Search in sources :

Example 1 with SecuritySubject

use of org.apache.ignite.plugin.security.SecuritySubject in project ignite by apache.

the class AuthenticationProcessorSelfTest method testRemoteNodeSecurityContext.

/**
 * Test the ability to obtain the security context ot an authenticated user on the remote server node.
 */
@Test
public void testRemoteNodeSecurityContext() throws Exception {
    try (OperationSecurityContext ignored = grid(CLI_NODE).context().security().withContext(secCtxDflt)) {
        grid(CLI_NODE).context().security().createUser("test", "pwd".toCharArray());
    }
    SecuritySubject subj = authenticate(grid(0), "test", "pwd").subject();
    for (int i = 1; i < NODES_COUNT; i++) {
        IgniteSecurity security = ignite(i).context().security();
        try (OperationSecurityContext ignored = security.withContext(subj.id())) {
            SecuritySubject rmtSubj = security.securityContext().subject();
            assertEquals(subj.id(), rmtSubj.id());
            assertEquals(i != CLI_NODE ? subj.login() : null, rmtSubj.login());
            assertEquals(subj.type(), rmtSubj.type());
        }
    }
}
Also used : SecuritySubject(org.apache.ignite.plugin.security.SecuritySubject) IgniteSecurity(org.apache.ignite.internal.processors.security.IgniteSecurity) OperationSecurityContext(org.apache.ignite.internal.processors.security.OperationSecurityContext) GridCommonAbstractTest(org.apache.ignite.testframework.junits.common.GridCommonAbstractTest) Test(org.junit.Test)

Example 2 with SecuritySubject

use of org.apache.ignite.plugin.security.SecuritySubject in project ignite by apache.

the class GridManagerAdapter method onKernalStart.

/**
 * {@inheritDoc}
 */
@Override
public final void onKernalStart(boolean active) throws IgniteCheckedException {
    for (final IgniteSpi spi : spis) {
        try {
            spi.onContextInitialized(new IgniteSpiContext() {

                @Override
                public boolean isStopping() {
                    return ctx.isStopping();
                }

                @Override
                public Collection<ClusterNode> remoteNodes() {
                    return ctx.discovery().remoteNodes();
                }

                @Override
                public Collection<ClusterNode> nodes() {
                    return ctx.discovery().allNodes();
                }

                @Override
                public ClusterNode localNode() {
                    return ctx.discovery().localNode();
                }

                @Override
                public Collection<ClusterNode> remoteDaemonNodes() {
                    final Collection<ClusterNode> all = ctx.discovery().daemonNodes();
                    return !localNode().isDaemon() ? all : F.view(all, new IgnitePredicate<ClusterNode>() {

                        @Override
                        public boolean apply(ClusterNode n) {
                            return n.isDaemon();
                        }
                    });
                }

                @Nullable
                @Override
                public ClusterNode node(UUID nodeId) {
                    A.notNull(nodeId, "nodeId");
                    return ctx.discovery().node(nodeId);
                }

                @Override
                public boolean pingNode(UUID nodeId) {
                    A.notNull(nodeId, "nodeId");
                    try {
                        return ctx.discovery().pingNode(nodeId);
                    } catch (IgniteCheckedException e) {
                        throw U.convertException(e);
                    }
                }

                @Override
                public void send(ClusterNode node, Serializable msg, String topic) throws IgniteSpiException {
                    A.notNull(node, "node");
                    A.notNull(msg, "msg");
                    A.notNull(topic, "topic");
                    try {
                        if (msg instanceof Message)
                            ctx.io().sendToCustomTopic(node, topic, (Message) msg, SYSTEM_POOL);
                        else
                            ctx.io().sendUserMessage(Collections.singletonList(node), msg, topic, false, 0, false);
                    } catch (IgniteCheckedException e) {
                        throw unwrapException(e);
                    }
                }

