      buffer.append(" userName=");
-      buffer.append(userName);
+    if (userRID != null) {
+      buffer.append(" user=");
+      buffer.append(userRID);
     }
     return buffer.toString();
   }

diff --git a/...ributed/src/main/java/com/orientechnologies/orient/server/hazelcast/OHazelcastPlugin.java b/...ributed/src/main/java/com/orientechnologies/orient/server/hazelcast/OHazelcastPlugin.java
@@ -333,7 +333,7 @@ public Object sendRequest(final String iDatabaseName, final Collection<String> i
     final ODatabaseDocument currentDatabase = ODatabaseRecordThreadLocal.INSTANCE.getIfDefined();
     if (currentDatabase != null && currentDatabase.getUser() != null)
       // SET CURRENT DATABASE NAME
-      req.setUserName(currentDatabase.getUser().getName());
+      req.setUserRID(currentDatabase.getUser().getIdentity().getIdentity());
 
     final OHazelcastDistributedDatabase db = messageService.getDatabase(iDatabaseName);
 

diff --git a/...er/src/main/java/com/orientechnologies/orient/server/distributed/ODistributedRequest.java b/...er/src/main/java/com/orientechnologies/orient/server/distributed/ODistributedRequest.java
@@ -19,6 +19,7 @@
       */
 package com.orientechnologies.orient.server.distributed;
 
+import com.orientechnologies.orient.core.id.ORID;
 import com.orientechnologies.orient.server.distributed.task.OAbstractRemoteTask;
 
 /**
@@ -49,7 +50,7 @@ enum EXECUTION_MODE {
 
    ODistributedRequest setTask(final OAbstractRemoteTask payload);
 
-   String getUserName();
+   ORID getUserRID();
 
-   void setUserName(String userName);
+   void setUserRID(ORID iUserRID);
  }