use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.
the class TestSecurityProcessor method authenticate.
/**
* {@inheritDoc}
*/
@Override
public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException {
if (ctx.credentials() == null || ctx.credentials().getLogin() == null)
return null;
SecurityPermissionSet perms = PERMS.get(ctx.credentials());
if (perms == null) {
perms = new SecurityBasicPermissionSet();
((SecurityBasicPermissionSet) perms).setDefaultAllowAll(true);
}
SecurityContext res = new TestSecurityContext(new TestSecuritySubject().setType(ctx.subjectType()).setId(ctx.subjectId()).setAddr(ctx.address()).setLogin(ctx.credentials().getLogin()).setPerms(perms).setCerts(ctx.certificates()).sandboxPermissions(SANDBOX_PERMS.get(ctx.credentials())));
SECURITY_CONTEXTS.put(res.subject().id(), res);
return res;
}
use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.
the class CacheOperationPermissionCreateDestroyCheckTest method testCreateCacheWithCachePermissions.
/**
*/
@Test
public void testCreateCacheWithCachePermissions() throws Exception {
SecurityPermissionSet secPermSet = builder().appendCachePermissions(CACHE_NAME, CACHE_CREATE).build();
try (Ignite node = startGrid(TEST_NODE, secPermSet, clientMode)) {
assertThrowsWithCause(() -> node.createCache(UNMANAGED_CACHE), SecurityException.class);
assertNull(grid(SRV).cache(UNMANAGED_CACHE));
assertNotNull(node.createCache(CACHE_NAME));
}
}
use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.
the class CacheOperationPermissionCreateDestroyCheckTest method testDestroyCacheWithCachePermissions.
/**
*/
@Test
public void testDestroyCacheWithCachePermissions() throws Exception {
SecurityPermissionSet secPermSet = builder().appendCachePermissions(CACHE_NAME, CACHE_DESTROY).build();
grid(SRV).createCache(CACHE_NAME);
grid(SRV).createCache(UNMANAGED_CACHE);
try (Ignite node = startGrid(TEST_NODE, secPermSet, clientMode)) {
node.destroyCache(CACHE_NAME);
assertThrowsWithCause(() -> node.destroyCache(UNMANAGED_CACHE), SecurityException.class);
assertNull(grid(SRV).cache(CACHE_NAME));
assertNotNull(grid(SRV).cache(UNMANAGED_CACHE));
}
}
use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.
the class AbstractEventSecurityContextTest method startGrid.
/**
* {@inheritDoc}
*/
@Override
protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, Permissions sandboxPerms, boolean isClient) throws Exception {
IgniteConfiguration cfg = getConfiguration(login, new TestSecurityPluginProvider(login, "", prmSet, sandboxPerms, globalAuth));
cfg.setClientMode(isClient);
cfg.setLocalHost("127.0.0.1");
cfg.setConnectorConfiguration(new ConnectorConfiguration().setJettyPath("modules/clients/src/test/resources/jetty/rest-jetty.xml"));
if (!isClient || includeClientNodes()) {
cfg.setIncludeEventTypes(eventTypes());
cfg.setLocalEventListeners(singletonMap(new IgnitePredicate<Event>() {
/**
*/
@IgniteInstanceResource
IgniteEx ignite;
/**
* {@inheritDoc}
*/
@Override
public boolean apply(Event evt) {
LISTENED_EVTS.computeIfAbsent(ignite.localNode(), k -> ConcurrentHashMap.newKeySet()).add(evt);
return true;
}
}, eventTypes()));
}
return startGrid(cfg);
}
use of org.apache.ignite.plugin.security.SecurityPermissionSet in project ignite by apache.
the class CacheOperationPermissionCreateDestroyCheckTest method testDestroyCacheWithSystemPermissions.
/**
*/
@Test
public void testDestroyCacheWithSystemPermissions() throws Exception {
SecurityPermissionSet secPermSet = builder().appendSystemPermissions(CACHE_DESTROY).build();
grid(SRV).createCache(CACHE_NAME);
try (Ignite node = startGrid(TEST_NODE, secPermSet, clientMode)) {
assertThrowsWithCause(() -> forbidden(clientMode).destroyCache(CACHE_NAME), SecurityException.class);
node.destroyCache(CACHE_NAME);
assertNull(grid(SRV).cache(CACHE_NAME));
}
}
Aggregations