From c5da193d222f13b33dadbde8dba88b41d057e7a6 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 4 Oct 2018 17:41:47 +0300 Subject: [PATCH 01/98] IGNITE-9560 --- assembly/dependencies-fabric.xml | 1 + .../internal/GridKernalContextImpl.java | 3 +- .../managers/communication/GridIoManager.java | 5 + .../security/GridSecurityProcessor.java | 2 +- .../security/GridSecurityProcessorWrp.java | 168 +++++++++++++++ .../NearNodeContextSecurityProcessor.java | 175 +++++++++++++++ modules/security/README.txt | 4 + modules/security/licenses/apache-2.0.txt | 202 ++++++++++++++++++ modules/security/pom.xml | 66 ++++++ .../security/TestSecurityContext.java | 64 ++++++ .../security/TestSecurityProcessor.java | 112 ++++++++++ .../TestSecurityProcessorProvider.java | 113 ++++++++++ .../security/TestSecuritySubject.java | 89 ++++++++ .../processor/security/TriConsumer.java | 38 ++++ .../processor/security/package-info.java | 22 ++ .../org.apache.ignite.plugin.PluginProvider | 1 + .../processor/security/ComputeTest.java | 131 ++++++++++++ .../processor/security/package-info.java | 22 ++ pom.xml | 1 + 19 files changed, 1217 insertions(+), 2 deletions(-) create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java create mode 100644 modules/security/README.txt create mode 100644 modules/security/licenses/apache-2.0.txt create mode 100644 modules/security/pom.xml create mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java create mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java create mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java create mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java create mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java create mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java create mode 100644 modules/security/src/main/resources/META-INF/services/org.apache.ignite.plugin.PluginProvider create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java diff --git a/assembly/dependencies-fabric.xml b/assembly/dependencies-fabric.xml index 3bcae044e2a4e..1d1a823787e6b 100644 --- a/assembly/dependencies-fabric.xml +++ b/assembly/dependencies-fabric.xml @@ -142,6 +142,7 @@ org.apache.ignite:ignite-extdata-platform org.apache.ignite:ignite-compatibility org.apache.ignite:ignite-sqlline + org.apache.ignite:ignite-security true diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java index 3b7b43072d99a..81a4878bbf20f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java @@ -48,6 +48,7 @@ import org.apache.ignite.internal.managers.indexing.GridIndexingManager; import org.apache.ignite.internal.managers.loadbalancer.GridLoadBalancerManager; import org.apache.ignite.internal.processors.cache.mvcc.MvccProcessor; +import org.apache.ignite.internal.processors.security.NearNodeContextSecurityProcessor; import org.apache.ignite.internal.worker.WorkersRegistry; import org.apache.ignite.internal.processors.affinity.GridAffinityProcessor; import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor; @@ -546,7 +547,7 @@ else if (comp instanceof GridFailoverManager) else if (comp instanceof GridCollisionManager) colMgr = (GridCollisionManager)comp; else if (comp instanceof GridSecurityProcessor) - securityProc = (GridSecurityProcessor)comp; + securityProc = new NearNodeContextSecurityProcessor(this,(GridSecurityProcessor)comp); else if (comp instanceof GridLoadBalancerManager) loadMgr = (GridLoadBalancerManager)comp; else if (comp instanceof GridIndexingManager) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index b3c80b05f635b..536ef7f0a718c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,6 +70,7 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; +import org.apache.ignite.internal.processors.security.NearNodeContextSecurityProcessor; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -1565,12 +1566,16 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); + ((NearNodeContextSecurityProcessor)ctx.security()).nearNodeId(nodeId); + try { lsnr.onMessage(nodeId, msg, plc); } finally { if (change) CUR_PLC.set(oldPlc); + + ((NearNodeContextSecurityProcessor)ctx.security()).removeNearNodeId(); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java index ef53566fd62bd..c8543c0354244 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java @@ -84,7 +84,7 @@ public interface GridSecurityProcessor extends GridProcessor { * @param securityCtx Optional security context. * @throws SecurityException If security check failed. */ - public void authorize(String name, SecurityPermission perm, @Nullable SecurityContext securityCtx) + public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException; /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java new file mode 100644 index 0000000000000..a88297256a98a --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java @@ -0,0 +1,168 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.Collection; +import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.IgniteInternalFuture; +import org.apache.ignite.lang.IgniteFuture; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.spi.IgniteNodeValidationResult; +import org.apache.ignite.spi.discovery.DiscoveryDataBag; +import org.jetbrains.annotations.Nullable; + +/** + * Wrapper class for implementation of {@link GridSecurityProcessor}. + */ +public class GridSecurityProcessorWrp implements GridSecurityProcessor { + /** Kernal context. */ + protected final GridKernalContext ctx; + + /** Original security processor. */ + protected final GridSecurityProcessor original; + + /** + * @param ctx Grid kernal context. + * @param original Original grid security processor. + */ + public GridSecurityProcessorWrp(GridKernalContext ctx, GridSecurityProcessor original) { + this.ctx = ctx; + this.original = original; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticateNode(ClusterNode node, + SecurityCredentials cred) throws IgniteCheckedException { + return original.authenticateNode(node, cred); + } + + /** {@inheritDoc} */ + @Override public boolean isGlobalNodeAuthentication() { + return original.isGlobalNodeAuthentication(); + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { + return original.authenticate(ctx); + } + + /** {@inheritDoc} */ + @Override public Collection authenticatedSubjects() throws IgniteCheckedException { + return original.authenticatedSubjects(); + } + + /** {@inheritDoc} */ + @Override public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException { + return original.authenticatedSubject(subjId); + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) + throws SecurityException { + original.authorize(name, perm, securityCtx); + } + + /** {@inheritDoc} */ + @Override public void onSessionExpired(UUID subjId) { + original.onSessionExpired(subjId); + } + + /** {@inheritDoc} */ + @Override public boolean enabled() { + return original.enabled(); + } + + /** {@inheritDoc} */ + @Override public void start() throws IgniteCheckedException { + original.start(); + } + + /** {@inheritDoc} */ + @Override public void stop(boolean cancel) throws IgniteCheckedException { + original.stop(cancel); + } + + /** {@inheritDoc} */ + @Override public void onKernalStart(boolean active) throws IgniteCheckedException { + original.onKernalStart(active); + } + + /** {@inheritDoc} */ + @Override public void onKernalStop(boolean cancel) { + original.onKernalStop(cancel); + } + + /** {@inheritDoc} */ + @Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) { + original.collectJoiningNodeData(dataBag); + } + + /** {@inheritDoc} */ + @Override public void collectGridNodeData(DiscoveryDataBag dataBag) { + original.collectGridNodeData(dataBag); + } + + /** {@inheritDoc} */ + @Override public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) { + original.onGridDataReceived(data); + } + + /** {@inheritDoc} */ + @Override public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) { + original.onJoiningNodeDataReceived(data); + } + + /** {@inheritDoc} */ + @Override public void printMemoryStats() { + original.printMemoryStats(); + } + + /** {@inheritDoc} */ + @Override @Nullable public IgniteNodeValidationResult validateNode(ClusterNode node) { + return original.validateNode(node); + } + + /** {@inheritDoc} */ + @Override @Nullable public IgniteNodeValidationResult validateNode(ClusterNode node, + DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { + return original.validateNode(node, discoData); + } + + /** {@inheritDoc} */ + @Override @Nullable public DiscoveryDataExchangeType discoveryDataType() { + return original.discoveryDataType(); + } + + /** {@inheritDoc} */ + @Override public void onDisconnected(IgniteFuture reconnectFut) throws IgniteCheckedException { + original.onDisconnected(reconnectFut); + } + + /** {@inheritDoc} */ + @Override @Nullable public IgniteInternalFuture onReconnected(boolean clusterRestarted) + throws IgniteCheckedException { + return original.onReconnected(clusterRestarted); + } +} \ No newline at end of file diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java new file mode 100644 index 0000000000000..225e7a5ab8889 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java @@ -0,0 +1,175 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.IgniteException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.IgniteNodeAttributes; +import org.apache.ignite.internal.util.typedef.internal.U; +import org.apache.ignite.marshaller.MarshallerUtils; +import org.apache.ignite.marshaller.jdk.JdkMarshaller; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; + +/** + * Wrapper that provides getting current security + * context for the {@link GridSecurityProcessor#authorize(String, SecurityPermission, SecurityContext)} method. + */ +public class NearNodeContextSecurityProcessor extends GridSecurityProcessorWrp { + /** Near node's id. */ + private final ThreadLocal nearNodeId = new ThreadLocal<>(); + //todo сюда нужно ещё мапу воткнуть для сохранения контекста удаленной ноды. + //чистить его по событию покидания узлом топологии. + /** Local node's security context. */ + private SecurityContext locSecCtx; + + /** Must use JDK marshaller for Security Subject. */ + private final JdkMarshaller marsh; + + /** + * @param ctx Grid kernal context. + * @param original Original grid security processor. + */ + public NearNodeContextSecurityProcessor(GridKernalContext ctx, GridSecurityProcessor original) { + super(ctx, original); + + marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName()); + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) + throws SecurityException { + original.authorize(name, perm, securityCtx(securityCtx)); + } + + /** + * Set near node's id. + * + * @param id Near node's id. + */ + public void nearNodeId(UUID id) { + nearNodeId.set(id); + } + + /** + * Get near dode's id. + * + * @return Near node's id. + */ + public UUID nearNodeId() { + return nearNodeId.get(); + } + + /** + * Remove near node's id. + */ + public void removeNearNodeId() { + nearNodeId.remove(); + } + + /** + * Getting current security context. + * + * @param passed Security context that was passed to {@link #authorize(String, SecurityPermission, + * SecurityContext)}. + * @return Current security context. + */ + private SecurityContext securityCtx(SecurityContext passed) { + SecurityContext res = passed; + try { + if (res == null) { + res = nearNodeSecurityCtx(); + + if (res == null) + res = localSecurityCtx(); + } + } + catch (IgniteCheckedException e) { + throw new IgniteException("Failed to get security context.", e); + } + + return res; + } + + /** + * Getting current near node's security context. + * + * @return Security context of near node. + */ + private SecurityContext nearNodeSecurityCtx() throws IgniteCheckedException { + SecurityContext secCtx = null; + + UUID nodeId = nearNodeId(); + + if (nodeId != null) + secCtx = nodeSecurityCtx(ctx.discovery().node(nodeId)); + + return secCtx; + } + + /** + * Getting local node's security context. + * + * @return Security context of local node. + * @throws IgniteCheckedException If error occurred. + */ + private SecurityContext localSecurityCtx() throws IgniteCheckedException { + SecurityContext res = locSecCtx; + + if (res == null) { + res = nodeSecurityCtx(ctx.discovery().localNode()); + + locSecCtx = res; + } + + assert res != null; + + return res; + } + + /** + * Getting node's security context. + * + * @param node Node. + * @return Node's security context. + * @throws IgniteCheckedException If failed. + */ + private SecurityContext nodeSecurityCtx(ClusterNode node) throws IgniteCheckedException { + byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); + + byte[] subjBytesV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + + if (subjBytes == null && subjBytesV2 == null) + throw new SecurityException("Local security context isn't certain."); + + if (subjBytesV2 != null) + return U.unmarshal(marsh, subjBytesV2, U.resolveClassLoader(ctx.config())); + + try { + SecurityUtils.serializeVersion(1); + + return U.unmarshal(marsh, subjBytes, U.resolveClassLoader(ctx.config())); + } + finally { + SecurityUtils.restoreDefaultSerializeVersion(); + } + } +} diff --git a/modules/security/README.txt b/modules/security/README.txt new file mode 100644 index 0000000000000..95e1332dcd284 --- /dev/null +++ b/modules/security/README.txt @@ -0,0 +1,4 @@ +Apache Ignite Security Tests +------------------------ + +Special module for security tests. diff --git a/modules/security/licenses/apache-2.0.txt b/modules/security/licenses/apache-2.0.txt new file mode 100644 index 0000000000000..d645695673349 --- /dev/null +++ b/modules/security/licenses/apache-2.0.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/modules/security/pom.xml b/modules/security/pom.xml new file mode 100644 index 0000000000000..6bf09941ff7c0 --- /dev/null +++ b/modules/security/pom.xml @@ -0,0 +1,66 @@ + + + + + + + + 4.0.0 + + + org.apache.ignite + ignite-parent + 1 + ../../parent + + + ignite-security + 2.7.0-SNAPSHOT + http://ignite.apache.org + + + + org.apache.ignite + ignite-core + ${project.version} + + + + org.apache.ignite + ignite-log4j + ${project.version} + test + + + org.apache.ignite + ignite-spring + ${project.version} + test + + + + org.apache.ignite + ignite-core + ${project.version} + test-jar + test + + + diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java new file mode 100644 index 0000000000000..37e371d713281 --- /dev/null +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import java.io.Serializable; +import java.util.Collection; +import org.apache.ignite.internal.processors.security.SecurityContext; +import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; + +/** + * Security context for tests. + */ +public class TestSecurityContext implements SecurityContext, Serializable { + + private final SecuritySubject subject; + + public TestSecurityContext(SecuritySubject subject) { + this.subject = subject; + } + + /** {@inheritDoc} */ + @Override public SecuritySubject subject() { + return subject; + } + + /** {@inheritDoc} */ + @Override public boolean taskOperationAllowed(String taskClsName, SecurityPermission perm) { + return true; + } + + /** {@inheritDoc} */ + @Override public boolean cacheOperationAllowed(String cacheName, SecurityPermission perm) { +// Collection col = subject.permissions().cachePermissions().get(cacheName); +// return F.isEmpty(col) || col.stream().anyMatch((sp)-> sp == perm); + return true; + } + + /** {@inheritDoc} */ + @Override public boolean serviceOperationAllowed(String srvcName, SecurityPermission perm) { + return true; + } + + /** {@inheritDoc} */ + @Override public boolean systemOperationAllowed(SecurityPermission perm) { + return true; + } +} diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java new file mode 100644 index 0000000000000..50c32ecbd77dc --- /dev/null +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -0,0 +1,112 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import java.util.Collection; +import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.IgniteNodeAttributes; +import org.apache.ignite.internal.processors.GridProcessorAdapter; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.SecurityContext; +import org.apache.ignite.lang.IgniteInClosure; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; +import org.apache.ignite.plugin.security.SecuritySubject; + +/** + * Security processor for tests. + */ +public class TestSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { + + private TriConsumer authorize; + + public TestSecurityProcessor(GridKernalContext ctx) { + super(ctx); + } + + /** + * Setup consumer for {link {@link #authorize(String, SecurityPermission, SecurityContext)}} method. + * @param authorize Authorize. + */ + public void authorizeConsumer(TriConsumer authorize){ + this.authorize = authorize; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) { + return new TestSecurityContext( + new TestSecuritySubject( + node.id(), + node.consistentId(), + null, + SecurityPermissionSetBuilder.create().build() + ) + ); + } + + /** {@inheritDoc} */ + @Override public boolean isGlobalNodeAuthentication() { + return false; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticate(AuthenticationContext ctx) { + return null; + } + + /** {@inheritDoc} */ + @Override public Collection authenticatedSubjects() { + return null; + } + + /** {@inheritDoc} */ + @Override public SecuritySubject authenticatedSubject(UUID subjId) { + return null; + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) + throws SecurityException { + if(authorize != null) + authorize.accept(name, perm, securityCtx); + } + + /** {@inheritDoc} */ + @Override public void onSessionExpired(UUID subjId) { + + } + + /** {@inheritDoc} */ + @Override public boolean enabled() { + //todo нужно посмотреть как в ГГ происходит обработка + return false; + } + + /** {@inheritDoc} */ + @Override public void start() throws IgniteCheckedException { + super.start(); + + ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, new SecurityCredentials()); + } +} diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java new file mode 100644 index 0000000000000..45c98e16d9e00 --- /dev/null +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.IgniteKernal; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.plugin.CachePluginContext; +import org.apache.ignite.plugin.CachePluginProvider; +import org.apache.ignite.plugin.ExtensionRegistry; +import org.apache.ignite.plugin.IgnitePlugin; +import org.apache.ignite.plugin.PluginContext; +import org.apache.ignite.plugin.PluginProvider; +import org.apache.ignite.plugin.PluginValidationException; +import org.jetbrains.annotations.Nullable; + +import java.io.Serializable; +import java.util.UUID; + +/** + * Security processor provider for tests. + */ +public class TestSecurityProcessorProvider implements PluginProvider { + /** {@inheritDoc} */ + @Override public String name() { + return "TestSecurityProcessorProvider"; + } + + /** {@inheritDoc} */ + @Override public String version() { + return "1.0"; + } + + /** {@inheritDoc} */ + @Override public String copyright() { + return null; + } + + /** {@inheritDoc} */ + @Override public IgnitePlugin plugin() { + return new IgnitePlugin() {}; + } + + /** {@inheritDoc} */ + @Override public void initExtensions(PluginContext ctx, ExtensionRegistry registry) throws IgniteCheckedException { + + } + + /** {@inheritDoc} */ + @Nullable @Override public Object createComponent(PluginContext ctx, Class cls) { + //todo MY_TODO вот тут нужно прописать логику получения класса процессора + //из системных свойств. + return cls.isAssignableFrom(GridSecurityProcessor.class) + ? new TestSecurityProcessor(((IgniteKernal)ctx.grid()).context()) + : null; + } + + /** {@inheritDoc} */ + @Override public CachePluginProvider createCacheProvider(CachePluginContext ctx) { + return null; + } + + /** {@inheritDoc} */ + @Override public void start(PluginContext ctx) throws IgniteCheckedException { + + } + + /** {@inheritDoc} */ + @Override public void stop(boolean cancel) throws IgniteCheckedException { + + } + + /** {@inheritDoc} */ + @Override public void onIgniteStart() throws IgniteCheckedException { + + } + + /** {@inheritDoc} */ + @Override public void onIgniteStop(boolean cancel) { + + } + + /** {@inheritDoc} */ + @Nullable @Override public Serializable provideDiscoveryData(UUID nodeId) { + return null; + } + + /** {@inheritDoc} */ + @Override public void receiveDiscoveryData(UUID nodeId, Serializable data) { + + } + + /** {@inheritDoc} */ + @Override public void validateNewNode(ClusterNode node) throws PluginValidationException { + + } +} diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java new file mode 100644 index 0000000000000..19a0cc64d1a4b --- /dev/null +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java @@ -0,0 +1,89 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import java.net.InetSocketAddress; +import java.util.UUID; +import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.plugin.security.SecuritySubjectType; + +/** + * Security subject for tests. + */ +public class TestSecuritySubject implements SecuritySubject { + + private UUID id; + private SecuritySubjectType type = SecuritySubjectType.REMOTE_NODE; + private Object login; + private InetSocketAddress address; + private SecurityPermissionSet permissions; + + public TestSecuritySubject() { + } + + public TestSecuritySubject(UUID id, + Object login, + InetSocketAddress address, + SecurityPermissionSet permissions) { + this.id = id; + this.login = login; + this.address = address; + this.permissions = permissions; + } + + @Override public UUID id() { + return id; + } + + public void setId(UUID id) { + this.id = id; + } + + @Override public SecuritySubjectType type() { + return type; + } + + public void setType(SecuritySubjectType type) { + this.type = type; + } + + @Override public Object login() { + return login; + } + + public void setLogin(Object login) { + this.login = login; + } + + @Override public InetSocketAddress address() { + return address; + } + + public void setAddress(InetSocketAddress address) { + this.address = address; + } + + @Override public SecurityPermissionSet permissions() { + return permissions; + } + + public void setPermissions(SecurityPermissionSet permissions) { + this.permissions = permissions; + } +} diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java new file mode 100644 index 0000000000000..db59b0fb93422 --- /dev/null +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +/** + * Tri-consumer. + * + * @param First parameter type. + * @param Second parameter type. + * @param Third parameter type. + */ +@FunctionalInterface +public interface TriConsumer { + /** + * Performs this operation on the given arguments. + * + * @param a First parameter. + * @param b Second parameter. + * @param c Third parameter. + */ + public void accept(A a, B b, C c); + +} diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java new file mode 100644 index 0000000000000..6a84b4038e4b1 --- /dev/null +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java @@ -0,0 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * + * Contains classes and interfaces for security tests. + */ +package org.apache.ignite.internal.processor.security; \ No newline at end of file diff --git a/modules/security/src/main/resources/META-INF/services/org.apache.ignite.plugin.PluginProvider b/modules/security/src/main/resources/META-INF/services/org.apache.ignite.plugin.PluginProvider new file mode 100644 index 0000000000000..02875fb8c59a4 --- /dev/null +++ b/modules/security/src/main/resources/META-INF/services/org.apache.ignite.plugin.PluginProvider @@ -0,0 +1 @@ +org.apache.ignite.internal.processor.security.TestSecurityProcessorProvider diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTest.java new file mode 100644 index 0000000000000..7a909832c5db3 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTest.java @@ -0,0 +1,131 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import java.lang.reflect.Field; +import java.util.concurrent.atomic.AtomicBoolean; +import org.apache.ignite.Ignition; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.DataRegionConfiguration; +import org.apache.ignite.configuration.DataStorageConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processors.security.GridSecurityProcessorWrp; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; + +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; + +/** + * Security tests for a compute task. + */ +public class ComputeTest extends GridCommonAbstractTest { + /** Cache name. */ + private static final String CACHE_NAME = "TEST_CACHE"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrids(2).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void afterTestsStopped() throws Exception { + super.afterTestsStopped(); + + stopAllGrids(); + + cleanPersistenceDir(); + } + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + return super.getConfiguration(igniteInstanceName) + .setDataStorageConfiguration( + new DataStorageConfiguration() + .setDefaultDataRegionConfiguration( + new DataRegionConfiguration().setPersistenceEnabled(true) + ) + ) + .setAuthenticationEnabled(true) + .setCacheConfiguration( + new CacheConfiguration<>().setName(CACHE_NAME) + ); + } + + /** + * вызов опреции в лямбде для локального узла. будет передан контекст локального узла + */ + public void testSecProcShouldGetLocalSecCtxWhenCallOnLocalNode() throws Exception { + IgniteEx ignite = grid(0); +// IgniteEx ignite = startGrid(getConfiguration("client-node").setClientMode(true)); + + TestSecurityProcessor secProc = processor(ignite); + + AtomicBoolean call = new AtomicBoolean(false); + + secProc.authorizeConsumer( + (name, perm, secCtx) -> { + if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm) { + assertThat(secCtx.subject().id(), is(ignite.context().localNodeId())); + call.set(true); + } + else + System.out.println( + "MY_DEBUG name=" + name + ", perm=" + perm + ", secCtx=" + secCtx + ); + } + ); + + ignite.compute(ignite.cluster().forLocal()) + .broadcast(() -> + Ignition.localIgnite().cache(CACHE_NAME).put("key", "value") + ); + + assertThat(call.get(), is(true)); + } + + private TestSecurityProcessor processor(IgniteEx ignite) { + GridSecurityProcessorWrp wrp = (GridSecurityProcessorWrp)ignite.context().security(); + try { + Field fld = GridSecurityProcessorWrp.class.getDeclaredField("original"); + boolean accessible = fld.isAccessible(); + try { + fld.setAccessible(true); + + return (TestSecurityProcessor)fld.get(wrp); + } + finally { + fld.setAccessible(accessible); + } + } + catch (NoSuchFieldException | IllegalAccessException e) { + throw new RuntimeException(e); + } + } + + /** + * вызов опреции в лямбде для удалннного узла. будет передан контекст узла инициатора + */ + public void testSecProcShouldGetNearNodeSecCtxWhenCallOnRemoteNode() { + + } + +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java new file mode 100644 index 0000000000000..86a052578b770 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java @@ -0,0 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * + * Contains security tests. + */ +package org.apache.ignite.internal.processor.security; \ No newline at end of file diff --git a/pom.xml b/pom.xml index ffedd7141c100..e1433a99b49f3 100644 --- a/pom.xml +++ b/pom.xml @@ -58,6 +58,7 @@ modules/extdata/uri modules/extdata/platform modules/clients + modules/security modules/spring modules/spring-data modules/spring-data-2.0 From 3759e1918cee538710c7de3b5cabaf5f7265eed6 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 5 Oct 2018 13:58:25 +0300 Subject: [PATCH 02/98] IGNITE-9560 Added tests for compute case --- .../managers/communication/GridIoManager.java | 14 +- .../security/GridSecurityProcessorWrp.java | 11 ++ .../NearNodeContextSecurityProcessor.java | 119 ++++++------ .../security/TestSecurityProcessor.java | 9 +- .../TestSecurityProcessorProvider.java | 62 +++++-- .../processor/security/ComputeTest.java | 169 +++++++++++++----- 6 files changed, 281 insertions(+), 103 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 536ef7f0a718c..0fcba1b7b758f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -141,6 +141,9 @@ public class GridIoManager extends GridManagerAdapter CUR_PLC = new ThreadLocal<>(); + /** Current near node. */ + private static final ThreadLocal CUR_NEAR_NODE = new ThreadLocal<>(); + /** Listeners by topic. */ private final ConcurrentMap lsnrMap = new ConcurrentHashMap<>(); @@ -1566,7 +1569,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - ((NearNodeContextSecurityProcessor)ctx.security()).nearNodeId(nodeId); + CUR_NEAR_NODE.set(nodeId); try { lsnr.onMessage(nodeId, msg, plc); @@ -1575,7 +1578,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(oldPlc); - ((NearNodeContextSecurityProcessor)ctx.security()).removeNearNodeId(); + CUR_NEAR_NODE.remove(); } } @@ -1586,6 +1589,13 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj return CUR_PLC.get(); } + /** + * @return Current near node's id. + */ + @Nullable public static UUID currentNearNode(){ + return CUR_NEAR_NODE.get(); + } + /** * @param nodeId Node ID. * @param sndErr Send error. diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java index a88297256a98a..207d2b2bd11fe 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java @@ -20,9 +20,11 @@ import java.util.Collection; import java.util.UUID; import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.IgniteLogger; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteInternalFuture; +import org.apache.ignite.internal.util.tostring.GridToStringExclude; import org.apache.ignite.lang.IgniteFuture; import org.apache.ignite.plugin.security.AuthenticationContext; import org.apache.ignite.plugin.security.SecurityCredentials; @@ -37,6 +39,10 @@ * Wrapper class for implementation of {@link GridSecurityProcessor}. */ public class GridSecurityProcessorWrp implements GridSecurityProcessor { + /** Logger. */ + @GridToStringExclude + protected final IgniteLogger log; + /** Kernal context. */ protected final GridKernalContext ctx; @@ -48,8 +54,13 @@ public class GridSecurityProcessorWrp implements GridSecurityProcessor { * @param original Original grid security processor. */ public GridSecurityProcessorWrp(GridKernalContext ctx, GridSecurityProcessor original) { + assert ctx != null; + assert original != null; + this.ctx = ctx; this.original = original; + + log = ctx.log(original.getClass()); } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java index 225e7a5ab8889..90f519f48c430 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java @@ -17,33 +17,42 @@ package org.apache.ignite.internal.processors.security; +import java.util.Map; import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; +import java.util.function.Function; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.events.DiscoveryEvent; import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteNodeAttributes; +import org.apache.ignite.internal.managers.communication.GridIoManager; +import org.apache.ignite.internal.managers.discovery.DiscoCache; +import org.apache.ignite.internal.managers.eventstorage.DiscoveryEventListener; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.marshaller.MarshallerUtils; import org.apache.ignite.marshaller.jdk.JdkMarshaller; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; +import static org.apache.ignite.events.EventType.EVT_NODE_FAILED; +import static org.apache.ignite.events.EventType.EVT_NODE_LEFT; + /** - * Wrapper that provides getting current security - * context for the {@link GridSecurityProcessor#authorize(String, SecurityPermission, SecurityContext)} method. + * Wrapper that provides getting current security context for the {@link GridSecurityProcessor#authorize(String, + * SecurityPermission, SecurityContext)} method. */ public class NearNodeContextSecurityProcessor extends GridSecurityProcessorWrp { - /** Near node's id. */ - private final ThreadLocal nearNodeId = new ThreadLocal<>(); - //todo сюда нужно ещё мапу воткнуть для сохранения контекста удаленной ноды. - //чистить его по событию покидания узлом топологии. /** Local node's security context. */ private SecurityContext locSecCtx; /** Must use JDK marshaller for Security Subject. */ private final JdkMarshaller marsh; + /** Map of security contexts. Key is node's id. */ + private final Map secCtxs = new ConcurrentHashMap<>(); + /** * @param ctx Grid kernal context. * @param original Original grid security processor. @@ -57,16 +66,27 @@ public NearNodeContextSecurityProcessor(GridKernalContext ctx, GridSecurityProce /** {@inheritDoc} */ @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException { - original.authorize(name, perm, securityCtx(securityCtx)); + if(enabled()) { + SecurityContext curSecCtx = securityCtx(securityCtx); + + if (log.isDebugEnabled()) + log.debug("Authorize [name=" + name + ", perm=" + perm + "secCtx=" + curSecCtx + ']'); + + original.authorize(name, perm, curSecCtx); + } } - /** - * Set near node's id. - * - * @param id Near node's id. - */ - public void nearNodeId(UUID id) { - nearNodeId.set(id); + /** {@inheritDoc} */ + @Override public void onKernalStart(boolean active) throws IgniteCheckedException { + super.onKernalStart(active); + + if (enabled()) { + ctx.event().addDiscoveryEventListener(new DiscoveryEventListener() { + @Override public void onEvent(DiscoveryEvent evt, DiscoCache discoCache) { + secCtxs.remove(evt.eventNode().id()); + } + }, EVT_NODE_FAILED, EVT_NODE_LEFT); + } } /** @@ -74,15 +94,8 @@ public void nearNodeId(UUID id) { * * @return Near node's id. */ - public UUID nearNodeId() { - return nearNodeId.get(); - } - - /** - * Remove near node's id. - */ - public void removeNearNodeId() { - nearNodeId.remove(); + private UUID nearNodeId() { + return GridIoManager.currentNearNode(); } /** @@ -94,18 +107,16 @@ public void removeNearNodeId() { */ private SecurityContext securityCtx(SecurityContext passed) { SecurityContext res = passed; - try { - if (res == null) { - res = nearNodeSecurityCtx(); - if (res == null) - res = localSecurityCtx(); - } - } - catch (IgniteCheckedException e) { - throw new IgniteException("Failed to get security context.", e); + if (res == null) { + res = nearNodeSecurityCtx(); + + if (res == null) + res = localSecurityCtx(); } + assert res != null; + return res; } @@ -114,13 +125,20 @@ private SecurityContext securityCtx(SecurityContext passed) { * * @return Security context of near node. */ - private SecurityContext nearNodeSecurityCtx() throws IgniteCheckedException { + private SecurityContext nearNodeSecurityCtx() { SecurityContext secCtx = null; - UUID nodeId = nearNodeId(); + final UUID nodeId = nearNodeId(); - if (nodeId != null) - secCtx = nodeSecurityCtx(ctx.discovery().node(nodeId)); + if (nodeId != null) { + secCtx = secCtxs.computeIfAbsent(nodeId, + new Function() { + @Override public SecurityContext apply(UUID uuid) { + return nodeSecurityCtx(ctx.discovery().node(nodeId)); + + } + }); + } return secCtx; } @@ -129,9 +147,8 @@ private SecurityContext nearNodeSecurityCtx() throws IgniteCheckedException { * Getting local node's security context. * * @return Security context of local node. - * @throws IgniteCheckedException If error occurred. */ - private SecurityContext localSecurityCtx() throws IgniteCheckedException { + private SecurityContext localSecurityCtx() { SecurityContext res = locSecCtx; if (res == null) { @@ -140,8 +157,6 @@ private SecurityContext localSecurityCtx() throws IgniteCheckedException { locSecCtx = res; } - assert res != null; - return res; } @@ -150,26 +165,30 @@ private SecurityContext localSecurityCtx() throws IgniteCheckedException { * * @param node Node. * @return Node's security context. - * @throws IgniteCheckedException If failed. */ - private SecurityContext nodeSecurityCtx(ClusterNode node) throws IgniteCheckedException { + private SecurityContext nodeSecurityCtx(ClusterNode node) { byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); byte[] subjBytesV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); if (subjBytes == null && subjBytesV2 == null) - throw new SecurityException("Local security context isn't certain."); - - if (subjBytesV2 != null) - return U.unmarshal(marsh, subjBytesV2, U.resolveClassLoader(ctx.config())); + throw new SecurityException("Security context isn't certain."); try { - SecurityUtils.serializeVersion(1); + if (subjBytesV2 != null) + return U.unmarshal(marsh, subjBytesV2, U.resolveClassLoader(ctx.config())); + + try { + SecurityUtils.serializeVersion(1); - return U.unmarshal(marsh, subjBytes, U.resolveClassLoader(ctx.config())); + return U.unmarshal(marsh, subjBytes, U.resolveClassLoader(ctx.config())); + } + finally { + SecurityUtils.restoreDefaultSerializeVersion(); + } } - finally { - SecurityUtils.restoreDefaultSerializeVersion(); + catch (IgniteCheckedException e) { + throw new IgniteException("Failed to get security context.", e); } } } diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java index 50c32ecbd77dc..34f8a8c5a7163 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -53,6 +53,13 @@ public void authorizeConsumer(TriConsumer { + if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm && + ignite.context().localNodeId().equals(secCtx.subject().id())) + throw new SecurityException("Test security exception."); + } + ); + + Throwable throwable = GridTestUtils.assertThrowsWithCause( + () -> ignite.compute(ignite.cluster().forLocal()) + .broadcast(() -> + Ignition.localIgnite().cache(CACHE_NAME).put(TEST_KEY, "value") + ) + , SecurityException.class + ); + + assertThat(ignite.cache(CACHE_NAME).get(TEST_KEY), nullValue()); + + assertCauseMessage(throwable, SecurityException.class, "Test security exception."); + } - AtomicBoolean call = new AtomicBoolean(false); + /** */ + public void testSecProcShouldGetServerNearNodeSecCtxWhenCallOnRemoteNode() { + IgniteEx remote = grid(0); - secProc.authorizeConsumer( + IgniteEx near = grid(1); + + processor(remote).authorizeConsumer( (name, perm, secCtx) -> { - if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm) { - assertThat(secCtx.subject().id(), is(ignite.context().localNodeId())); - call.set(true); - } - else - System.out.println( - "MY_DEBUG name=" + name + ", perm=" + perm + ", secCtx=" + secCtx - ); + if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm && + near.context().localNodeId().equals(secCtx.subject().id())) + throw new SecurityException("Test security exception."); } ); - ignite.compute(ignite.cluster().forLocal()) - .broadcast(() -> - Ignition.localIgnite().cache(CACHE_NAME).put("key", "value") - ); + Throwable throwable = GridTestUtils.assertThrowsWithCause( + () -> near.compute(near.cluster().forNode(remote.localNode())) + .broadcast(() -> + Ignition.localIgnite().cache(CACHE_NAME).put(TEST_KEY, "value") + ) + , SecurityException.class + ); + + assertThat(remote.cache(CACHE_NAME).get(TEST_KEY), nullValue()); - assertThat(call.get(), is(true)); + assertCauseMessage(throwable, SecurityException.class, "Test security exception."); } - private TestSecurityProcessor processor(IgniteEx ignite) { - GridSecurityProcessorWrp wrp = (GridSecurityProcessorWrp)ignite.context().security(); - try { - Field fld = GridSecurityProcessorWrp.class.getDeclaredField("original"); - boolean accessible = fld.isAccessible(); - try { - fld.setAccessible(true); + /** */ + public void testSecProcShouldGetClientNearNodeSecCtxWhenCallOnRemoteNode() throws Exception { + IgniteEx client = startGrid(getConfiguration("client-node").setClientMode(true)); - return (TestSecurityProcessor)fld.get(wrp); - } - finally { - fld.setAccessible(accessible); + IgniteEx remote = grid(0); + + processor(remote).authorizeConsumer( + (name, perm, secCtx) -> { + if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm && + client.context().localNodeId().equals(secCtx.subject().id())) + throw new SecurityException("Test security exception."); } - } - catch (NoSuchFieldException | IllegalAccessException e) { - throw new RuntimeException(e); - } + ); + + Throwable throwable = GridTestUtils.assertThrowsWithCause( + () -> client.compute(client.cluster().forNode(remote.localNode())) + .broadcast(() -> + Ignition.localIgnite().cache(CACHE_NAME).put("key", "value") + ) + , SecurityException.class + ); + + assertThat(remote.cache(CACHE_NAME).get("key"), nullValue()); + + assertCauseMessage(throwable, SecurityException.class, "Test security exception."); } /** - * вызов опреции в лямбде для удалннного узла. будет передан контекст узла инициатора + * Assert that the passed throwable contains a cause exception with given type and message. + * + * @param throwable Throwable. + * @param type Type. + * @param msg Message. */ - public void testSecProcShouldGetNearNodeSecCtxWhenCallOnRemoteNode() { + private void assertCauseMessage(Throwable throwable, Class type, String msg) { + T cause = X.cause(throwable, type); + assertThat(cause, notNullValue()); + assertThat(cause.getMessage(), is(msg)); } + /** + * Getting of {@link TestSecurityProcessor} for the passed ignite instanse. + * + * @param ignite Ignite. + */ + private TestSecurityProcessor processor(IgniteEx ignite) { + if (ignite.context().security() instanceof GridSecurityProcessorWrp) { + GridSecurityProcessorWrp wrp = (GridSecurityProcessorWrp)ignite.context().security(); + + try { + Field fld = GridSecurityProcessorWrp.class.getDeclaredField("original"); + + boolean accessible = fld.isAccessible(); + try { + fld.setAccessible(true); + + return (TestSecurityProcessor)fld.get(wrp); + } + finally { + fld.setAccessible(accessible); + } + } + catch (NoSuchFieldException | IllegalAccessException e) { + throw new RuntimeException(e); + } + } + + return (TestSecurityProcessor)ignite.context().security(); + } } From 455268b400d79f287f47f2e9ed466eda8d7d5b44 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 9 Oct 2018 12:41:00 +0300 Subject: [PATCH 03/98] IGNITE-9560 Added test suite. Added abstract initiator test class. --- .../internal/GridKernalContextImpl.java | 4 +- .../managers/communication/GridIoManager.java | 13 +- ...java => GridSecurityProcessorWrapper.java} | 11 +- ...