Search in sources :

Example 1 with SecurityPermissionSet

use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.

the class TestSecurityProcessor method authenticate.

/**
 * {@inheritDoc}
 */
@Override
public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException {
    if (ctx.credentials() == null || ctx.credentials().getLogin() == null)
        return null;
    SecurityPermissionSet perms = PERMS.get(ctx.credentials());
    if (perms == null) {
        perms = new SecurityBasicPermissionSet();
        ((SecurityBasicPermissionSet) perms).setDefaultAllowAll(true);
    }
    SecurityContext res = new TestSecurityContext(new TestSecuritySubject().setType(ctx.subjectType()).setId(ctx.subjectId()).setAddr(ctx.address()).setLogin(ctx.credentials().getLogin()).setPerms(perms).setCerts(ctx.certificates()).sandboxPermissions(SANDBOX_PERMS.get(ctx.credentials())));
    SECURITY_CONTEXTS.put(res.subject().id(), res);
    return res;
}
Also used : SecurityPermissionSet(org.apache.ignite.plugin.security.SecurityPermissionSet) SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext) SecurityBasicPermissionSet(org.apache.ignite.plugin.security.SecurityBasicPermissionSet)

Example 2 with SecurityPermissionSet

use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.

the class CacheOperationPermissionCreateDestroyCheckTest method testCreateCacheWithCachePermissions.

/**
 */
@Test
public void testCreateCacheWithCachePermissions() throws Exception {
    SecurityPermissionSet secPermSet = builder().appendCachePermissions(CACHE_NAME, CACHE_CREATE).build();
    try (Ignite node = startGrid(TEST_NODE, secPermSet, clientMode)) {
        assertThrowsWithCause(() -> node.createCache(UNMANAGED_CACHE), SecurityException.class);
        assertNull(grid(SRV).cache(UNMANAGED_CACHE));
        assertNotNull(node.createCache(CACHE_NAME));
    }
}
Also used : SecurityPermissionSet(org.apache.ignite.plugin.security.SecurityPermissionSet) Ignite(org.apache.ignite.Ignite) Test(org.junit.Test) AbstractSecurityTest(org.apache.ignite.internal.processors.security.AbstractSecurityTest)

Example 3 with SecurityPermissionSet

use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.

the class CacheOperationPermissionCreateDestroyCheckTest method testDestroyCacheWithCachePermissions.

/**
 */
@Test
public void testDestroyCacheWithCachePermissions() throws Exception {
    SecurityPermissionSet secPermSet = builder().appendCachePermissions(CACHE_NAME, CACHE_DESTROY).build();
    grid(SRV).createCache(CACHE_NAME);
    grid(SRV).createCache(UNMANAGED_CACHE);
    try (Ignite node = startGrid(TEST_NODE, secPermSet, clientMode)) {
        node.destroyCache(CACHE_NAME);
        assertThrowsWithCause(() -> node.destroyCache(UNMANAGED_CACHE), SecurityException.class);
        assertNull(grid(SRV).cache(CACHE_NAME));
        assertNotNull(grid(SRV).cache(UNMANAGED_CACHE));
    }
}
Also used : SecurityPermissionSet(org.apache.ignite.plugin.security.SecurityPermissionSet) Ignite(org.apache.ignite.Ignite) Test(org.junit.Test) AbstractSecurityTest(org.apache.ignite.internal.processors.security.AbstractSecurityTest)

Example 4 with SecurityPermissionSet

use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.

the class AbstractEventSecurityContextTest method startGrid.

/**
 * {@inheritDoc}
 */
@Override
protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, Permissions sandboxPerms, boolean isClient) throws Exception {
    IgniteConfiguration cfg = getConfiguration(login, new TestSecurityPluginProvider(login, "", prmSet, sandboxPerms, globalAuth));
    cfg.setClientMode(isClient);
    cfg.setLocalHost("127.0.0.1");
    cfg.setConnectorConfiguration(new ConnectorConfiguration().setJettyPath("modules/clients/src/test/resources/jetty/rest-jetty.xml"));
    if (!isClient || includeClientNodes()) {
        cfg.setIncludeEventTypes(eventTypes());
        cfg.setLocalEventListeners(singletonMap(new IgnitePredicate<Event>() {

            /**
             */
            @IgniteInstanceResource
            IgniteEx ignite;

