use of org.apache.ignite.plugin.security.SecurityPermission in project ignite by apache.
the class GridRestProcessor method authorize.
/**
* @param req REST request.
* @param sCtx Security context.
* @throws SecurityException If authorization failed.
*/
private void authorize(GridRestRequest req, SecurityContext sCtx) throws SecurityException {
SecurityPermission perm = null;
String name = null;
switch(req.command()) {
case CACHE_GET:
case CACHE_CONTAINS_KEY:
case CACHE_CONTAINS_KEYS:
case CACHE_GET_ALL:
perm = SecurityPermission.CACHE_READ;
name = ((GridRestCacheRequest) req).cacheName();
break;
case EXECUTE_SQL_QUERY:
case EXECUTE_SQL_FIELDS_QUERY:
case EXECUTE_SCAN_QUERY:
case CLOSE_SQL_QUERY:
case FETCH_SQL_QUERY:
perm = SecurityPermission.CACHE_READ;
name = ((RestQueryRequest) req).cacheName();
break;
case CACHE_PUT:
case CACHE_ADD:
case CACHE_PUT_ALL:
case CACHE_REPLACE:
case CACHE_CAS:
case CACHE_APPEND:
case CACHE_PREPEND:
case CACHE_GET_AND_PUT:
case CACHE_GET_AND_REPLACE:
case CACHE_GET_AND_PUT_IF_ABSENT:
case CACHE_PUT_IF_ABSENT:
case CACHE_REPLACE_VALUE:
perm = SecurityPermission.CACHE_PUT;
name = ((GridRestCacheRequest) req).cacheName();
break;
case CACHE_REMOVE:
case CACHE_REMOVE_ALL:
case CACHE_CLEAR:
case CACHE_GET_AND_REMOVE:
case CACHE_REMOVE_VALUE:
perm = SecurityPermission.CACHE_REMOVE;
name = ((GridRestCacheRequest) req).cacheName();
break;
case EXE:
case RESULT:
perm = SecurityPermission.TASK_EXECUTE;
name = ((GridRestTaskRequest) req).taskName();
break;
case GET_OR_CREATE_CACHE:
case DESTROY_CACHE:
perm = SecurityPermission.ADMIN_CACHE;
name = ((GridRestCacheRequest) req).cacheName();
break;
case CACHE_METRICS:
case CACHE_SIZE:
case CACHE_METADATA:
case TOPOLOGY:
case NODE:
case VERSION:
case NOOP:
case QUIT:
case ATOMIC_INCREMENT:
case ATOMIC_DECREMENT:
case NAME:
case LOG:
case CLUSTER_CURRENT_STATE:
case CLUSTER_ACTIVE:
case CLUSTER_INACTIVE:
case ADD_USER:
case REMOVE_USER:
case UPDATE_USER:
break;
default:
throw new AssertionError("Unexpected command: " + req.command());
}
if (perm != null)
ctx.security().authorize(name, perm, sCtx);
}
use of org.apache.ignite.plugin.security.SecurityPermission in project ignite by apache.
the class RestProcessorAuthorizationTest method getPluginProvider.
/**
* {@inheritDoc}
*/
@Override
protected PluginProvider<?> getPluginProvider(String name) {
return new TestSecurityPluginProvider(name, null, ALLOW_ALL, globalAuth, clientData()) {
/**
* {@inheritDoc}
*/
@Override
protected GridSecurityProcessor securityProcessor(GridKernalContext ctx) {
return new TestSecurityProcessor(ctx, new TestSecurityData(login, pwd, perms, new Permissions()), Arrays.asList(clientData), globalAuth) {
/**
* {@inheritDoc}
*/
@Override
public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException {
authorizationCtxList.add(F.t(name, perm, securityCtx));
super.authorize(name, perm, securityCtx);
}
};
}
};
}
use of org.apache.ignite.plugin.security.SecurityPermission in project ignite by apache.
the class RestProcessorAuthorizationTest method testCacheCreateDestroyPermission.
/**
* @throws Exception if failed.
