Example 1 with VisorGatewayTask
use of org.apache.ignite.internal.visor.compute.VisorGatewayTask in project ignite by apache.
the class GridRestProcessor method authorize.
/**
* @param req REST request.
* @throws SecurityException If authorization failed.
*/
private void authorize(GridRestRequest req) throws SecurityException {
SecurityPermission perm = null;
String name = null;
switch(req.command()) {
case CACHE_GET:
case CACHE_CONTAINS_KEY:
case CACHE_CONTAINS_KEYS:
case CACHE_GET_ALL:
perm = SecurityPermission.CACHE_READ;
name = ((GridRestCacheRequest) req).cacheName();
break;
case EXECUTE_SQL_QUERY:
case EXECUTE_SQL_FIELDS_QUERY:
case EXECUTE_SCAN_QUERY:
case CLOSE_SQL_QUERY:
case FETCH_SQL_QUERY:
perm = SecurityPermission.CACHE_READ;
name = ((RestQueryRequest) req).cacheName();
break;
case CACHE_PUT:
case CACHE_ADD:
case CACHE_PUT_ALL:
case CACHE_REPLACE:
case CACHE_CAS:
case CACHE_APPEND:
case CACHE_PREPEND:
case CACHE_GET_AND_PUT:
case CACHE_GET_AND_REPLACE:
case CACHE_GET_AND_PUT_IF_ABSENT:
case CACHE_PUT_IF_ABSENT:
case CACHE_REPLACE_VALUE:
perm = SecurityPermission.CACHE_PUT;
name = ((GridRestCacheRequest) req).cacheName();
break;
case CACHE_REMOVE:
case CACHE_REMOVE_ALL:
case CACHE_CLEAR:
case CACHE_GET_AND_REMOVE:
case CACHE_REMOVE_VALUE:
perm = SecurityPermission.CACHE_REMOVE;
name = ((GridRestCacheRequest) req).cacheName();
break;
case EXE:
case RESULT:
perm = SecurityPermission.TASK_EXECUTE;
GridRestTaskRequest taskReq = (GridRestTaskRequest) req;
name = taskReq.taskName();
// We should extract task name wrapped by VisorGatewayTask.
if (VisorGatewayTask.class.getName().equals(name))
name = (String) taskReq.params().get(WRAPPED_TASK_IDX);
break;
case GET_OR_CREATE_CACHE:
perm = SecurityPermission.CACHE_CREATE;
name = ((GridRestCacheRequest) req).cacheName();
break;
case DESTROY_CACHE:
perm = SecurityPermission.CACHE_DESTROY;
name = ((GridRestCacheRequest) req).cacheName();
break;
case CLUSTER_ACTIVE:
case CLUSTER_INACTIVE:
case CLUSTER_ACTIVATE:
case CLUSTER_DEACTIVATE:
case BASELINE_SET:
case BASELINE_ADD:
case BASELINE_REMOVE:
case CLUSTER_SET_STATE:
perm = SecurityPermission.ADMIN_OPS;
break;
case DATA_REGION_METRICS:
case DATA_STORAGE_METRICS:
case CACHE_METRICS:
case CACHE_SIZE:
case CACHE_METADATA:
case TOPOLOGY:
case NODE:
case VERSION:
case NOOP:
case QUIT:
case ATOMIC_INCREMENT:
case ATOMIC_DECREMENT:
case NAME:
case LOG:
case CLUSTER_CURRENT_STATE:
case CLUSTER_NAME:
case BASELINE_CURRENT_STATE:
case CLUSTER_STATE:
case AUTHENTICATE:
case ADD_USER:
case REMOVE_USER:
case UPDATE_USER:
case PROBE:
break;
default:
throw new AssertionError("Unexpected command: " + req.command());
}
if (perm != null)
ctx.security().authorize(name, perm);
}
Also used :
GridRestTaskRequest(org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest)
VisorGatewayTask(org.apache.ignite.internal.visor.compute.VisorGatewayTask)
SecurityPermission(org.apache.ignite.plugin.security.SecurityPermission)
Aggregations
GridRestTaskRequest (org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest)1
VisorGatewayTask (org.apache.ignite.internal.visor.compute.VisorGatewayTask)1
SecurityPermission (org.apache.ignite.plugin.security.SecurityPermission)1