=> InitiatorContextSecurityProcessor.java} | 34 +-- modules/security/pom.xml | 7 +- ...nintiatorContextSecurityProcessorTest.java | 146 ++++++++++++ .../processor/security/ComputeTaskTest.java | 89 +++++++ .../processor/security/ComputeTest.java | 220 ------------------ .../security/ExecuteServiceTaskTest.java | 62 +++++ ...atorContextSecurityProcessorTestSuite.java | 47 ++++ 10 files changed, 385 insertions(+), 248 deletions(-) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{GridSecurityProcessorWrp.java => GridSecurityProcessorWrapper.java} (95%) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{NearNodeContextSecurityProcessor.java => InitiatorContextSecurityProcessor.java} (85%) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/InitiatorContextSecurityProcessorTestSuite.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java index 27e078f9fbf1e..ccbbf87f1ee63 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java @@ -49,7 +49,7 @@ import org.apache.ignite.internal.managers.indexing.GridIndexingManager; import org.apache.ignite.internal.managers.loadbalancer.GridLoadBalancerManager; import org.apache.ignite.internal.processors.cache.mvcc.MvccProcessor; -import org.apache.ignite.internal.processors.security.NearNodeContextSecurityProcessor; +import org.apache.ignite.internal.processors.security.InitiatorContextSecurityProcessor; import org.apache.ignite.internal.worker.WorkersRegistry; import org.apache.ignite.internal.processors.affinity.GridAffinityProcessor; import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor; @@ -558,7 +558,7 @@ else if (comp instanceof GridFailoverManager) else if (comp instanceof GridCollisionManager) colMgr = (GridCollisionManager)comp; else if (comp instanceof GridSecurityProcessor) - securityProc = new NearNodeContextSecurityProcessor(this,(GridSecurityProcessor)comp); + securityProc = new InitiatorContextSecurityProcessor(this,(GridSecurityProcessor)comp); else if (comp instanceof GridLoadBalancerManager) loadMgr = (GridLoadBalancerManager)comp; else if (comp instanceof GridIndexingManager) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 0fcba1b7b758f..5b78c91c03db2 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,7 +70,6 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; -import org.apache.ignite.internal.processors.security.NearNodeContextSecurityProcessor; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -142,7 +141,7 @@ public class GridIoManager extends GridManagerAdapter CUR_PLC = new ThreadLocal<>(); /** Current near node. */ - private static final ThreadLocal CUR_NEAR_NODE = new ThreadLocal<>(); + private static final ThreadLocal CUR_RMT_INITIATOR = new ThreadLocal<>(); /** Listeners by topic. */ private final ConcurrentMap lsnrMap = new ConcurrentHashMap<>(); @@ -1569,7 +1568,9 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - CUR_NEAR_NODE.set(nodeId); + assert CUR_RMT_INITIATOR.get() == null; + + CUR_RMT_INITIATOR.set(nodeId); try { lsnr.onMessage(nodeId, msg, plc); @@ -1578,7 +1579,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(oldPlc); - CUR_NEAR_NODE.remove(); + CUR_RMT_INITIATOR.remove(); } } @@ -1592,8 +1593,8 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj /** * @return Current near node's id. */ - @Nullable public static UUID currentNearNode(){ - return CUR_NEAR_NODE.get(); + @Nullable public static UUID currentRemoteInitiator(){ + return CUR_RMT_INITIATOR.get(); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrapper.java similarity index 95% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrapper.java index 207d2b2bd11fe..4ed32283f113a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrp.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrapper.java @@ -38,7 +38,7 @@ /** * Wrapper class for implementation of {@link GridSecurityProcessor}. */ -public class GridSecurityProcessorWrp implements GridSecurityProcessor { +public class GridSecurityProcessorWrapper implements GridSecurityProcessor { /** Logger. */ @GridToStringExclude protected final IgniteLogger log; @@ -53,7 +53,7 @@ public class GridSecurityProcessorWrp implements GridSecurityProcessor { * @param ctx Grid kernal context. * @param original Original grid security processor. */ - public GridSecurityProcessorWrp(GridKernalContext ctx, GridSecurityProcessor original) { + public GridSecurityProcessorWrapper(GridKernalContext ctx, GridSecurityProcessor original) { assert ctx != null; assert original != null; @@ -63,6 +63,13 @@ public GridSecurityProcessorWrp(GridKernalContext ctx, GridSecurityProcessor ori log = ctx.log(original.getClass()); } + /** + * @return Orginal GridSecurityProcessor. + */ + public GridSecurityProcessor original(){ + return original; + } + /** {@inheritDoc} */ @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/InitiatorContextSecurityProcessor.java similarity index 85% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/InitiatorContextSecurityProcessor.java index 90f519f48c430..30a063614341e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NearNodeContextSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/InitiatorContextSecurityProcessor.java @@ -43,7 +43,7 @@ * Wrapper that provides getting current security context for the {@link GridSecurityProcessor#authorize(String, * SecurityPermission, SecurityContext)} method. */ -public class NearNodeContextSecurityProcessor extends GridSecurityProcessorWrp { +public class InitiatorContextSecurityProcessor extends GridSecurityProcessorWrapper { /** Local node's security context. */ private SecurityContext locSecCtx; @@ -57,7 +57,7 @@ public class NearNodeContextSecurityProcessor extends GridSecurityProcessorWrp { * @param ctx Grid kernal context. * @param original Original grid security processor. */ - public NearNodeContextSecurityProcessor(GridKernalContext ctx, GridSecurityProcessor original) { + public InitiatorContextSecurityProcessor(GridKernalContext ctx, GridSecurityProcessor original) { super(ctx, original); marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName()); @@ -66,7 +66,7 @@ public NearNodeContextSecurityProcessor(GridKernalContext ctx, GridSecurityProce /** {@inheritDoc} */ @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException { - if(enabled()) { + if (enabled()) { SecurityContext curSecCtx = securityCtx(securityCtx); if (log.isDebugEnabled()) @@ -90,12 +90,12 @@ public NearNodeContextSecurityProcessor(GridKernalContext ctx, GridSecurityProce } /** - * Get near dode's id. + * Get current initiator node's id. * - * @return Near node's id. + * @return Initiator node's id. */ - private UUID nearNodeId() { - return GridIoManager.currentNearNode(); + private UUID currentRemoteInitiatorId() { + return GridIoManager.currentRemoteInitiator(); } /** @@ -109,10 +109,10 @@ private SecurityContext securityCtx(SecurityContext passed) { SecurityContext res = passed; if (res == null) { - res = nearNodeSecurityCtx(); + res = currentRemoteInitiatorContext(); if (res == null) - res = localSecurityCtx(); + res = localSecurityContext(); } assert res != null; @@ -121,20 +121,20 @@ private SecurityContext securityCtx(SecurityContext passed) { } /** - * Getting current near node's security context. + * Getting current initiator node's security context. * - * @return Security context of near node. + * @return Security context of initiator node. */ - private SecurityContext nearNodeSecurityCtx() { + private SecurityContext currentRemoteInitiatorContext() { SecurityContext secCtx = null; - final UUID nodeId = nearNodeId(); + final UUID nodeId = currentRemoteInitiatorId(); if (nodeId != null) { secCtx = secCtxs.computeIfAbsent(nodeId, new Function() { @Override public SecurityContext apply(UUID uuid) { - return nodeSecurityCtx(ctx.discovery().node(nodeId)); + return nodeSecurityContext(ctx.discovery().node(nodeId)); } }); @@ -148,11 +148,11 @@ private SecurityContext nearNodeSecurityCtx() { * * @return Security context of local node. */ - private SecurityContext localSecurityCtx() { + private SecurityContext localSecurityContext() { SecurityContext res = locSecCtx; if (res == null) { - res = nodeSecurityCtx(ctx.discovery().localNode()); + res = nodeSecurityContext(ctx.discovery().localNode()); locSecCtx = res; } @@ -166,7 +166,7 @@ private SecurityContext localSecurityCtx() { * @param node Node. * @return Node's security context. */ - private SecurityContext nodeSecurityCtx(ClusterNode node) { + private SecurityContext nodeSecurityContext(ClusterNode node) { byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); byte[] subjBytesV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); diff --git a/modules/security/pom.xml b/modules/security/pom.xml index 6bf09941ff7c0..5d41d2c14b5d7 100644 --- a/modules/security/pom.xml +++ b/modules/security/pom.xml @@ -54,7 +54,12 @@ ${project.version} test - + + com.google.guava + guava + ${guava.version} + test + org.apache.ignite ignite-core diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java new file mode 100644 index 0000000000000..f8559a656f8fc --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java @@ -0,0 +1,146 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import com.google.common.collect.Sets; +import java.util.Set; +import java.util.UUID; +import org.apache.ignite.Ignite; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.DataRegionConfiguration; +import org.apache.ignite.configuration.DataStorageConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processors.security.GridSecurityProcessorWrapper; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.junit.Assert.assertThat; + +public class AbstractInintiatorContextSecurityProcessorTest extends GridCommonAbstractTest { + /** Cache name. */ + protected static final String CACHE_NAME = "TEST_CACHE"; + + /** Security error message. */ + protected static final String SEC_ERR_MSG = "Test security exception."; + + /** */ + protected IgniteEx succsessSrv; + + /** */ + protected IgniteEx succsessClnt; + + /** */ + protected IgniteEx failSrv; + + /** */ + protected IgniteEx failClnt; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + System.setProperty( + TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS, + "org.apache.ignite.internal.processor.security.TestSecurityProcessor" + ); + + succsessSrv = startGrid("success_server"); + + succsessClnt = startGrid(getConfiguration("success_client").setClientMode(true)); + + failSrv = startGrid("fail_server"); + + failClnt = startGrid(getConfiguration("fail_client").setClientMode(true)); + + final Set failUUIDs = Sets.newHashSet( + failSrv.localNode().id(), failClnt.localNode().id() + ); + + for (Ignite ignite : G.allGrids()) { + processor((IgniteEx)ignite).authorizeConsumer( + (name, perm, secCtx) -> { + if (secCtx != null) { + if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm && + failUUIDs.contains(secCtx.subject().id())) + throw new SecurityException(SEC_ERR_MSG); + } + } + ); + } + + grid("success_server").cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void afterTestsStopped() throws Exception { + super.afterTestsStopped(); + + System.clearProperty(TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS); + + stopAllGrids(); + + cleanPersistenceDir(); + } + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + return super.getConfiguration(igniteInstanceName) + .setDataStorageConfiguration( + new DataStorageConfiguration() + .setDefaultDataRegionConfiguration( + new DataRegionConfiguration().setPersistenceEnabled(true) + ) + ) + .setAuthenticationEnabled(true) + .setCacheConfiguration( + new CacheConfiguration<>().setName(CACHE_NAME) + ); + } + + /** + * Getting of {@link TestSecurityProcessor} for the passed ignite instanse. + * + * @param ignite Ignite. + */ + protected TestSecurityProcessor processor(IgniteEx ignite) { + if (ignite.context().security() instanceof GridSecurityProcessorWrapper) { + GridSecurityProcessorWrapper wrp = (GridSecurityProcessorWrapper)ignite.context().security(); + + return (TestSecurityProcessor) wrp.original(); + } + + return (TestSecurityProcessor)ignite.context().security(); + } + + /** + * Assert that the passed throwable contains a cause exception with given type and message. + * + * @param throwable Throwable. + */ + protected void assertCauseMessage(Throwable throwable) { + SecurityException cause = X.cause(throwable, SecurityException.class); + + assertThat(cause, notNullValue()); + assertThat(cause.getMessage(), is(SEC_ERR_MSG)); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java new file mode 100644 index 0000000000000..7b61469c26c81 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java @@ -0,0 +1,89 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.testframework.GridTestUtils; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + +/** + * Security tests for a compute task. + */ +public class ComputeTaskTest extends AbstractInintiatorContextSecurityProcessorTest { + /** */ + public void testCompute() { + successCompute(succsessClnt, failClnt, "10"); + + successCompute(succsessClnt, failSrv, "20"); + + successCompute(succsessSrv, failClnt, "30"); + + successCompute(succsessSrv, failSrv, "40"); + + successCompute(succsessSrv, succsessSrv, "50"); + + successCompute(succsessClnt, succsessClnt, "60"); + + failCompute(failClnt, succsessSrv, "70"); + + failCompute(failClnt, succsessClnt, "80"); + + failCompute(failSrv, succsessSrv, "90"); + + failCompute(failSrv, succsessClnt, "100"); + + failCompute(failSrv, failSrv, "110"); + + failCompute(failClnt, failClnt, "120"); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void successCompute(IgniteEx initiator, IgniteEx remote, String key) { + initiator.compute(initiator.cluster().forNode(remote.localNode())) + .broadcast(() -> + Ignition.localIgnite().cache(CACHE_NAME).put(key, "value") + ); + + assertThat(remote.cache(CACHE_NAME).get(key), is("value")); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void failCompute(IgniteEx initiator, IgniteEx remote, String key) { + assertCauseMessage( + GridTestUtils.assertThrowsWithCause( + () -> initiator.compute(initiator.cluster().forNode(remote.localNode())) + .broadcast(() -> + Ignition.localIgnite().cache(CACHE_NAME).put(key, "value") + ) + , SecurityException.class + ) + ); + + assertThat(remote.cache(CACHE_NAME).get(key), nullValue()); + } +} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTest.java deleted file mode 100644 index 697fd0925a104..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTest.java +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security; - -import java.lang.reflect.Field; -import org.apache.ignite.Ignite; -import org.apache.ignite.Ignition; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.configuration.DataRegionConfiguration; -import org.apache.ignite.configuration.DataStorageConfiguration; -import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processors.security.GridSecurityProcessorWrp; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.internal.util.typedef.X; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.testframework.GridTestUtils; -import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; - -/** - * Security tests for a compute task. - */ -public class ComputeTest extends GridCommonAbstractTest { - /** Cache name. */ - private static final String CACHE_NAME = "TEST_CACHE"; - - /** Test key. */ - private static final String TEST_KEY = "key"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - System.setProperty( - TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS, - "org.apache.ignite.internal.processor.security.TestSecurityProcessor" - ); - - super.beforeTestsStarted(); - - startGrids(2).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void afterTestsStopped() throws Exception { - super.afterTestsStopped(); - - System.clearProperty(TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS); - - stopAllGrids(); - - cleanPersistenceDir(); - } - - /** {@inheritDoc} */ - @Override protected void afterTest() throws Exception { - super.afterTest(); - - for (Ignite i : G.allGrids()) - processor((IgniteEx)i).clear(); - - grid(0).cache(CACHE_NAME).remove(TEST_KEY); - } - - /** {@inheritDoc} */ - @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { - return super.getConfiguration(igniteInstanceName) - .setDataStorageConfiguration( - new DataStorageConfiguration() - .setDefaultDataRegionConfiguration( - new DataRegionConfiguration().setPersistenceEnabled(true) - ) - ) - .setAuthenticationEnabled(true) - .setCacheConfiguration( - new CacheConfiguration<>().setName(CACHE_NAME) - ); - } - - /** */ - public void testSecProcShouldGetLocalSecCtxWhenCallOnLocalNode() { - IgniteEx ignite = grid(0); - - processor(ignite).authorizeConsumer( - (name, perm, secCtx) -> { - if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm && - ignite.context().localNodeId().equals(secCtx.subject().id())) - throw new SecurityException("Test security exception."); - } - ); - - Throwable throwable = GridTestUtils.assertThrowsWithCause( - () -> ignite.compute(ignite.cluster().forLocal()) - .broadcast(() -> - Ignition.localIgnite().cache(CACHE_NAME).put(TEST_KEY, "value") - ) - , SecurityException.class - ); - - assertThat(ignite.cache(CACHE_NAME).get(TEST_KEY), nullValue()); - - assertCauseMessage(throwable, SecurityException.class, "Test security exception."); - } - - /** */ - public void testSecProcShouldGetServerNearNodeSecCtxWhenCallOnRemoteNode() { - IgniteEx remote = grid(0); - - IgniteEx near = grid(1); - - processor(remote).authorizeConsumer( - (name, perm, secCtx) -> { - if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm && - near.context().localNodeId().equals(secCtx.subject().id())) - throw new SecurityException("Test security exception."); - } - ); - - Throwable throwable = GridTestUtils.assertThrowsWithCause( - () -> near.compute(near.cluster().forNode(remote.localNode())) - .broadcast(() -> - Ignition.localIgnite().cache(CACHE_NAME).put(TEST_KEY, "value") - ) - , SecurityException.class - ); - - assertThat(remote.cache(CACHE_NAME).get(TEST_KEY), nullValue()); - - assertCauseMessage(throwable, SecurityException.class, "Test security exception."); - } - - /** */ - public void testSecProcShouldGetClientNearNodeSecCtxWhenCallOnRemoteNode() throws Exception { - IgniteEx client = startGrid(getConfiguration("client-node").setClientMode(true)); - - IgniteEx remote = grid(0); - - processor(remote).authorizeConsumer( - (name, perm, secCtx) -> { - if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm && - client.context().localNodeId().equals(secCtx.subject().id())) - throw new SecurityException("Test security exception."); - } - ); - - Throwable throwable = GridTestUtils.assertThrowsWithCause( - () -> client.compute(client.cluster().forNode(remote.localNode())) - .broadcast(() -> - Ignition.localIgnite().cache(CACHE_NAME).put("key", "value") - ) - , SecurityException.class - ); - - assertThat(remote.cache(CACHE_NAME).get("key"), nullValue()); - - assertCauseMessage(throwable, SecurityException.class, "Test security exception."); - } - - /** - * Assert that the passed throwable contains a cause exception with given type and message. - * - * @param throwable Throwable. - * @param type Type. - * @param msg Message. - */ - private void assertCauseMessage(Throwable throwable, Class type, String msg) { - T cause = X.cause(throwable, type); - - assertThat(cause, notNullValue()); - assertThat(cause.getMessage(), is(msg)); - } - - /** - * Getting of {@link TestSecurityProcessor} for the passed ignite instanse. - * - * @param ignite Ignite. - */ - private TestSecurityProcessor processor(IgniteEx ignite) { - if (ignite.context().security() instanceof GridSecurityProcessorWrp) { - GridSecurityProcessorWrp wrp = (GridSecurityProcessorWrp)ignite.context().security(); - - try { - Field fld = GridSecurityProcessorWrp.class.getDeclaredField("original"); - - boolean accessible = fld.isAccessible(); - try { - fld.setAccessible(true); - - return (TestSecurityProcessor)fld.get(wrp); - } - finally { - fld.setAccessible(accessible); - } - } - catch (NoSuchFieldException | IllegalAccessException e) { - throw new RuntimeException(e); - } - } - - return (TestSecurityProcessor)ignite.context().security(); - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java new file mode 100644 index 0000000000000..514a5b1ed896d --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.testframework.GridTestUtils; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + +public class ExecuteServiceTaskTest extends AbstractInintiatorContextSecurityProcessorTest { + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void successExecute(IgniteEx initiator, IgniteEx remote, String key) { + initiator.executorService(initiator.cluster().forNode(remote.localNode())) + .submit( + ()-> + Ignition.localIgnite().cache(CACHE_NAME).put(key, "value") + ); + + assertThat(remote.cache(CACHE_NAME).get(key), is("value")); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void failExecute(IgniteEx initiator, IgniteEx remote, String key) { + assertCauseMessage( + GridTestUtils.assertThrowsWithCause( + () -> initiator.executorService(initiator.cluster().forNode(remote.localNode())) + .submit( + () -> + Ignition.localIgnite().cache(CACHE_NAME).put(key, "value") + ) + , SecurityException.class + ) + ); + + assertThat(remote.cache(CACHE_NAME).get(key), nullValue()); + } + +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/InitiatorContextSecurityProcessorTestSuite.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/InitiatorContextSecurityProcessorTestSuite.java new file mode 100644 index 0000000000000..b86c91ccd79cc --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/InitiatorContextSecurityProcessorTestSuite.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import java.util.Set; +import junit.framework.TestSuite; +import org.jetbrains.annotations.Nullable; + +public class InitiatorContextSecurityProcessorTestSuite extends TestSuite { + /** + * @return Test suite. + * @throws Exception Thrown in case of the failure. + */ + public static TestSuite suite() throws Exception { + return suite(null); + } + + /** + * @param ignoredTests Tests don't include in the execution. Providing null means nothing to exclude. + * @return Test suite. + * @throws Exception Thrown in case of the failure. + */ + public static TestSuite suite(@Nullable final Set ignoredTests) throws Exception { + TestSuite suite = new TestSuite("Initiator Node's Security Context Test Suite"); + + suite.addTest(new TestSuite(ComputeTaskTest.class)); + suite.addTest(new TestSuite(ExecuteServiceTaskTest.class)); + + return suite; + } + +} From db74af1a3c99f7fc8ab2c0c55f00e20ecbf0d7b2 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 10 Oct 2018 10:43:29 +0300 Subject: [PATCH 04/98] IGNITE-9560 Added test for execution service tasks. --- .../processor/security/ComputeTaskTest.java | 55 +++++++-------- .../security/ExecuteServiceTaskTest.java | 67 +++++++++++++++---- 2 files changed, 81 insertions(+), 41 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java index 7b61469c26c81..92f1d1c8f6a28 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java @@ -17,6 +17,7 @@ package org.apache.ignite.internal.processor.security; +import java.util.concurrent.atomic.AtomicInteger; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.testframework.GridTestUtils; @@ -29,61 +30,57 @@ * Security tests for a compute task. */ public class ComputeTaskTest extends AbstractInintiatorContextSecurityProcessorTest { + /** Values. */ + private AtomicInteger values = new AtomicInteger(0); + /** */ public void testCompute() { - successCompute(succsessClnt, failClnt, "10"); - - successCompute(succsessClnt, failSrv, "20"); - - successCompute(succsessSrv, failClnt, "30"); - - successCompute(succsessSrv, failSrv, "40"); - - successCompute(succsessSrv, succsessSrv, "50"); - - successCompute(succsessClnt, succsessClnt, "60"); - - failCompute(failClnt, succsessSrv, "70"); - - failCompute(failClnt, succsessClnt, "80"); - - failCompute(failSrv, succsessSrv, "90"); - - failCompute(failSrv, succsessClnt, "100"); - - failCompute(failSrv, failSrv, "110"); - - failCompute(failClnt, failClnt, "120"); + successCompute(succsessClnt, failClnt); + successCompute(succsessClnt, failSrv); + successCompute(succsessSrv, failClnt); + successCompute(succsessSrv, failSrv); + successCompute(succsessSrv, succsessSrv); + successCompute(succsessClnt, succsessClnt); + + failCompute(failClnt, succsessSrv); + failCompute(failClnt, succsessClnt); + failCompute(failSrv, succsessSrv); + failCompute(failSrv, succsessClnt); + failCompute(failSrv, failSrv); + failCompute(failClnt, failClnt); } /** * @param initiator Initiator node. * @param remote Remote node. */ - private void successCompute(IgniteEx initiator, IgniteEx remote, String key) { + private void successCompute(IgniteEx initiator, IgniteEx remote) { + int val = values.getAndIncrement(); + initiator.compute(initiator.cluster().forNode(remote.localNode())) .broadcast(() -> - Ignition.localIgnite().cache(CACHE_NAME).put(key, "value") + Ignition.localIgnite().cache(CACHE_NAME) + .put("key", val) ); - assertThat(remote.cache(CACHE_NAME).get(key), is("value")); + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); } /** * @param initiator Initiator node. * @param remote Remote node. */ - private void failCompute(IgniteEx initiator, IgniteEx remote, String key) { + private void failCompute(IgniteEx initiator, IgniteEx remote) { assertCauseMessage( GridTestUtils.assertThrowsWithCause( () -> initiator.compute(initiator.cluster().forNode(remote.localNode())) .broadcast(() -> - Ignition.localIgnite().cache(CACHE_NAME).put(key, "value") + Ignition.localIgnite().cache(CACHE_NAME).put("fail_key", -1) ) , SecurityException.class ) ); - assertThat(remote.cache(CACHE_NAME).get(key), nullValue()); + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java index 514a5b1ed896d..5a287d8e0119d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java @@ -17,46 +17,89 @@ package org.apache.ignite.internal.processor.security; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Future; +import java.util.concurrent.atomic.AtomicInteger; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.testframework.GridTestUtils; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.nullValue; import static org.junit.Assert.assertThat; +/** + * Security tests for an execute server task. + */ public class ExecuteServiceTaskTest extends AbstractInintiatorContextSecurityProcessorTest { + /** Key. */ + private AtomicInteger key = new AtomicInteger(0); + + /** */ + public void testExecute() throws Exception { + successExecute(succsessClnt, failClnt); + successExecute(succsessClnt, failSrv); + successExecute(succsessSrv, failClnt); + successExecute(succsessSrv, failSrv); + successExecute(succsessSrv, succsessSrv); + successExecute(succsessClnt, succsessClnt); + + failExecute(failClnt, succsessSrv); + failExecute(failClnt, succsessClnt); + failExecute(failSrv, succsessSrv); + failExecute(failSrv, succsessClnt); + failExecute(failSrv, failSrv); + failExecute(failClnt, failClnt); + } + /** * @param initiator Initiator node. * @param remote Remote node. */ - private void successExecute(IgniteEx initiator, IgniteEx remote, String key) { + private void successExecute(IgniteEx initiator, IgniteEx remote) throws Exception { + int val = key.getAndIncrement(); + initiator.executorService(initiator.cluster().forNode(remote.localNode())) .submit( - ()-> - Ignition.localIgnite().cache(CACHE_NAME).put(key, "value") - ); + new IgniteRunnable() { + @Override public void run() { + Ignition.localIgnite().cache(CACHE_NAME) + .put("key", val); + } + } + ).get(); - assertThat(remote.cache(CACHE_NAME).get(key), is("value")); + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); } /** * @param initiator Initiator node. * @param remote Remote node. */ - private void failExecute(IgniteEx initiator, IgniteEx remote, String key) { + private void failExecute(IgniteEx initiator, IgniteEx remote) { assertCauseMessage( GridTestUtils.assertThrowsWithCause( - () -> initiator.executorService(initiator.cluster().forNode(remote.localNode())) - .submit( - () -> - Ignition.localIgnite().cache(CACHE_NAME).put(key, "value") - ) + () -> { + try { + initiator.executorService(initiator.cluster().forNode(remote.localNode())) + .submit( + new IgniteRunnable() { + @Override public void run() { + Ignition.localIgnite().cache(CACHE_NAME).put("fail_key", -1); + } + } + ).get(); + } + catch (InterruptedException | ExecutionException e) { + throw new RuntimeException(e); + } + } , SecurityException.class ) ); - assertThat(remote.cache(CACHE_NAME).get(key), nullValue()); + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } } From 32af13123a2a59d39bebade168ffea802be7ab07 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 10 Oct 2018 10:43:29 +0300 Subject: [PATCH 05/98] IGNITE-9560 Added test for execution service tasks. --- .../processor/security/TestSecurityContext.java | 6 ++++++ .../processor/security/TestSecuritySubject.java | 8 ++++++++ ...bstractInintiatorContextSecurityProcessorTest.java | 11 ++++++++++- .../processor/security/ExecuteServiceTaskTest.java | 7 +------ 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java index 37e371d713281..0fbf836676c62 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java @@ -61,4 +61,10 @@ public TestSecurityContext(SecuritySubject subject) { @Override public boolean systemOperationAllowed(SecurityPermission perm) { return true; } + + @Override public String toString() { + return "TestSecurityContext{" + + "subject=" + subject + + '}'; + } } diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java index 19a0cc64d1a4b..07b6df48c1dec 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java @@ -86,4 +86,12 @@ public void setAddress(InetSocketAddress address) { public void setPermissions(SecurityPermissionSet permissions) { this.permissions = permissions; } + + @Override public String toString() { + return "TestSecuritySubject{" + + "id=" + id + + ", type=" + type + + ", login=" + login + + '}'; + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java index f8559a656f8fc..d04ce0988df2f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java @@ -20,6 +20,7 @@ import com.google.common.collect.Sets; import java.util.Set; import java.util.UUID; +import java.util.concurrent.atomic.AtomicInteger; import org.apache.ignite.Ignite; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.DataRegionConfiguration; @@ -43,6 +44,9 @@ public class AbstractInintiatorContextSecurityProcessorTest extends GridCommonAb /** Security error message. */ protected static final String SEC_ERR_MSG = "Test security exception."; + /** Values. */ + protected AtomicInteger values = new AtomicInteger(0); + /** */ protected IgniteEx succsessSrv; @@ -81,8 +85,13 @@ public class AbstractInintiatorContextSecurityProcessorTest extends GridCommonAb (name, perm, secCtx) -> { if (secCtx != null) { if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm && - failUUIDs.contains(secCtx.subject().id())) + failUUIDs.contains(secCtx.subject().id())) { + + log.info("Failed authorize. [name=" + name + ", perm=" + perm + + ", secCtx=" + secCtx + "]"); + throw new SecurityException(SEC_ERR_MSG); + } } } ); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java index 5a287d8e0119d..4d00cc3277d9e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java @@ -18,8 +18,6 @@ package org.apache.ignite.internal.processor.security; import java.util.concurrent.ExecutionException; -import java.util.concurrent.Future; -import java.util.concurrent.atomic.AtomicInteger; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.lang.IgniteRunnable; @@ -33,9 +31,6 @@ * Security tests for an execute server task. */ public class ExecuteServiceTaskTest extends AbstractInintiatorContextSecurityProcessorTest { - /** Key. */ - private AtomicInteger key = new AtomicInteger(0); - /** */ public void testExecute() throws Exception { successExecute(succsessClnt, failClnt); @@ -58,7 +53,7 @@ public void testExecute() throws Exception { * @param remote Remote node. */ private void successExecute(IgniteEx initiator, IgniteEx remote) throws Exception { - int val = key.getAndIncrement(); + int val = values.getAndIncrement(); initiator.executorService(initiator.cluster().forNode(remote.localNode())) .submit( From 69f1d7b442e5b7af6964f7db41475214984784b6 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 17 Oct 2018 19:23:35 +0300 Subject: [PATCH 06/98] IGNITE-9560 Added test for ScanQuery and EntityProcessor --- .../internal/ComputeTaskInternalFuture.java | 2 +- .../internal/GridKernalContextImpl.java | 4 +- .../managers/communication/GridIoManager.java | 11 +- .../eventstorage/GridEventStorageManager.java | 4 +- .../processors/cache/GridCacheContext.java | 2 +- .../processors/cache/GridCacheProcessor.java | 2 +- .../datastreamer/DataStreamerImpl.java | 2 +- .../datastreamer/DataStreamerUpdateJob.java | 2 +- .../CurrentRemoteInitiatorIdentifier.java | 72 +++++ .../security/GridSecurityProcessor.java | 13 +- ...rityContextResolverSecurityProcessor.java} | 9 +- .../service/GridServiceProcessor.java | 10 +- .../processors/task/GridTaskProcessor.java | 2 +- .../query/h2/ddl/DdlStatementsProcessor.java | 2 + .../security/TestSecurityContext.java | 8 +- .../security/TestSecurityProcessor.java | 12 +- .../processor/security/package-info.java | 1 - ...ContextResolverSecurityProcessorTest.java} | 24 +- .../processor/security/ComputeTaskTest.java | 4 +- .../security/EntryProcessorTest.java | 252 ++++++++++++++++++ .../security/ExecuteServiceTaskTest.java | 3 +- .../security/IgniteMessagingTest.java | 150 +++++++++++ .../processor/security/ScanQueryTest.java | 233 ++++++++++++++++ ...xtResolverSecurityProcessorTestSuite.java} | 7 +- .../processor/security/package-info.java | 1 - 25 files changed, 788 insertions(+), 44 deletions(-) create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{InitiatorContextSecurityProcessor.java => SecurityContextResolverSecurityProcessor.java} (93%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{AbstractInintiatorContextSecurityProcessorTest.java => AbstractContextResolverSecurityProcessorTest.java} (87%) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{InitiatorContextSecurityProcessorTestSuite.java => SecurityContextResolverSecurityProcessorTestSuite.java} (87%) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java b/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java index 2cb3dfad5e487..6ce9001138b1b 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java @@ -234,7 +234,7 @@ public ComputeTaskSession getTaskSession() { /** {@inheritDoc} */ @Override public boolean cancel() throws IgniteCheckedException { - ctx.security().authorize(ses.getTaskName(), SecurityPermission.TASK_CANCEL, null); + ctx.security().authorize(ses.getTaskName(), SecurityPermission.TASK_CANCEL); if (onCancelled()) { ctx.task().onCancelled(ses.getId()); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java index ccbbf87f1ee63..446b07b4392f6 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java @@ -49,7 +49,7 @@ import org.apache.ignite.internal.managers.indexing.GridIndexingManager; import org.apache.ignite.internal.managers.loadbalancer.GridLoadBalancerManager; import org.apache.ignite.internal.processors.cache.mvcc.MvccProcessor; -import org.apache.ignite.internal.processors.security.InitiatorContextSecurityProcessor; +import org.apache.ignite.internal.processors.security.SecurityContextResolverSecurityProcessor; import org.apache.ignite.internal.worker.WorkersRegistry; import org.apache.ignite.internal.processors.affinity.GridAffinityProcessor; import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor; @@ -558,7 +558,7 @@ else if (comp instanceof GridFailoverManager) else if (comp instanceof GridCollisionManager) colMgr = (GridCollisionManager)comp; else if (comp instanceof GridSecurityProcessor) - securityProc = new InitiatorContextSecurityProcessor(this,(GridSecurityProcessor)comp); + securityProc = new SecurityContextResolverSecurityProcessor(this,(GridSecurityProcessor)comp); else if (comp instanceof GridLoadBalancerManager) loadMgr = (GridLoadBalancerManager)comp; else if (comp instanceof GridIndexingManager) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 5b78c91c03db2..3be427dcfc0fb 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,6 +70,7 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; +import org.apache.ignite.internal.processors.security.CurrentRemoteInitiatorIdentifier; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -140,8 +141,8 @@ public class GridIoManager extends GridManagerAdapter CUR_PLC = new ThreadLocal<>(); - /** Current near node. */ - private static final ThreadLocal CUR_RMT_INITIATOR = new ThreadLocal<>(); + /** Current remote initiator node. */ + private static final CurrentRemoteInitiatorIdentifier CUR_RMT_INITIATOR = new CurrentRemoteInitiatorIdentifier(); /** Listeners by topic. */ private final ConcurrentMap lsnrMap = new ConcurrentHashMap<>(); @@ -1568,9 +1569,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - assert CUR_RMT_INITIATOR.get() == null; - - CUR_RMT_INITIATOR.set(nodeId); + CUR_RMT_INITIATOR.set(ctx, nodeId); try { lsnr.onMessage(nodeId, msg, plc); @@ -1579,7 +1578,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(oldPlc); - CUR_RMT_INITIATOR.remove(); + CUR_RMT_INITIATOR.remove(ctx, nodeId); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java index d4daab85c0ed7..8c5d9a8b96cfc 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java @@ -372,7 +372,7 @@ public int[] enabledEvents() { public synchronized void enableEvents(int[] types) { assert types != null; - ctx.security().authorize(null, SecurityPermission.EVENTS_ENABLE, null); + ctx.security().authorize(null, SecurityPermission.EVENTS_ENABLE); boolean[] userRecordableEvts0 = userRecordableEvts; boolean[] recordableEvts0 = recordableEvts; @@ -415,7 +415,7 @@ public synchronized void enableEvents(int[] types) { public synchronized void disableEvents(int[] types) { assert types != null; - ctx.security().authorize(null, SecurityPermission.EVENTS_DISABLE, null); + ctx.security().authorize(null, SecurityPermission.EVENTS_DISABLE); boolean[] userRecordableEvts0 = userRecordableEvts; boolean[] recordableEvts0 = recordableEvts; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java index 7eea905966b63..446c29c0032fb 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java @@ -783,7 +783,7 @@ public void checkSecurity(SecurityPermission op) throws SecurityException { if (CU.isSystemCache(name())) return; - ctx.security().authorize(name(), op, null); + ctx.security().authorize(name(), op); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index f595ecff19d3a..e1667bed9bf12 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -3676,7 +3676,7 @@ private void authorizeCacheChange(DynamicCacheChangeRequest req) { // Null security context means authorize this node. if (req.cacheType() == null || req.cacheType() == CacheType.USER) { if (req.stop()) - ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, null); + ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY); else authorizeCacheCreate(req.startCacheConfiguration(), null); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java index bf1e13db1d377..71d05c3b49a53 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java @@ -1435,7 +1435,7 @@ private void checkSecurityPermission(SecurityPermission perm) if (!ctx.security().enabled()) return; - ctx.security().authorize(cacheName, perm, null); + ctx.security().authorize(cacheName, perm); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java index c2ab0c7cff679..ef9ef2db5f23f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java @@ -166,6 +166,6 @@ private void checkSecurityPermission(SecurityPermission perm) if (!ctx.security().enabled()) return; - ctx.security().authorize(cacheName, perm, null); + ctx.security().authorize(cacheName, perm); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java new file mode 100644 index 0000000000000..040e1700871a3 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java @@ -0,0 +1,72 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.UUID; +import org.apache.ignite.internal.GridKernalContext; +import org.jetbrains.annotations.Nullable; + +/** + * Class contains node id into the thread local variable. All methods ignore passed local node id. + */ +public class CurrentRemoteInitiatorIdentifier { + /** Initiator. */ + private final ThreadLocal initiator = new ThreadLocal<>(); + + /** + * Set initiator node id. If passed node id is local node id then it'll be ignored. + * + * @param ctx Kernal context. + * @param nodeId Node id. + * @return True if id was set. + */ + public boolean set(GridKernalContext ctx, UUID nodeId) { + if (!ctx.localNodeId().equals(nodeId)) { + UUID oldNodeId = initiator.get(); + + if (oldNodeId != null) + System.out.println("STOP!!"); + + assert oldNodeId == null : "oldNodeId=" + oldNodeId; + + initiator.set(nodeId); + } + + return false; + } + + /** + * Getting current initiator node id. + * + * @return Node id. + */ + @Nullable public UUID get() { + return initiator.get(); + } + + /** + * Remove node id if passed id isn't local node id. + * + * @param ctx Kernal context. + * @param nodeId Node's id. + */ + public void remove(GridKernalContext ctx, UUID nodeId) { + if (!ctx.localNodeId().equals(nodeId)) + initiator.remove(); + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java index c8543c0354244..05c14451bf5f8 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java @@ -27,7 +27,6 @@ import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecuritySubject; -import org.jetbrains.annotations.Nullable; /** * This interface defines a grid authentication processor. @@ -87,6 +86,18 @@ public interface GridSecurityProcessor extends GridProcessor { public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException; + /** + * Authorizes grid operation. + * + * @param name Cache name or task class name. + * @param perm Permission to authorize. + * @throws SecurityException If security check failed. + */ + public default void authorize(String name, SecurityPermission perm) + throws SecurityException{ + authorize(name, perm, null); + } + /** * Callback invoked when subject session got expired. * diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/InitiatorContextSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java similarity index 93% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/InitiatorContextSecurityProcessor.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java index 30a063614341e..7b444b3963411 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/InitiatorContextSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java @@ -43,7 +43,7 @@ * Wrapper that provides getting current security context for the {@link GridSecurityProcessor#authorize(String, * SecurityPermission, SecurityContext)} method. */ -public class InitiatorContextSecurityProcessor extends GridSecurityProcessorWrapper { +public class SecurityContextResolverSecurityProcessor extends GridSecurityProcessorWrapper { /** Local node's security context. */ private SecurityContext locSecCtx; @@ -57,7 +57,7 @@ public class InitiatorContextSecurityProcessor extends GridSecurityProcessorWrap * @param ctx Grid kernal context. * @param original Original grid security processor. */ - public InitiatorContextSecurityProcessor(GridKernalContext ctx, GridSecurityProcessor original) { + public SecurityContextResolverSecurityProcessor(GridKernalContext ctx, GridSecurityProcessor original) { super(ctx, original); marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName()); @@ -114,6 +114,11 @@ private SecurityContext securityCtx(SecurityContext passed) { if (res == null) res = localSecurityContext(); } + else { + /*If the SecurityContext was passed and there is a current remote initiator + then we have got an invalid case.*/ + assert currentRemoteInitiatorId() == null; + } assert res != null; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java index 271204cbc4a54..bb6b3267269e5 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java @@ -563,7 +563,7 @@ private PreparedConfigurations prepareServiceConfigurations(Collection T service(String name) { - ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE, null); + ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE); Collection ctxs; @@ -1079,7 +1079,7 @@ public ServiceContextImpl serviceContext(String name) { @SuppressWarnings("unchecked") public T serviceProxy(ClusterGroup prj, String name, Class svcItf, boolean sticky, long timeout) throws IgniteException { - ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE, null); + ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE); if (hasLocalNode(prj)) { ServiceContextImpl ctx = serviceContext(name); @@ -1120,7 +1120,7 @@ private boolean hasLocalNode(ClusterGroup prj) { */ @SuppressWarnings("unchecked") public Collection services(String name) { - ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE, null); + ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE); Collection ctxs; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java index 313f6c3cb1519..0b12098edee76 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java @@ -579,7 +579,7 @@ private ComputeTaskInternalFuture startTask( thCtx.set(null); if (map.get(TC_SKIP_AUTH) == null) - ctx.security().authorize(taskClsName, SecurityPermission.TASK_EXECUTE, null); + ctx.security().authorize(taskClsName, SecurityPermission.TASK_EXECUTE); Long timeout = (Long)map.get(TC_TIMEOUT); diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java index 5c2865abe1350..b844377d2a170 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java @@ -328,6 +328,7 @@ else if (stmt0 instanceof GridSqlDropIndex) { } } else if (stmt0 instanceof GridSqlCreateTable) { + //todo MY_TODO написать тест, возмжно это уже лишнее ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, SecurityContextHolder.get()); GridSqlCreateTable cmd = (GridSqlCreateTable)stmt0; @@ -361,6 +362,7 @@ else if (stmt0 instanceof GridSqlCreateTable) { } } else if (stmt0 instanceof GridSqlDropTable) { + //todo MY_TODO написать тест, возмжно это уже лишнее ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, SecurityContextHolder.get()); GridSqlDropTable cmd = (GridSqlDropTable)stmt0; diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java index 0fbf836676c62..976d0df0c45bc 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java @@ -28,9 +28,12 @@ * Security context for tests. */ public class TestSecurityContext implements SecurityContext, Serializable { - + /** Subject. */ private final SecuritySubject subject; + /** + * @param subject Subject. + */ public TestSecurityContext(SecuritySubject subject) { this.subject = subject; } @@ -47,8 +50,6 @@ public TestSecurityContext(SecuritySubject subject) { /** {@inheritDoc} */ @Override public boolean cacheOperationAllowed(String cacheName, SecurityPermission perm) { -// Collection col = subject.permissions().cachePermissions().get(cacheName); -// return F.isEmpty(col) || col.stream().anyMatch((sp)-> sp == perm); return true; } @@ -62,6 +63,7 @@ public TestSecurityContext(SecuritySubject subject) { return true; } + /** {@inheritDoc} */ @Override public String toString() { return "TestSecurityContext{" + "subject=" + subject + diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java index 34f8a8c5a7163..1e215febed376 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -18,6 +18,7 @@ package org.apache.ignite.internal.processor.security; import java.util.Collection; +import java.util.Collections; import java.util.UUID; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.cluster.ClusterNode; @@ -26,7 +27,6 @@ import org.apache.ignite.internal.processors.GridProcessorAdapter; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.internal.processors.security.SecurityContext; -import org.apache.ignite.lang.IgniteInClosure; import org.apache.ignite.plugin.security.AuthenticationContext; import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityException; @@ -38,15 +38,18 @@ * Security processor for tests. */ public class TestSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { - + /** Consumer for {@link #authorize(String, SecurityPermission, SecurityContext)} method. */ private TriConsumer authorize; + /** + * @param ctx Grid kernal context. + */ public TestSecurityProcessor(GridKernalContext ctx) { super(ctx); } /** - * Setup consumer for {link {@link #authorize(String, SecurityPermission, SecurityContext)}} method. + * Setup consumer for {@link #authorize(String, SecurityPermission, SecurityContext)} method. * @param authorize Authorize. */ public void authorizeConsumer(TriConsumer authorize){ @@ -84,7 +87,7 @@ public void clear() { /** {@inheritDoc} */ @Override public Collection authenticatedSubjects() { - return null; + return Collections.emptyList(); } /** {@inheritDoc} */ @@ -106,7 +109,6 @@ public void clear() { /** {@inheritDoc} */ @Override public boolean enabled() { - //todo нужно посмотреть как в ГГ происходит обработка return true; } diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java index 6a84b4038e4b1..d1e380de47f45 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java @@ -16,7 +16,6 @@ */ /** - * * Contains classes and interfaces for security tests. */ package org.apache.ignite.internal.processor.security; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java similarity index 87% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java index d04ce0988df2f..de457e78d9e35 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractInintiatorContextSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java @@ -22,6 +22,7 @@ import java.util.UUID; import java.util.concurrent.atomic.AtomicInteger; import org.apache.ignite.Ignite; +import org.apache.ignite.cache.CacheMode; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.DataRegionConfiguration; import org.apache.ignite.configuration.DataStorageConfiguration; @@ -37,10 +38,16 @@ import static org.hamcrest.CoreMatchers.notNullValue; import static org.junit.Assert.assertThat; -public class AbstractInintiatorContextSecurityProcessorTest extends GridCommonAbstractTest { - /** Cache name. */ +/** + * + */ +public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbstractTest { + /** Cache name for tests. */ protected static final String CACHE_NAME = "TEST_CACHE"; + /** Cache name for tests. */ + protected static final String SEC_CACHE_NAME = "SECOND_TEST_CACHE"; + /** Security error message. */ protected static final String SEC_ERR_MSG = "Test security exception."; @@ -88,7 +95,7 @@ public class AbstractInintiatorContextSecurityProcessorTest extends GridCommonAb failUUIDs.contains(secCtx.subject().id())) { log.info("Failed authorize. [name=" + name + ", perm=" + perm - + ", secCtx=" + secCtx + "]"); + + ", secCtx=" + secCtx + "]"); throw new SecurityException(SEC_ERR_MSG); } @@ -122,7 +129,14 @@ public class AbstractInintiatorContextSecurityProcessorTest extends GridCommonAb ) .setAuthenticationEnabled(true) .setCacheConfiguration( - new CacheConfiguration<>().setName(CACHE_NAME) + new CacheConfiguration<>() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false), + new CacheConfiguration<>() + .setName(SEC_CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false) ); } @@ -135,7 +149,7 @@ protected TestSecurityProcessor processor(IgniteEx ignite) { if (ignite.context().security() instanceof GridSecurityProcessorWrapper) { GridSecurityProcessorWrapper wrp = (GridSecurityProcessorWrapper)ignite.context().security(); - return (TestSecurityProcessor) wrp.original(); + return (TestSecurityProcessor)wrp.original(); } return (TestSecurityProcessor)ignite.context().security(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java index 92f1d1c8f6a28..5a5d062e87820 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java @@ -29,10 +29,10 @@ /** * Security tests for a compute task. */ -public class ComputeTaskTest extends AbstractInintiatorContextSecurityProcessorTest { +public class ComputeTaskTest extends AbstractContextResolverSecurityProcessorTest { /** Values. */ private AtomicInteger values = new AtomicInteger(0); - + //todo MY_TODO нужно тестировать все вызовы, т.е. все методы сервиса. /** */ public void testCompute() { successCompute(succsessClnt, failClnt); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java new file mode 100644 index 0000000000000..2f43287bb663d --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java @@ -0,0 +1,252 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import java.util.Collections; +import java.util.UUID; +import java.util.function.Consumer; +import javax.cache.processor.EntryProcessor; +import javax.cache.processor.EntryProcessorException; +import javax.cache.processor.EntryProcessorResult; +import javax.cache.processor.MutableEntry; +import org.apache.ignite.Ignition; +import org.apache.ignite.cache.affinity.Affinity; +import org.apache.ignite.internal.IgniteEx; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + +/** + * Security tests for EntityProcessor. + */ +public class EntryProcessorTest extends AbstractContextResolverSecurityProcessorTest { + /** */ + public void testEntryProcessor() throws Exception { + successEntryProcessor(succsessClnt, succsessSrv); + successEntryProcessor(succsessClnt, failSrv); + successEntryProcessor(succsessSrv, failSrv); + + failEntryProcessor(failClnt, succsessSrv); + failEntryProcessor(failSrv, succsessSrv); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void successEntryProcessor(IgniteEx initiator, IgniteEx remote) { + assert !remote.localNode().isClient(); + + successCall(new Invoke(initiator, remote)); + successCall(new InvokeAll(initiator, remote)); + successCall(new InvokeAsync(initiator, remote)); + successCall(new InvokeAllAsync(initiator, remote)); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void failEntryProcessor(IgniteEx initiator, IgniteEx remote) { + assert !remote.localNode().isClient(); + + failCall(new Invoke(initiator, remote)); + failCall(new InvokeAll(initiator, remote)); + failCall(new InvokeAsync(initiator, remote)); + failCall(new InvokeAllAsync(initiator, remote)); + } + + /** + * @param c Consumer. + */ + private void successCall(Consumer c){ + Integer val = values.getAndIncrement(); + + c.accept(val); + + assertThat(succsessSrv.cache(CACHE_NAME).get(val), is(val)); + } + + /** + * @param c Consumer. + */ + private void failCall(Consumer c) { + try { + c.accept(0); + } + catch (Throwable e) { + assertCauseMessage(e); + } + + assertThat(succsessSrv.cache(CACHE_NAME).get(0), nullValue()); + } + + /** */ + abstract class CommonConsumer implements Consumer { + /** Initiator. */ + protected final IgniteEx initiator; + + /** Remote. */ + protected final IgniteEx remote; + + /** + * @param initiator Initiator. + * @param remote Remote. + */ + protected CommonConsumer(IgniteEx initiator, IgniteEx remote) { + this.initiator = initiator; + this.remote = remote; + } + } + + /** + * Call invoke method. + */ + class Invoke extends CommonConsumer { + /** + * @param initiator Initiator. + * @param remote Remote. + */ + public Invoke(IgniteEx initiator, IgniteEx remote) { + super(initiator, remote); + } + + /** {@inheritDoc} */ + @Override public void accept(Integer key) { + initiator.cache(SEC_CACHE_NAME).invoke( + primaryKey(remote), + new TestEntryProcessor(remote.localNode().id(), key) + ); + } + } + + /** + * Call invokeAsync method. + */ + class InvokeAsync extends CommonConsumer { + /** + * @param initiator Initiator. + * @param remote Remote. + */ + public InvokeAsync(IgniteEx initiator, IgniteEx remote) { + super(initiator, remote); + } + + /** {@inheritDoc} */ + @Override public void accept(Integer key) { + initiator.cache(SEC_CACHE_NAME).invokeAsync( + primaryKey(remote), + new TestEntryProcessor(remote.localNode().id(), key) + ).get(); + } + } + + /** + * Call invokeAll method. + */ + class InvokeAll extends CommonConsumer { + /** + * @param initiator Initiator. + * @param remote Remote. + */ + public InvokeAll(IgniteEx initiator, IgniteEx remote) { + super(initiator, remote); + } + + /** {@inheritDoc} */ + @Override public void accept(Integer key) { + initiator.cache(SEC_CACHE_NAME).invokeAll( + Collections.singleton(primaryKey(remote)), + new TestEntryProcessor(remote.localNode().id(), key) + ).values().stream().findFirst().ifPresent(EntryProcessorResult::get); + } + } + + /** + * Call invokeAllAsync method. + */ + class InvokeAllAsync extends CommonConsumer { + /** + * @param initiator Initiator. + * @param remote Remote. + */ + public InvokeAllAsync(IgniteEx initiator, IgniteEx remote) { + super(initiator, remote); + } + + /** {@inheritDoc} */ + @Override public void accept(Integer key) { + initiator.cache(SEC_CACHE_NAME).invokeAllAsync( + Collections.singleton(primaryKey(remote)), + new TestEntryProcessor(remote.localNode().id(), key) + ).get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); + } + } + + /** + * Getting the key that is contained on primary partition on passed node. + * + * @param ignite Node. + * @return Key. + */ + private Integer primaryKey(IgniteEx ignite) { + Affinity affinity = ignite.affinity(SEC_CACHE_NAME); + + int i = 0; + do { + if (affinity.isPrimary(ignite.localNode(), ++i)) + return i; + + } + while (i <= 1_000); + + throw new IllegalStateException(ignite.name() + " isn't primary node for any key."); + } + + /** + * Entry processor for tests. + */ + static class TestEntryProcessor implements EntryProcessor { + /** Remote node id. */ + protected final UUID remoteId; + + /** Key. */ + private final Integer key; + + /** + * @param remoteId Remote id. + * @param key Key. + */ + public TestEntryProcessor(UUID remoteId, Integer key) { + this.remoteId = remoteId; + this.key = key; + } + + /** {@inheritDoc} */ + @Override public Object process(MutableEntry entry, + Object... objects) throws EntryProcessorException { + IgniteEx loc = (IgniteEx)Ignition.localIgnite(); + + if (remoteId.equals(loc.localNode().id())) + loc.cache(CACHE_NAME).put(key, key); + + return null; + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java index 4d00cc3277d9e..ce7b1312535ea 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java @@ -30,7 +30,7 @@ /** * Security tests for an execute server task. */ -public class ExecuteServiceTaskTest extends AbstractInintiatorContextSecurityProcessorTest { +public class ExecuteServiceTaskTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testExecute() throws Exception { successExecute(succsessClnt, failClnt); @@ -96,5 +96,4 @@ private void failExecute(IgniteEx initiator, IgniteEx remote) { assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } - } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java new file mode 100644 index 0000000000000..180523470be11 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java @@ -0,0 +1,150 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import java.util.UUID; +import java.util.concurrent.BrokenBarrierException; +import java.util.concurrent.CyclicBarrier; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; +import org.apache.ignite.IgniteMessaging; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.lang.IgniteBiPredicate; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.core.IsNull.nullValue; +import static org.junit.Assert.assertThat; + +/** + * Security tests for IgniteMessaging. + * //todo DRAFT !!! + */ +public class IgniteMessagingTest extends AbstractContextResolverSecurityProcessorTest { + /** Barrier. */ + private static final CyclicBarrier BARRIER = new CyclicBarrier(2); + + /** */ + public void testMessaging() throws Exception { + //todo Тесты написаны так, что инициатор так же является источником собтия. + //todo Нужно написать тесты когда иточником события является другой узел + //todo имеющий разрешение на выполнение операции и нет, соответственно. + + successMessaging(succsessClnt, failClnt); + successMessaging(succsessClnt, failSrv); + successMessaging(succsessSrv, failClnt); + successMessaging(succsessSrv, failSrv); + //successMessaging(succsessSrv, succsessSrv); + //successMessaging(succsessClnt, succsessClnt); + + failMessaging(failClnt, succsessSrv); + failMessaging(failClnt, succsessClnt); + failMessaging(failSrv, succsessSrv); + failMessaging(failSrv, succsessClnt); + //failMessaging(failSrv, failSrv); + //failMessaging(failClnt, failClnt); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + * @throws Exception If failed. + */ + private void successMessaging(IgniteEx initiator, IgniteEx remote) throws Exception { + BARRIER.reset(); + + int val = values.getAndIncrement(); + + IgniteMessaging messaging = initiator.message( + initiator.cluster().forNode(remote.localNode()) + ); + + UUID lsnrId = messaging.remoteListen("HOT_TOPIC", + new IgniteBiPredicate() { + @Override public boolean apply(UUID uuid, Object o) { + try { + Ignition.localIgnite().cache(CACHE_NAME).put("key", val); + + return true; + } + finally { + try { + BARRIER.await(5, TimeUnit.SECONDS); + } + catch (InterruptedException | BrokenBarrierException | TimeoutException e) { + fail(e.getMessage()); + } + } + } + } + ); + try { + messaging.send("HOT_TOPIC", "Fire!"); + + BARRIER.await(5, TimeUnit.SECONDS); + } + finally { + messaging.stopRemoteListen(lsnrId); + } + + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + * @throws Exception If failed. + */ + private void failMessaging(IgniteEx initiator, IgniteEx remote) throws Exception { + BARRIER.reset(); + + IgniteMessaging messaging = initiator.message( + initiator.cluster().forNode(remote.localNode()) + ); + + UUID lsnrId = messaging.remoteListen("HOT_TOPIC", + new IgniteBiPredicate() { + @Override public boolean apply(UUID uuid, Object o) { + try { + Ignition.localIgnite().cache(CACHE_NAME).put("fail_key", -1); + + return true; + } + finally { + try { + BARRIER.await(5, TimeUnit.SECONDS); + } + catch (InterruptedException | BrokenBarrierException | TimeoutException e) { + fail(e.getMessage()); + } + } + } + } + ); + try { + messaging.send("HOT_TOPIC", "Fire!"); + + BARRIER.await(5, TimeUnit.SECONDS); + } + finally { + messaging.stopRemoteListen(lsnrId); + } + + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java new file mode 100644 index 0000000000000..ecbffc1478bf5 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java @@ -0,0 +1,233 @@ +package org.apache.ignite.internal.processor.security; + +import java.util.UUID; +import javax.cache.Cache; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteDataStreamer; +import org.apache.ignite.cache.query.ScanQuery; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.resources.IgniteInstanceResource; +import org.apache.ignite.testframework.GridTestUtils; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + +/** + * Security test for scan query. + */ +public class ScanQueryTest extends AbstractContextResolverSecurityProcessorTest { + /** */ + public void testScanQuery() throws Exception { + putTestData(succsessSrv, CACHE_NAME); + putTestData(succsessSrv, SEC_CACHE_NAME); + + awaitPartitionMapExchange(); + + successQuery(succsessClnt, succsessSrv, CACHE_NAME); + successQuery(succsessSrv, succsessSrv, CACHE_NAME); + successQuery(succsessClnt, succsessSrv, SEC_CACHE_NAME); + successQuery(succsessSrv, succsessSrv, SEC_CACHE_NAME); + + successTransform(succsessClnt, succsessSrv, CACHE_NAME); + successTransform(succsessSrv, succsessSrv, CACHE_NAME); + successTransform(succsessClnt, succsessSrv, SEC_CACHE_NAME); + successTransform(succsessSrv, succsessSrv, SEC_CACHE_NAME); + + successQuery(succsessClnt, failSrv, CACHE_NAME); + successQuery(succsessSrv, failSrv, CACHE_NAME); + successQuery(succsessClnt, failSrv, SEC_CACHE_NAME); + successQuery(succsessSrv, failSrv, SEC_CACHE_NAME); + + successTransform(succsessClnt, failSrv, CACHE_NAME); + successTransform(succsessSrv, failSrv, CACHE_NAME); + successTransform(succsessClnt, failSrv, SEC_CACHE_NAME); + successTransform(succsessSrv, failSrv, SEC_CACHE_NAME); + + failQuery(failClnt, succsessSrv, CACHE_NAME); + failQuery(failSrv, succsessSrv, CACHE_NAME); + failQuery(failClnt, succsessSrv, SEC_CACHE_NAME); + failQuery(failSrv, succsessSrv, SEC_CACHE_NAME); + + failTransform(failClnt, succsessSrv, CACHE_NAME); + failTransform(failSrv, succsessSrv, CACHE_NAME); + failTransform(failClnt, succsessSrv, SEC_CACHE_NAME); + failTransform(failSrv, succsessSrv, SEC_CACHE_NAME); + } + + /** + * @param initiator Initiator. + * @param remote Remote. + * @param cacheName Cache name. + */ + private void failQuery(IgniteEx initiator, IgniteEx remote, String cacheName) { + assert !remote.localNode().isClient(); + + assertCauseMessage( + GridTestUtils.assertThrowsWithCause( + () -> { + initiator.cache(cacheName).query( + new ScanQuery<>( + new QueryFilter(remote.localNode().id(), "fail_key", -1) + ) + ).getAll(); + } + , SecurityException.class + ) + ); + + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + } + + /** + * @param initiator Initiator. + * @param remote Remote. + * @param cacheName Cache name. + */ + private void successQuery(IgniteEx initiator, IgniteEx remote, String cacheName) { + assert !remote.localNode().isClient(); + + Integer val = values.getAndIncrement(); + + initiator.cache(cacheName).query( + new ScanQuery<>( + new QueryFilter(remote.localNode().id(), "key", val) + ) + ).getAll(); + + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + } + + /** + * @param initiator Initiator. + * @param remote Remote. + * @param cacheName Cache name. + */ + private void failTransform(IgniteEx initiator, IgniteEx remote, String cacheName) { + assert !remote.localNode().isClient(); + + assertCauseMessage( + GridTestUtils.assertThrowsWithCause( + () -> { + initiator.cache(cacheName).query( + new ScanQuery<>((k, v) -> true), + new Transformer(remote.localNode().id(), "fail_key", -1) + ).getAll(); + } + , SecurityException.class + ) + ); + + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + } + + /** + * @param initiator Initiator. + * @param remote Remote. + * @param cacheName Cache name. + */ + private void successTransform(IgniteEx initiator, IgniteEx remote, String cacheName) { + assert !remote.localNode().isClient(); + + Integer val = values.getAndIncrement(); + + initiator.cache(cacheName).query( + new ScanQuery<>((k, v) -> true), + new Transformer(remote.localNode().id(), "key", val) + ).getAll(); + + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + } + + /** + * @param ignite Ignite. + * @param cacheName Cache name. + */ + private void putTestData(IgniteEx ignite, String cacheName) { + try (IgniteDataStreamer streamer = ignite.dataStreamer(cacheName)) { + for (int i = 1; i <= 100; i++) + streamer.addData(Integer.toString(i), i); + } + } + + /** + * Common class for test closures. + */ + static class CommonClosure { + /** Remote node id. */ + protected final UUID remoteId; + + /** Key. */ + private final String key; + + /** Value. */ + private final Integer val; + + /** Locale ignite. */ + @IgniteInstanceResource + protected Ignite loc; + + /** + * @param remoteId Remote id. + * @param key Key. + * @param val Value. + */ + public CommonClosure(UUID remoteId, String key, Integer val) { + this.remoteId = remoteId; + this.key = key; + this.val = val; + } + + /** + * Put value to cache. + */ + protected void put() { + if (remoteId.equals(loc.cluster().localNode().id())) + loc.cache(CACHE_NAME).put(key, val); + } + } + + /** + * Test query filter. + * */ + static class QueryFilter extends CommonClosure implements IgniteBiPredicate { + /** + * @param remoteId Remote id. + * @param key Key. + * @param val Value. + */ + public QueryFilter(UUID remoteId, String key, Integer val) { + super(remoteId, key, val); + } + + /** {@inheritDoc} */ + @Override public boolean apply(String s, Integer i) { + put(); + + return false; + } + } + + /** + * Test transformer. + */ + static class Transformer extends CommonClosure implements IgniteClosure, Integer> { + /** + * @param remoteId Remote id. + * @param key Key. + * @param val Value. + */ + public Transformer(UUID remoteId, String key, Integer val) { + super(remoteId, key, val); + } + + /** {@inheritDoc} */ + @Override public Integer apply(Cache.Entry entry) { + put(); + + return entry.getValue(); + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/InitiatorContextSecurityProcessorTestSuite.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java similarity index 87% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/InitiatorContextSecurityProcessorTestSuite.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java index b86c91ccd79cc..a91e4f6e28b91 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/InitiatorContextSecurityProcessorTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java @@ -21,7 +21,10 @@ import junit.framework.TestSuite; import org.jetbrains.annotations.Nullable; -public class InitiatorContextSecurityProcessorTestSuite extends TestSuite { +/** + * Security test suite. + */ +public class SecurityContextResolverSecurityProcessorTestSuite extends TestSuite { /** * @return Test suite. * @throws Exception Thrown in case of the failure. @@ -40,6 +43,8 @@ public static TestSuite suite(@Nullable final Set ignoredTests) throws Ex suite.addTest(new TestSuite(ComputeTaskTest.class)); suite.addTest(new TestSuite(ExecuteServiceTaskTest.class)); + suite.addTest(new TestSuite(ScanQueryTest.class)); + suite.addTest(new TestSuite(EntryProcessorTest.class)); return suite; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java index 86a052578b770..a56ad296c1aa5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java @@ -16,7 +16,6 @@ */ /** - * * Contains security tests. */ package org.apache.ignite.internal.processor.security; \ No newline at end of file From 3b7ff82e658dd742e3578a87216b705c5d14344d Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 24 Oct 2018 13:01:08 +0300 Subject: [PATCH 07/98] IGNITE-9560 Added tests for Distributed closure, DataStream, LoadCache, ComputeTask --- ...tContextResolverSecurityProcessorTest.java | 48 +++- .../processor/security/ComputeTaskTest.java | 167 ++++++++++--- .../security/DistributedClosureTest.java | 230 ++++++++++++++++++ .../security/EntryProcessorTest.java | 98 +++----- .../security/IgniteDataStreamerTest.java | 115 +++++++++ .../processor/security/LoadCacheTest.java | 159 ++++++++++++ ...extResolverSecurityProcessorTestSuite.java | 6 +- 7 files changed, 714 insertions(+), 109 deletions(-) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java index de457e78d9e35..2d3a7d62599b9 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java @@ -23,6 +23,7 @@ import java.util.concurrent.atomic.AtomicInteger; import org.apache.ignite.Ignite; import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.cache.affinity.Affinity; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.DataRegionConfiguration; import org.apache.ignite.configuration.DataStorageConfiguration; @@ -128,16 +129,23 @@ public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbst ) ) .setAuthenticationEnabled(true) - .setCacheConfiguration( - new CacheConfiguration<>() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false), - new CacheConfiguration<>() - .setName(SEC_CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false) - ); + .setCacheConfiguration(getCacheConfigurations()); + } + + /** + * Getting array of cache configurations. + */ + protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration<>() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false), + new CacheConfiguration<>() + .setName(SEC_CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false) + }; } /** @@ -155,6 +163,26 @@ protected TestSecurityProcessor processor(IgniteEx ignite) { return (TestSecurityProcessor)ignite.context().security(); } + /** + * Getting the key that is contained on primary partition on passed node. + * + * @param ignite Node. + * @return Key. + */ + protected Integer primaryKey(IgniteEx ignite) { + Affinity affinity = ignite.affinity(SEC_CACHE_NAME); + + int i = 0; + do { + if (affinity.isPrimary(ignite.localNode(), ++i)) + return i; + + } + while (i <= 1_000); + + throw new IllegalStateException(ignite.name() + " isn't primary node for any key."); + } + /** * Assert that the passed throwable contains a cause exception with given type and message. * diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java index 5a5d062e87820..506ffd0744995 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java @@ -17,10 +17,22 @@ package org.apache.ignite.internal.processor.security; -import java.util.concurrent.atomic.AtomicInteger; -import org.apache.ignite.Ignition; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCompute; +import org.apache.ignite.IgniteException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.compute.ComputeJob; +import org.apache.ignite.compute.ComputeJobResult; +import org.apache.ignite.compute.ComputeJobResultPolicy; +import org.apache.ignite.compute.ComputeTask; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.resources.IgniteInstanceResource; import org.apache.ignite.testframework.GridTestUtils; +import org.jetbrains.annotations.Nullable; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.nullValue; @@ -30,38 +42,68 @@ * Security tests for a compute task. */ public class ComputeTaskTest extends AbstractContextResolverSecurityProcessorTest { - /** Values. */ - private AtomicInteger values = new AtomicInteger(0); - //todo MY_TODO нужно тестировать все вызовы, т.