                @Override
                public void addLocalMessageListener(Object topic, IgniteBiPredicate<UUID, ?> p) {
                    A.notNull(topic, "topic");
                    A.notNull(p, "p");
                    ctx.io().addUserMessageListener(topic, p);
                }

                @Override
                public void removeLocalMessageListener(Object topic, IgniteBiPredicate<UUID, ?> p) {
                    A.notNull(topic, "topic");
                    A.notNull(topic, "p");
                    ctx.io().removeUserMessageListener(topic, p);
                }

                @Override
                public void addMessageListener(GridMessageListener lsnr, String topic) {
                    A.notNull(lsnr, "lsnr");
                    A.notNull(topic, "topic");
                    ctx.io().addMessageListener(topic, lsnr);
                }

                @Override
                public boolean removeMessageListener(GridMessageListener lsnr, String topic) {
                    A.notNull(lsnr, "lsnr");
                    A.notNull(topic, "topic");
                    return ctx.io().removeMessageListener(topic, lsnr);
                }

                @Override
                public void addLocalEventListener(GridLocalEventListener lsnr, int... types) {
                    A.notNull(lsnr, "lsnr");
                    ctx.event().addLocalEventListener(lsnr, types);
                }

                @Override
                public boolean removeLocalEventListener(GridLocalEventListener lsnr) {
                    A.notNull(lsnr, "lsnr");
                    return ctx.event().removeLocalEventListener(lsnr);
                }

                @Override
                public boolean isEventRecordable(int... types) {
                    for (int t : types) if (!ctx.event().isRecordable(t))
                        return false;
                    return true;
                }

                @Override
                public void recordEvent(Event evt) {
                    A.notNull(evt, "evt");
                    if (ctx.event().isRecordable(evt.type()))
                        ctx.event().record(evt);
                }

                @Override
                public void registerPort(int port, IgnitePortProtocol proto) {
                    ctx.ports().registerPort(port, proto, spi.getClass());
                }

                @Override
                public void deregisterPort(int port, IgnitePortProtocol proto) {
                    ctx.ports().deregisterPort(port, proto, spi.getClass());
                }

                @Override
                public void deregisterPorts() {
                    ctx.ports().deregisterPorts(spi.getClass());
                }

                @Nullable
                @Override
                public <K, V> V get(String cacheName, K key) {
                    return ctx.cache().<K, V>jcache(cacheName).get(key);
                }

                @Nullable
                @Override
                public <K, V> V put(String cacheName, K key, V val, long ttl) {
                    try {
                        if (ttl > 0) {
                            ExpiryPolicy plc = new TouchedExpiryPolicy(new Duration(MILLISECONDS, ttl));
                            IgniteCache<K, V> cache = ctx.cache().<K, V>publicJCache(cacheName).withExpiryPolicy(plc);
                            return cache.getAndPut(key, val);
                        } else
                            return ctx.cache().<K, V>jcache(cacheName).getAndPut(key, val);
                    } catch (IgniteCheckedException e) {
                        throw CU.convertToCacheException(e);
                    }
                }

                @Nullable
                @Override
                public <K, V> V putIfAbsent(String cacheName, K key, V val, long ttl) {
                    try {
                        if (ttl > 0) {
                            ExpiryPolicy plc = new TouchedExpiryPolicy(new Duration(MILLISECONDS, ttl));
                            IgniteCache<K, V> cache = ctx.cache().<K, V>publicJCache(cacheName).withExpiryPolicy(plc);
                            return cache.getAndPutIfAbsent(key, val);
                        } else
                            return ctx.cache().<K, V>jcache(cacheName).getAndPutIfAbsent(key, val);
                    } catch (IgniteCheckedException e) {
                        throw CU.convertToCacheException(e);
                    }
                }

                @Nullable
                @Override
                public <K, V> V remove(String cacheName, K key) {
                    return ctx.cache().<K, V>jcache(cacheName).getAndRemove(key);
                }

                @Override
                public <K> boolean containsKey(String cacheName, K key) {
                    return ctx.cache().cache(cacheName).containsKey(key);
                }

