Search in sources :

Example 6 with SecurityException

use of org.apache.ignite.plugin.security.SecurityException in project ignite by apache.

the class ClientRequestHandler method handle.

/**
 * {@inheritDoc}
 */
@Override
public ClientListenerResponse handle(ClientListenerRequest req) {
    try {
        if (req instanceof ClientTxAwareRequest) {
            ClientTxAwareRequest req0 = (ClientTxAwareRequest) req;
            if (req0.isTransactional()) {
                int txId = req0.txId();
                ClientTxContext txCtx = ctx.txContext(txId);
                if (txCtx != null) {
                    try {
                        txCtx.acquire(true);
                        return ((ClientRequest) req).process(ctx);
                    } catch (IgniteCheckedException e) {
                        throw new IgniteClientException(ClientStatus.FAILED, e.getMessage(), e);
                    } finally {
                        try {
                            txCtx.release(true);
                        } catch (Exception e) {
                            log.warning("Failed to release client transaction context", e);
                        }
                    }
                }
            }
        }
        return ((ClientRequest) req).process(ctx);
    } catch (SecurityException ex) {
        throw new IgniteClientException(ClientStatus.SECURITY_VIOLATION, "Client is not authorized to perform this operation", ex);
    }
}
Also used : IgniteCheckedException(org.apache.ignite.IgniteCheckedException) ClientTxAwareRequest(org.apache.ignite.internal.processors.platform.client.tx.ClientTxAwareRequest) SecurityException(org.apache.ignite.plugin.security.SecurityException) IgniteCheckedException(org.apache.ignite.IgniteCheckedException) IgniteIllegalStateException(org.apache.ignite.IgniteIllegalStateException) SecurityException(org.apache.ignite.plugin.security.SecurityException) ClientTxContext(org.apache.ignite.internal.processors.platform.client.tx.ClientTxContext)

Example 7 with SecurityException

use of org.apache.ignite.plugin.security.SecurityException in project ignite by apache.

the class IgniteServiceProcessor method onLocalJoin.

/**
 * Callback for local join events for which the regular events are not generated.
 * <p/>
 * Local join event is expected in cases of joining to topology or client reconnect.
 *
 * @param evt Discovery event.
 * @param discoCache Discovery cache.
 */
public void onLocalJoin(DiscoveryEvent evt, DiscoCache discoCache) {
    assert ctx.localNodeId().equals(evt.eventNode().id());
    assert evt.type() == EVT_NODE_JOINED;
    if (isLocalNodeCoordinator()) {
        // First node start, method onGridDataReceived(DiscoveryDataBag.GridDiscoveryData) has not been called.
        ArrayList<ServiceInfo> staticServicesInfo = staticallyConfiguredServices(false);
        if (ctx.security().enabled()) {
            SecurityException err = checkDeployPermissionDuringJoin(evt.node(), staticServicesInfo);
            if (err != null)
                throw err;
        }
        staticServicesInfo.forEach(this::registerService);
    }
    ServiceDeploymentActions depActions = null;
    if (!registeredServices.isEmpty()) {
        depActions = new ServiceDeploymentActions();
        depActions.servicesToDeploy(new HashMap<>(registeredServices));
    }
    depMgr.onLocalJoin(evt, discoCache, depActions);
}
Also used : SecurityException(org.apache.ignite.plugin.security.SecurityException)

Example 8 with SecurityException

use of org.apache.ignite.plugin.security.SecurityException in project ignite by apache.

the class SecurityUtils method nodeSecurityContext.

/**
 * Gets the node's security context.
 *
 * @param marsh Marshaller.
 * @param ldr Class loader.
 * @param node Node.
 * @return Node's security context.
 */
public static SecurityContext nodeSecurityContext(Marshaller marsh, ClassLoader ldr, ClusterNode node) {
    A.notNull(node, "Cluster node");
    byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2);
    if (subjBytes == null)
        throw new SecurityException("Security context isn't certain.");
    try {
        return U.unmarshal(marsh, subjBytes, ldr);
    } catch (IgniteCheckedException e) {
        throw new SecurityException("Failed to get security context.", e);
    }
}
Also used : IgniteCheckedException(org.apache.ignite.IgniteCheckedException) SecurityException(org.apache.ignite.plugin.security.SecurityException)

Example 9 with SecurityException

use of org.apache.ignite.plugin.security.SecurityException in project ignite by apache.

the class GridRestProcessor method handleRequest.