е. все методы сервиса. /** */ public void testCompute() { - successCompute(succsessClnt, failClnt); - successCompute(succsessClnt, failSrv); - successCompute(succsessSrv, failClnt); - successCompute(succsessSrv, failSrv); - successCompute(succsessSrv, succsessSrv); - successCompute(succsessClnt, succsessClnt); - - failCompute(failClnt, succsessSrv); - failCompute(failClnt, succsessClnt); - failCompute(failSrv, succsessSrv); - failCompute(failSrv, succsessClnt); - failCompute(failSrv, failSrv); - failCompute(failClnt, failClnt); + checkSuccess(succsessSrv, succsessClnt); + checkSuccess(succsessSrv, failSrv); + checkSuccess(succsessSrv, failClnt); + checkSuccess(succsessClnt, succsessSrv); + checkSuccess(succsessClnt, failSrv); + checkSuccess(succsessClnt, failClnt); + + checkFail(failSrv, succsessSrv); + checkFail(failSrv, succsessClnt); + checkFail(failSrv, failClnt); + checkFail(failClnt, succsessSrv); + checkFail(failClnt, failSrv); + checkFail(failClnt, succsessClnt); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void checkSuccess(IgniteEx initiator, IgniteEx remote) { + successCompute( + initiator, remote, + (cmp, k, v) -> + cmp.execute(new TestComputeTask(remote.localNode().id(), k, v), 0) + ); + + successCompute( + initiator, remote, + (cmp, k, v) -> + cmp.executeAsync(new TestComputeTask(remote.localNode().id(), k, v), 0).get() + ); } /** * @param initiator Initiator node. * @param remote Remote node. */ - private void successCompute(IgniteEx initiator, IgniteEx remote) { + private void checkFail(IgniteEx initiator, IgniteEx remote) { + failCompute( + initiator, remote, + (cmp, k, v) -> + cmp.execute(new TestComputeTask(remote.localNode().id(), k, v), 0) + ); + + failCompute( + initiator, remote, + (cmp, k, v) -> + cmp.executeAsync(new TestComputeTask(remote.localNode().id(), k, v), 0).get() + ); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void successCompute(IgniteEx initiator, IgniteEx remote, + TriConsumer consumer) { int val = values.getAndIncrement(); - initiator.compute(initiator.cluster().forNode(remote.localNode())) - .broadcast(() -> - Ignition.localIgnite().cache(CACHE_NAME) - .put("key", val) - ); + consumer.accept(initiator.compute(), "key", val); assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); } @@ -70,17 +112,84 @@ private void successCompute(IgniteEx initiator, IgniteEx remote) { * @param initiator Initiator node. * @param remote Remote node. */ - private void failCompute(IgniteEx initiator, IgniteEx remote) { + private void failCompute(IgniteEx initiator, IgniteEx remote, + TriConsumer consumer) { assertCauseMessage( GridTestUtils.assertThrowsWithCause( - () -> initiator.compute(initiator.cluster().forNode(remote.localNode())) - .broadcast(() -> - Ignition.localIgnite().cache(CACHE_NAME).put("fail_key", -1) - ) + () -> consumer.accept(initiator.compute(), "fail_key", -1) , SecurityException.class ) ); assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } + + /** + * Compute task for tests. + */ + static class TestComputeTask implements ComputeTask { + /** Remote cluster node. */ + private final UUID remote; + + /** Key. */ + private final String key; + + /** Value. */ + private final Integer val; + + /** Locale ignite. */ + @IgniteInstanceResource + private Ignite loc; + + /** + * @param remote Remote. + * @param key Key. + * @param val Value. + */ + public TestComputeTask(UUID remote, String key, Integer val) { + this.remote = remote; + this.key = key; + this.val = val; + } + + /** {@inheritDoc} */ + @Nullable @Override public Map map(List subgrid, + @Nullable Integer arg) throws IgniteException { + Map res = new HashMap<>(); + + res.put( + new ComputeJob() { + @IgniteInstanceResource + private Ignite loc; + + @Override public void cancel() { + // no-op + } + + @Override public Object execute() throws IgniteException { + loc.cache(CACHE_NAME).put(key, val); + + return null; + } + }, loc.cluster().node(remote) + ); + + return res; + } + + /** {@inheritDoc} */ + @Override public ComputeJobResultPolicy result(ComputeJobResult res, + List rcvd) throws IgniteException { + if (res.getException() != null) + throw res.getException(); + + return ComputeJobResultPolicy.REDUCE; + } + + /** {@inheritDoc} */ + @Nullable @Override public Integer reduce(List results) throws IgniteException { + return null; + } + } + } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java new file mode 100644 index 0000000000000..db96dcc1570d5 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java @@ -0,0 +1,230 @@ +package org.apache.ignite.internal.processor.security; + +import org.apache.ignite.IgniteCompute; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.testframework.GridTestUtils; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + +/** + * Security tests for distributed closure. + */ +public class DistributedClosureTest extends AbstractContextResolverSecurityProcessorTest { + /** */ + public void testDistributedClosure() { + checkSuccess(succsessClnt, failClnt); + checkSuccess(succsessClnt, failSrv); + checkSuccess(succsessSrv, failClnt); + checkSuccess(succsessSrv, failSrv); + checkSuccess(succsessSrv, succsessSrv); + checkSuccess(succsessClnt, succsessClnt); + + checkFail(failClnt, succsessSrv); + checkFail(failClnt, succsessClnt); + checkFail(failSrv, succsessSrv); + checkFail(failSrv, succsessClnt); + checkFail(failSrv, failSrv); + checkFail(failClnt, failClnt); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void checkSuccess(IgniteEx initiator, IgniteEx remote) { + successClosure( + initiator, remote, + (cmp, k, v) -> cmp.broadcast( + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + ) + ); + + successClosure( + initiator, remote, + (cmp, k, v) -> cmp.broadcastAsync( + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + ).get() + ); + + successClosure( + initiator, remote, + (cmp, k, v) -> cmp.call( + () -> { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + + return null; + } + ) + ); + + successClosure( + initiator, remote, + (cmp, k, v) -> cmp.callAsync( + () -> { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + + return null; + } + ).get() + ); + + successClosure( + initiator, remote, + (cmp, k, v) -> cmp.run( + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + ) + ); + + successClosure( + initiator, remote, + (cmp, k, v) -> cmp.runAsync( + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + ).get() + ); + + successClosure( + initiator, remote, + (cmp, k, v) -> cmp.apply( + new IgniteClosure() { + @Override public Object apply(Object o) { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + + return null; + } + }, new Object() + ) + ); + + successClosure( + initiator, remote, + (cmp, k, v) -> cmp.applyAsync( + new IgniteClosure() { + @Override public Object apply(Object o) { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + + return null; + } + }, new Object() + ).get() + ); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void checkFail(IgniteEx initiator, IgniteEx remote) { + failClosure( + initiator, remote, + (cmp, k, v) -> cmp.broadcast( + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + ) + ); + + failClosure( + initiator, remote, + (cmp, k, v) -> cmp.broadcastAsync( + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + ).get() + ); + + failClosure( + initiator, remote, + (cmp, k, v) -> cmp.call( + () -> { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + + return null; + } + ) + ); + + failClosure( + initiator, remote, + (cmp, k, v) -> cmp.callAsync( + () -> { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + + return null; + } + ).get() + ); + + failClosure( + initiator, remote, + (cmp, k, v) -> cmp.run( + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + ) + ); + + failClosure( + initiator, remote, + (cmp, k, v) -> cmp.runAsync( + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + ).get() + ); + + failClosure( + initiator, remote, + (cmp, k, v) -> cmp.apply( + new IgniteClosure() { + @Override public Object apply(Object o) { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + + return null; + } + }, new Object() + ) + ); + + failClosure( + initiator, remote, + (cmp, k, v) -> cmp.applyAsync( + new IgniteClosure() { + @Override public Object apply(Object o) { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + + return null; + } + }, new Object() + ).get() + ); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + * @param consumer Consumer. + */ + private void successClosure(IgniteEx initiator, IgniteEx remote, + TriConsumer consumer) { + int val = values.getAndIncrement(); + + consumer.accept(initiator.compute(initiator.cluster().forNode(remote.localNode())), "key", val); + + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + * @param consumer Consumer. + */ + private void failClosure(IgniteEx initiator, IgniteEx remote, + TriConsumer consumer) { + assertCauseMessage( + GridTestUtils.assertThrowsWithCause( + () -> + consumer.accept( + initiator.compute(initiator.cluster().forNode(remote.localNode())), "fail_key", -1 + ), SecurityException.class + ) + ); + + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java index 2f43287bb663d..54afea928d1b2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java @@ -19,25 +19,20 @@ import java.util.Collections; import java.util.UUID; -import java.util.function.Consumer; import javax.cache.processor.EntryProcessor; import javax.cache.processor.EntryProcessorException; import javax.cache.processor.EntryProcessorResult; import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignition; -import org.apache.ignite.cache.affinity.Affinity; import org.apache.ignite.internal.IgniteEx; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; +import org.apache.ignite.plugin.security.SecurityPermission; /** * Security tests for EntityProcessor. */ public class EntryProcessorTest extends AbstractContextResolverSecurityProcessorTest { /** */ - public void testEntryProcessor() throws Exception { + public void testEntryProcessor() { successEntryProcessor(succsessClnt, succsessSrv); successEntryProcessor(succsessClnt, failSrv); successEntryProcessor(succsessSrv, failSrv); @@ -53,10 +48,10 @@ public void testEntryProcessor() throws Exception { private void successEntryProcessor(IgniteEx initiator, IgniteEx remote) { assert !remote.localNode().isClient(); - successCall(new Invoke(initiator, remote)); - successCall(new InvokeAll(initiator, remote)); - successCall(new InvokeAsync(initiator, remote)); - successCall(new InvokeAllAsync(initiator, remote)); + new Invoke(initiator, remote).call(); + new InvokeAll(initiator, remote).call(); + new InvokeAsync(initiator, remote).call(); + new InvokeAllAsync(initiator, remote).call(); } /** @@ -73,32 +68,19 @@ private void failEntryProcessor(IgniteEx initiator, IgniteEx remote) { } /** - * @param c Consumer. - */ - private void successCall(Consumer c){ - Integer val = values.getAndIncrement(); - - c.accept(val); - - assertThat(succsessSrv.cache(CACHE_NAME).get(val), is(val)); - } - - /** - * @param c Consumer. + * @param c CustomInvoke. */ - private void failCall(Consumer c) { + private void failCall(CustomInvoke c) { try { - c.accept(0); + c.call(); } catch (Throwable e) { assertCauseMessage(e); } - - assertThat(succsessSrv.cache(CACHE_NAME).get(0), nullValue()); } /** */ - abstract class CommonConsumer implements Consumer { + abstract class CustomInvoke { /** Initiator. */ protected final IgniteEx initiator; @@ -109,16 +91,21 @@ abstract class CommonConsumer implements Consumer { * @param initiator Initiator. * @param remote Remote. */ - protected CommonConsumer(IgniteEx initiator, IgniteEx remote) { + protected CustomInvoke(IgniteEx initiator, IgniteEx remote) { this.initiator = initiator; this.remote = remote; } + + /** + * Calling of invokeXXX method + */ + abstract void call(); } /** * Call invoke method. */ - class Invoke extends CommonConsumer { + class Invoke extends CustomInvoke { /** * @param initiator Initiator. * @param remote Remote. @@ -128,10 +115,10 @@ public Invoke(IgniteEx initiator, IgniteEx remote) { } /** {@inheritDoc} */ - @Override public void accept(Integer key) { + @Override public void call() { initiator.cache(SEC_CACHE_NAME).invoke( primaryKey(remote), - new TestEntryProcessor(remote.localNode().id(), key) + new TestEntryProcessor(remote.localNode().id()) ); } } @@ -139,7 +126,7 @@ public Invoke(IgniteEx initiator, IgniteEx remote) { /** * Call invokeAsync method. */ - class InvokeAsync extends CommonConsumer { + class InvokeAsync extends CustomInvoke { /** * @param initiator Initiator. * @param remote Remote. @@ -149,10 +136,10 @@ public InvokeAsync(IgniteEx initiator, IgniteEx remote) { } /** {@inheritDoc} */ - @Override public void accept(Integer key) { + @Override public void call() { initiator.cache(SEC_CACHE_NAME).invokeAsync( primaryKey(remote), - new TestEntryProcessor(remote.localNode().id(), key) + new TestEntryProcessor(remote.localNode().id()) ).get(); } } @@ -160,7 +147,7 @@ public InvokeAsync(IgniteEx initiator, IgniteEx remote) { /** * Call invokeAll method. */ - class InvokeAll extends CommonConsumer { + class InvokeAll extends CustomInvoke { /** * @param initiator Initiator. * @param remote Remote. @@ -170,10 +157,10 @@ public InvokeAll(IgniteEx initiator, IgniteEx remote) { } /** {@inheritDoc} */ - @Override public void accept(Integer key) { + @Override public void call() { initiator.cache(SEC_CACHE_NAME).invokeAll( Collections.singleton(primaryKey(remote)), - new TestEntryProcessor(remote.localNode().id(), key) + new TestEntryProcessor(remote.localNode().id()) ).values().stream().findFirst().ifPresent(EntryProcessorResult::get); } } @@ -181,7 +168,7 @@ public InvokeAll(IgniteEx initiator, IgniteEx remote) { /** * Call invokeAllAsync method. */ - class InvokeAllAsync extends CommonConsumer { + class InvokeAllAsync extends CustomInvoke { /** * @param initiator Initiator. * @param remote Remote. @@ -191,34 +178,14 @@ public InvokeAllAsync(IgniteEx initiator, IgniteEx remote) { } /** {@inheritDoc} */ - @Override public void accept(Integer key) { + @Override public void call() { initiator.cache(SEC_CACHE_NAME).invokeAllAsync( Collections.singleton(primaryKey(remote)), - new TestEntryProcessor(remote.localNode().id(), key) + new TestEntryProcessor(remote.localNode().id()) ).get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); } } - /** - * Getting the key that is contained on primary partition on passed node. - * - * @param ignite Node. - * @return Key. - */ - private Integer primaryKey(IgniteEx ignite) { - Affinity affinity = ignite.affinity(SEC_CACHE_NAME); - - int i = 0; - do { - if (affinity.isPrimary(ignite.localNode(), ++i)) - return i; - - } - while (i <= 1_000); - - throw new IllegalStateException(ignite.name() + " isn't primary node for any key."); - } - /** * Entry processor for tests. */ @@ -226,16 +193,11 @@ static class TestEntryProcessor implements EntryProcessor { + try (IgniteDataStreamer strm = initiator.dataStreamer(SEC_CACHE_NAME)) { + strm.receiver( + StreamVisitor.from( + new TestClosure(remote.localNode().id(), "fail_key", -1) + )); + + strm.addData(primaryKey(remote), 100); + } + } + , SecurityException.class + ) + ); + + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void successReceiver(IgniteEx initiator, IgniteEx remote) { + assert !remote.localNode().isClient(); + + Integer val = values.getAndIncrement(); + + try (IgniteDataStreamer strm = initiator.dataStreamer(SEC_CACHE_NAME)) { + strm.receiver( + StreamVisitor.from( + new TestClosure(remote.localNode().id(), "key", val) + )); + + strm.addData(primaryKey(remote), 100); + } + + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + } + + /** + * Closure for tests. + */ + static class TestClosure implements + IgniteBiInClosure, Map.Entry> { + /** Remote node id. */ + private final UUID remoteId; + + /** Key. */ + private final String key; + + /** Value. */ + private final Integer val; + + /** + * @param remoteId Remote node id. + * @param key Key. + * @param val Value. + */ + public TestClosure(UUID remoteId, String key, Integer val) { + this.remoteId = remoteId; + this.key = key; + this.val = val; + } + + /** {@inheritDoc} */ + @Override public void apply(IgniteCache entries, + Map.Entry entry) { + Ignite loc = Ignition.localIgnite(); + + if (remoteId.equals(loc.cluster().localNode().id())) + loc.cache(CACHE_NAME).put(key, val); + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java new file mode 100644 index 0000000000000..db9f9efb846ab --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java @@ -0,0 +1,159 @@ +package org.apache.ignite.internal.processor.security; + +import java.util.UUID; +import javax.cache.Cache; +import javax.cache.configuration.Factory; +import javax.cache.integration.CacheLoaderException; +import org.apache.ignite.Ignite; +import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.cache.store.CacheStoreAdapter; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.resources.IgniteInstanceResource; +import org.apache.ignite.testframework.GridTestUtils; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.core.IsNull.nullValue; +import static org.junit.Assert.assertThat; + +/** + * Security tests for cache data load. + */ +public class LoadCacheTest extends AbstractContextResolverSecurityProcessorTest { + /** {@inheritDoc} */ + @Override protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false), + new CacheConfiguration() + .setName(SEC_CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false) + .setCacheStoreFactory(new TestStoreFactory()) + }; + } + + /** */ + public void testLoadCache() { + successLoad(succsessClnt, succsessSrv); + successLoad(succsessClnt, failSrv); + successLoad(succsessSrv, succsessSrv); + successLoad(succsessSrv, failSrv); + + failLoad(failClnt, succsessSrv); + failLoad(failSrv, succsessSrv); + failLoad(failSrv, failSrv); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void successLoad(IgniteEx initiator, IgniteEx remote) { + assert !remote.localNode().isClient(); + + Integer val = values.getAndIncrement(); + + initiator.cache(SEC_CACHE_NAME).loadCache( + new TestClosure(remote.localNode().id(), "key", val) + ); + + assertThat(succsessSrv.cache(CACHE_NAME).get("key"), is(val)); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + private void failLoad(IgniteEx initiator, IgniteEx remote) { + assert !remote.localNode().isClient(); + + assertCauseMessage( + GridTestUtils.assertThrowsWithCause( + () -> initiator.cache(SEC_CACHE_NAME) + .loadCache( + new TestClosure(remote.localNode().id(), "fail_key", -1) + ) + , SecurityException.class + ) + ); + + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + } + + /** + * Closure for tests. + */ + static class TestClosure implements IgniteBiPredicate { + /** Remote node id. */ + private final UUID remoteId; + + /** Key. */ + private final String key; + + /** Value. */ + private final Integer val; + + /** Locale ignite. */ + @IgniteInstanceResource + protected Ignite loc; + + /** + * @param remoteId Remote id. + * @param key Key. + * @param val Value. + */ + public TestClosure(UUID remoteId, String key, Integer val) { + this.remoteId = remoteId; + this.key = key; + this.val = val; + } + + /** {@inheritDoc} */ + @Override public boolean apply(Integer k, Integer v) { + if (remoteId.equals(loc.cluster().localNode().id())) + loc.cache(CACHE_NAME).put(key, val); + + return false; + } + } + + /** + * Test store factory. + */ + private static class TestStoreFactory implements Factory { + /** {@inheritDoc} */ + @Override public TestCacheStore create() { + return new TestCacheStore(); + } + } + + /** + * Test cache store. + */ + private static class TestCacheStore extends CacheStoreAdapter { + /** {@inheritDoc} */ + @Override public void loadCache(IgniteBiInClosure clo, Object... args) { + clo.apply(1, 1); + } + + /** {@inheritDoc} */ + @Override public Integer load(Integer key) throws CacheLoaderException { + return key; + } + + /** {@inheritDoc} */ + @Override public void write(Cache.Entry entry) { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void delete(Object key) { + // No-op. + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java index a91e4f6e28b91..d4c1ec6d92850 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java @@ -36,15 +36,17 @@ public static TestSuite suite() throws Exception { /** * @param ignoredTests Tests don't include in the execution. Providing null means nothing to exclude. * @return Test suite. - * @throws Exception Thrown in case of the failure. */ - public static TestSuite suite(@Nullable final Set ignoredTests) throws Exception { + public static TestSuite suite(@Nullable final Set ignoredTests) { TestSuite suite = new TestSuite("Initiator Node's Security Context Test Suite"); + suite.addTest(new TestSuite(DistributedClosureTest.class)); suite.addTest(new TestSuite(ComputeTaskTest.class)); suite.addTest(new TestSuite(ExecuteServiceTaskTest.class)); suite.addTest(new TestSuite(ScanQueryTest.class)); suite.addTest(new TestSuite(EntryProcessorTest.class)); + suite.addTest(new TestSuite(IgniteDataStreamerTest.class)); + suite.addTest(new TestSuite(LoadCacheTest.class)); return suite; } From 79140c53417f008520c1c0c1e50068387ae4e974 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 24 Oct 2018 17:08:07 +0300 Subject: [PATCH 08/98] IGNITE-9560 Refact --- .../processors/cache/GridCacheProcessor.java | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index fb4506cb0c4b3..d652670b170be 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -2990,14 +2990,15 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, StringBuilder errorMessage = new StringBuilder(); + SecurityContext secCtx = null; + for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { try { - byte[] secCtxBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - - if (secCtxBytes != null) { - SecurityContext secCtx = U.unmarshal(marsh, secCtxBytes, U.resolveClassLoader(ctx.config())); + if(cacheInfo.cacheType() == CacheType.USER){ + if(secCtx == null) + secCtx = securityContext(node); - if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) + if(secCtx != null) authorizeCacheCreate(cacheInfo.cacheData().config(), secCtx); } } @@ -3037,6 +3038,17 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, return null; } + /** + * Getting node security context. + * + * @param node Node. + */ + @Nullable private SecurityContext securityContext(ClusterNode node) throws IgniteCheckedException { + byte[] secCtxBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + + return secCtxBytes != null ? U.unmarshal(marsh, secCtxBytes, U.resolveClassLoader(ctx.config())) : null; + } + /** * @param msg Message. */ From f177de9ed1c73634444f330ac5438872fe98a0b5 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 25 Oct 2018 10:28:28 +0300 Subject: [PATCH 09/98] IGNITE-9560 fix comment --- .../security/CurrentRemoteInitiatorIdentifier.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java index 040e1700871a3..66b8f6f26b812 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java @@ -39,12 +39,11 @@ public boolean set(GridKernalContext ctx, UUID nodeId) { if (!ctx.localNodeId().equals(nodeId)) { UUID oldNodeId = initiator.get(); - if (oldNodeId != null) - System.out.println("STOP!!"); - assert oldNodeId == null : "oldNodeId=" + oldNodeId; initiator.set(nodeId); + + return true; } return false; From 38c7d4c127a5cf3e5420c2f45646343c65db9e33 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 25 Oct 2018 14:01:14 +0300 Subject: [PATCH 10/98] IGNITE-9560 fix comment --- .../TestSecurityProcessorProvider.java | 6 +- .../security/TestSecuritySubject.java | 65 +++++++++++++++---- .../processor/security/TriConsumer.java | 1 - 3 files changed, 55 insertions(+), 17 deletions(-) diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java index 85bc113f686ec..ac1453d7fdd2c 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java @@ -69,11 +69,11 @@ public class TestSecurityProcessorProvider implements PluginProvider { /** {@inheritDoc} */ @Override public void initExtensions(PluginContext ctx, ExtensionRegistry registry) throws IgniteCheckedException { - + // No-op. } /** {@inheritDoc} */ - @Nullable @Override public Object createComponent(PluginContext ctx, Class cls) { + @Override public @Nullable Object createComponent(PluginContext ctx, Class cls) { if (cls.isAssignableFrom(GridSecurityProcessor.class)) { String secProcClsName = System.getProperty( TEST_SECURITY_PROCESSOR_CLS, DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME @@ -139,7 +139,7 @@ public class TestSecurityProcessorProvider implements PluginProvider { } /** {@inheritDoc} */ - @Nullable @Override public Serializable provideDiscoveryData(UUID nodeId) { + @Override public @Nullable Serializable provideDiscoveryData(UUID nodeId) { return null; } diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java index 07b6df48c1dec..f4e3376c7f99d 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java @@ -27,66 +27,105 @@ * Security subject for tests. */ public class TestSecuritySubject implements SecuritySubject { - + /** Id. */ private UUID id; + + /** Type. */ private SecuritySubjectType type = SecuritySubjectType.REMOTE_NODE; + + /** Login. */ private Object login; - private InetSocketAddress address; - private SecurityPermissionSet permissions; + /** Address. */ + private InetSocketAddress addr; + + /** Permissions. */ + private SecurityPermissionSet perms; + + /** + * Default constructor. + */ public TestSecuritySubject() { + // No-op. } + /** + * @param id Id. + * @param login Login. + * @param addr Address. + * @param perms Permissions. + */ public TestSecuritySubject(UUID id, Object login, - InetSocketAddress address, - SecurityPermissionSet permissions) { + InetSocketAddress addr, + SecurityPermissionSet perms) { this.id = id; this.login = login; - this.address = address; - this.permissions = permissions; + this.addr = addr; + this.perms = perms; } + /** {@inheritDoc} */ @Override public UUID id() { return id; } + /** + * @param id Id. + */ public void setId(UUID id) { this.id = id; } + /** {@inheritDoc} */ @Override public SecuritySubjectType type() { return type; } + /** + * @param type Type. + */ public void setType(SecuritySubjectType type) { this.type = type; } + /** {@inheritDoc} */ @Override public Object login() { return login; } + /** + * @param login Login. + */ public void setLogin(Object login) { this.login = login; } + /** {@inheritDoc} */ @Override public InetSocketAddress address() { - return address; + return addr; } - public void setAddress(InetSocketAddress address) { - this.address = address; + /** + * @param addr Address. + */ + public void setAddr(InetSocketAddress addr) { + this.addr = addr; } + /** {@inheritDoc} */ @Override public SecurityPermissionSet permissions() { - return permissions; + return perms; } - public void setPermissions(SecurityPermissionSet permissions) { - this.permissions = permissions; + /** + * @param perms Permissions. + */ + public void setPerms(SecurityPermissionSet perms) { + this.perms = perms; } + /** {@inheritDoc} */ @Override public String toString() { return "TestSecuritySubject{" + "id=" + id + diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java index db59b0fb93422..3513ca6a95567 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java @@ -34,5 +34,4 @@ public interface TriConsumer { * @param c Third parameter. */ public void accept(A a, B b, C c); - } From 98353159660a589815eef9f16d9d6dbecebed6a8 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 30 Oct 2018 10:11:24 +0300 Subject: [PATCH 11/98] IGNITE-9560 dflt test SP --- .../DefaultTestSecurityProcessor.java | 104 +++++++++++++ .../security/SecurityPermissionProvider.java | 23 +++ .../security/TestSecurityContext.java | 47 +++++- .../security/TestSecuritySubject.java | 20 ++- .../DefaultTestSecurityProcessorSelfTest.java | 143 ++++++++++++++++++ 5 files changed, 329 insertions(+), 8 deletions(-) create mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessor.java create mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessorSelfTest.java diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessor.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessor.java new file mode 100644 index 0000000000000..db41a44e1887b --- /dev/null +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessor.java @@ -0,0 +1,104 @@ +package org.apache.ignite.internal.processor.security; + +import java.net.InetSocketAddress; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.IgniteNodeAttributes; +import org.apache.ignite.internal.processors.GridProcessorAdapter; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.SecurityContext; +import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; + +import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_NODE; + +public class DefaultTestSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { + + public static final String USER_SECURITY_TOKEN = "USER_SECURITY_TOKEN"; + + public DefaultTestSecurityProcessor(GridKernalContext ctx) { + super(ctx); + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) + throws IgniteCheckedException { + + return new TestSecurityContext( + new TestSecuritySubject() + .setType(REMOTE_NODE) + .setId(node.id()) + .setAddr(new InetSocketAddress(F.first(node.addresses()), 0)) + .setPerms(SecurityPermissionProvider.permission(cred.getUserObject())) + ); + } + + /** {@inheritDoc} */ + @Override public boolean isGlobalNodeAuthentication() { + return false; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { + return null; + } + + /** {@inheritDoc} */ + @Override public Collection authenticatedSubjects() throws IgniteCheckedException { + return Collections.emptyList(); + } + + /** {@inheritDoc} */ + @Override public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException { + return null; + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) + throws SecurityException { + + assert securityCtx instanceof TestSecurityContext; + + if(!((TestSecurityContext)securityCtx).operationAllowed(name, perm)) + throw new SecurityException("Authorization failed [perm=" + perm + + ", name=" + name + + ", subject=" + securityCtx.subject() + ']'); + } + + /** {@inheritDoc} */ + @Override public void onSessionExpired(UUID subjId) { + + } + + /** {@inheritDoc} */ + @Override public boolean enabled() { + return true; + } + + /** {@inheritDoc} */ + @Override public void start() throws IgniteCheckedException { + super.start(); + + SecurityCredentials cred = new SecurityCredentials(null, null, securityToken()); + + ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, cred); + } + + private Object securityToken() { + Map attrs = ctx.config().getUserAttributes(); + + assert attrs != null; + + return attrs.get(USER_SECURITY_TOKEN); + + } +} diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java new file mode 100644 index 0000000000000..3976182454479 --- /dev/null +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java @@ -0,0 +1,23 @@ +package org.apache.ignite.internal.processor.security; + +import java.util.HashMap; +import java.util.Map; +import org.apache.ignite.plugin.security.SecurityPermissionSet; + +public class SecurityPermissionProvider { + + private final static Map PERMISSION_SET_MAP = new HashMap<>(); + + public static SecurityPermissionSet permission(Object token) { + return PERMISSION_SET_MAP.get(token); + } + + public static void add(Object token, SecurityPermissionSet permissionSet) { + PERMISSION_SET_MAP.put(token, permissionSet); + } + + public static void clear(){ + PERMISSION_SET_MAP.clear(); + } + +} diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java index 976d0df0c45bc..8bd43f69f02e7 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java @@ -38,6 +38,39 @@ public TestSecurityContext(SecuritySubject subject) { this.subject = subject; } + public boolean operationAllowed(String opName, SecurityPermission perm) { + switch (perm) { + case CACHE_PUT: + case CACHE_READ: + case CACHE_REMOVE: + + return cacheOperationAllowed(opName, perm); + + case TASK_CANCEL: + case TASK_EXECUTE: + return taskOperationAllowed(opName, perm); + + case SERVICE_DEPLOY: + case SERVICE_INVOKE: + case SERVICE_CANCEL: + return serviceOperationAllowed(opName, perm); + + case EVENTS_DISABLE: + case EVENTS_ENABLE: + case ADMIN_VIEW: + case ADMIN_CACHE: + case ADMIN_QUERY: + case ADMIN_OPS: + case CACHE_CREATE: + case CACHE_DESTROY: + case JOIN_AS_SERVER: + return systemOperationAllowed(perm); + + default: + throw new IllegalStateException("Invalid security permission: " + perm); + } + } + /** {@inheritDoc} */ @Override public SecuritySubject subject() { return subject; @@ -50,17 +83,17 @@ public TestSecurityContext(SecuritySubject subject) { /** {@inheritDoc} */ @Override public boolean cacheOperationAllowed(String cacheName, SecurityPermission perm) { - return true; + return hasPermission(subject.permissions().cachePermissions().get(cacheName), perm); } /** {@inheritDoc} */ @Override public boolean serviceOperationAllowed(String srvcName, SecurityPermission perm) { - return true; + return hasPermission(subject.permissions().servicePermissions().get(srvcName), perm); } /** {@inheritDoc} */ @Override public boolean systemOperationAllowed(SecurityPermission perm) { - return true; + return hasPermission(subject.permissions().systemPermissions(), perm); } /** {@inheritDoc} */ @@ -69,4 +102,12 @@ public TestSecurityContext(SecuritySubject subject) { "subject=" + subject + '}'; } + + private boolean hasPermission(Collection perms, SecurityPermission perm) { + if (F.isEmpty(perms)) + return subject.permissions().defaultAllowAll(); + + return perms.stream().anyMatch(p -> perm == p); + } + } diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java index f4e3376c7f99d..3466732cb142f 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java @@ -73,8 +73,10 @@ public TestSecuritySubject(UUID id, /** * @param id Id. */ - public void setId(UUID id) { + public TestSecuritySubject setId(UUID id) { this.id = id; + + return this; } /** {@inheritDoc} */ @@ -85,8 +87,10 @@ public void setId(UUID id) { /** * @param type Type. */ - public void setType(SecuritySubjectType type) { + public TestSecuritySubject setType(SecuritySubjectType type) { this.type = type; + + return this; } /** {@inheritDoc} */ @@ -97,8 +101,10 @@ public void setType(SecuritySubjectType type) { /** * @param login Login. */ - public void setLogin(Object login) { + public TestSecuritySubject setLogin(Object login) { this.login = login; + + return this; } /** {@inheritDoc} */ @@ -109,8 +115,10 @@ public void setLogin(Object login) { /** * @param addr Address. */ - public void setAddr(InetSocketAddress addr) { + public TestSecuritySubject setAddr(InetSocketAddress addr) { this.addr = addr; + + return this; } /** {@inheritDoc} */ @@ -121,8 +129,10 @@ public void setAddr(InetSocketAddress addr) { /** * @param perms Permissions. */ - public void setPerms(SecurityPermissionSet perms) { + public TestSecuritySubject setPerms(SecurityPermissionSet perms) { this.perms = perms; + + return this; } /** {@inheritDoc} */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessorSelfTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessorSelfTest.java new file mode 100644 index 0000000000000..f9ca80b447526 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessorSelfTest.java @@ -0,0 +1,143 @@ +package org.apache.ignite.internal.processor.security; + +import java.util.HashMap; +import java.util.Map; +import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.DataRegionConfiguration; +import org.apache.ignite.configuration.DataStorageConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; +import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; + +import static org.apache.ignite.internal.processor.security.DefaultTestSecurityProcessor.USER_SECURITY_TOKEN; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.hamcrest.core.Is.is; +import static org.hamcrest.core.IsNull.notNullValue; +import static org.hamcrest.core.IsNull.nullValue; +import static org.junit.Assert.assertThat; + +public class DefaultTestSecurityProcessorSelfTest extends GridCommonAbstractTest { + /** Cache name for tests. */ + private static final String CACHE_NAME = "TEST_CACHE"; + + /** Cache name for tests. */ + private static final String SEC_CACHE_NAME = "SECOND_TEST_CACHE"; + + /** */ + protected IgniteEx succsessSrv; + + /** */ + protected IgniteEx succsessClnt; + + /** */ + protected IgniteEx failSrv; + + /** */ + protected IgniteEx failClnt; + + public void test() { + succsessSrv.cache(CACHE_NAME).put("key", 1); + + Throwable exception = null; + try{ + failSrv.cache(CACHE_NAME).put("fail_key", -1); + + }catch (Throwable e){ + exception = e; + } + + assertThat(exception, notNullValue()); + + assertThat(succsessSrv.cache(CACHE_NAME).get("key"), is(1)); + + assertThat(succsessSrv.cache(CACHE_NAME).get("fail_key"), nullValue()); + + } + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + System.setProperty( + TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS, + "org.apache.ignite.internal.processor.security.DefaultTestSecurityProcessor" + ); + + SecurityPermissionProvider.add( + "success_server", + SecurityPermissionSetBuilder.create() + .defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_PUT, CACHE_REMOVE, CACHE_READ) + .appendCachePermissions(SEC_CACHE_NAME, CACHE_PUT, CACHE_REMOVE, CACHE_READ) + .build() + ); + SecurityPermissionProvider.add( + "fail_server", + SecurityPermissionSetBuilder.create() + .defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME) + .appendCachePermissions(SEC_CACHE_NAME) + .build() + ); + + succsessSrv = startGrid("success_server"); + +// succsessClnt = startGrid(getConfiguration("success_client").setClientMode(true)); + + failSrv = startGrid("fail_server"); + +// failClnt = startGrid(getConfiguration("fail_client").setClientMode(true)); + + succsessSrv.cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void afterTestsStopped() throws Exception { + super.afterTestsStopped(); + + System.clearProperty(TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS); + + stopAllGrids(); + + cleanPersistenceDir(); + } + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + Map userAttrs = new HashMap<>(); + + userAttrs.put(USER_SECURITY_TOKEN, igniteInstanceName); + + return super.getConfiguration(igniteInstanceName) + .setDataStorageConfiguration( + new DataStorageConfiguration() + .setDefaultDataRegionConfiguration( + new DataRegionConfiguration().setPersistenceEnabled(true) + ) + ) + .setAuthenticationEnabled(true) + .setUserAttributes(userAttrs) + .setCacheConfiguration(getCacheConfigurations()); + } + + /** + * Getting array of cache configurations. + */ + protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration<>() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false), + new CacheConfiguration<>() + .setName(SEC_CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false) + }; + } + +} From 4c3af00dc8eab92934b8f3d38cab37061fe47584 Mon Sep 17 00:00:00 2001 From: "denis.garus" Date: Tue, 30 Oct 2018 15:48:48 +0300 Subject: [PATCH 12/98] ignite-9560 Security processor for test --- .../DefaultTestSecurityProcessor.java | 104 ------------- .../security/SecurityPermissionProvider.java | 46 +++++- .../security/TestSecurityContext.java | 30 ++-- .../security/TestSecurityProcessor.java | 78 +++++----- ...tContextResolverSecurityProcessorTest.java | 81 ++++------ .../processor/security/ComputeTaskTest.java | 1 + .../DefaultTestSecurityProcessorSelfTest.java | 143 ------------------ .../security/DistributedClosureTest.java | 1 + .../security/ExecuteServiceTaskTest.java | 1 + .../security/IgniteDataStreamerTest.java | 1 + .../processor/security/LoadCacheTest.java | 1 + .../processor/security/ScanQueryTest.java | 1 + ...extResolverSecurityProcessorTestSuite.java | 2 +- 13 files changed, 138 insertions(+), 352 deletions(-) delete mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessor.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessorSelfTest.java diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessor.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessor.java deleted file mode 100644 index db41a44e1887b..0000000000000 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessor.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.apache.ignite.internal.processor.security; - -import java.net.InetSocketAddress; -import java.util.Collection; -import java.util.Collections; -import java.util.Map; -import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteNodeAttributes; -import org.apache.ignite.internal.processors.GridProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; -import org.apache.ignite.internal.processors.security.SecurityContext; -import org.apache.ignite.internal.util.typedef.F; -import org.apache.ignite.plugin.security.AuthenticationContext; -import org.apache.ignite.plugin.security.SecurityCredentials; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecuritySubject; - -import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_NODE; - -public class DefaultTestSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { - - public static final String USER_SECURITY_TOKEN = "USER_SECURITY_TOKEN"; - - public DefaultTestSecurityProcessor(GridKernalContext ctx) { - super(ctx); - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) - throws IgniteCheckedException { - - return new TestSecurityContext( - new TestSecuritySubject() - .setType(REMOTE_NODE) - .setId(node.id()) - .setAddr(new InetSocketAddress(F.first(node.addresses()), 0)) - .setPerms(SecurityPermissionProvider.permission(cred.getUserObject())) - ); - } - - /** {@inheritDoc} */ - @Override public boolean isGlobalNodeAuthentication() { - return false; - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { - return null; - } - - /** {@inheritDoc} */ - @Override public Collection authenticatedSubjects() throws IgniteCheckedException { - return Collections.emptyList(); - } - - /** {@inheritDoc} */ - @Override public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException { - return null; - } - - /** {@inheritDoc} */ - @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) - throws SecurityException { - - assert securityCtx instanceof TestSecurityContext; - - if(!((TestSecurityContext)securityCtx).operationAllowed(name, perm)) - throw new SecurityException("Authorization failed [perm=" + perm + - ", name=" + name + - ", subject=" + securityCtx.subject() + ']'); - } - - /** {@inheritDoc} */ - @Override public void onSessionExpired(UUID subjId) { - - } - - /** {@inheritDoc} */ - @Override public boolean enabled() { - return true; - } - - /** {@inheritDoc} */ - @Override public void start() throws IgniteCheckedException { - super.start(); - - SecurityCredentials cred = new SecurityCredentials(null, null, securityToken()); - - ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, cred); - } - - private Object securityToken() { - Map attrs = ctx.config().getUserAttributes(); - - assert attrs != null; - - return attrs.get(USER_SECURITY_TOKEN); - - } -} diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java index 3976182454479..09877a5373cce 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java @@ -1,23 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processor.security; import java.util.HashMap; import java.util.Map; import org.apache.ignite.plugin.security.SecurityPermissionSet; +/** + * + */ public class SecurityPermissionProvider { + /** Permission set map. */ + private static final Map PERMISSION_SET_MAP = new HashMap<>(); - private final static Map PERMISSION_SET_MAP = new HashMap<>(); - - public static SecurityPermissionSet permission(Object token) { - return PERMISSION_SET_MAP.get(token); + /** + * @param tok Token. + */ + public static SecurityPermissionSet permission(Object tok) { + return PERMISSION_SET_MAP.get(tok); } - public static void add(Object token, SecurityPermissionSet permissionSet) { - PERMISSION_SET_MAP.put(token, permissionSet); + /** + * @param permSet Permission set. + * @param tokens Tokens. + */ + public static void add(SecurityPermissionSet permSet, Object... tokens) { + for (Object t : tokens) + PERMISSION_SET_MAP.put(t, permSet); } - public static void clear(){ + /** + * Clear map of permissions. + */ + public static void clear() { PERMISSION_SET_MAP.clear(); } - } diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java index 8bd43f69f02e7..5736a55b75952 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java @@ -38,6 +38,10 @@ public TestSecurityContext(SecuritySubject subject) { this.subject = subject; } + /** + * @param opName Op name. + * @param perm Permission. + */ public boolean operationAllowed(String opName, SecurityPermission perm) { switch (perm) { case CACHE_PUT: @@ -78,7 +82,7 @@ public boolean operationAllowed(String opName, SecurityPermission perm) { /** {@inheritDoc} */ @Override public boolean taskOperationAllowed(String taskClsName, SecurityPermission perm) { - return true; + return hasPermission(subject.permissions().taskPermissions().get(taskClsName), perm); } /** {@inheritDoc} */ @@ -93,21 +97,29 @@ public boolean operationAllowed(String opName, SecurityPermission perm) { /** {@inheritDoc} */ @Override public boolean systemOperationAllowed(SecurityPermission perm) { - return hasPermission(subject.permissions().systemPermissions(), perm); - } + Collection perms = subject.permissions().systemPermissions(); - /** {@inheritDoc} */ - @Override public String toString() { - return "TestSecurityContext{" + - "subject=" + subject + - '}'; + if (F.isEmpty(perms)) + return subject.permissions().defaultAllowAll(); + + return perms.stream().anyMatch(p -> perm == p); } + /** + * @param perms Permissions. + * @param perm Permission. + */ private boolean hasPermission(Collection perms, SecurityPermission perm) { - if (F.isEmpty(perms)) + if (perms == null) return subject.permissions().defaultAllowAll(); return perms.stream().anyMatch(p -> perm == p); } + /** {@inheritDoc} */ + @Override public String toString() { + return "TestSecurityContext{" + + "subject=" + subject + + '}'; + } } diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java index 1e215febed376..98893a40736d6 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -17,8 +17,10 @@ package org.apache.ignite.internal.processor.security; +import java.net.InetSocketAddress; import java.util.Collection; import java.util.Collections; +import java.util.Map; import java.util.UUID; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.cluster.ClusterNode; @@ -27,51 +29,34 @@ import org.apache.ignite.internal.processors.GridProcessorAdapter; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.internal.processors.security.SecurityContext; +import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.plugin.security.AuthenticationContext; import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.apache.ignite.plugin.security.SecuritySubject; -/** - * Security processor for tests. - */ +import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_NODE; + public class TestSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { - /** Consumer for {@link #authorize(String, SecurityPermission, SecurityContext)} method. */ - private TriConsumer authorize; - /** - * @param ctx Grid kernal context. - */ + public static final String USER_SECURITY_TOKEN = "USER_SECURITY_TOKEN"; + public TestSecurityProcessor(GridKernalContext ctx) { super(ctx); } - /** - * Setup consumer for {@link #authorize(String, SecurityPermission, SecurityContext)} method. - * @param authorize Authorize. - */ - public void authorizeConsumer(TriConsumer authorize){ - this.authorize = authorize; - } - - /** - * Remove all consumers. - */ - public void clear() { - authorize = null; - } - /** {@inheritDoc} */ - @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) { + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) + throws IgniteCheckedException { + return new TestSecurityContext( - new TestSecuritySubject( - node.id(), - node.consistentId(), - null, - SecurityPermissionSetBuilder.create().build() - ) + new TestSecuritySubject() + .setType(REMOTE_NODE) + .setId(node.id()) + .setAddr(new InetSocketAddress(F.first(node.addresses()), 0)) + .setLogin(cred.getUserObject()) + .setPerms(SecurityPermissionProvider.permission(cred.getUserObject())) ); } @@ -81,25 +66,30 @@ public void clear() { } /** {@inheritDoc} */ - @Override public SecurityContext authenticate(AuthenticationContext ctx) { + @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { return null; } /** {@inheritDoc} */ - @Override public Collection authenticatedSubjects() { + @Override public Collection authenticatedSubjects() throws IgniteCheckedException { return Collections.emptyList(); } /** {@inheritDoc} */ - @Override public SecuritySubject authenticatedSubject(UUID subjId) { + @Override public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException { return null; } /** {@inheritDoc} */ @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException { - if(authorize != null) - authorize.accept(name, perm, securityCtx); + + assert securityCtx instanceof TestSecurityContext; + + if(!((TestSecurityContext)securityCtx).operationAllowed(name, perm)) + throw new SecurityException("Authorization failed [perm=" + perm + + ", name=" + name + + ", subject=" + securityCtx.subject() + ']'); } /** {@inheritDoc} */ @@ -116,6 +106,20 @@ public void clear() { @Override public void start() throws IgniteCheckedException { super.start(); - ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, new SecurityCredentials()); + SecurityCredentials cred = new SecurityCredentials(null, null, securityToken()); + + ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, cred); + } + + /** + * Getting security token. + */ + private Object securityToken() { + Map attrs = ctx.config().getUserAttributes(); + + assert attrs != null; + + return attrs.get(USER_SECURITY_TOKEN); + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java index 2d3a7d62599b9..12cf906318ef4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java @@ -17,11 +17,9 @@ package org.apache.ignite.internal.processor.security; -import com.google.common.collect.Sets; -import java.util.Set; -import java.util.UUID; +import java.util.HashMap; +import java.util.Map; import java.util.concurrent.atomic.AtomicInteger; -import org.apache.ignite.Ignite; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.affinity.Affinity; import org.apache.ignite.configuration.CacheConfiguration; @@ -29,13 +27,12 @@ import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processors.security.GridSecurityProcessorWrapper; -import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; -import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.notNullValue; import static org.junit.Assert.assertThat; @@ -49,9 +46,6 @@ public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbst /** Cache name for tests. */ protected static final String SEC_CACHE_NAME = "SECOND_TEST_CACHE"; - /** Security error message. */ - protected static final String SEC_ERR_MSG = "Test security exception."; - /** Values. */ protected AtomicInteger values = new AtomicInteger(0); @@ -71,6 +65,8 @@ public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbst @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); + setupSecurityPermissions(); + System.setProperty( TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS, "org.apache.ignite.internal.processor.security.TestSecurityProcessor" @@ -84,27 +80,6 @@ public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbst failClnt = startGrid(getConfiguration("fail_client").setClientMode(true)); - final Set failUUIDs = Sets.newHashSet( - failSrv.localNode().id(), failClnt.localNode().id() - ); - - for (Ignite ignite : G.allGrids()) { - processor((IgniteEx)ignite).authorizeConsumer( - (name, perm, secCtx) -> { - if (secCtx != null) { - if (CACHE_NAME.equals(name) && SecurityPermission.CACHE_PUT == perm && - failUUIDs.contains(secCtx.subject().id())) { - - log.info("Failed authorize. [name=" + name + ", perm=" + perm - + ", secCtx=" + secCtx + "]"); - - throw new SecurityException(SEC_ERR_MSG); - } - } - } - ); - } - grid("success_server").cluster().active(true); } @@ -116,11 +91,17 @@ public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbst stopAllGrids(); + SecurityPermissionProvider.clear(); + cleanPersistenceDir(); } /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + Map attrs = new HashMap<>(); + + attrs.put(TestSecurityProcessor.USER_SECURITY_TOKEN, igniteInstanceName); + return super.getConfiguration(igniteInstanceName) .setDataStorageConfiguration( new DataStorageConfiguration() @@ -129,9 +110,27 @@ public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbst ) ) .setAuthenticationEnabled(true) + .setUserAttributes(attrs) .setCacheConfiguration(getCacheConfigurations()); } + /** + * + */ + private void setupSecurityPermissions(){ + SecurityPermissionProvider.add( + SecurityPermissionSetBuilder.create() + .defaultAllowAll(true) + .build(), "success_server", "success_client" + ); + SecurityPermissionProvider.add( + SecurityPermissionSetBuilder.create() + .defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_READ) + .build(), "fail_server", "fail_client" + ); + } + /** * Getting array of cache configurations. */ @@ -148,21 +147,6 @@ protected CacheConfiguration[] getCacheConfigurations() { }; } - /** - * Getting of {@link TestSecurityProcessor} for the passed ignite instanse. - * - * @param ignite Ignite. - */ - protected TestSecurityProcessor processor(IgniteEx ignite) { - if (ignite.context().security() instanceof GridSecurityProcessorWrapper) { - GridSecurityProcessorWrapper wrp = (GridSecurityProcessorWrapper)ignite.context().security(); - - return (TestSecurityProcessor)wrp.original(); - } - - return (TestSecurityProcessor)ignite.context().security(); - } - /** * Getting the key that is contained on primary partition on passed node. * @@ -189,9 +173,6 @@ protected Integer primaryKey(IgniteEx ignite) { * @param throwable Throwable. */ protected void assertCauseMessage(Throwable throwable) { - SecurityException cause = X.cause(throwable, SecurityException.class); - - assertThat(cause, notNullValue()); - assertThat(cause.getMessage(), is(SEC_ERR_MSG)); + assertThat(X.cause(throwable, SecurityException.class), notNullValue()); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java index 506ffd0744995..9f4c289df52ea 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java @@ -30,6 +30,7 @@ import org.apache.ignite.compute.ComputeJobResultPolicy; import org.apache.ignite.compute.ComputeTask; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.resources.IgniteInstanceResource; import org.apache.ignite.testframework.GridTestUtils; import org.jetbrains.annotations.Nullable; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessorSelfTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessorSelfTest.java deleted file mode 100644 index f9ca80b447526..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DefaultTestSecurityProcessorSelfTest.java +++ /dev/null @@ -1,143 +0,0 @@ -package org.apache.ignite.internal.processor.security; - -import java.util.HashMap; -import java.util.Map; -import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.configuration.DataRegionConfiguration; -import org.apache.ignite.configuration.DataStorageConfiguration; -import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; -import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; - -import static org.apache.ignite.internal.processor.security.DefaultTestSecurityProcessor.USER_SECURITY_TOKEN; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; -import static org.hamcrest.core.Is.is; -import static org.hamcrest.core.IsNull.notNullValue; -import static org.hamcrest.core.IsNull.nullValue; -import static org.junit.Assert.assertThat; - -public class DefaultTestSecurityProcessorSelfTest extends GridCommonAbstractTest { - /** Cache name for tests. */ - private static final String CACHE_NAME = "TEST_CACHE"; - - /** Cache name for tests. */ - private static final String SEC_CACHE_NAME = "SECOND_TEST_CACHE"; - - /** */ - protected IgniteEx succsessSrv; - - /** */ - protected IgniteEx succsessClnt; - - /** */ - protected IgniteEx failSrv; - - /** */ - protected IgniteEx failClnt; - - public void test() { - succsessSrv.cache(CACHE_NAME).put("key", 1); - - Throwable exception = null; - try{ - failSrv.cache(CACHE_NAME).put("fail_key", -1); - - }catch (Throwable e){ - exception = e; - } - - assertThat(exception, notNullValue()); - - assertThat(succsessSrv.cache(CACHE_NAME).get("key"), is(1)); - - assertThat(succsessSrv.cache(CACHE_NAME).get("fail_key"), nullValue()); - - } - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - System.setProperty( - TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS, - "org.apache.ignite.internal.processor.security.DefaultTestSecurityProcessor" - ); - - SecurityPermissionProvider.add( - "success_server", - SecurityPermissionSetBuilder.create() - .defaultAllowAll(true) - .appendCachePermissions(CACHE_NAME, CACHE_PUT, CACHE_REMOVE, CACHE_READ) - .appendCachePermissions(SEC_CACHE_NAME, CACHE_PUT, CACHE_REMOVE, CACHE_READ) - .build() - ); - SecurityPermissionProvider.add( - "fail_server", - SecurityPermissionSetBuilder.create() - .defaultAllowAll(true) - .appendCachePermissions(CACHE_NAME) - .appendCachePermissions(SEC_CACHE_NAME) - .build() - ); - - succsessSrv = startGrid("success_server"); - -// succsessClnt = startGrid(getConfiguration("success_client").setClientMode(true)); - - failSrv = startGrid("fail_server"); - -// failClnt = startGrid(getConfiguration("fail_client").setClientMode(true)); - - succsessSrv.cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void afterTestsStopped() throws Exception { - super.afterTestsStopped(); - - System.clearProperty(TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS); - - stopAllGrids(); - - cleanPersistenceDir(); - } - - /** {@inheritDoc} */ - @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { - Map userAttrs = new HashMap<>(); - - userAttrs.put(USER_SECURITY_TOKEN, igniteInstanceName); - - return super.getConfiguration(igniteInstanceName) - .setDataStorageConfiguration( - new DataStorageConfiguration() - .setDefaultDataRegionConfiguration( - new DataRegionConfiguration().setPersistenceEnabled(true) - ) - ) - .setAuthenticationEnabled(true) - .setUserAttributes(userAttrs) - .setCacheConfiguration(getCacheConfigurations()); - } - - /** - * Getting array of cache configurations. - */ - protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration<>() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false), - new CacheConfiguration<>() - .setName(SEC_CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false) - }; - } - -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java index db96dcc1570d5..73c0db8d3ac7a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java @@ -4,6 +4,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.testframework.GridTestUtils; import static org.hamcrest.CoreMatchers.is; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java index ce7b1312535ea..86c578fe98d3e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java @@ -21,6 +21,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.testframework.GridTestUtils; import static org.hamcrest.CoreMatchers.is; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java index b63c53dfe8bcb..784cd9090afd6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java @@ -8,6 +8,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.stream.StreamVisitor; import org.apache.ignite.testframework.GridTestUtils; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java index db9f9efb846ab..3399c60be10d3 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java @@ -11,6 +11,7 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.resources.IgniteInstanceResource; import org.apache.ignite.testframework.GridTestUtils; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java index ecbffc1478bf5..f1f95a1aee060 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java @@ -8,6 +8,7 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.resources.IgniteInstanceResource; import org.apache.ignite.testframework.GridTestUtils; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java index d4c1ec6d92850..f68eb6a6f92b4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java @@ -37,7 +37,7 @@ public static TestSuite suite() throws Exception { * @param ignoredTests Tests don't include in the execution. Providing null means nothing to exclude. * @return Test suite. */ - public static TestSuite suite(@Nullable final Set ignoredTests) { + public static TestSuite suite(final @Nullable Set ignoredTests) { TestSuite suite = new TestSuite("Initiator Node's Security Context Test Suite"); suite.addTest(new TestSuite(DistributedClosureTest.class)); From a7a51f605a68f0feb6e0e9d115f4a373a6d8b0b9 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 6 Nov 2018 11:16:23 +0300 Subject: [PATCH 13/98] IGNITE-9560 fw --- .../security/TestSecurityProcessor.java | 59 ++++-- .../TestSecurityProcessorProvider.java | 14 +- .../TestSecurityPluginConfiguration.java | 84 +++++++++ ...tContextResolverSecurityProcessorTest.java | 74 ++------ .../security/AbstractSecurityTest.java | 171 ++++++++++++++++++ .../processor/security/ComputeTaskTest.java | 30 +-- .../security/DistributedClosureTest.java | 26 +-- .../security/EntryProcessorTest.java | 10 +- .../security/ExecuteServiceTaskTest.java | 24 +-- .../security/IgniteDataStreamerTest.java | 16 +- .../security/IgniteMessagingTest.java | 26 +-- .../processor/security/LoadCacheTest.java | 18 +- .../processor/security/ScanQueryTest.java | 62 +++---- 13 files changed, 433 insertions(+), 181 deletions(-) create mode 100644 modules/security/src/main/java/org/apache/ignite/plugin/security/TestSecurityPluginConfiguration.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java index 98893a40736d6..65fcd3d35c588 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -22,33 +22,46 @@ import java.util.Collections; import java.util.Map; import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteNodeAttributes; import org.apache.ignite.internal.processors.GridProcessorAdapter; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.security.AuthenticationContext; import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.plugin.security.TestSecurityPluginConfiguration; import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_NODE; +/** + * Security processor for test. + */ public class TestSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { + /** Permissions. */ + private static final Map PERMS = new ConcurrentHashMap<>(); - public static final String USER_SECURITY_TOKEN = "USER_SECURITY_TOKEN"; + /** Config. */ + private TestSecurityPluginConfiguration cfg; + /** + * @param ctx Context. + */ public TestSecurityProcessor(GridKernalContext ctx) { super(ctx); } /** {@inheritDoc} */ - @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) - throws IgniteCheckedException { + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) { return new TestSecurityContext( new TestSecuritySubject() @@ -56,7 +69,7 @@ public TestSecurityProcessor(GridKernalContext ctx) { .setId(node.id()) .setAddr(new InetSocketAddress(F.first(node.addresses()), 0)) .setLogin(cred.getUserObject()) - .setPerms(SecurityPermissionProvider.permission(cred.getUserObject())) + .setPerms(PERMS.get(cred)) ); } @@ -86,7 +99,7 @@ public TestSecurityProcessor(GridKernalContext ctx) { assert securityCtx instanceof TestSecurityContext; - if(!((TestSecurityContext)securityCtx).operationAllowed(name, perm)) + if (!((TestSecurityContext)securityCtx).operationAllowed(name, perm)) throw new SecurityException("Authorization failed [perm=" + perm + ", name=" + name + ", subject=" + securityCtx.subject() + ']'); @@ -94,7 +107,7 @@ public TestSecurityProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public void onSessionExpired(UUID subjId) { - + // No-op. } /** {@inheritDoc} */ @@ -106,20 +119,42 @@ public TestSecurityProcessor(GridKernalContext ctx) { @Override public void start() throws IgniteCheckedException { super.start(); - SecurityCredentials cred = new SecurityCredentials(null, null, securityToken()); + SecurityCredentials cred = new SecurityCredentials( + configuration().getLogin(), configuration().getPwd(), configuration().getUserObj() + ); + + PERMS.put(cred, configuration().getPermissions()); ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, cred); } + /** {@inheritDoc} */ + @Override public void stop(boolean cancel) throws IgniteCheckedException { + super.stop(cancel); + + PERMS.remove(ctx.nodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS)); + } + /** - * Getting security token. + * Security configuration. */ - private Object securityToken() { - Map attrs = ctx.config().getUserAttributes(); + private TestSecurityPluginConfiguration configuration() { + if (cfg == null) { + IgniteConfiguration igniteCfg = ctx.config(); + + if (igniteCfg.getPluginConfigurations() != null) { + for (PluginConfiguration pluginCfg : igniteCfg.getPluginConfigurations()) { + if (pluginCfg instanceof TestSecurityPluginConfiguration) { + cfg = (TestSecurityPluginConfiguration)pluginCfg; - assert attrs != null; + break; + } + } + } + } - return attrs.get(USER_SECURITY_TOKEN); + assert cfg != null; + return cfg; } } diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java index ac1453d7fdd2c..3363f1d9f5b1d 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java @@ -73,6 +73,7 @@ public class TestSecurityProcessorProvider implements PluginProvider { } /** {@inheritDoc} */ + @SuppressWarnings("unchecked") @Override public @Nullable Object createComponent(PluginContext ctx, Class cls) { if (cls.isAssignableFrom(GridSecurityProcessor.class)) { String secProcClsName = System.getProperty( @@ -110,6 +111,7 @@ public class TestSecurityProcessorProvider implements PluginProvider { throw new IgniteException("Failed to load class [cls=" + secProcClsName + "]", e); } } + return null; } @@ -120,22 +122,22 @@ public class TestSecurityProcessorProvider implements PluginProvider { /** {@inheritDoc} */ @Override public void start(PluginContext ctx) throws IgniteCheckedException { - + // No-op. } /** {@inheritDoc} */ @Override public void stop(boolean cancel) throws IgniteCheckedException { - + // No-op. } /** {@inheritDoc} */ @Override public void onIgniteStart() throws IgniteCheckedException { - + // No-op. } /** {@inheritDoc} */ @Override public void onIgniteStop(boolean cancel) { - + // No-op. } /** {@inheritDoc} */ @@ -145,11 +147,11 @@ public class TestSecurityProcessorProvider implements PluginProvider { /** {@inheritDoc} */ @Override public void receiveDiscoveryData(UUID nodeId, Serializable data) { - + // No-op. } /** {@inheritDoc} */ @Override public void validateNewNode(ClusterNode node) throws PluginValidationException { - + // No-op. } } diff --git a/modules/security/src/main/java/org/apache/ignite/plugin/security/TestSecurityPluginConfiguration.java b/modules/security/src/main/java/org/apache/ignite/plugin/security/TestSecurityPluginConfiguration.java new file mode 100644 index 0000000000000..f06df27b3f5c7 --- /dev/null +++ b/modules/security/src/main/java/org/apache/ignite/plugin/security/TestSecurityPluginConfiguration.java @@ -0,0 +1,84 @@ +package org.apache.ignite.plugin.security; + +import org.apache.ignite.plugin.PluginConfiguration; + +/** + * Security configuration for test. + */ +public class TestSecurityPluginConfiguration implements PluginConfiguration { + /** Security permission set. */ + private SecurityPermissionSet prmSet; + + /** Login. */ + private String login; + + /** Password. */ + private String pwd; + + /** User object. */ + private Object userObj; + + /** + * Getting security permission set. + */ + public SecurityPermissionSet getPermissions() { + return prmSet; + } + + /** + * @param prmSet Security permission set. + */ + public TestSecurityPluginConfiguration setPermissions(SecurityPermissionSet prmSet) { + this.prmSet = prmSet; + + return this; + } + + /** + * Login. + */ + public String getLogin() { + return login; + } + + /** + * @param login Login. + */ + public TestSecurityPluginConfiguration setLogin(String login) { + this.login = login; + + return this; + } + + /** + * Password. + */ + public String getPwd() { + return pwd; + } + + /** + * @param pwd Password. + */ + public TestSecurityPluginConfiguration setPwd(String pwd) { + this.pwd = pwd; + + return this; + } + + /** + * User object. + */ + public Object getUserObj() { + return userObj; + } + + /** + * @param userObj User object. + */ + public TestSecurityPluginConfiguration setUserObj(Object userObj) { + this.userObj = userObj; + + return this; + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java index 12cf906318ef4..2894ffd1d49d7 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java @@ -17,29 +17,23 @@ package org.apache.ignite.internal.processor.security; -import java.util.HashMap; -import java.util.Map; import java.util.concurrent.atomic.AtomicInteger; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.affinity.Affinity; import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.configuration.DataRegionConfiguration; -import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; -import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.hamcrest.CoreMatchers.notNullValue; import static org.junit.Assert.assertThat; /** * */ -public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbstractTest { +public class AbstractContextResolverSecurityProcessorTest extends AbstractSecurityTest { /** Cache name for tests. */ protected static final String CACHE_NAME = "TEST_CACHE"; @@ -49,38 +43,33 @@ public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbst /** Values. */ protected AtomicInteger values = new AtomicInteger(0); - /** */ - protected IgniteEx succsessSrv; + /** Sever node that has all permissions. */ + protected IgniteEx srv; - /** */ - protected IgniteEx succsessClnt; + /** Client node that has all permissions. */ + protected IgniteEx clnt; - /** */ - protected IgniteEx failSrv; + /** Sever node that hasn't put permission to TEST_CACHE. */ + protected IgniteEx srvNoPutPerm; - /** */ - protected IgniteEx failClnt; + /** Client node that hasn't put permission to TEST_CACHE. */ + protected IgniteEx clntNoPutPerm; /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - setupSecurityPermissions(); + srv = startGrid("user_0", builder().build()); - System.setProperty( - TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS, - "org.apache.ignite.internal.processor.security.TestSecurityProcessor" - ); + clnt = startGrid("user_1", builder().build(), true); - succsessSrv = startGrid("success_server"); + srvNoPutPerm = startGrid("user_2", + builder().appendCachePermissions(CACHE_NAME, CACHE_READ).build()); - succsessClnt = startGrid(getConfiguration("success_client").setClientMode(true)); + clntNoPutPerm = startGrid("user_3", + builder().appendCachePermissions(CACHE_NAME, CACHE_READ).build(), true); - failSrv = startGrid("fail_server"); - - failClnt = startGrid(getConfiguration("fail_client").setClientMode(true)); - - grid("success_server").cluster().active(true); + grid(0).cluster().active(true); } /** {@inheritDoc} */ @@ -98,39 +87,10 @@ public class AbstractContextResolverSecurityProcessorTest extends GridCommonAbst /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { - Map attrs = new HashMap<>(); - - attrs.put(TestSecurityProcessor.USER_SECURITY_TOKEN, igniteInstanceName); - return super.getConfiguration(igniteInstanceName) - .setDataStorageConfiguration( - new DataStorageConfiguration() - .setDefaultDataRegionConfiguration( - new DataRegionConfiguration().setPersistenceEnabled(true) - ) - ) - .setAuthenticationEnabled(true) - .setUserAttributes(attrs) .setCacheConfiguration(getCacheConfigurations()); } - /** - * - */ - private void setupSecurityPermissions(){ - SecurityPermissionProvider.add( - SecurityPermissionSetBuilder.create() - .defaultAllowAll(true) - .build(), "success_server", "success_client" - ); - SecurityPermissionProvider.add( - SecurityPermissionSetBuilder.create() - .defaultAllowAll(true) - .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_READ) - .build(), "fail_server", "fail_client" - ); - } - /** * Getting array of cache configurations. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java new file mode 100644 index 0000000000000..b38d2a958a005 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -0,0 +1,171 @@ +package org.apache.ignite.internal.processor.security; + +import org.apache.ignite.configuration.DataRegionConfiguration; +import org.apache.ignite.configuration.DataStorageConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; +import org.apache.ignite.plugin.security.TestSecurityPluginConfiguration; +import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; + +/** + * Common class for security tests. + */ +public class AbstractSecurityTest extends GridCommonAbstractTest { + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + System.setProperty( + TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS, + "org.apache.ignite.internal.processor.security.TestSecurityProcessor" + ); + } + + /** {@inheritDoc} */ + @Override protected void afterTestsStopped() throws Exception { + super.afterTestsStopped(); + + System.clearProperty(TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS); + + stopAllGrids(); + + cleanPersistenceDir(); + } + + /** + * @param instanceName Instance name. + * @param login Login. + * @param pwd Password. + * @param userObj User object. + * @param prmSet Security permission set. + */ + protected IgniteConfiguration getConfiguration(String instanceName, + String login, String pwd, Object userObj, SecurityPermissionSet prmSet) throws Exception { + + return getConfiguration(instanceName) + .setDataStorageConfiguration( + new DataStorageConfiguration() + .setDefaultDataRegionConfiguration( + new DataRegionConfiguration().setPersistenceEnabled(true) + ) + ) + .setAuthenticationEnabled(true) + .setPluginConfigurations( + new TestSecurityPluginConfiguration() + .setLogin(login) + .setPwd(pwd) + .setUserObj(userObj) + .setPermissions(prmSet) + ); + } + + /** + * @param idx Index. + * @param login Login. + * @param pwd Password. + * @param userObj User object. + * @param prmSet Security permission set. + */ + protected IgniteConfiguration getConfiguration(int idx, String login, String pwd, Object userObj, + SecurityPermissionSet prmSet) throws Exception { + return getConfiguration(getTestIgniteInstanceName(idx), login, pwd, userObj, prmSet); + } + + /** + * @param idx Index. + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + */ + protected IgniteEx startGrid(int idx, String login, String pwd, SecurityPermissionSet prmSet) throws Exception { + return startGrid(getConfiguration(idx, login, pwd, null, prmSet)); + } + + /** + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + */ + protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet) throws Exception { + return startGrid(login, pwd, prmSet, false); + } + + /** + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + * @param isClient Is client. + */ + protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet, + boolean isClient) throws Exception { + return startGrid( + getConfiguration(G.allGrids().size(), login, pwd, null, prmSet).setClientMode(isClient) + ); + } + + /** + * @param userObj User object. + * @param prmSet Security permission set. + */ + protected IgniteEx startGrid(Object userObj, SecurityPermissionSet prmSet) throws Exception { + return startGrid(userObj, prmSet, false); + } + + /** + * @param userObj User object. + * @param prmSet Security permission set. + * @param isClient Is client. + */ + protected IgniteEx startGrid(Object userObj, SecurityPermissionSet prmSet, boolean isClient) + throws Exception { + return startGrid( + getConfiguration(G.allGrids().size(), null, null, userObj, prmSet).setClientMode(isClient) + ); + } + + /** + * @param instanceName Instance name. + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + */ + protected IgniteEx startGrid(String instanceName, String login, String pwd, + SecurityPermissionSet prmSet) throws Exception { + return startGrid(getConfiguration(instanceName, login, pwd, null, prmSet)); + } + + /** + * @param idx Index. + * @param userObj User object. + * @param prmSet Security permission set. + */ + protected IgniteEx startGrid(int idx, Object userObj, SecurityPermissionSet prmSet) throws Exception { + return startGrid(getConfiguration(idx, null, null, userObj, prmSet)); + } + + /** + * @param instanceName Instance name. + * @param userObj User object. + * @param prmSet Security permission set. + */ + protected IgniteEx startGrid(String instanceName, Object userObj, SecurityPermissionSet prmSet) throws Exception { + return startGrid(getConfiguration(instanceName, null, null, userObj, prmSet)); + } + + /** + * Getting security permission set builder. + */ + protected SecurityPermissionSetBuilder builder() { + return SecurityPermissionSetBuilder.create().defaultAllowAll(true); + } + + /** + * Getting allow all security permissions. + */ + protected SecurityPermissionSet allowAll() { + return builder().build(); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java index 9f4c289df52ea..a24129ef4a61e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java @@ -45,19 +45,19 @@ public class ComputeTaskTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testCompute() { - checkSuccess(succsessSrv, succsessClnt); - checkSuccess(succsessSrv, failSrv); - checkSuccess(succsessSrv, failClnt); - checkSuccess(succsessClnt, succsessSrv); - checkSuccess(succsessClnt, failSrv); - checkSuccess(succsessClnt, failClnt); - - checkFail(failSrv, succsessSrv); - checkFail(failSrv, succsessClnt); - checkFail(failSrv, failClnt); - checkFail(failClnt, succsessSrv); - checkFail(failClnt, failSrv); - checkFail(failClnt, succsessClnt); + checkSuccess(srv, clnt); + checkSuccess(srv, srvNoPutPerm); + checkSuccess(srv, clntNoPutPerm); + checkSuccess(clnt, srv); + checkSuccess(clnt, srvNoPutPerm); + checkSuccess(clnt, clntNoPutPerm); + + checkFail(srvNoPutPerm, srv); + checkFail(srvNoPutPerm, clnt); + checkFail(srvNoPutPerm, clntNoPutPerm); + checkFail(clntNoPutPerm, srv); + checkFail(clntNoPutPerm, srvNoPutPerm); + checkFail(clntNoPutPerm, clnt); } /** @@ -154,7 +154,7 @@ public TestComputeTask(UUID remote, String key, Integer val) { } /** {@inheritDoc} */ - @Nullable @Override public Map map(List subgrid, + @Override public @Nullable Map map(List subgrid, @Nullable Integer arg) throws IgniteException { Map res = new HashMap<>(); @@ -188,7 +188,7 @@ public TestComputeTask(UUID remote, String key, Integer val) { } /** {@inheritDoc} */ - @Nullable @Override public Integer reduce(List results) throws IgniteException { + @Override public @Nullable Integer reduce(List results) throws IgniteException { return null; } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java index 73c0db8d3ac7a..9f4d1b4fcb0aa 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java @@ -17,19 +17,19 @@ public class DistributedClosureTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testDistributedClosure() { - checkSuccess(succsessClnt, failClnt); - checkSuccess(succsessClnt, failSrv); - checkSuccess(succsessSrv, failClnt); - checkSuccess(succsessSrv, failSrv); - checkSuccess(succsessSrv, succsessSrv); - checkSuccess(succsessClnt, succsessClnt); - - checkFail(failClnt, succsessSrv); - checkFail(failClnt, succsessClnt); - checkFail(failSrv, succsessSrv); - checkFail(failSrv, succsessClnt); - checkFail(failSrv, failSrv); - checkFail(failClnt, failClnt); + checkSuccess(clnt, clntNoPutPerm); + checkSuccess(clnt, srvNoPutPerm); + checkSuccess(srv, clntNoPutPerm); + checkSuccess(srv, srvNoPutPerm); + checkSuccess(srv, srv); + checkSuccess(clnt, clnt); + + checkFail(clntNoPutPerm, srv); + checkFail(clntNoPutPerm, clnt); + checkFail(srvNoPutPerm, srv); + checkFail(srvNoPutPerm, clnt); + checkFail(srvNoPutPerm, srvNoPutPerm); + checkFail(clntNoPutPerm, clntNoPutPerm); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java index 54afea928d1b2..76b32d8ec9899 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java @@ -33,12 +33,12 @@ public class EntryProcessorTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testEntryProcessor() { - successEntryProcessor(succsessClnt, succsessSrv); - successEntryProcessor(succsessClnt, failSrv); - successEntryProcessor(succsessSrv, failSrv); + successEntryProcessor(clnt, srv); + successEntryProcessor(clnt, srvNoPutPerm); + successEntryProcessor(srv, srvNoPutPerm); - failEntryProcessor(failClnt, succsessSrv); - failEntryProcessor(failSrv, succsessSrv); + failEntryProcessor(clntNoPutPerm, srv); + failEntryProcessor(srvNoPutPerm, srv); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java index 86c578fe98d3e..bac4809bb3533 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java @@ -34,19 +34,19 @@ public class ExecuteServiceTaskTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testExecute() throws Exception { - successExecute(succsessClnt, failClnt); - successExecute(succsessClnt, failSrv); - successExecute(succsessSrv, failClnt); - successExecute(succsessSrv, failSrv); - successExecute(succsessSrv, succsessSrv); - successExecute(succsessClnt, succsessClnt); + successExecute(clnt, clntNoPutPerm); + successExecute(clnt, srvNoPutPerm); + successExecute(srv, clntNoPutPerm); + successExecute(srv, srvNoPutPerm); + successExecute(srv, srv); + successExecute(clnt, clnt); - failExecute(failClnt, succsessSrv); - failExecute(failClnt, succsessClnt); - failExecute(failSrv, succsessSrv); - failExecute(failSrv, succsessClnt); - failExecute(failSrv, failSrv); - failExecute(failClnt, failClnt); + failExecute(clntNoPutPerm, srv); + failExecute(clntNoPutPerm, clnt); + failExecute(srvNoPutPerm, srv); + failExecute(srvNoPutPerm, clnt); + failExecute(srvNoPutPerm, srvNoPutPerm); + failExecute(clntNoPutPerm, clntNoPutPerm); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java index 784cd9090afd6..363249a30ae04 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java @@ -22,14 +22,14 @@ public class IgniteDataStreamerTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testDataStreamer() { - successReceiver(succsessClnt, succsessSrv); - successReceiver(succsessClnt, failSrv); - successReceiver(succsessSrv, succsessSrv); - successReceiver(succsessSrv, failSrv); - - failReceiver(failClnt, succsessSrv); - failReceiver(failSrv, succsessSrv); - failReceiver(failSrv, failSrv); + successReceiver(clnt, srv); + successReceiver(clnt, srvNoPutPerm); + successReceiver(srv, srv); + successReceiver(srv, srvNoPutPerm); + + failReceiver(clntNoPutPerm, srv); + failReceiver(srvNoPutPerm, srv); + failReceiver(srvNoPutPerm, srvNoPutPerm); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java index 180523470be11..ec543674551ba 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java @@ -45,19 +45,19 @@ public void testMessaging() throws Exception { //todo Нужно написать тесты когда иточником события является другой узел //todo имеющий разрешение на выполнение операции и нет, соответственно. - successMessaging(succsessClnt, failClnt); - successMessaging(succsessClnt, failSrv); - successMessaging(succsessSrv, failClnt); - successMessaging(succsessSrv, failSrv); - //successMessaging(succsessSrv, succsessSrv); - //successMessaging(succsessClnt, succsessClnt); - - failMessaging(failClnt, succsessSrv); - failMessaging(failClnt, succsessClnt); - failMessaging(failSrv, succsessSrv); - failMessaging(failSrv, succsessClnt); - //failMessaging(failSrv, failSrv); - //failMessaging(failClnt, failClnt); + successMessaging(clnt, clntNoPutPerm); + successMessaging(clnt, srvNoPutPerm); + successMessaging(srv, clntNoPutPerm); + successMessaging(srv, srvNoPutPerm); + //successMessaging(srv, srv); + //successMessaging(clnt, clnt); + + failMessaging(clntNoPutPerm, srv); + failMessaging(clntNoPutPerm, clnt); + failMessaging(srvNoPutPerm, srv); + failMessaging(srvNoPutPerm, clnt); + //failMessaging(srvNoPutPerm, srvNoPutPerm); + //failMessaging(clntNoPutPerm, clntNoPutPerm); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java index 3399c60be10d3..7a6e07a7f24a4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java @@ -40,14 +40,14 @@ public class LoadCacheTest extends AbstractContextResolverSecurityProcessorTest /** */ public void testLoadCache() { - successLoad(succsessClnt, succsessSrv); - successLoad(succsessClnt, failSrv); - successLoad(succsessSrv, succsessSrv); - successLoad(succsessSrv, failSrv); - - failLoad(failClnt, succsessSrv); - failLoad(failSrv, succsessSrv); - failLoad(failSrv, failSrv); + successLoad(clnt, srv); + successLoad(clnt, srvNoPutPerm); + successLoad(srv, srv); + successLoad(srv, srvNoPutPerm); + + failLoad(clntNoPutPerm, srv); + failLoad(srvNoPutPerm, srv); + failLoad(srvNoPutPerm, srvNoPutPerm); } /** @@ -63,7 +63,7 @@ private void successLoad(IgniteEx initiator, IgniteEx remote) { new TestClosure(remote.localNode().id(), "key", val) ); - assertThat(succsessSrv.cache(CACHE_NAME).get("key"), is(val)); + assertThat(srv.cache(CACHE_NAME).get("key"), is(val)); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java index f1f95a1aee060..174bc68cb2794 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java @@ -22,40 +22,40 @@ public class ScanQueryTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testScanQuery() throws Exception { - putTestData(succsessSrv, CACHE_NAME); - putTestData(succsessSrv, SEC_CACHE_NAME); + putTestData(srv, CACHE_NAME); + putTestData(srv, SEC_CACHE_NAME); awaitPartitionMapExchange(); - successQuery(succsessClnt, succsessSrv, CACHE_NAME); - successQuery(succsessSrv, succsessSrv, CACHE_NAME); - successQuery(succsessClnt, succsessSrv, SEC_CACHE_NAME); - successQuery(succsessSrv, succsessSrv, SEC_CACHE_NAME); - - successTransform(succsessClnt, succsessSrv, CACHE_NAME); - successTransform(succsessSrv, succsessSrv, CACHE_NAME); - successTransform(succsessClnt, succsessSrv, SEC_CACHE_NAME); - successTransform(succsessSrv, succsessSrv, SEC_CACHE_NAME); - - successQuery(succsessClnt, failSrv, CACHE_NAME); - successQuery(succsessSrv, failSrv, CACHE_NAME); - successQuery(succsessClnt, failSrv, SEC_CACHE_NAME); - successQuery(succsessSrv, failSrv, SEC_CACHE_NAME); - - successTransform(succsessClnt, failSrv, CACHE_NAME); - successTransform(succsessSrv, failSrv, CACHE_NAME); - successTransform(succsessClnt, failSrv, SEC_CACHE_NAME); - successTransform(succsessSrv, failSrv, SEC_CACHE_NAME); - - failQuery(failClnt, succsessSrv, CACHE_NAME); - failQuery(failSrv, succsessSrv, CACHE_NAME); - failQuery(failClnt, succsessSrv, SEC_CACHE_NAME); - failQuery(failSrv, succsessSrv, SEC_CACHE_NAME); - - failTransform(failClnt, succsessSrv, CACHE_NAME); - failTransform(failSrv, succsessSrv, CACHE_NAME); - failTransform(failClnt, succsessSrv, SEC_CACHE_NAME); - failTransform(failSrv, succsessSrv, SEC_CACHE_NAME); + successQuery(clnt, srv, CACHE_NAME); + successQuery(srv, srv, CACHE_NAME); + successQuery(clnt, srv, SEC_CACHE_NAME); + successQuery(srv, srv, SEC_CACHE_NAME); + + successTransform(clnt, srv, CACHE_NAME); + successTransform(srv, srv, CACHE_NAME); + successTransform(clnt, srv, SEC_CACHE_NAME); + successTransform(srv, srv, SEC_CACHE_NAME); + + successQuery(clnt, srvNoPutPerm, CACHE_NAME); + successQuery(srv, srvNoPutPerm, CACHE_NAME); + successQuery(clnt, srvNoPutPerm, SEC_CACHE_NAME); + successQuery(srv, srvNoPutPerm, SEC_CACHE_NAME); + + successTransform(clnt, srvNoPutPerm, CACHE_NAME); + successTransform(srv, srvNoPutPerm, CACHE_NAME); + successTransform(clnt, srvNoPutPerm, SEC_CACHE_NAME); + successTransform(srv, srvNoPutPerm, SEC_CACHE_NAME); + + failQuery(clntNoPutPerm, srv, CACHE_NAME); + failQuery(srvNoPutPerm, srv, CACHE_NAME); + failQuery(clntNoPutPerm, srv, SEC_CACHE_NAME); + failQuery(srvNoPutPerm, srv, SEC_CACHE_NAME); + + failTransform(clntNoPutPerm, srv, CACHE_NAME); + failTransform(srvNoPutPerm, srv, CACHE_NAME); + failTransform(clntNoPutPerm, srv, SEC_CACHE_NAME); + failTransform(srvNoPutPerm, srv, SEC_CACHE_NAME); } /** From 2ffb43d1424c7c7c1d61dbcf4b79195932197eb6 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 6 Nov 2018 18:07:12 +0300 Subject: [PATCH 14/98] IGNITE-9560 fix comment --- .../query/h2/ddl/DdlStatementsProcessor.java | 1 - .../security/SecurityPermissionProvider.java | 53 ------------------- .../processor/security/package-info.java | 21 -------- ...tContextResolverSecurityProcessorTest.java | 4 +- .../security/AbstractSecurityTest.java | 3 +- .../security/TestSecurityContext.java | 2 +- .../TestSecurityPluginConfiguration.java | 3 +- .../security/TestSecurityProcessor.java | 1 - .../TestSecurityProcessorProvider.java | 0 .../security/TestSecuritySubject.java | 0 .../processor/security/TriConsumer.java | 0 11 files changed, 5 insertions(+), 83 deletions(-) delete mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java delete mode 100644 modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java rename modules/security/src/{main => test}/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java (99%) rename modules/security/src/{main/java/org/apache/ignite/plugin => test/java/org/apache/ignite/internal/processor}/security/TestSecurityPluginConfiguration.java (92%) rename modules/security/src/{main => test}/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java (98%) rename modules/security/src/{main => test}/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java (100%) rename modules/security/src/{main => test}/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java (100%) rename modules/security/src/{main => test}/java/org/apache/ignite/internal/processor/security/TriConsumer.java (100%) diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java index b844377d2a170..400dc7e749b37 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java @@ -362,7 +362,6 @@ else if (stmt0 instanceof GridSqlCreateTable) { } } else if (stmt0 instanceof GridSqlDropTable) { - //todo MY_TODO написать тест, возмжно это уже лишнее ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, SecurityContextHolder.get()); GridSqlDropTable cmd = (GridSqlDropTable)stmt0; diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java deleted file mode 100644 index 09877a5373cce..0000000000000 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/SecurityPermissionProvider.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security; - -import java.util.HashMap; -import java.util.Map; -import org.apache.ignite.plugin.security.SecurityPermissionSet; - -/** - * - */ -public class SecurityPermissionProvider { - /** Permission set map. */ - private static final Map PERMISSION_SET_MAP = new HashMap<>(); - - /** - * @param tok Token. - */ - public static SecurityPermissionSet permission(Object tok) { - return PERMISSION_SET_MAP.get(tok); - } - - /** - * @param permSet Permission set. - * @param tokens Tokens. - */ - public static void add(SecurityPermissionSet permSet, Object... tokens) { - for (Object t : tokens) - PERMISSION_SET_MAP.put(t, permSet); - } - - /** - * Clear map of permissions. - */ - public static void clear() { - PERMISSION_SET_MAP.clear(); - } -} diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java b/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java deleted file mode 100644 index d1e380de47f45..0000000000000 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains classes and interfaces for security tests. - */ -package org.apache.ignite.internal.processor.security; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java index 2894ffd1d49d7..229c119931e81 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java @@ -80,8 +80,6 @@ public class AbstractContextResolverSecurityProcessorTest extends AbstractSecuri stopAllGrids(); - SecurityPermissionProvider.clear(); - cleanPersistenceDir(); } @@ -135,4 +133,4 @@ protected Integer primaryKey(IgniteEx ignite) { protected void assertCauseMessage(Throwable throwable) { assertThat(X.cause(throwable, SecurityException.class), notNullValue()); } -} +} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index b38d2a958a005..2f25124583b28 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -7,7 +7,6 @@ import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; -import org.apache.ignite.plugin.security.TestSecurityPluginConfiguration; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; /** @@ -168,4 +167,4 @@ protected SecurityPermissionSetBuilder builder() { protected SecurityPermissionSet allowAll() { return builder().build(); } -} +} \ No newline at end of file diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java similarity index 99% rename from modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java index 5736a55b75952..65219fde40fa7 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java @@ -122,4 +122,4 @@ private boolean hasPermission(Collection perms, SecurityPerm "subject=" + subject + '}'; } -} +} \ No newline at end of file diff --git a/modules/security/src/main/java/org/apache/ignite/plugin/security/TestSecurityPluginConfiguration.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java similarity index 92% rename from modules/security/src/main/java/org/apache/ignite/plugin/security/TestSecurityPluginConfiguration.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java index f06df27b3f5c7..a087a7ead2ef1 100644 --- a/modules/security/src/main/java/org/apache/ignite/plugin/security/TestSecurityPluginConfiguration.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java @@ -1,6 +1,7 @@ -package org.apache.ignite.plugin.security; +package org.apache.ignite.internal.processor.security; import org.apache.ignite.plugin.PluginConfiguration; +import org.apache.ignite.plugin.security.SecurityPermissionSet; /** * Security configuration for test. diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java similarity index 98% rename from modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java index 65fcd3d35c588..27a4d078bcbc1 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -39,7 +39,6 @@ import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecuritySubject; -import org.apache.ignite.plugin.security.TestSecurityPluginConfiguration; import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_NODE; diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java similarity index 100% rename from modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java similarity index 100% rename from modules/security/src/main/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java diff --git a/modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TriConsumer.java similarity index 100% rename from modules/security/src/main/java/org/apache/ignite/internal/processor/security/TriConsumer.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/TriConsumer.java From dc85dd2677ea10d38e5387209dbc22befee51bf3 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 6 Nov 2018 19:42:18 +0300 Subject: [PATCH 15/98] IGNITE-9560 fix comment --- .../security/IgniteMessagingTest.java | 150 ------------------ 1 file changed, 150 deletions(-) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java deleted file mode 100644 index ec543674551ba..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security; - -import java.util.UUID; -import java.util.concurrent.BrokenBarrierException; -import java.util.concurrent.CyclicBarrier; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.TimeoutException; -import org.apache.ignite.IgniteMessaging; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.lang.IgniteBiPredicate; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.core.IsNull.nullValue; -import static org.junit.Assert.assertThat; - -/** - * Security tests for IgniteMessaging. - * //todo DRAFT !!! - */ -public class IgniteMessagingTest extends AbstractContextResolverSecurityProcessorTest { - /** Barrier. */ - private static final CyclicBarrier BARRIER = new CyclicBarrier(2); - - /** */ - public void testMessaging() throws Exception { - //todo Тесты написаны так, что инициатор так же является источником собтия. - //todo Нужно написать тесты когда иточником события является другой узел - //todo имеющий разрешение на выполнение операции и нет, соответственно. - - successMessaging(clnt, clntNoPutPerm); - successMessaging(clnt, srvNoPutPerm); - successMessaging(srv, clntNoPutPerm); - successMessaging(srv, srvNoPutPerm); - //successMessaging(srv, srv); - //successMessaging(clnt, clnt); - - failMessaging(clntNoPutPerm, srv); - failMessaging(clntNoPutPerm, clnt); - failMessaging(srvNoPutPerm, srv); - failMessaging(srvNoPutPerm, clnt); - //failMessaging(srvNoPutPerm, srvNoPutPerm); - //failMessaging(clntNoPutPerm, clntNoPutPerm); - } - - /** - * @param initiator Initiator node. - * @param remote Remote node. - * @throws Exception If failed. - */ - private void successMessaging(IgniteEx initiator, IgniteEx remote) throws Exception { - BARRIER.reset(); - - int val = values.getAndIncrement(); - - IgniteMessaging messaging = initiator.message( - initiator.cluster().forNode(remote.localNode()) - ); - - UUID lsnrId = messaging.remoteListen("HOT_TOPIC", - new IgniteBiPredicate() { - @Override public boolean apply(UUID uuid, Object o) { - try { - Ignition.localIgnite().cache(CACHE_NAME).put("key", val); - - return true; - } - finally { - try { - BARRIER.await(5, TimeUnit.SECONDS); - } - catch (InterruptedException | BrokenBarrierException | TimeoutException e) { - fail(e.getMessage()); - } - } - } - } - ); - try { - messaging.send("HOT_TOPIC", "Fire!"); - - BARRIER.await(5, TimeUnit.SECONDS); - } - finally { - messaging.stopRemoteListen(lsnrId); - } - - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); - } - - /** - * @param initiator Initiator node. - * @param remote Remote node. - * @throws Exception If failed. - */ - private void failMessaging(IgniteEx initiator, IgniteEx remote) throws Exception { - BARRIER.reset(); - - IgniteMessaging messaging = initiator.message( - initiator.cluster().forNode(remote.localNode()) - ); - - UUID lsnrId = messaging.remoteListen("HOT_TOPIC", - new IgniteBiPredicate() { - @Override public boolean apply(UUID uuid, Object o) { - try { - Ignition.localIgnite().cache(CACHE_NAME).put("fail_key", -1); - - return true; - } - finally { - try { - BARRIER.await(5, TimeUnit.SECONDS); - } - catch (InterruptedException | BrokenBarrierException | TimeoutException e) { - fail(e.getMessage()); - } - } - } - } - ); - try { - messaging.send("HOT_TOPIC", "Fire!"); - - BARRIER.await(5, TimeUnit.SECONDS); - } - finally { - messaging.stopRemoteListen(lsnrId); - } - - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); - } -} From b73523faa35dc6394a70fb3f4d71a507307332b5 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 6 Nov 2018 19:42:18 +0300 Subject: [PATCH 16/98] IGNITE-9560 fix comment --- ...tContextResolverSecurityProcessorTest.java | 11 -- .../security/AbstractSecurityTest.java | 13 +- .../security/IgniteMessagingTest.java | 150 ------------------ .../TestSecurityPluginConfiguration.java | 21 ++- .../TestSecurityProcessorProvider.java | 31 +++- 5 files changed, 44 insertions(+), 182 deletions(-) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java index 229c119931e81..175e9405f8cd2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java @@ -72,17 +72,6 @@ public class AbstractContextResolverSecurityProcessorTest extends AbstractSecuri grid(0).cluster().active(true); } - /** {@inheritDoc} */ - @Override protected void afterTestsStopped() throws Exception { - super.afterTestsStopped(); - - System.clearProperty(TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS); - - stopAllGrids(); - - cleanPersistenceDir(); - } - /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { return super.getConfiguration(igniteInstanceName) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index 2f25124583b28..2f5d08c25ccd6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -13,22 +13,10 @@ * Common class for security tests. */ public class AbstractSecurityTest extends GridCommonAbstractTest { - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - System.setProperty( - TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS, - "org.apache.ignite.internal.processor.security.TestSecurityProcessor" - ); - } - /** {@inheritDoc} */ @Override protected void afterTestsStopped() throws Exception { super.afterTestsStopped(); - System.clearProperty(TestSecurityProcessorProvider.TEST_SECURITY_PROCESSOR_CLS); - stopAllGrids(); cleanPersistenceDir(); @@ -54,6 +42,7 @@ protected IgniteConfiguration getConfiguration(String instanceName, .setAuthenticationEnabled(true) .setPluginConfigurations( new TestSecurityPluginConfiguration() + .setSecurityProcessorClass("org.apache.ignite.internal.processor.security.TestSecurityProcessor") .setLogin(login) .setPwd(pwd) .setUserObj(userObj) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java deleted file mode 100644 index ec543674551ba..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteMessagingTest.java +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security; - -import java.util.UUID; -import java.util.concurrent.BrokenBarrierException; -import java.util.concurrent.CyclicBarrier; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.TimeoutException; -import org.apache.ignite.IgniteMessaging; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.lang.IgniteBiPredicate; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.core.IsNull.nullValue; -import static org.junit.Assert.assertThat; - -/** - * Security tests for IgniteMessaging. - * //todo DRAFT !!! - */ -public class IgniteMessagingTest extends AbstractContextResolverSecurityProcessorTest { - /** Barrier. */ - private static final CyclicBarrier BARRIER = new CyclicBarrier(2); - - /** */ - public void testMessaging() throws Exception { - //todo Тесты написаны так, что инициатор так же является источником собтия. - //todo Нужно написать тесты когда иточником события является другой узел - //todo имеющий разрешение на выполнение операции и нет, соответственно. - - successMessaging(clnt, clntNoPutPerm); - successMessaging(clnt, srvNoPutPerm); - successMessaging(srv, clntNoPutPerm); - successMessaging(srv, srvNoPutPerm); - //successMessaging(srv, srv); - //successMessaging(clnt, clnt); - - failMessaging(clntNoPutPerm, srv); - failMessaging(clntNoPutPerm, clnt); - failMessaging(srvNoPutPerm, srv); - failMessaging(srvNoPutPerm, clnt); - //failMessaging(srvNoPutPerm, srvNoPutPerm); - //failMessaging(clntNoPutPerm, clntNoPutPerm); - } - - /** - * @param initiator Initiator node. - * @param remote Remote node. - * @throws Exception If failed. - */ - private void successMessaging(IgniteEx initiator, IgniteEx remote) throws Exception { - BARRIER.reset(); - - int val = values.getAndIncrement(); - - IgniteMessaging messaging = initiator.message( - initiator.cluster().forNode(remote.localNode()) - ); - - UUID lsnrId = messaging.remoteListen("HOT_TOPIC", - new IgniteBiPredicate() { - @Override public boolean apply(UUID uuid, Object o) { - try { - Ignition.localIgnite().cache(CACHE_NAME).put("key", val); - - return true; - } - finally { - try { - BARRIER.await(5, TimeUnit.SECONDS); - } - catch (InterruptedException | BrokenBarrierException | TimeoutException e) { - fail(e.getMessage()); - } - } - } - } - ); - try { - messaging.send("HOT_TOPIC", "Fire!"); - - BARRIER.await(5, TimeUnit.SECONDS); - } - finally { - messaging.stopRemoteListen(lsnrId); - } - - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); - } - - /** - * @param initiator Initiator node. - * @param remote Remote node. - * @throws Exception If failed. - */ - private void failMessaging(IgniteEx initiator, IgniteEx remote) throws Exception { - BARRIER.reset(); - - IgniteMessaging messaging = initiator.message( - initiator.cluster().forNode(remote.localNode()) - ); - - UUID lsnrId = messaging.remoteListen("HOT_TOPIC", - new IgniteBiPredicate() { - @Override public boolean apply(UUID uuid, Object o) { - try { - Ignition.localIgnite().cache(CACHE_NAME).put("fail_key", -1); - - return true; - } - finally { - try { - BARRIER.await(5, TimeUnit.SECONDS); - } - catch (InterruptedException | BrokenBarrierException | TimeoutException e) { - fail(e.getMessage()); - } - } - } - } - ); - try { - messaging.send("HOT_TOPIC", "Fire!"); - - BARRIER.await(5, TimeUnit.SECONDS); - } - finally { - messaging.stopRemoteListen(lsnrId); - } - - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java index a087a7ead2ef1..387add6105506 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java @@ -19,6 +19,9 @@ public class TestSecurityPluginConfiguration implements PluginConfiguration { /** User object. */ private Object userObj; + /** Security processor class name. */ + private String secProcCls; + /** * Getting security permission set. */ @@ -82,4 +85,20 @@ public TestSecurityPluginConfiguration setUserObj(Object userObj) { return this; } -} + + /** + * Getting security processor class name. + */ + public String getSecurityProcessorClass() { + return secProcCls; + } + + /** + * @param secProcCls Security processor class name. + */ + public TestSecurityPluginConfiguration setSecurityProcessorClass(String secProcCls) { + this.secProcCls = secProcCls; + + return this; + } +} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java index 3363f1d9f5b1d..93302407a5e82 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java @@ -23,6 +23,7 @@ import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; @@ -30,6 +31,7 @@ import org.apache.ignite.plugin.CachePluginProvider; import org.apache.ignite.plugin.ExtensionRegistry; import org.apache.ignite.plugin.IgnitePlugin; +import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.PluginContext; import org.apache.ignite.plugin.PluginProvider; import org.apache.ignite.plugin.PluginValidationException; @@ -39,9 +41,6 @@ * Security processor provider for tests. */ public class TestSecurityProcessorProvider implements PluginProvider { - /** System property to get test security processor class name. */ - public static String TEST_SECURITY_PROCESSOR_CLS = "TEST_SECURITY_PROVIDER_CLASS"; - /** Default test security processor class name. */ public static String DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME = "org.apache.ignite.internal.processors.security.os.GridOsSecurityProcessor"; @@ -76,12 +75,10 @@ public class TestSecurityProcessorProvider implements PluginProvider { @SuppressWarnings("unchecked") @Override public @Nullable Object createComponent(PluginContext ctx, Class cls) { if (cls.isAssignableFrom(GridSecurityProcessor.class)) { - String secProcClsName = System.getProperty( - TEST_SECURITY_PROCESSOR_CLS, DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME - ); + String secProcCls = securityProcessorClass(ctx); try { - Class implCls = Class.forName(secProcClsName); + Class implCls = Class.forName(secProcCls); if (implCls == null) throw new IgniteException("Failed to find component implementation: " + cls.getName()); @@ -108,13 +105,31 @@ public class TestSecurityProcessorProvider implements PluginProvider { } } catch (ClassNotFoundException e) { - throw new IgniteException("Failed to load class [cls=" + secProcClsName + "]", e); + throw new IgniteException("Failed to load class [cls=" + secProcCls + "]", e); } } return null; } + /** + * Getting security processor class name. + * + * @param ctx Context. + */ + private String securityProcessorClass(PluginContext ctx){ + IgniteConfiguration igniteCfg = ctx.igniteConfiguration(); + + if (igniteCfg.getPluginConfigurations() != null) { + for (PluginConfiguration pluginCfg : igniteCfg.getPluginConfigurations()) { + if (pluginCfg instanceof TestSecurityPluginConfiguration) + return ((TestSecurityPluginConfiguration)pluginCfg).getSecurityProcessorClass(); + } + } + + return DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME; + } + /** {@inheritDoc} */ @Override public CachePluginProvider createCacheProvider(CachePluginContext ctx) { return null; From 7dcfaad8d6cf6ac795d34e069711b919cc233ca5 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 7 Nov 2018 15:51:09 +0300 Subject: [PATCH 17/98] IGNITE-9560 fix comment --- ...tContextResolverSecurityProcessorTest.java | 34 ++++----- ...extResolverSecurityProcessorTestSuite.java | 7 ++ .../{ => cache}/EntryProcessorTest.java | 23 +++--- .../{ => cache}/IgniteDataStreamerTest.java | 29 +++---- .../security/{ => cache}/LoadCacheTest.java | 33 ++++---- .../security/{ => cache}/ScanQueryTest.java | 75 ++++++++++--------- .../security/cache/package-info.java | 21 ++++++ .../{ => compute}/ComputeTaskTest.java | 36 ++++----- .../{ => compute}/DistributedClosureTest.java | 66 ++++++++-------- .../{ => compute}/ExecuteServiceTaskTest.java | 35 ++++----- .../security/compute/package-info.java | 21 ++++++ 11 files changed, 219 insertions(+), 161 deletions(-) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{ => cache}/EntryProcessorTest.java (87%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{ => cache}/IgniteDataStreamerTest.java (78%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{ => cache}/LoadCacheTest.java (81%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{ => cache}/ScanQueryTest.java (69%) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/package-info.java rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{ => compute}/ComputeTaskTest.java (84%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{ => compute}/DistributedClosureTest.java (69%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{ => compute}/ExecuteServiceTaskTest.java (73%) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/package-info.