                @Override
                public int partition(String cacheName, Object key) {
                    return ctx.cache().cache(cacheName).affinity().partition(key);
                }

                @Override
                public IgniteNodeValidationResult validateNode(ClusterNode node) {
                    for (GridComponent comp : ctx) {
                        IgniteNodeValidationResult err = comp.validateNode(node);
                        if (err != null)
                            return err;
                    }
                    return null;
                }

                @Nullable
                @Override
                public IgniteNodeValidationResult validateNode(ClusterNode node, DiscoveryDataBag discoData) {
                    for (GridComponent comp : ctx) {
                        if (comp.discoveryDataType() == null)
                            continue;
                        IgniteNodeValidationResult err = comp.validateNode(node, discoData.newJoinerDiscoveryData(comp.discoveryDataType().ordinal()));
                        if (err != null)
                            return err;
                    }
                    return null;
                }

                @Override
                public Collection<SecuritySubject> authenticatedSubjects() {
                    try {
                        return ctx.security().authenticatedSubjects();
                    } catch (IgniteCheckedException e) {
                        throw U.convertException(e);
                    }
                }

                @Override
                public SecuritySubject authenticatedSubject(UUID subjId) {
                    try {
                        return ctx.security().authenticatedSubject(subjId);
                    } catch (IgniteCheckedException e) {
                        throw U.convertException(e);
                    }
                }

                @Override
                public MessageFormatter messageFormatter() {
                    return ctx.io().formatter();
                }

                @Override
                public MessageFactory messageFactory() {
                    return ctx.io().messageFactory();
                }

                @Override
                public boolean tryFailNode(UUID nodeId, @Nullable String warning) {
                    return ctx.discovery().tryFailNode(nodeId, warning);
                }

                @Override
                public void failNode(UUID nodeId, @Nullable String warning) {
                    ctx.discovery().failNode(nodeId, warning);
                }

                @Override
                public void addTimeoutObject(IgniteSpiTimeoutObject obj) {
                    ctx.timeout().addTimeoutObject(new GridSpiTimeoutObject(obj));
                }

                @Override
                public void removeTimeoutObject(IgniteSpiTimeoutObject obj) {
                    ctx.timeout().removeTimeoutObject(new GridSpiTimeoutObject(obj));
                }

                @Override
                public Map<String, Object> nodeAttributes() {
                    return ctx.nodeAttributes();
                }

                @Override
                public boolean communicationFailureResolveSupported() {
                    return ctx.discovery().communicationErrorResolveSupported();
                }

                @Override
                public void resolveCommunicationFailure(ClusterNode node, Exception err) {
                    ctx.discovery().resolveCommunicationError(node, err);
                }

                @Override
                public ReadOnlyMetricRegistry getOrCreateMetricRegistry(String name) {
                    return ctx.metric().registry(name);
                }

                @Override
                public void removeMetricRegistry(String name) {
                    ctx.metric().remove(name);
                }

                @Override
                public Iterable<ReadOnlyMetricRegistry> metricRegistries() {
                    return ctx.metric();
                }

                @Override
                public void addMetricRegistryCreationListener(Consumer<ReadOnlyMetricRegistry> lsnr) {
                    ctx.metric().addMetricRegistryCreationListener(lsnr);
                }

