Search in sources :

Example 1 with VisorGatewayTask

use of org.apache.ignite.internal.visor.compute.VisorGatewayTask in project ignite by apache.

the class GridRestProcessor method authorize.

/**
 * @param req REST request.
 * @throws SecurityException If authorization failed.
 */
private void authorize(GridRestRequest req) throws SecurityException {
    SecurityPermission perm = null;
    String name = null;
    switch(req.command()) {
        case CACHE_GET:
        case CACHE_CONTAINS_KEY:
        case CACHE_CONTAINS_KEYS:
        case CACHE_GET_ALL:
            perm = SecurityPermission.CACHE_READ;
            name = ((GridRestCacheRequest) req).cacheName();
            break;
        case EXECUTE_SQL_QUERY:
        case EXECUTE_SQL_FIELDS_QUERY:
        case EXECUTE_SCAN_QUERY:
        case CLOSE_SQL_QUERY:
        case FETCH_SQL_QUERY:
            perm = SecurityPermission.CACHE_READ;
            name = ((RestQueryRequest) req).cacheName();
            break;
        case CACHE_PUT:
        case CACHE_ADD:
        case CACHE_PUT_ALL:
        case CACHE_REPLACE:
        case CACHE_CAS:
        case CACHE_APPEND:
        case CACHE_PREPEND:
        case CACHE_GET_AND_PUT:
        case CACHE_GET_AND_REPLACE:
        case CACHE_GET_AND_PUT_IF_ABSENT:
        case CACHE_PUT_IF_ABSENT:
        case CACHE_REPLACE_VALUE:
            perm = SecurityPermission.CACHE_PUT;
            name = ((GridRestCacheRequest) req).cacheName();
            break;
        case CACHE_REMOVE:
        case CACHE_REMOVE_ALL:
        case CACHE_CLEAR:
        case CACHE_GET_AND_REMOVE:
        case CACHE_REMOVE_VALUE:
            perm = SecurityPermission.CACHE_REMOVE;
            name = ((GridRestCacheRequest) req).cacheName();
            break;
        case EXE:
        case RESULT:
            perm = SecurityPermission.TASK_EXECUTE;
            GridRestTaskRequest taskReq = (GridRestTaskRequest) req;
            name = taskReq.taskName();
            // We should extract task name wrapped by VisorGatewayTask.
            if (VisorGatewayTask.class.getName().equals(name))
                name = (String) taskReq.params().get(WRAPPED_TASK_IDX);
            break;
        case GET_OR_CREATE_CACHE:
            perm = SecurityPermission.CACHE_CREATE;
            name = ((GridRestCacheRequest) req).cacheName();
            break;
        case DESTROY_CACHE:
            perm = SecurityPermission.CACHE_DESTROY;
            name = ((GridRestCacheRequest) req).cacheName();
            break;
        case CLUSTER_ACTIVE:
        case CLUSTER_INACTIVE:
        case CLUSTER_ACTIVATE:
        case CLUSTER_DEACTIVATE:
        case BASELINE_SET:
        case BASELINE_ADD:
        case BASELINE_REMOVE:
        case CLUSTER_SET_STATE:
            perm = SecurityPermission.ADMIN_OPS;
            break;
        case DATA_REGION_METRICS:
        case DATA_STORAGE_METRICS:
        case CACHE_METRICS:
        case CACHE_SIZE:
        case CACHE_METADATA:
        case TOPOLOGY:
        case NODE:
        case VERSION:
        case NOOP:
        case QUIT:
        case ATOMIC_INCREMENT:
        case ATOMIC_DECREMENT:
        case NAME:
        case LOG:
        case CLUSTER_CURRENT_STATE:
        case CLUSTER_NAME:
        case BASELINE_CURRENT_STATE:
        case CLUSTER_STATE:
        case AUTHENTICATE:
        case ADD_USER:
        case REMOVE_USER:
        case UPDATE_USER:
        case PROBE:
            break;
        default:
            throw new AssertionError("Unexpected command: " + req.command());
    }
    if (perm != null)
        ctx.security().authorize(name, perm);
}
Also used : GridRestTaskRequest(org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest) VisorGatewayTask(org.apache.ignite.internal.visor.compute.VisorGatewayTask) SecurityPermission(org.apache.ignite.plugin.security.SecurityPermission)

Aggregations

GridRestTaskRequest (org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest)1 VisorGatewayTask (org.apache.ignite.internal.visor.compute.VisorGatewayTask)1 SecurityPermission (org.apache.ignite.plugin.security.SecurityPermission)1