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java index 175e9405f8cd2..2c5b8bacd1bbe 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java @@ -35,39 +35,39 @@ */ public class AbstractContextResolverSecurityProcessorTest extends AbstractSecurityTest { /** Cache name for tests. */ - protected static final String CACHE_NAME = "TEST_CACHE"; + protected static final String CACHE_WITH_PERMS = "TEST_CACHE"; /** Cache name for tests. */ - protected static final String SEC_CACHE_NAME = "SECOND_TEST_CACHE"; + protected static final String CACHE_WITHOUT_PERMS = "SECOND_TEST_CACHE"; /** Values. */ protected AtomicInteger values = new AtomicInteger(0); /** Sever node that has all permissions. */ - protected IgniteEx srv; + protected IgniteEx srvAllPerms; /** Client node that has all permissions. */ - protected IgniteEx clnt; + protected IgniteEx clntAllPerms; - /** Sever node that hasn't put permission to TEST_CACHE. */ - protected IgniteEx srvNoPutPerm; + /** Sever node that has read only permission for TEST_CACHE. */ + protected IgniteEx srvReadOnlyPerm; - /** Client node that hasn't put permission to TEST_CACHE. */ - protected IgniteEx clntNoPutPerm; + /** Client node that has read only permission for TEST_CACHE. */ + protected IgniteEx clntReadOnlyPerm; /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - srv = startGrid("user_0", builder().build()); + srvAllPerms = startGrid("user_0", builder().build()); - clnt = startGrid("user_1", builder().build(), true); + clntAllPerms = startGrid("user_1", builder().build(), true); - srvNoPutPerm = startGrid("user_2", - builder().appendCachePermissions(CACHE_NAME, CACHE_READ).build()); + srvReadOnlyPerm = startGrid("user_2", + builder().appendCachePermissions(CACHE_WITH_PERMS, CACHE_READ).build()); - clntNoPutPerm = startGrid("user_3", - builder().appendCachePermissions(CACHE_NAME, CACHE_READ).build(), true); + clntReadOnlyPerm = startGrid("user_3", + builder().appendCachePermissions(CACHE_WITH_PERMS, CACHE_READ).build(), true); grid(0).cluster().active(true); } @@ -84,11 +84,11 @@ public class AbstractContextResolverSecurityProcessorTest extends AbstractSecuri protected CacheConfiguration[] getCacheConfigurations() { return new CacheConfiguration[] { new CacheConfiguration<>() - .setName(CACHE_NAME) + .setName(CACHE_WITH_PERMS) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false), new CacheConfiguration<>() - .setName(SEC_CACHE_NAME) + .setName(CACHE_WITHOUT_PERMS) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false) }; @@ -101,7 +101,7 @@ protected CacheConfiguration[] getCacheConfigurations() { * @return Key. */ protected Integer primaryKey(IgniteEx ignite) { - Affinity affinity = ignite.affinity(SEC_CACHE_NAME); + Affinity affinity = ignite.affinity(CACHE_WITHOUT_PERMS); int i = 0; do { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java index f68eb6a6f92b4..a19d622e765ff 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java @@ -19,6 +19,13 @@ import java.util.Set; import junit.framework.TestSuite; +import org.apache.ignite.internal.processor.security.cache.EntryProcessorTest; +import org.apache.ignite.internal.processor.security.cache.IgniteDataStreamerTest; +import org.apache.ignite.internal.processor.security.cache.LoadCacheTest; +import org.apache.ignite.internal.processor.security.cache.ScanQueryTest; +import org.apache.ignite.internal.processor.security.compute.ComputeTaskTest; +import org.apache.ignite.internal.processor.security.compute.DistributedClosureTest; +import org.apache.ignite.internal.processor.security.compute.ExecuteServiceTaskTest; import org.jetbrains.annotations.Nullable; /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorTest.java similarity index 87% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorTest.java index 76b32d8ec9899..b4a9859bb0f2a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/EntryProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processor.security.cache; import java.util.Collections; import java.util.UUID; @@ -25,6 +25,7 @@ import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; import org.apache.ignite.plugin.security.SecurityPermission; /** @@ -33,12 +34,12 @@ public class EntryProcessorTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testEntryProcessor() { - successEntryProcessor(clnt, srv); - successEntryProcessor(clnt, srvNoPutPerm); - successEntryProcessor(srv, srvNoPutPerm); + successEntryProcessor(clntAllPerms, srvAllPerms); + successEntryProcessor(clntAllPerms, srvReadOnlyPerm); + successEntryProcessor(srvAllPerms, srvReadOnlyPerm); - failEntryProcessor(clntNoPutPerm, srv); - failEntryProcessor(srvNoPutPerm, srv); + failEntryProcessor(clntReadOnlyPerm, srvAllPerms); + failEntryProcessor(srvReadOnlyPerm, srvAllPerms); } /** @@ -116,7 +117,7 @@ public Invoke(IgniteEx initiator, IgniteEx remote) { /** {@inheritDoc} */ @Override public void call() { - initiator.cache(SEC_CACHE_NAME).invoke( + initiator.cache(CACHE_WITHOUT_PERMS).invoke( primaryKey(remote), new TestEntryProcessor(remote.localNode().id()) ); @@ -137,7 +138,7 @@ public InvokeAsync(IgniteEx initiator, IgniteEx remote) { /** {@inheritDoc} */ @Override public void call() { - initiator.cache(SEC_CACHE_NAME).invokeAsync( + initiator.cache(CACHE_WITHOUT_PERMS).invokeAsync( primaryKey(remote), new TestEntryProcessor(remote.localNode().id()) ).get(); @@ -158,7 +159,7 @@ public InvokeAll(IgniteEx initiator, IgniteEx remote) { /** {@inheritDoc} */ @Override public void call() { - initiator.cache(SEC_CACHE_NAME).invokeAll( + initiator.cache(CACHE_WITHOUT_PERMS).invokeAll( Collections.singleton(primaryKey(remote)), new TestEntryProcessor(remote.localNode().id()) ).values().stream().findFirst().ifPresent(EntryProcessorResult::get); @@ -179,7 +180,7 @@ public InvokeAllAsync(IgniteEx initiator, IgniteEx remote) { /** {@inheritDoc} */ @Override public void call() { - initiator.cache(SEC_CACHE_NAME).invokeAllAsync( + initiator.cache(CACHE_WITHOUT_PERMS).invokeAllAsync( Collections.singleton(primaryKey(remote)), new TestEntryProcessor(remote.localNode().id()) ).get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); @@ -206,7 +207,7 @@ public TestEntryProcessor(UUID remoteId) { IgniteEx loc = (IgniteEx)Ignition.localIgnite(); if (remoteId.equals(loc.localNode().id())) - loc.context().security().authorize(CACHE_NAME, SecurityPermission.CACHE_PUT); + loc.context().security().authorize(CACHE_WITH_PERMS, SecurityPermission.CACHE_PUT); return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerTest.java similarity index 78% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerTest.java index 363249a30ae04..4b703b18a362d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/IgniteDataStreamerTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerTest.java @@ -1,4 +1,4 @@ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processor.security.cache; import java.util.Map; import java.util.UUID; @@ -7,6 +7,7 @@ import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.stream.StreamVisitor; @@ -22,14 +23,14 @@ public class IgniteDataStreamerTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testDataStreamer() { - successReceiver(clnt, srv); - successReceiver(clnt, srvNoPutPerm); - successReceiver(srv, srv); - successReceiver(srv, srvNoPutPerm); - - failReceiver(clntNoPutPerm, srv); - failReceiver(srvNoPutPerm, srv); - failReceiver(srvNoPutPerm, srvNoPutPerm); + successReceiver(clntAllPerms, srvAllPerms); + successReceiver(clntAllPerms, srvReadOnlyPerm); + successReceiver(srvAllPerms, srvAllPerms); + successReceiver(srvAllPerms, srvReadOnlyPerm); + + failReceiver(clntReadOnlyPerm, srvAllPerms); + failReceiver(srvReadOnlyPerm, srvAllPerms); + failReceiver(srvReadOnlyPerm, srvReadOnlyPerm); } /** @@ -42,7 +43,7 @@ private void failReceiver(IgniteEx initiator, IgniteEx remote) { assertCauseMessage( GridTestUtils.assertThrowsWithCause( () -> { - try (IgniteDataStreamer strm = initiator.dataStreamer(SEC_CACHE_NAME)) { + try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_WITHOUT_PERMS)) { strm.receiver( StreamVisitor.from( new TestClosure(remote.localNode().id(), "fail_key", -1) @@ -55,7 +56,7 @@ private void failReceiver(IgniteEx initiator, IgniteEx remote) { ) ); - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); } /** @@ -67,7 +68,7 @@ private void successReceiver(IgniteEx initiator, IgniteEx remote) { Integer val = values.getAndIncrement(); - try (IgniteDataStreamer strm = initiator.dataStreamer(SEC_CACHE_NAME)) { + try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_WITHOUT_PERMS)) { strm.receiver( StreamVisitor.from( new TestClosure(remote.localNode().id(), "key", val) @@ -76,7 +77,7 @@ private void successReceiver(IgniteEx initiator, IgniteEx remote) { strm.addData(primaryKey(remote), 100); } - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); } /** @@ -110,7 +111,7 @@ public TestClosure(UUID remoteId, String key, Integer val) { Ignite loc = Ignition.localIgnite(); if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_NAME).put(key, val); + loc.cache(CACHE_WITH_PERMS).put(key, val); } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheTest.java similarity index 81% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheTest.java index 7a6e07a7f24a4..6e2f69e288945 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/LoadCacheTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheTest.java @@ -1,4 +1,4 @@ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processor.security.cache; import java.util.UUID; import javax.cache.Cache; @@ -9,6 +9,7 @@ import org.apache.ignite.cache.store.CacheStoreAdapter; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.plugin.security.SecurityException; @@ -27,11 +28,11 @@ public class LoadCacheTest extends AbstractContextResolverSecurityProcessorTest @Override protected CacheConfiguration[] getCacheConfigurations() { return new CacheConfiguration[] { new CacheConfiguration() - .setName(CACHE_NAME) + .setName(CACHE_WITH_PERMS) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false), new CacheConfiguration() - .setName(SEC_CACHE_NAME) + .setName(CACHE_WITHOUT_PERMS) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false) .setCacheStoreFactory(new TestStoreFactory()) @@ -40,14 +41,14 @@ public class LoadCacheTest extends AbstractContextResolverSecurityProcessorTest /** */ public void testLoadCache() { - successLoad(clnt, srv); - successLoad(clnt, srvNoPutPerm); - successLoad(srv, srv); - successLoad(srv, srvNoPutPerm); - - failLoad(clntNoPutPerm, srv); - failLoad(srvNoPutPerm, srv); - failLoad(srvNoPutPerm, srvNoPutPerm); + successLoad(clntAllPerms, srvAllPerms); + successLoad(clntAllPerms, srvReadOnlyPerm); + successLoad(srvAllPerms, srvAllPerms); + successLoad(srvAllPerms, srvReadOnlyPerm); + + failLoad(clntReadOnlyPerm, srvAllPerms); + failLoad(srvReadOnlyPerm, srvAllPerms); + failLoad(srvReadOnlyPerm, srvReadOnlyPerm); } /** @@ -59,11 +60,11 @@ private void successLoad(IgniteEx initiator, IgniteEx remote) { Integer val = values.getAndIncrement(); - initiator.cache(SEC_CACHE_NAME).loadCache( + initiator.cache(CACHE_WITHOUT_PERMS).loadCache( new TestClosure(remote.localNode().id(), "key", val) ); - assertThat(srv.cache(CACHE_NAME).get("key"), is(val)); + assertThat(srvAllPerms.cache(CACHE_WITH_PERMS).get("key"), is(val)); } /** @@ -75,7 +76,7 @@ private void failLoad(IgniteEx initiator, IgniteEx remote) { assertCauseMessage( GridTestUtils.assertThrowsWithCause( - () -> initiator.cache(SEC_CACHE_NAME) + () -> initiator.cache(CACHE_WITHOUT_PERMS) .loadCache( new TestClosure(remote.localNode().id(), "fail_key", -1) ) @@ -83,7 +84,7 @@ private void failLoad(IgniteEx initiator, IgniteEx remote) { ) ); - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); } /** @@ -117,7 +118,7 @@ public TestClosure(UUID remoteId, String key, Integer val) { /** {@inheritDoc} */ @Override public boolean apply(Integer k, Integer v) { if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_NAME).put(key, val); + loc.cache(CACHE_WITH_PERMS).put(key, val); return false; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryTest.java similarity index 69% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryTest.java index 174bc68cb2794..002320eb6e0ec 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ScanQueryTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryTest.java @@ -1,4 +1,4 @@ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processor.security.cache; import java.util.UUID; import javax.cache.Cache; @@ -6,6 +6,7 @@ import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.plugin.security.SecurityException; @@ -22,40 +23,40 @@ public class ScanQueryTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testScanQuery() throws Exception { - putTestData(srv, CACHE_NAME); - putTestData(srv, SEC_CACHE_NAME); + putTestData(srvAllPerms, CACHE_WITH_PERMS); + putTestData(srvAllPerms, CACHE_WITHOUT_PERMS); awaitPartitionMapExchange(); - successQuery(clnt, srv, CACHE_NAME); - successQuery(srv, srv, CACHE_NAME); - successQuery(clnt, srv, SEC_CACHE_NAME); - successQuery(srv, srv, SEC_CACHE_NAME); - - successTransform(clnt, srv, CACHE_NAME); - successTransform(srv, srv, CACHE_NAME); - successTransform(clnt, srv, SEC_CACHE_NAME); - successTransform(srv, srv, SEC_CACHE_NAME); - - successQuery(clnt, srvNoPutPerm, CACHE_NAME); - successQuery(srv, srvNoPutPerm, CACHE_NAME); - successQuery(clnt, srvNoPutPerm, SEC_CACHE_NAME); - successQuery(srv, srvNoPutPerm, SEC_CACHE_NAME); - - successTransform(clnt, srvNoPutPerm, CACHE_NAME); - successTransform(srv, srvNoPutPerm, CACHE_NAME); - successTransform(clnt, srvNoPutPerm, SEC_CACHE_NAME); - successTransform(srv, srvNoPutPerm, SEC_CACHE_NAME); - - failQuery(clntNoPutPerm, srv, CACHE_NAME); - failQuery(srvNoPutPerm, srv, CACHE_NAME); - failQuery(clntNoPutPerm, srv, SEC_CACHE_NAME); - failQuery(srvNoPutPerm, srv, SEC_CACHE_NAME); - - failTransform(clntNoPutPerm, srv, CACHE_NAME); - failTransform(srvNoPutPerm, srv, CACHE_NAME); - failTransform(clntNoPutPerm, srv, SEC_CACHE_NAME); - failTransform(srvNoPutPerm, srv, SEC_CACHE_NAME); + successQuery(clntAllPerms, srvAllPerms, CACHE_WITH_PERMS); + successQuery(srvAllPerms, srvAllPerms, CACHE_WITH_PERMS); + successQuery(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); + successQuery(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); + + successTransform(clntAllPerms, srvAllPerms, CACHE_WITH_PERMS); + successTransform(srvAllPerms, srvAllPerms, CACHE_WITH_PERMS); + successTransform(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); + successTransform(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); + + successQuery(clntAllPerms, srvReadOnlyPerm, CACHE_WITH_PERMS); + successQuery(srvAllPerms, srvReadOnlyPerm, CACHE_WITH_PERMS); + successQuery(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); + successQuery(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); + + successTransform(clntAllPerms, srvReadOnlyPerm, CACHE_WITH_PERMS); + successTransform(srvAllPerms, srvReadOnlyPerm, CACHE_WITH_PERMS); + successTransform(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); + successTransform(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); + + failQuery(clntReadOnlyPerm, srvAllPerms, CACHE_WITH_PERMS); + failQuery(srvReadOnlyPerm, srvAllPerms, CACHE_WITH_PERMS); + failQuery(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); + failQuery(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); + + failTransform(clntReadOnlyPerm, srvAllPerms, CACHE_WITH_PERMS); + failTransform(srvReadOnlyPerm, srvAllPerms, CACHE_WITH_PERMS); + failTransform(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); + failTransform(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); } /** @@ -79,7 +80,7 @@ private void failQuery(IgniteEx initiator, IgniteEx remote, String cacheName) { ) ); - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); } /** @@ -98,7 +99,7 @@ private void successQuery(IgniteEx initiator, IgniteEx remote, String cacheName) ) ).getAll(); - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); } /** @@ -121,7 +122,7 @@ private void failTransform(IgniteEx initiator, IgniteEx remote, String cacheName ) ); - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); } /** @@ -139,7 +140,7 @@ private void successTransform(IgniteEx initiator, IgniteEx remote, String cacheN new Transformer(remote.localNode().id(), "key", val) ).getAll(); - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); } /** @@ -186,7 +187,7 @@ public CommonClosure(UUID remoteId, String key, Integer val) { */ protected void put() { if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_NAME).put(key, val); + loc.cache(CACHE_WITH_PERMS).put(key, val); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/package-info.java new file mode 100644 index 0000000000000..4d66dd6c324b0 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/package-info.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Contains security tests for caches. + */ +package org.apache.ignite.internal.processor.security.cache; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskTest.java similarity index 84% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskTest.java index a24129ef4a61e..c9b5f044ee349 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processor.security.compute; import java.util.HashMap; import java.util.List; @@ -30,6 +30,8 @@ import org.apache.ignite.compute.ComputeJobResultPolicy; import org.apache.ignite.compute.ComputeTask; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; +import org.apache.ignite.internal.processor.security.TriConsumer; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.resources.IgniteInstanceResource; import org.apache.ignite.testframework.GridTestUtils; @@ -45,19 +47,19 @@ public class ComputeTaskTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testCompute() { - checkSuccess(srv, clnt); - checkSuccess(srv, srvNoPutPerm); - checkSuccess(srv, clntNoPutPerm); - checkSuccess(clnt, srv); - checkSuccess(clnt, srvNoPutPerm); - checkSuccess(clnt, clntNoPutPerm); - - checkFail(srvNoPutPerm, srv); - checkFail(srvNoPutPerm, clnt); - checkFail(srvNoPutPerm, clntNoPutPerm); - checkFail(clntNoPutPerm, srv); - checkFail(clntNoPutPerm, srvNoPutPerm); - checkFail(clntNoPutPerm, clnt); + checkSuccess(srvAllPerms, clntAllPerms); + checkSuccess(srvAllPerms, srvReadOnlyPerm); + checkSuccess(srvAllPerms, clntReadOnlyPerm); + checkSuccess(clntAllPerms, srvAllPerms); + checkSuccess(clntAllPerms, srvReadOnlyPerm); + checkSuccess(clntAllPerms, clntReadOnlyPerm); + + checkFail(srvReadOnlyPerm, srvAllPerms); + checkFail(srvReadOnlyPerm, clntAllPerms); + checkFail(srvReadOnlyPerm, clntReadOnlyPerm); + checkFail(clntReadOnlyPerm, srvAllPerms); + checkFail(clntReadOnlyPerm, srvReadOnlyPerm); + checkFail(clntReadOnlyPerm, clntAllPerms); } /** @@ -106,7 +108,7 @@ private void successCompute(IgniteEx initiator, IgniteEx remote, consumer.accept(initiator.compute(), "key", val); - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); } /** @@ -122,7 +124,7 @@ private void failCompute(IgniteEx initiator, IgniteEx remote, ) ); - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); } /** @@ -168,7 +170,7 @@ public TestComputeTask(UUID remote, String key, Integer val) { } @Override public Object execute() throws IgniteException { - loc.cache(CACHE_NAME).put(key, val); + loc.cache(CACHE_WITH_PERMS).put(key, val); return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureTest.java similarity index 69% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureTest.java index 9f4d1b4fcb0aa..e6030dcc8d375 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/DistributedClosureTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureTest.java @@ -1,8 +1,10 @@ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processor.security.compute; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; +import org.apache.ignite.internal.processor.security.TriConsumer; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.testframework.GridTestUtils; @@ -17,19 +19,19 @@ public class DistributedClosureTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testDistributedClosure() { - checkSuccess(clnt, clntNoPutPerm); - checkSuccess(clnt, srvNoPutPerm); - checkSuccess(srv, clntNoPutPerm); - checkSuccess(srv, srvNoPutPerm); - checkSuccess(srv, srv); - checkSuccess(clnt, clnt); - - checkFail(clntNoPutPerm, srv); - checkFail(clntNoPutPerm, clnt); - checkFail(srvNoPutPerm, srv); - checkFail(srvNoPutPerm, clnt); - checkFail(srvNoPutPerm, srvNoPutPerm); - checkFail(clntNoPutPerm, clntNoPutPerm); + checkSuccess(clntAllPerms, clntReadOnlyPerm); + checkSuccess(clntAllPerms, srvReadOnlyPerm); + checkSuccess(srvAllPerms, clntReadOnlyPerm); + checkSuccess(srvAllPerms, srvReadOnlyPerm); + checkSuccess(srvAllPerms, srvAllPerms); + checkSuccess(clntAllPerms, clntAllPerms); + + checkFail(clntReadOnlyPerm, srvAllPerms); + checkFail(clntReadOnlyPerm, clntAllPerms); + checkFail(srvReadOnlyPerm, srvAllPerms); + checkFail(srvReadOnlyPerm, clntAllPerms); + checkFail(srvReadOnlyPerm, srvReadOnlyPerm); + checkFail(clntReadOnlyPerm, clntReadOnlyPerm); } /** @@ -40,14 +42,14 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { successClosure( initiator, remote, (cmp, k, v) -> cmp.broadcast( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) ) ); successClosure( initiator, remote, (cmp, k, v) -> cmp.broadcastAsync( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) ).get() ); @@ -55,7 +57,7 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { initiator, remote, (cmp, k, v) -> cmp.call( () -> { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); return null; } @@ -66,7 +68,7 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { initiator, remote, (cmp, k, v) -> cmp.callAsync( () -> { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); return null; } @@ -76,14 +78,14 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { successClosure( initiator, remote, (cmp, k, v) -> cmp.run( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) ) ); successClosure( initiator, remote, (cmp, k, v) -> cmp.runAsync( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) ).get() ); @@ -92,7 +94,7 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { (cmp, k, v) -> cmp.apply( new IgniteClosure() { @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); return null; } @@ -105,7 +107,7 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { (cmp, k, v) -> cmp.applyAsync( new IgniteClosure() { @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); return null; } @@ -122,14 +124,14 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { failClosure( initiator, remote, (cmp, k, v) -> cmp.broadcast( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) ) ); failClosure( initiator, remote, (cmp, k, v) -> cmp.broadcastAsync( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) ).get() ); @@ -137,7 +139,7 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { initiator, remote, (cmp, k, v) -> cmp.call( () -> { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); return null; } @@ -148,7 +150,7 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { initiator, remote, (cmp, k, v) -> cmp.callAsync( () -> { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); return null; } @@ -158,14 +160,14 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { failClosure( initiator, remote, (cmp, k, v) -> cmp.run( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) ) ); failClosure( initiator, remote, (cmp, k, v) -> cmp.runAsync( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) ).get() ); @@ -174,7 +176,7 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { (cmp, k, v) -> cmp.apply( new IgniteClosure() { @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); return null; } @@ -187,7 +189,7 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { (cmp, k, v) -> cmp.applyAsync( new IgniteClosure() { @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); return null; } @@ -207,7 +209,7 @@ private void successClosure(IgniteEx initiator, IgniteEx remote, consumer.accept(initiator.compute(initiator.cluster().forNode(remote.localNode())), "key", val); - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); } /** @@ -226,6 +228,6 @@ private void failClosure(IgniteEx initiator, IgniteEx remote, ) ); - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskTest.java similarity index 73% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskTest.java index bac4809bb3533..5d4042a9c1ed7 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/ExecuteServiceTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskTest.java @@ -15,11 +15,12 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processor.security.compute; import java.util.concurrent.ExecutionException; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.testframework.GridTestUtils; @@ -34,19 +35,19 @@ public class ExecuteServiceTaskTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testExecute() throws Exception { - successExecute(clnt, clntNoPutPerm); - successExecute(clnt, srvNoPutPerm); - successExecute(srv, clntNoPutPerm); - successExecute(srv, srvNoPutPerm); - successExecute(srv, srv); - successExecute(clnt, clnt); + successExecute(clntAllPerms, clntReadOnlyPerm); + successExecute(clntAllPerms, srvReadOnlyPerm); + successExecute(srvAllPerms, clntReadOnlyPerm); + successExecute(srvAllPerms, srvReadOnlyPerm); + successExecute(srvAllPerms, srvAllPerms); + successExecute(clntAllPerms, clntAllPerms); - failExecute(clntNoPutPerm, srv); - failExecute(clntNoPutPerm, clnt); - failExecute(srvNoPutPerm, srv); - failExecute(srvNoPutPerm, clnt); - failExecute(srvNoPutPerm, srvNoPutPerm); - failExecute(clntNoPutPerm, clntNoPutPerm); + failExecute(clntReadOnlyPerm, srvAllPerms); + failExecute(clntReadOnlyPerm, clntAllPerms); + failExecute(srvReadOnlyPerm, srvAllPerms); + failExecute(srvReadOnlyPerm, clntAllPerms); + failExecute(srvReadOnlyPerm, srvReadOnlyPerm); + failExecute(clntReadOnlyPerm, clntReadOnlyPerm); } /** @@ -60,13 +61,13 @@ private void successExecute(IgniteEx initiator, IgniteEx remote) throws Exceptio .submit( new IgniteRunnable() { @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME) + Ignition.localIgnite().cache(CACHE_WITH_PERMS) .put("key", val); } } ).get(); - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); } /** @@ -82,7 +83,7 @@ private void failExecute(IgniteEx initiator, IgniteEx remote) { .submit( new IgniteRunnable() { @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME).put("fail_key", -1); + Ignition.localIgnite().cache(CACHE_WITH_PERMS).put("fail_key", -1); } } ).get(); @@ -95,6 +96,6 @@ private void failExecute(IgniteEx initiator, IgniteEx remote) { ) ); - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/package-info.java new file mode 100644 index 0000000000000..98743d62ecc7c --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/package-info.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Contains security tests for compute. + */ +package org.apache.ignite.internal.processor.security.compute; \ No newline at end of file From aeaf038d97973981a79501d7bfbbab7c1e8acdbf Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 7 Nov 2018 16:03:22 +0300 Subject: [PATCH 18/98] IGNITE-9560 fix comment --- ...extResolverSecurityProcessorTestSuite.java | 28 +++++++++---------- ...t.java => EntryProcessorSecurityTest.java} | 2 +- ...va => IgniteDataStreamerSecurityTest.java} | 2 +- ...heTest.java => LoadCacheSecurityTest.java} | 2 +- ...ryTest.java => ScanQuerySecurityTest.java} | 2 +- ...Test.java => ComputeTaskSecurityTest.java} | 3 +- ...va => DistributedClosureSecurityTest.java} | 2 +- ...va => ExecuteServiceTaskSecurityTest.java} | 2 +- 8 files changed, 21 insertions(+), 22 deletions(-) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{EntryProcessorTest.java => EntryProcessorSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{IgniteDataStreamerTest.java => IgniteDataStreamerSecurityTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{LoadCacheTest.java => LoadCacheSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{ScanQueryTest.java => ScanQuerySecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ComputeTaskTest.java => ComputeTaskSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{DistributedClosureTest.java => DistributedClosureSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ExecuteServiceTaskTest.java => ExecuteServiceTaskSecurityTest.java} (97%) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java index a19d622e765ff..0e98b2e21d4a5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java @@ -19,13 +19,13 @@ import java.util.Set; import junit.framework.TestSuite; -import org.apache.ignite.internal.processor.security.cache.EntryProcessorTest; -import org.apache.ignite.internal.processor.security.cache.IgniteDataStreamerTest; -import org.apache.ignite.internal.processor.security.cache.LoadCacheTest; -import org.apache.ignite.internal.processor.security.cache.ScanQueryTest; -import org.apache.ignite.internal.processor.security.compute.ComputeTaskTest; -import org.apache.ignite.internal.processor.security.compute.DistributedClosureTest; -import org.apache.ignite.internal.processor.security.compute.ExecuteServiceTaskTest; +import org.apache.ignite.internal.processor.security.cache.EntryProcessorSecurityTest; +import org.apache.ignite.internal.processor.security.cache.IgniteDataStreamerSecurityTest; +import org.apache.ignite.internal.processor.security.cache.LoadCacheSecurityTest; +import org.apache.ignite.internal.processor.security.cache.ScanQuerySecurityTest; +import org.apache.ignite.internal.processor.security.compute.ComputeTaskSecurityTest; +import org.apache.ignite.internal.processor.security.compute.DistributedClosureSecurityTest; +import org.apache.ignite.internal.processor.security.compute.ExecuteServiceTaskSecurityTest; import org.jetbrains.annotations.Nullable; /** @@ -47,13 +47,13 @@ public static TestSuite suite() throws Exception { public static TestSuite suite(final @Nullable Set ignoredTests) { TestSuite suite = new TestSuite("Initiator Node's Security Context Test Suite"); - suite.addTest(new TestSuite(DistributedClosureTest.class)); - suite.addTest(new TestSuite(ComputeTaskTest.class)); - suite.addTest(new TestSuite(ExecuteServiceTaskTest.class)); - suite.addTest(new TestSuite(ScanQueryTest.class)); - suite.addTest(new TestSuite(EntryProcessorTest.class)); - suite.addTest(new TestSuite(IgniteDataStreamerTest.class)); - suite.addTest(new TestSuite(LoadCacheTest.class)); + suite.addTest(new TestSuite(DistributedClosureSecurityTest.class)); + suite.addTest(new TestSuite(ComputeTaskSecurityTest.class)); + suite.addTest(new TestSuite(ExecuteServiceTaskSecurityTest.class)); + suite.addTest(new TestSuite(ScanQuerySecurityTest.class)); + suite.addTest(new TestSuite(EntryProcessorSecurityTest.class)); + suite.addTest(new TestSuite(IgniteDataStreamerSecurityTest.class)); + suite.addTest(new TestSuite(LoadCacheSecurityTest.class)); return suite; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java index b4a9859bb0f2a..00476a5ed31ed 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java @@ -31,7 +31,7 @@ /** * Security tests for EntityProcessor. */ -public class EntryProcessorTest extends AbstractContextResolverSecurityProcessorTest { +public class EntryProcessorSecurityTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testEntryProcessor() { successEntryProcessor(clntAllPerms, srvAllPerms); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java index 4b703b18a362d..16f87a165fa53 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java @@ -20,7 +20,7 @@ /** * Security tests for IgniteDataStream receiver. */ -public class IgniteDataStreamerTest extends AbstractContextResolverSecurityProcessorTest { +public class IgniteDataStreamerSecurityTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testDataStreamer() { successReceiver(clntAllPerms, srvAllPerms); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java index 6e2f69e288945..8c8b22ccf8be0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java @@ -23,7 +23,7 @@ /** * Security tests for cache data load. */ -public class LoadCacheTest extends AbstractContextResolverSecurityProcessorTest { +public class LoadCacheSecurityTest extends AbstractContextResolverSecurityProcessorTest { /** {@inheritDoc} */ @Override protected CacheConfiguration[] getCacheConfigurations() { return new CacheConfiguration[] { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java index 002320eb6e0ec..218327a73dd67 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java @@ -20,7 +20,7 @@ /** * Security test for scan query. */ -public class ScanQueryTest extends AbstractContextResolverSecurityProcessorTest { +public class ScanQuerySecurityTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testScanQuery() throws Exception { putTestData(srvAllPerms, CACHE_WITH_PERMS); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java index c9b5f044ee349..9570f5430b414 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java @@ -44,7 +44,7 @@ /** * Security tests for a compute task. */ -public class ComputeTaskTest extends AbstractContextResolverSecurityProcessorTest { +public class ComputeTaskSecurityTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testCompute() { checkSuccess(srvAllPerms, clntAllPerms); @@ -194,5 +194,4 @@ public TestComputeTask(UUID remote, String key, Integer val) { return null; } } - } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java index e6030dcc8d375..d7a00eeb92858 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java @@ -16,7 +16,7 @@ /** * Security tests for distributed closure. */ -public class DistributedClosureTest extends AbstractContextResolverSecurityProcessorTest { +public class DistributedClosureSecurityTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testDistributedClosure() { checkSuccess(clntAllPerms, clntReadOnlyPerm); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java index 5d4042a9c1ed7..75d9779b880c2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java @@ -32,7 +32,7 @@ /** * Security tests for an execute server task. */ -public class ExecuteServiceTaskTest extends AbstractContextResolverSecurityProcessorTest { +public class ExecuteServiceTaskSecurityTest extends AbstractContextResolverSecurityProcessorTest { /** */ public void testExecute() throws Exception { successExecute(clntAllPerms, clntReadOnlyPerm); From 129079b04f2c0273eca4f82a1851aa6d171426f7 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 8 Nov 2018 13:32:47 +0300 Subject: [PATCH 19/98] IGNITE-9560 fix comment --- ...tContextResolverSecurityProcessorTest.java | 53 ++----------- .../security/AbstractSecurityTest.java | 1 - .../TestSecurityPluginConfiguration.java | 8 ++ .../TestSecurityProcessorProvider.java | 6 +- .../processor/security/TriConsumer.java | 37 --------- .../cache/AbstractCacheSecurityTest.java | 75 +++++++++++++++++++ .../cache/EntryProcessorSecurityTest.java | 5 +- .../cache/IgniteDataStreamerSecurityTest.java | 9 +-- .../security/cache/LoadCacheSecurityTest.java | 11 ++- .../security/cache/ScanQuerySecurityTest.java | 39 +++++----- .../AbstractComputeTaskSecurityTest.java | 74 ++++++++++++++++++ .../compute/ComputeTaskSecurityTest.java | 41 ++-------- .../DistributedClosureSecurityTest.java | 71 ++++++------------ .../ExecuteServiceTaskSecurityTest.java | 8 +- 14 files changed, 231 insertions(+), 207 deletions(-) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/TriConsumer.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java index 2c5b8bacd1bbe..7babdcc993e28 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java @@ -19,7 +19,6 @@ import java.util.concurrent.atomic.AtomicInteger; import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.cache.affinity.Affinity; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; @@ -35,18 +34,15 @@ */ public class AbstractContextResolverSecurityProcessorTest extends AbstractSecurityTest { /** Cache name for tests. */ - protected static final String CACHE_WITH_PERMS = "TEST_CACHE"; - - /** Cache name for tests. */ - protected static final String CACHE_WITHOUT_PERMS = "SECOND_TEST_CACHE"; + protected static final String CACHE_NAME = "TEST_CACHE"; /** Values. */ protected AtomicInteger values = new AtomicInteger(0); - /** Sever node that has all permissions. */ + /** Sever node that has all permissions for TEST_CACHE. */ protected IgniteEx srvAllPerms; - /** Client node that has all permissions. */ + /** Client node that has all permissions for TEST_CACHE. */ protected IgniteEx clntAllPerms; /** Sever node that has read only permission for TEST_CACHE. */ @@ -64,10 +60,10 @@ public class AbstractContextResolverSecurityProcessorTest extends AbstractSecuri clntAllPerms = startGrid("user_1", builder().build(), true); srvReadOnlyPerm = startGrid("user_2", - builder().appendCachePermissions(CACHE_WITH_PERMS, CACHE_READ).build()); + builder().appendCachePermissions(CACHE_NAME, CACHE_READ).build()); clntReadOnlyPerm = startGrid("user_3", - builder().appendCachePermissions(CACHE_WITH_PERMS, CACHE_READ).build(), true); + builder().appendCachePermissions(CACHE_NAME, CACHE_READ).build(), true); grid(0).cluster().active(true); } @@ -75,43 +71,10 @@ public class AbstractContextResolverSecurityProcessorTest extends AbstractSecuri /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { return super.getConfiguration(igniteInstanceName) - .setCacheConfiguration(getCacheConfigurations()); - } - - /** - * Getting array of cache configurations. - */ - protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration<>() - .setName(CACHE_WITH_PERMS) + .setCacheConfiguration(new CacheConfiguration<>() + .setName(CACHE_NAME) .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false), - new CacheConfiguration<>() - .setName(CACHE_WITHOUT_PERMS) - .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false) - }; - } - - /** - * Getting the key that is contained on primary partition on passed node. - * - * @param ignite Node. - * @return Key. - */ - protected Integer primaryKey(IgniteEx ignite) { - Affinity affinity = ignite.affinity(CACHE_WITHOUT_PERMS); - - int i = 0; - do { - if (affinity.isPrimary(ignite.localNode(), ++i)) - return i; - - } - while (i <= 1_000); - - throw new IllegalStateException(ignite.name() + " isn't primary node for any key."); + .setReadFromBackup(false)); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index 2f5d08c25ccd6..50fc0e27f5a00 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -42,7 +42,6 @@ protected IgniteConfiguration getConfiguration(String instanceName, .setAuthenticationEnabled(true) .setPluginConfigurations( new TestSecurityPluginConfiguration() - .setSecurityProcessorClass("org.apache.ignite.internal.processor.security.TestSecurityProcessor") .setLogin(login) .setPwd(pwd) .setUserObj(userObj) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java index 387add6105506..aad38f43a5672 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java @@ -1,5 +1,6 @@ package org.apache.ignite.internal.processor.security; +import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.security.SecurityPermissionSet; @@ -7,6 +8,10 @@ * Security configuration for test. */ public class TestSecurityPluginConfiguration implements PluginConfiguration { + /** Default test security processor class name. */ + public static final String DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME = + "org.apache.ignite.internal.processor.security.TestSecurityProcessor"; + /** Security permission set. */ private SecurityPermissionSet prmSet; @@ -90,6 +95,9 @@ public TestSecurityPluginConfiguration setUserObj(Object userObj) { * Getting security processor class name. */ public String getSecurityProcessorClass() { + if(F.isEmpty(secProcCls)) + return DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME; + return secProcCls; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java index 93302407a5e82..acbaa887bcdd8 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java @@ -41,10 +41,6 @@ * Security processor provider for tests. */ public class TestSecurityProcessorProvider implements PluginProvider { - /** Default test security processor class name. */ - public static String DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME = - "org.apache.ignite.internal.processors.security.os.GridOsSecurityProcessor"; - /** {@inheritDoc} */ @Override public String name() { return "TestSecurityProcessorProvider"; @@ -127,7 +123,7 @@ private String securityProcessorClass(PluginContext ctx){ } } - return DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME; + throw new IllegalStateException("Security processor class isn't defined."); } /** {@inheritDoc} */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TriConsumer.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TriConsumer.java deleted file mode 100644 index 3513ca6a95567..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TriConsumer.