                /**
                 * @param e Exception to handle.
                 * @return GridSpiException Converted exception.
                 */
                private IgniteSpiException unwrapException(IgniteCheckedException e) {
                    // Avoid double-wrapping.
                    if (e.getCause() instanceof IgniteSpiException)
                        return (IgniteSpiException) e.getCause();
                    return new IgniteSpiException("Failed to execute SPI context method.", e);
                }
            });
        } catch (IgniteSpiException e) {
            throw new IgniteCheckedException("Failed to initialize SPI context.", e);
        }
    }
    onKernalStart0();
}
Also used : IgniteSpiContext(org.apache.ignite.spi.IgniteSpiContext) Serializable(java.io.Serializable) IgniteSpiTimeoutObject(org.apache.ignite.spi.IgniteSpiTimeoutObject) Message(org.apache.ignite.plugin.extensions.communication.Message) GridLocalEventListener(org.apache.ignite.internal.managers.eventstorage.GridLocalEventListener) IgniteNodeValidationResult(org.apache.ignite.spi.IgniteNodeValidationResult) GridComponent(org.apache.ignite.internal.GridComponent) GridMessageListener(org.apache.ignite.internal.managers.communication.GridMessageListener) MessageFormatter(org.apache.ignite.plugin.extensions.communication.MessageFormatter) GridSpiTimeoutObject(org.apache.ignite.internal.processors.timeout.GridSpiTimeoutObject) IgniteCheckedException(org.apache.ignite.IgniteCheckedException) IgnitePortProtocol(org.apache.ignite.spi.IgnitePortProtocol) DiscoveryDataBag(org.apache.ignite.spi.discovery.DiscoveryDataBag) TouchedExpiryPolicy(javax.cache.expiry.TouchedExpiryPolicy) ExpiryPolicy(javax.cache.expiry.ExpiryPolicy) TouchedExpiryPolicy(javax.cache.expiry.TouchedExpiryPolicy) IgniteSpiException(org.apache.ignite.spi.IgniteSpiException) UUID(java.util.UUID) ClusterNode(org.apache.ignite.cluster.ClusterNode) MessageFactory(org.apache.ignite.plugin.extensions.communication.MessageFactory) SecuritySubject(org.apache.ignite.plugin.security.SecuritySubject) IgniteCache(org.apache.ignite.IgniteCache) IgniteSpi(org.apache.ignite.spi.IgniteSpi) Duration(javax.cache.expiry.Duration) IgniteCheckedException(org.apache.ignite.IgniteCheckedException) IgniteException(org.apache.ignite.IgniteException) IgniteSpiException(org.apache.ignite.spi.IgniteSpiException) ReadOnlyMetricRegistry(org.apache.ignite.spi.metric.ReadOnlyMetricRegistry) Collection(java.util.Collection) Event(org.apache.ignite.events.Event) GridSpiTimeoutObject(org.apache.ignite.internal.processors.timeout.GridSpiTimeoutObject) IgniteSpiTimeoutObject(org.apache.ignite.spi.IgniteSpiTimeoutObject) Map(java.util.Map) IdentityHashMap(java.util.IdentityHashMap) Nullable(org.jetbrains.annotations.Nullable)

Aggregations

SecuritySubject (org.apache.ignite.plugin.security.SecuritySubject)2 Serializable (java.io.Serializable)1 Collection (java.util.Collection)1 IdentityHashMap (java.util.IdentityHashMap)1 Map (java.util.Map)1 UUID (java.util.UUID)1 Duration (javax.cache.expiry.Duration)1 ExpiryPolicy (javax.cache.expiry.ExpiryPolicy)1 TouchedExpiryPolicy (javax.cache.expiry.TouchedExpiryPolicy)1 IgniteCache (org.apache.ignite.IgniteCache)1 IgniteCheckedException (org.apache.ignite.IgniteCheckedException)1 IgniteException (org.apache.ignite.IgniteException)1 ClusterNode (org.apache.ignite.cluster.ClusterNode)1 Event (org.apache.ignite.events.Event)1 GridComponent (org.apache.ignite.internal.GridComponent)1 GridMessageListener (org.apache.ignite.internal.managers.communication.GridMessageListener)1 GridLocalEventListener (org.apache.ignite.internal.managers.eventstorage.GridLocalEventListener)1 IgniteSecurity (org.apache.ignite.internal.processors.security.IgniteSecurity)1 OperationSecurityContext (org.apache.ignite.internal.processors.security.OperationSecurityContext)1 GridSpiTimeoutObject (org.apache.ignite.internal.processors.timeout.GridSpiTimeoutObject)1