*/
@Test
public void testCacheCreateDestroyPermission() throws Exception {
IgniteEx ignite = startGrid(0);
ignite.cluster().state(ClusterState.ACTIVE);
assertNull(ignite.cache(TEST_CACHE));
executeCommand(GridRestCommand.GET_OR_CREATE_CACHE, LOGIN, PWD);
GridTuple3<String, SecurityPermission, SecurityContext> ctx = authorizationCtxList.get(0);
assertEquals(TEST_CACHE, ctx.get1());
assertEquals(SecurityPermission.CACHE_CREATE, ctx.get2());
assertEquals(LOGIN, ctx.get3().subject().login());
assertNotNull(ignite.cache(TEST_CACHE));
authorizationCtxList.clear();
executeCommand(GridRestCommand.DESTROY_CACHE, LOGIN, PWD);
ctx = authorizationCtxList.get(0);
assertEquals(TEST_CACHE, ctx.get1());
assertEquals(SecurityPermission.CACHE_DESTROY, ctx.get2());
assertEquals(LOGIN, ctx.get3().subject().login());
assertNull(ignite.cache(TEST_CACHE));
}
use of org.apache.ignite.plugin.security.SecurityPermission in project ignite by apache.
the class GridRestProcessor method authorize.
/**
* @param req REST request.
* @throws SecurityException If authorization failed.
*/
private void authorize(GridRestRequest req) throws SecurityException {
SecurityPermission perm = null;
String name = null;
switch(req.command()) {
case CACHE_GET:
case CACHE_CONTAINS_KEY:
case CACHE_CONTAINS_KEYS:
case CACHE_GET_ALL:
perm = SecurityPermission.CACHE_READ;
name = ((GridRestCacheRequest) req).cacheName();
break;
case EXECUTE_SQL_QUERY:
case EXECUTE_SQL_FIELDS_QUERY:
case EXECUTE_SCAN_QUERY:
case CLOSE_SQL_QUERY:
case FETCH_SQL_QUERY:
perm = SecurityPermission.CACHE_READ;
name = ((RestQueryRequest) req).cacheName();
break;
case CACHE_PUT:
case CACHE_ADD:
case CACHE_PUT_ALL:
case CACHE_REPLACE:
case CACHE_CAS:
case CACHE_APPEND:
case CACHE_PREPEND:
case CACHE_GET_AND_PUT:
case CACHE_GET_AND_REPLACE:
case CACHE_GET_AND_PUT_IF_ABSENT:
case CACHE_PUT_IF_ABSENT:
case CACHE_REPLACE_VALUE:
perm = SecurityPermission.CACHE_PUT;
name = ((GridRestCacheRequest) req).cacheName();
break;
case CACHE_REMOVE:
case CACHE_REMOVE_ALL:
case CACHE_CLEAR:
case CACHE_GET_AND_REMOVE:
case CACHE_REMOVE_VALUE:
perm = SecurityPermission.CACHE_REMOVE;
name = ((GridRestCacheRequest) req).cacheName();
break;
case EXE:
case RESULT:
perm = SecurityPermission.TASK_EXECUTE;
GridRestTaskRequest taskReq = (GridRestTaskRequest) req;
name = taskReq.taskName();
// We should extract task name wrapped by VisorGatewayTask.
if (VisorGatewayTask.class.getName().equals(name))
name = (String) taskReq.params().get(WRAPPED_TASK_IDX);
break;
case GET_OR_CREATE_CACHE:
perm = SecurityPermission.CACHE_CREATE;
name = ((GridRestCacheRequest) req).cacheName();
break;
case DESTROY_CACHE:
perm = SecurityPermission.CACHE_DESTROY;
name = ((GridRestCacheRequest) req).cacheName();
break;
case CLUSTER_ACTIVE:
case CLUSTER_INACTIVE:
case CLUSTER_ACTIVATE:
case CLUSTER_DEACTIVATE:
case BASELINE_SET:
case BASELINE_ADD:
case BASELINE_REMOVE:
case CLUSTER_SET_STATE:
perm = SecurityPermission.ADMIN_OPS;
break;
case DATA_REGION_METRICS:
case DATA_STORAGE_METRICS:
case CACHE_METRICS:
case CACHE_SIZE:
case CACHE_METADATA:
case TOPOLOGY:
case NODE:
case VERSION:
case NOOP:
case QUIT:
case ATOMIC_INCREMENT:
case ATOMIC_DECREMENT:
case NAME:
case LOG:
case CLUSTER_CURRENT_STATE:
case CLUSTER_NAME:
case BASELINE_CURRENT_STATE:
case CLUSTER_STATE:
case AUTHENTICATE:
case ADD_USER:
case REMOVE_USER:
case UPDATE_USER:
case PROBE:
break;
default:
throw new AssertionError("Unexpected command: " + req.command());
}
if (perm != null)
ctx.security().authorize(name, perm);
}
Aggregations