            /**
             * {@inheritDoc}
             */
            @Override
            public boolean apply(Event evt) {
                LISTENED_EVTS.computeIfAbsent(ignite.localNode(), k -> ConcurrentHashMap.newKeySet()).add(evt);
                return true;
            }
        }, eventTypes()));
    }
    return startGrid(cfg);
}
Also used : SecurityPermissionSet(org.apache.ignite.plugin.security.SecurityPermissionSet) URL(java.net.URL) JobEvent(org.apache.ignite.events.JobEvent) GridTestUtils.waitForCondition(org.apache.ignite.testframework.GridTestUtils.waitForCondition) IgniteEx(org.apache.ignite.internal.IgniteEx) TaskEvent(org.apache.ignite.events.TaskEvent) AbstractSecurityTest(org.apache.ignite.internal.processors.security.AbstractSecurityTest) CacheQueryExecutedEvent(org.apache.ignite.events.CacheQueryExecutedEvent) ClusterNode(org.apache.ignite.cluster.ClusterNode) IgnitePredicate(org.apache.ignite.lang.IgnitePredicate) URLConnection(java.net.URLConnection) Map(java.util.Map) JsonNode(com.fasterxml.jackson.databind.JsonNode) Collections.singletonMap(java.util.Collections.singletonMap) Permissions(java.security.Permissions) CacheEvent(org.apache.ignite.events.CacheEvent) TestSecurityPluginProvider(org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider) G(org.apache.ignite.internal.util.typedef.G) UTF_8(java.nio.charset.StandardCharsets.UTF_8) Collection(java.util.Collection) IgniteCheckedException(org.apache.ignite.IgniteCheckedException) IgniteException(org.apache.ignite.IgniteException) Event(org.apache.ignite.events.Event) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) IgniteInstanceResource(org.apache.ignite.resources.IgniteInstanceResource) IOException(java.io.IOException) LineNumberReader(java.io.LineNumberReader) InputStreamReader(java.io.InputStreamReader) Collectors(java.util.stream.Collectors) GridJettyObjectMapper(org.apache.ignite.internal.processors.rest.protocols.http.jetty.GridJettyObjectMapper) IgniteConfiguration(org.apache.ignite.configuration.IgniteConfiguration) ConnectorConfiguration(org.apache.ignite.configuration.ConnectorConfiguration) CacheQueryReadEvent(org.apache.ignite.events.CacheQueryReadEvent) RunnableX(org.apache.ignite.testframework.GridTestUtils.RunnableX) GridRestCommand(org.apache.ignite.internal.processors.rest.GridRestCommand) IgniteConfiguration(org.apache.ignite.configuration.IgniteConfiguration) TestSecurityPluginProvider(org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider) IgnitePredicate(org.apache.ignite.lang.IgnitePredicate) IgniteEx(org.apache.ignite.internal.IgniteEx) JobEvent(org.apache.ignite.events.JobEvent) TaskEvent(org.apache.ignite.events.TaskEvent) CacheQueryExecutedEvent(org.apache.ignite.events.CacheQueryExecutedEvent) CacheEvent(org.apache.ignite.events.CacheEvent) Event(org.apache.ignite.events.Event) CacheQueryReadEvent(org.apache.ignite.events.CacheQueryReadEvent) ConnectorConfiguration(org.apache.ignite.configuration.ConnectorConfiguration)

Example 5 with SecurityPermissionSet

use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.

the class CacheOperationPermissionCreateDestroyCheckTest method testDestroyCacheWithSystemPermissions.

/**
 */
@Test
public void testDestroyCacheWithSystemPermissions() throws Exception {
    SecurityPermissionSet secPermSet = builder().appendSystemPermissions(CACHE_DESTROY).build();
    grid(SRV).createCache(CACHE_NAME);
    try (Ignite node = startGrid(TEST_NODE, secPermSet, clientMode)) {
        assertThrowsWithCause(() -> forbidden(clientMode).destroyCache(CACHE_NAME), SecurityException.class);
        node.destroyCache(CACHE_NAME);
        assertNull(grid(SRV).cache(CACHE_NAME));
    }
}
Also used : SecurityPermissionSet(org.apache.ignite.plugin.security.SecurityPermissionSet) Ignite(org.apache.ignite.Ignite) Test(org.junit.Test) AbstractSecurityTest(org.apache.ignite.internal.processors.security.AbstractSecurityTest)

Aggregations

SecurityPermissionSet (org.apache.ignite.plugin.security.SecurityPermissionSet)6 AbstractSecurityTest (org.apache.ignite.internal.processors.security.AbstractSecurityTest)5 Ignite (org.apache.ignite.Ignite)4 Test (org.junit.Test)4 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 IOException (java.io.IOException)1 InputStreamReader (java.io.InputStreamReader)1 LineNumberReader (java.io.LineNumberReader)1 URL (java.net.URL)1 URLConnection (java.net.URLConnection)1 UTF_8 (java.nio.charset.StandardCharsets.UTF_8)1 Permissions (java.security.Permissions)1 Collection (java.util.Collection)1 Collections.singletonMap (java.util.Collections.singletonMap)1 Map (java.util.Map)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 Collectors (java.util.stream.Collectors)1 IgniteCheckedException (org.apache.ignite.IgniteCheckedException)1 IgniteException (org.apache.ignite.IgniteException)1