/**
 * @param req Request.
 * @return Future.
 */
private IgniteInternalFuture<GridRestResponse> handleRequest(final GridRestRequest req) {
    if (req instanceof GridRestNodeStateBeforeStartRequest) {
        if (startLatch.getCount() == 0)
            return new GridFinishedFuture<>(new IgniteCheckedException("Node has already started."));
    } else if (!(req instanceof GridRestAuthenticationRequest) && startLatch.getCount() > 0) {
        try {
            startLatch.await();
        } catch (InterruptedException e) {
            return new GridFinishedFuture<>(new IgniteCheckedException("Failed to handle request " + "(protocol handler was interrupted when awaiting grid start).", e));
        }
    }
    if (log.isDebugEnabled())
        log.debug("Received request from client: " + req);
    if (securityEnabled) {
        Session ses;
        try {
            ses = session(req);
        } catch (IgniteAuthenticationException e) {
            return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage()));
        } catch (IgniteCheckedException e) {
            return new GridFinishedFuture<>(new GridRestResponse(STATUS_FAILED, e.getMessage()));
        }
        assert ses != null;
        req.clientId(ses.clientId);
        req.sessionToken(U.uuidToBytes(ses.sesId));
        if (log.isDebugEnabled())
            log.debug("Next clientId and sessionToken were extracted according to request: " + "[clientId=" + req.clientId() + ", sesTok=" + Arrays.toString(req.sessionToken()) + "]");
        SecurityContext secCtx0 = ses.secCtx;
        try {
            if (secCtx0 == null || ses.isTokenExpired(sesTokTtl))
                ses.secCtx = secCtx0 = authenticate(req, ses);
            try (OperationSecurityContext s = ctx.security().withContext(secCtx0)) {
                authorize(req);
                return handleRequest0(req);
            }
        } catch (SecurityException e) {
            assert secCtx0 != null;
            return new GridFinishedFuture<>(new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()));
        } catch (IgniteCheckedException e) {
            return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage()));
        }
    } else
        return handleRequest0(req);
}
Also used : IgniteAuthenticationException(org.apache.ignite.IgniteAuthenticationException) IgniteCheckedException(org.apache.ignite.IgniteCheckedException) OperationSecurityContext(org.apache.ignite.internal.processors.security.OperationSecurityContext) SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext) GridRestAuthenticationRequest(org.apache.ignite.internal.processors.rest.request.GridRestAuthenticationRequest) SecurityException(org.apache.ignite.plugin.security.SecurityException) GridRestNodeStateBeforeStartRequest(org.apache.ignite.internal.processors.rest.request.GridRestNodeStateBeforeStartRequest) OperationSecurityContext(org.apache.ignite.internal.processors.security.OperationSecurityContext) GridFinishedFuture(org.apache.ignite.internal.util.future.GridFinishedFuture)

Example 10 with SecurityException

use of org.apache.ignite.plugin.security.SecurityException in project ignite by apache.

the class ServiceAuthorizationTest method configuration.

/**
 * @return Ignite node configuration.
 */
private IgniteConfiguration configuration(int idx, SecurityPermission... perms) throws Exception {
    String name = getTestIgniteInstanceName(idx);
    IgniteConfiguration cfg = getConfiguration(name, new TestSecurityPluginProvider(name, "", create().defaultAllowAll(false).appendSystemPermissions(JOIN_AS_SERVER).appendCachePermissions(DEFAULT_CACHE_NAME, CACHE_CREATE).appendTaskPermissions("org.apache.ignite.internal.processors.affinity.GridAffinityUtils$AffinityJob", TASK_EXECUTE, TASK_CANCEL).appendServicePermissions(TEST_SERVICE_NAME, perms).build(), null, false)).setClientMode(isClient);
    if (authErrLatch != null) {
        cfg.setFailureHandler(new FailureHandler() {

            @Override
            public boolean onFailure(Ignite ignite, FailureContext failureCtx) {
                assertTrue(failureCtx.error() instanceof SecurityException);
                assertTrue(failureCtx.error().getMessage().startsWith("Authorization failed [perm=SERVICE_DEPLOY, name=test-service-name"));
                authErrLatch.countDown();
                return true;
            }
        });
    }
    return cfg;
}
Also used : IgniteConfiguration(org.apache.ignite.configuration.IgniteConfiguration) TestSecurityPluginProvider(org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider) FailureContext(org.apache.ignite.failure.FailureContext) FailureHandler(org.apache.ignite.failure.FailureHandler) Ignite(org.apache.ignite.Ignite) SecurityException(org.apache.ignite.plugin.security.SecurityException)

Aggregations

SecurityException (org.apache.ignite.plugin.security.SecurityException)10 IgniteCheckedException (org.apache.ignite.IgniteCheckedException)4 SecurityContext (org.apache.ignite.internal.processors.security.SecurityContext)3 IgniteException (org.apache.ignite.IgniteException)2 OperationSecurityContext (org.apache.ignite.internal.processors.security.OperationSecurityContext)2 IgniteNodeValidationResult (org.apache.ignite.spi.IgniteNodeValidationResult)2 Nullable (org.jetbrains.annotations.Nullable)2 AccessControlContext (java.security.AccessControlContext)1 PrivilegedActionException (java.security.PrivilegedActionException)1 CacheException (javax.cache.CacheException)1 CacheWriterException (javax.cache.integration.CacheWriterException)1 Ignite (org.apache.ignite.Ignite)1 IgniteAuthenticationException (org.apache.ignite.IgniteAuthenticationException)1 IgniteIllegalStateException (org.apache.ignite.IgniteIllegalStateException)1 CachePartialUpdateException (org.apache.ignite.cache.CachePartialUpdateException)1 CacheServerNotFoundException (org.apache.ignite.cache.CacheServerNotFoundException)1 QueryEntity (org.apache.ignite.cache.QueryEntity)1 FieldsQueryCursor (org.apache.ignite.cache.query.FieldsQueryCursor)1 IgniteConfiguration (org.apache.ignite.configuration.IgniteConfiguration)1 FailureContext (org.apache.ignite.failure.FailureContext)1