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security; - -/** - * Tri-consumer. - * - * @param First parameter type. - * @param Second parameter type. - * @param Third parameter type. - */ -@FunctionalInterface -public interface TriConsumer { - /** - * Performs this operation on the given arguments. - * - * @param a First parameter. - * @param b Second parameter. - * @param c Third parameter. - */ - public void accept(A a, B b, C c); -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java new file mode 100644 index 0000000000000..2f3c568d00c21 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache; + +import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.cache.affinity.Affinity; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; + +/** + * + */ +public abstract class AbstractCacheSecurityTest extends AbstractContextResolverSecurityProcessorTest { + /** Cache name for tests. */ + protected static final String CACHE_WITHOUT_PERMS = "SECOND_TEST_CACHE"; + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + return super.getConfiguration(igniteInstanceName) + .setCacheConfiguration(getCacheConfigurations()); + } + + /** + * Getting array of cache configurations. + */ + protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration<>() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false), + new CacheConfiguration<>() + .setName(CACHE_WITHOUT_PERMS) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false) + }; + } + + /** + * Getting the key that is contained on primary partition on passed node for given cache. + * + * @param ignite Node. + * @return Key. + */ + protected Integer primaryKey(IgniteEx ignite) { + Affinity affinity = ignite.affinity(CACHE_WITHOUT_PERMS); + + int i = 0; + do { + if (affinity.isPrimary(ignite.localNode(), ++i)) + return i; + + } + while (i <= 1_000); + + throw new IllegalStateException(ignite.name() + " isn't primary node for any key."); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java index 00476a5ed31ed..0881780728ee3 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java @@ -25,13 +25,12 @@ import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; import org.apache.ignite.plugin.security.SecurityPermission; /** * Security tests for EntityProcessor. */ -public class EntryProcessorSecurityTest extends AbstractContextResolverSecurityProcessorTest { +public class EntryProcessorSecurityTest extends AbstractCacheSecurityTest { /** */ public void testEntryProcessor() { successEntryProcessor(clntAllPerms, srvAllPerms); @@ -207,7 +206,7 @@ public TestEntryProcessor(UUID remoteId) { IgniteEx loc = (IgniteEx)Ignition.localIgnite(); if (remoteId.equals(loc.localNode().id())) - loc.context().security().authorize(CACHE_WITH_PERMS, SecurityPermission.CACHE_PUT); + loc.context().security().authorize(CACHE_NAME, SecurityPermission.CACHE_PUT); return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java index 16f87a165fa53..8a8fafb29b29f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java @@ -7,7 +7,6 @@ import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.stream.StreamVisitor; @@ -20,7 +19,7 @@ /** * Security tests for IgniteDataStream receiver. */ -public class IgniteDataStreamerSecurityTest extends AbstractContextResolverSecurityProcessorTest { +public class IgniteDataStreamerSecurityTest extends AbstractCacheSecurityTest { /** */ public void testDataStreamer() { successReceiver(clntAllPerms, srvAllPerms); @@ -56,7 +55,7 @@ private void failReceiver(IgniteEx initiator, IgniteEx remote) { ) ); - assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } /** @@ -77,7 +76,7 @@ private void successReceiver(IgniteEx initiator, IgniteEx remote) { strm.addData(primaryKey(remote), 100); } - assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); } /** @@ -111,7 +110,7 @@ public TestClosure(UUID remoteId, String key, Integer val) { Ignite loc = Ignition.localIgnite(); if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_WITH_PERMS).put(key, val); + loc.cache(CACHE_NAME).put(key, val); } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java index 8c8b22ccf8be0..a7ccc29ad925a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java @@ -9,7 +9,6 @@ import org.apache.ignite.cache.store.CacheStoreAdapter; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.plugin.security.SecurityException; @@ -23,12 +22,12 @@ /** * Security tests for cache data load. */ -public class LoadCacheSecurityTest extends AbstractContextResolverSecurityProcessorTest { +public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { /** {@inheritDoc} */ @Override protected CacheConfiguration[] getCacheConfigurations() { return new CacheConfiguration[] { new CacheConfiguration() - .setName(CACHE_WITH_PERMS) + .setName(CACHE_NAME) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false), new CacheConfiguration() @@ -64,7 +63,7 @@ private void successLoad(IgniteEx initiator, IgniteEx remote) { new TestClosure(remote.localNode().id(), "key", val) ); - assertThat(srvAllPerms.cache(CACHE_WITH_PERMS).get("key"), is(val)); + assertThat(srvAllPerms.cache(CACHE_NAME).get("key"), is(val)); } /** @@ -84,7 +83,7 @@ private void failLoad(IgniteEx initiator, IgniteEx remote) { ) ); - assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } /** @@ -118,7 +117,7 @@ public TestClosure(UUID remoteId, String key, Integer val) { /** {@inheritDoc} */ @Override public boolean apply(Integer k, Integer v) { if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_WITH_PERMS).put(key, val); + loc.cache(CACHE_NAME).put(key, val); return false; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java index 218327a73dd67..f2b1e42d0ac63 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java @@ -6,7 +6,6 @@ import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.plugin.security.SecurityException; @@ -20,41 +19,41 @@ /** * Security test for scan query. */ -public class ScanQuerySecurityTest extends AbstractContextResolverSecurityProcessorTest { +public class ScanQuerySecurityTest extends AbstractCacheSecurityTest { /** */ public void testScanQuery() throws Exception { - putTestData(srvAllPerms, CACHE_WITH_PERMS); + putTestData(srvAllPerms, CACHE_NAME); putTestData(srvAllPerms, CACHE_WITHOUT_PERMS); awaitPartitionMapExchange(); - successQuery(clntAllPerms, srvAllPerms, CACHE_WITH_PERMS); - successQuery(srvAllPerms, srvAllPerms, CACHE_WITH_PERMS); + successQuery(clntAllPerms, srvAllPerms, CACHE_NAME); + successQuery(srvAllPerms, srvAllPerms, CACHE_NAME); successQuery(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); successQuery(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); - successTransform(clntAllPerms, srvAllPerms, CACHE_WITH_PERMS); - successTransform(srvAllPerms, srvAllPerms, CACHE_WITH_PERMS); + successTransform(clntAllPerms, srvAllPerms, CACHE_NAME); + successTransform(srvAllPerms, srvAllPerms, CACHE_NAME); successTransform(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); successTransform(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); - successQuery(clntAllPerms, srvReadOnlyPerm, CACHE_WITH_PERMS); - successQuery(srvAllPerms, srvReadOnlyPerm, CACHE_WITH_PERMS); + successQuery(clntAllPerms, srvReadOnlyPerm, CACHE_NAME); + successQuery(srvAllPerms, srvReadOnlyPerm, CACHE_NAME); successQuery(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); successQuery(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); - successTransform(clntAllPerms, srvReadOnlyPerm, CACHE_WITH_PERMS); - successTransform(srvAllPerms, srvReadOnlyPerm, CACHE_WITH_PERMS); + successTransform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME); + successTransform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME); successTransform(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); successTransform(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); - failQuery(clntReadOnlyPerm, srvAllPerms, CACHE_WITH_PERMS); - failQuery(srvReadOnlyPerm, srvAllPerms, CACHE_WITH_PERMS); + failQuery(clntReadOnlyPerm, srvAllPerms, CACHE_NAME); + failQuery(srvReadOnlyPerm, srvAllPerms, CACHE_NAME); failQuery(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); failQuery(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); - failTransform(clntReadOnlyPerm, srvAllPerms, CACHE_WITH_PERMS); - failTransform(srvReadOnlyPerm, srvAllPerms, CACHE_WITH_PERMS); + failTransform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME); + failTransform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME); failTransform(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); failTransform(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); } @@ -80,7 +79,7 @@ private void failQuery(IgniteEx initiator, IgniteEx remote, String cacheName) { ) ); - assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } /** @@ -99,7 +98,7 @@ private void successQuery(IgniteEx initiator, IgniteEx remote, String cacheName) ) ).getAll(); - assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); } /** @@ -122,7 +121,7 @@ private void failTransform(IgniteEx initiator, IgniteEx remote, String cacheName ) ); - assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } /** @@ -140,7 +139,7 @@ private void successTransform(IgniteEx initiator, IgniteEx remote, String cacheN new Transformer(remote.localNode().id(), "key", val) ).getAll(); - assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); } /** @@ -187,7 +186,7 @@ public CommonClosure(UUID remoteId, String key, Integer val) { */ protected void put() { if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_WITH_PERMS).put(key, val); + loc.cache(CACHE_NAME).put(key, val); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java new file mode 100644 index 0000000000000..cb7f268f3b6e5 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute; + +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; + +/** + * Abstract compute security test. + */ +public abstract class AbstractComputeTaskSecurityTest extends AbstractContextResolverSecurityProcessorTest { + /** */ + public void test() { + checkSuccess(srvAllPerms, clntAllPerms); + checkSuccess(srvAllPerms, srvReadOnlyPerm); + checkSuccess(srvAllPerms, clntReadOnlyPerm); + checkSuccess(clntAllPerms, srvAllPerms); + checkSuccess(clntAllPerms, srvReadOnlyPerm); + checkSuccess(clntAllPerms, clntReadOnlyPerm); + + checkFail(srvReadOnlyPerm, srvAllPerms); + checkFail(srvReadOnlyPerm, clntAllPerms); + checkFail(srvReadOnlyPerm, clntReadOnlyPerm); + checkFail(clntReadOnlyPerm, srvAllPerms); + checkFail(clntReadOnlyPerm, srvReadOnlyPerm); + checkFail(clntReadOnlyPerm, clntAllPerms); + } + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + protected abstract void checkSuccess(IgniteEx initiator, IgniteEx remote); + + /** + * @param initiator Initiator node. + * @param remote Remote node. + */ + protected abstract void checkFail(IgniteEx initiator, IgniteEx remote); + + /** + * Tri-consumer. + * + * @param First parameter type. + * @param Second parameter type. + * @param Third parameter type. + */ + @FunctionalInterface + protected interface TriConsumer { + /** + * Performs this operation on the given arguments. + * + * @param a First parameter. + * @param b Second parameter. + * @param c Third parameter. + */ + void accept(A a, B b, C c); + } +} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java index 9570f5430b414..61eb14d102950 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java @@ -30,8 +30,6 @@ import org.apache.ignite.compute.ComputeJobResultPolicy; import org.apache.ignite.compute.ComputeTask; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; -import org.apache.ignite.internal.processor.security.TriConsumer; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.resources.IgniteInstanceResource; import org.apache.ignite.testframework.GridTestUtils; @@ -44,29 +42,9 @@ /** * Security tests for a compute task. */ -public class ComputeTaskSecurityTest extends AbstractContextResolverSecurityProcessorTest { - /** */ - public void testCompute() { - checkSuccess(srvAllPerms, clntAllPerms); - checkSuccess(srvAllPerms, srvReadOnlyPerm); - checkSuccess(srvAllPerms, clntReadOnlyPerm); - checkSuccess(clntAllPerms, srvAllPerms); - checkSuccess(clntAllPerms, srvReadOnlyPerm); - checkSuccess(clntAllPerms, clntReadOnlyPerm); - - checkFail(srvReadOnlyPerm, srvAllPerms); - checkFail(srvReadOnlyPerm, clntAllPerms); - checkFail(srvReadOnlyPerm, clntReadOnlyPerm); - checkFail(clntReadOnlyPerm, srvAllPerms); - checkFail(clntReadOnlyPerm, srvReadOnlyPerm); - checkFail(clntReadOnlyPerm, clntAllPerms); - } - - /** - * @param initiator Initiator node. - * @param remote Remote node. - */ - private void checkSuccess(IgniteEx initiator, IgniteEx remote) { +public class ComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { + /** {@inheritDoc} */ + @Override protected void checkSuccess(IgniteEx initiator, IgniteEx remote) { successCompute( initiator, remote, (cmp, k, v) -> @@ -80,11 +58,8 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { ); } - /** - * @param initiator Initiator node. - * @param remote Remote node. - */ - private void checkFail(IgniteEx initiator, IgniteEx remote) { + /** {@inheritDoc} */ + @Override protected void checkFail(IgniteEx initiator, IgniteEx remote) { failCompute( initiator, remote, (cmp, k, v) -> @@ -108,7 +83,7 @@ private void successCompute(IgniteEx initiator, IgniteEx remote, consumer.accept(initiator.compute(), "key", val); - assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); } /** @@ -124,7 +99,7 @@ private void failCompute(IgniteEx initiator, IgniteEx remote, ) ); - assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } /** @@ -170,7 +145,7 @@ public TestComputeTask(UUID remote, String key, Integer val) { } @Override public Object execute() throws IgniteException { - loc.cache(CACHE_WITH_PERMS).put(key, val); + loc.cache(CACHE_NAME).put(key, val); return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java index d7a00eeb92858..1bcde39c01797 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java @@ -3,8 +3,6 @@ import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; -import org.apache.ignite.internal.processor.security.TriConsumer; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.testframework.GridTestUtils; @@ -16,40 +14,20 @@ /** * Security tests for distributed closure. */ -public class DistributedClosureSecurityTest extends AbstractContextResolverSecurityProcessorTest { - /** */ - public void testDistributedClosure() { - checkSuccess(clntAllPerms, clntReadOnlyPerm); - checkSuccess(clntAllPerms, srvReadOnlyPerm); - checkSuccess(srvAllPerms, clntReadOnlyPerm); - checkSuccess(srvAllPerms, srvReadOnlyPerm); - checkSuccess(srvAllPerms, srvAllPerms); - checkSuccess(clntAllPerms, clntAllPerms); - - checkFail(clntReadOnlyPerm, srvAllPerms); - checkFail(clntReadOnlyPerm, clntAllPerms); - checkFail(srvReadOnlyPerm, srvAllPerms); - checkFail(srvReadOnlyPerm, clntAllPerms); - checkFail(srvReadOnlyPerm, srvReadOnlyPerm); - checkFail(clntReadOnlyPerm, clntReadOnlyPerm); - } - - /** - * @param initiator Initiator node. - * @param remote Remote node. - */ - private void checkSuccess(IgniteEx initiator, IgniteEx remote) { +public class DistributedClosureSecurityTest extends AbstractComputeTaskSecurityTest { + /** {@inheritDoc} */ + @Override protected void checkSuccess(IgniteEx initiator, IgniteEx remote) { successClosure( initiator, remote, (cmp, k, v) -> cmp.broadcast( - () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) ) ); successClosure( initiator, remote, (cmp, k, v) -> cmp.broadcastAsync( - () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) ).get() ); @@ -57,7 +35,7 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { initiator, remote, (cmp, k, v) -> cmp.call( () -> { - Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } @@ -68,7 +46,7 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { initiator, remote, (cmp, k, v) -> cmp.callAsync( () -> { - Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } @@ -78,14 +56,14 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { successClosure( initiator, remote, (cmp, k, v) -> cmp.run( - () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) ) ); successClosure( initiator, remote, (cmp, k, v) -> cmp.runAsync( - () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) ).get() ); @@ -94,7 +72,7 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { (cmp, k, v) -> cmp.apply( new IgniteClosure() { @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } @@ -107,7 +85,7 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { (cmp, k, v) -> cmp.applyAsync( new IgniteClosure() { @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } @@ -116,22 +94,19 @@ private void checkSuccess(IgniteEx initiator, IgniteEx remote) { ); } - /** - * @param initiator Initiator node. - * @param remote Remote node. - */ - private void checkFail(IgniteEx initiator, IgniteEx remote) { + /** {@inheritDoc} */ + @Override protected void checkFail(IgniteEx initiator, IgniteEx remote) { failClosure( initiator, remote, (cmp, k, v) -> cmp.broadcast( - () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) ) ); failClosure( initiator, remote, (cmp, k, v) -> cmp.broadcastAsync( - () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) ).get() ); @@ -139,7 +114,7 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { initiator, remote, (cmp, k, v) -> cmp.call( () -> { - Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } @@ -150,7 +125,7 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { initiator, remote, (cmp, k, v) -> cmp.callAsync( () -> { - Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } @@ -160,14 +135,14 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { failClosure( initiator, remote, (cmp, k, v) -> cmp.run( - () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) ) ); failClosure( initiator, remote, (cmp, k, v) -> cmp.runAsync( - () -> Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v) + () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) ).get() ); @@ -176,7 +151,7 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { (cmp, k, v) -> cmp.apply( new IgniteClosure() { @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } @@ -189,7 +164,7 @@ private void checkFail(IgniteEx initiator, IgniteEx remote) { (cmp, k, v) -> cmp.applyAsync( new IgniteClosure() { @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_WITH_PERMS).put(k, v); + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } @@ -209,7 +184,7 @@ private void successClosure(IgniteEx initiator, IgniteEx remote, consumer.accept(initiator.compute(initiator.cluster().forNode(remote.localNode())), "key", val); - assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); } /** @@ -228,6 +203,6 @@ private void failClosure(IgniteEx initiator, IgniteEx remote, ) ); - assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java index 75d9779b880c2..b96117a79e0fd 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java @@ -61,13 +61,13 @@ private void successExecute(IgniteEx initiator, IgniteEx remote) throws Exceptio .submit( new IgniteRunnable() { @Override public void run() { - Ignition.localIgnite().cache(CACHE_WITH_PERMS) + Ignition.localIgnite().cache(CACHE_NAME) .put("key", val); } } ).get(); - assertThat(remote.cache(CACHE_WITH_PERMS).get("key"), is(val)); + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); } /** @@ -83,7 +83,7 @@ private void failExecute(IgniteEx initiator, IgniteEx remote) { .submit( new IgniteRunnable() { @Override public void run() { - Ignition.localIgnite().cache(CACHE_WITH_PERMS).put("fail_key", -1); + Ignition.localIgnite().cache(CACHE_NAME).put("fail_key", -1); } } ).get(); @@ -96,6 +96,6 @@ private void failExecute(IgniteEx initiator, IgniteEx remote) { ) ); - assertThat(remote.cache(CACHE_WITH_PERMS).get("fail_key"), nullValue()); + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } } From 95f8f5640400d0d81824bebafda84e2443e707c5 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 21 Nov 2018 08:00:05 +0300 Subject: [PATCH 20/98] IGNITE-9560 thin client test --- .../security/AbstractSecurityTest.java | 1 - .../processor/security/TestSecurityData.java | 77 ++++++++++++++++++ .../TestSecurityPluginConfiguration.java | 53 +++++++------ .../security/TestSecurityProcessor.java | 25 ++++-- .../client/thin/ThinClientSecurityTest.java | 78 +++++++++++++++++++ 5 files changed, 199 insertions(+), 35 deletions(-) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index 50fc0e27f5a00..f2e30759f32e2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -44,7 +44,6 @@ protected IgniteConfiguration getConfiguration(String instanceName, new TestSecurityPluginConfiguration() .setLogin(login) .setPwd(pwd) - .setUserObj(userObj) .setPermissions(prmSet) ); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java new file mode 100644 index 0000000000000..e56eacbb05f8c --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java @@ -0,0 +1,77 @@ +package org.apache.ignite.internal.processor.security; + +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityPermissionSet; + +public class TestSecurityData { + /** Login. */ + private String login; + + /** Password. */ + private String pwd; + + /** Security permission set. */ + private SecurityPermissionSet prmSet; + + public TestSecurityData() { + // No-op. + } + + public TestSecurityData(String login, String pwd, SecurityPermissionSet prmSet) { + this.login = login; + this.pwd = pwd; + this.prmSet = prmSet; + } + + /** + * Getting security permission set. + */ + public SecurityPermissionSet getPermissions() { + return prmSet; + } + + /** + * @param prmSet Security permission set. + */ + public TestSecurityData setPermissions(SecurityPermissionSet prmSet) { + this.prmSet = prmSet; + + return this; + } + + /** + * Login. + */ + public String getLogin() { + return login; + } + + /** + * @param login Login. + */ + public TestSecurityData setLogin(String login) { + this.login = login; + + return this; + } + + /** + * Password. + */ + public String getPwd() { + return pwd; + } + + /** + * @param pwd Password. + */ + public TestSecurityData setPwd(String pwd) { + this.pwd = pwd; + + return this; + } + + public SecurityCredentials credentials() { + return new SecurityCredentials(getLogin(), getPwd(), null); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java index aad38f43a5672..96f42f3b6e310 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java @@ -1,5 +1,8 @@ package org.apache.ignite.internal.processor.security; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.security.SecurityPermissionSet; @@ -12,17 +15,9 @@ public class TestSecurityPluginConfiguration implements PluginConfiguration { public static final String DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME = "org.apache.ignite.internal.processor.security.TestSecurityProcessor"; - /** Security permission set. */ - private SecurityPermissionSet prmSet; + private TestSecurityData nodeSecData = new TestSecurityData(); - /** Login. */ - private String login; - - /** Password. */ - private String pwd; - - /** User object. */ - private Object userObj; + private Collection clientsSecData = new ArrayList<>(); /** Security processor class name. */ private String secProcCls; @@ -31,14 +26,14 @@ public class TestSecurityPluginConfiguration implements PluginConfiguration { * Getting security permission set. */ public SecurityPermissionSet getPermissions() { - return prmSet; + return nodeSecData.getPermissions(); } /** * @param prmSet Security permission set. */ public TestSecurityPluginConfiguration setPermissions(SecurityPermissionSet prmSet) { - this.prmSet = prmSet; + nodeSecData.setPermissions(prmSet); return this; } @@ -47,14 +42,14 @@ public TestSecurityPluginConfiguration setPermissions(SecurityPermissionSet prmS * Login. */ public String getLogin() { - return login; + return nodeSecData.getLogin(); } /** * @param login Login. */ public TestSecurityPluginConfiguration setLogin(String login) { - this.login = login; + nodeSecData.setLogin(login); return this; } @@ -63,39 +58,43 @@ public TestSecurityPluginConfiguration setLogin(String login) { * Password. */ public String getPwd() { - return pwd; + return nodeSecData.getPwd(); } /** * @param pwd Password. */ public TestSecurityPluginConfiguration setPwd(String pwd) { - this.pwd = pwd; + nodeSecData.setPwd(pwd); return this; } - /** - * User object. - */ - public Object getUserObj() { - return userObj; + public TestSecurityPluginConfiguration nodeSecData(TestSecurityData nodeSecData) { + this.nodeSecData = nodeSecData; + + return this; } - /** - * @param userObj User object. - */ - public TestSecurityPluginConfiguration setUserObj(Object userObj) { - this.userObj = userObj; + public TestSecurityData nodeSecData() { + return nodeSecData; + } + + public TestSecurityPluginConfiguration clientSecData(TestSecurityData... data) { + clientsSecData.addAll(Arrays.asList(data)); return this; } + public Collection clientsSecData() { + return clientsSecData; + } + /** * Getting security processor class name. */ public String getSecurityProcessorClass() { - if(F.isEmpty(secProcCls)) + if (F.isEmpty(secProcCls)) return DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME; return secProcCls; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java index 27a4d078bcbc1..5bc1cc10acc42 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -79,7 +79,14 @@ public TestSecurityProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { - return null; + return new TestSecurityContext( + new TestSecuritySubject() + .setType(ctx.subjectType()) + .setId(ctx.subjectId()) + .setAddr(ctx.address()) + .setLogin(ctx.credentials().getLogin()) + .setPerms(PERMS.get(ctx.credentials())) + ); } /** {@inheritDoc} */ @@ -118,20 +125,24 @@ public TestSecurityProcessor(GridKernalContext ctx) { @Override public void start() throws IgniteCheckedException { super.start(); - SecurityCredentials cred = new SecurityCredentials( - configuration().getLogin(), configuration().getPwd(), configuration().getUserObj() - ); + TestSecurityData nodeSecData = configuration().nodeSecData(); + + PERMS.put(nodeSecData.credentials(), nodeSecData.getPermissions()); - PERMS.put(cred, configuration().getPermissions()); + ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, nodeSecData.credentials()); - ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, cred); + for(TestSecurityData data : configuration().clientsSecData()) + PERMS.put(data.credentials(), data.getPermissions()); } /** {@inheritDoc} */ @Override public void stop(boolean cancel) throws IgniteCheckedException { super.stop(cancel); - PERMS.remove(ctx.nodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS)); + PERMS.remove(configuration().nodeSecData().credentials()); + + for(TestSecurityData data : configuration().clientsSecData()) + PERMS.remove(data.credentials()); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java new file mode 100644 index 0000000000000..cdcccbc82a5f1 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java @@ -0,0 +1,78 @@ +package org.apache.ignite.internal.processor.security.client.thin; + +import org.apache.ignite.Ignition; +import org.apache.ignite.client.Config; +import org.apache.ignite.client.IgniteClient; +import org.apache.ignite.configuration.ClientConfiguration; +import org.apache.ignite.configuration.DataRegionConfiguration; +import org.apache.ignite.configuration.DataStorageConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractSecurityTest; +import org.apache.ignite.internal.processor.security.TestSecurityData; +import org.apache.ignite.internal.processor.security.TestSecurityPluginConfiguration; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.plugin.security.SecurityPermission; + +public class ThinClientSecurityTest extends AbstractSecurityTest { + + private static final String CLIENT = "client"; + + protected IgniteConfiguration getConfiguration(TestSecurityData... clientData) throws Exception { + return getConfiguration(G.allGrids().size(), clientData); + } + + protected IgniteConfiguration getConfiguration(int idx, + TestSecurityData... clientData) throws Exception { + + String instanceName = getTestIgniteInstanceName(idx); + + return getConfiguration(instanceName) + .setDataStorageConfiguration( + new DataStorageConfiguration() + .setDefaultDataRegionConfiguration( + new DataRegionConfiguration().setPersistenceEnabled(true) + ) + ) + .setAuthenticationEnabled(true) + .setPluginConfigurations( + new TestSecurityPluginConfiguration() + .setLogin("srv_" + instanceName) + .setPermissions(allowAll()) + .clientSecData(clientData) + ); + } + + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid( + getConfiguration( + new TestSecurityData(CLIENT, "", builder().build()) + ) + ).cluster().active(true); + } + + public void test() throws Exception { + grid(0).getOrCreateCache("TEST_CACHE").put("key", "value for test"); + + try (IgniteClient client = Ignition.startClient(new ClientConfiguration().setAddresses(Config.SERVER) + .setUserName("client") + .setUserPassword(""))) { + + System.out.println( + client.cache("TEST_CACHE").get("key") + ); + } + + /*try (IgniteClient client = Ignition.startClient(new ClientConfiguration().setAddresses(Config.SERVER) + .setUserName("client_2") + .setUserPassword("123"))) { + + System.out.println( + client.cache("TEST_CACHE").get("key") + ); + }*/ + } + +} From 4f0fc0aa92537e54878564ca7ba024fcb482477f Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 23 Nov 2018 10:40:58 +0300 Subject: [PATCH 21/98] IGNITE-9560 added thin client test class --- .../SecurityPermissionSetBuilder.java | 2 +- ...> AbstractResolveSecurityContextTest.java} | 20 ++- .../security/AbstractSecurityTest.java | 60 ++----- ...extResolverSecurityProcessorTestSuite.java | 2 + .../processor/security/TestSecurityData.java | 39 +++++ .../TestSecurityPluginConfiguration.java | 37 +++- .../security/TestSecurityProcessor.java | 6 +- .../cache/AbstractCacheSecurityTest.java | 4 +- .../cache/EntryProcessorSecurityTest.java | 2 +- .../cache/IgniteDataStreamerSecurityTest.java | 2 +- .../security/cache/LoadCacheSecurityTest.java | 2 +- .../security/cache/ScanQuerySecurityTest.java | 4 +- .../client/thin/ThinClientSecurityTest.java | 163 ++++++++++++++++-- .../security/client/thin/package-info.java | 21 +++ .../AbstractComputeTaskSecurityTest.java | 4 +- .../compute/ComputeTaskSecurityTest.java | 2 +- .../DistributedClosureSecurityTest.java | 2 +- .../ExecuteServiceTaskSecurityTest.java | 6 +- 18 files changed, 284 insertions(+), 94 deletions(-) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{AbstractContextResolverSecurityProcessorTest.java => AbstractResolveSecurityContextTest.java} (81%) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/package-info.java diff --git a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java index abac541ffdb68..73daadfea3e90 100644 --- a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java +++ b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java @@ -140,7 +140,7 @@ public SecurityPermissionSetBuilder appendCachePermissions(String name, Security * @return {@link SecurityPermissionSetBuilder} refer to same permission builder. */ public SecurityPermissionSetBuilder appendSystemPermissions(SecurityPermission... perms) { - validate(toCollection("EVENTS_", "ADMIN_"), perms); + validate(toCollection("EVENTS_", "ADMIN_", "CACHE_CREATE", "CACHE_DESTROY"), perms); sysPerms.addAll(toCollection(perms)); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java similarity index 81% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java index 7babdcc993e28..b0a479c2ba9b6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractContextResolverSecurityProcessorTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java @@ -32,7 +32,7 @@ /** * */ -public class AbstractContextResolverSecurityProcessorTest extends AbstractSecurityTest { +public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { /** Cache name for tests. */ protected static final String CACHE_NAME = "TEST_CACHE"; @@ -55,15 +55,17 @@ public class AbstractContextResolverSecurityProcessorTest extends AbstractSecuri @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - srvAllPerms = startGrid("user_0", builder().build()); + srvAllPerms = startGrid("srv_all_perms", allowAll()); - clntAllPerms = startGrid("user_1", builder().build(), true); + clntAllPerms = startGrid("clnt_all_perms", allowAll(), true); - srvReadOnlyPerm = startGrid("user_2", - builder().appendCachePermissions(CACHE_NAME, CACHE_READ).build()); + srvReadOnlyPerm = startGrid("srv_read_only_perm", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_READ).build()); - clntReadOnlyPerm = startGrid("user_3", - builder().appendCachePermissions(CACHE_NAME, CACHE_READ).build(), true); + clntReadOnlyPerm = startGrid("clnt_read_only_perm", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_READ).build(), true); grid(0).cluster().active(true); } @@ -78,11 +80,11 @@ public class AbstractContextResolverSecurityProcessorTest extends AbstractSecuri } /** - * Assert that the passed throwable contains a cause exception with given type and message. + * Assert that the passed throwable contains a cause exception with given type. * * @param throwable Throwable. */ - protected void assertCauseMessage(Throwable throwable) { + protected void assertCause(Throwable throwable) { assertThat(X.cause(throwable, SecurityException.class), notNullValue()); } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index f2e30759f32e2..a5aa875ccd951 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -26,11 +26,10 @@ public class AbstractSecurityTest extends GridCommonAbstractTest { * @param instanceName Instance name. * @param login Login. * @param pwd Password. - * @param userObj User object. * @param prmSet Security permission set. */ protected IgniteConfiguration getConfiguration(String instanceName, - String login, String pwd, Object userObj, SecurityPermissionSet prmSet) throws Exception { + String login, String pwd, SecurityPermissionSet prmSet) throws Exception { return getConfiguration(instanceName) .setDataStorageConfiguration( @@ -52,22 +51,19 @@ protected IgniteConfiguration getConfiguration(String instanceName, * @param idx Index. * @param login Login. * @param pwd Password. - * @param userObj User object. * @param prmSet Security permission set. */ - protected IgniteConfiguration getConfiguration(int idx, String login, String pwd, Object userObj, + protected IgniteConfiguration getConfiguration(int idx, String login, String pwd, SecurityPermissionSet prmSet) throws Exception { - return getConfiguration(getTestIgniteInstanceName(idx), login, pwd, userObj, prmSet); + return getConfiguration(getTestIgniteInstanceName(idx), login, pwd, prmSet); } /** - * @param idx Index. * @param login Login. - * @param pwd Password. * @param prmSet Security permission set. */ - protected IgniteEx startGrid(int idx, String login, String pwd, SecurityPermissionSet prmSet) throws Exception { - return startGrid(getConfiguration(idx, login, pwd, null, prmSet)); + protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet) throws Exception { + return startGrid(login, "", prmSet, false); } /** @@ -81,34 +77,26 @@ protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prm /** * @param login Login. - * @param pwd Password. * @param prmSet Security permission set. * @param isClient Is client. */ - protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet, + protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, boolean isClient) throws Exception { return startGrid( - getConfiguration(G.allGrids().size(), login, pwd, null, prmSet).setClientMode(isClient) + getConfiguration(G.allGrids().size(), login, "", prmSet).setClientMode(isClient) ); } /** - * @param userObj User object. - * @param prmSet Security permission set. - */ - protected IgniteEx startGrid(Object userObj, SecurityPermissionSet prmSet) throws Exception { - return startGrid(userObj, prmSet, false); - } - - /** - * @param userObj User object. + * @param login Login. + * @param pwd Password. * @param prmSet Security permission set. * @param isClient Is client. */ - protected IgniteEx startGrid(Object userObj, SecurityPermissionSet prmSet, boolean isClient) - throws Exception { + protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet, + boolean isClient) throws Exception { return startGrid( - getConfiguration(G.allGrids().size(), null, null, userObj, prmSet).setClientMode(isClient) + getConfiguration(G.allGrids().size(), login, pwd, prmSet).setClientMode(isClient) ); } @@ -120,38 +108,20 @@ protected IgniteEx startGrid(Object userObj, SecurityPermissionSet prmSet, boole */ protected IgniteEx startGrid(String instanceName, String login, String pwd, SecurityPermissionSet prmSet) throws Exception { - return startGrid(getConfiguration(instanceName, login, pwd, null, prmSet)); - } - - /** - * @param idx Index. - * @param userObj User object. - * @param prmSet Security permission set. - */ - protected IgniteEx startGrid(int idx, Object userObj, SecurityPermissionSet prmSet) throws Exception { - return startGrid(getConfiguration(idx, null, null, userObj, prmSet)); - } - - /** - * @param instanceName Instance name. - * @param userObj User object. - * @param prmSet Security permission set. - */ - protected IgniteEx startGrid(String instanceName, Object userObj, SecurityPermissionSet prmSet) throws Exception { - return startGrid(getConfiguration(instanceName, null, null, userObj, prmSet)); + return startGrid(getConfiguration(instanceName, login, pwd, prmSet)); } /** * Getting security permission set builder. */ protected SecurityPermissionSetBuilder builder() { - return SecurityPermissionSetBuilder.create().defaultAllowAll(true); + return SecurityPermissionSetBuilder.create().defaultAllowAll(false); } /** * Getting allow all security permissions. */ protected SecurityPermissionSet allowAll() { - return builder().build(); + return builder().defaultAllowAll(true).build(); } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java index 0e98b2e21d4a5..08b34adc406da 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java @@ -23,6 +23,7 @@ import org.apache.ignite.internal.processor.security.cache.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.cache.LoadCacheSecurityTest; import org.apache.ignite.internal.processor.security.cache.ScanQuerySecurityTest; +import org.apache.ignite.internal.processor.security.client.thin.ThinClientSecurityTest; import org.apache.ignite.internal.processor.security.compute.ComputeTaskSecurityTest; import org.apache.ignite.internal.processor.security.compute.DistributedClosureSecurityTest; import org.apache.ignite.internal.processor.security.compute.ExecuteServiceTaskSecurityTest; @@ -54,6 +55,7 @@ public static TestSuite suite(final @Nullable Set ignoredTests) { suite.addTest(new TestSuite(EntryProcessorSecurityTest.class)); suite.addTest(new TestSuite(IgniteDataStreamerSecurityTest.class)); suite.addTest(new TestSuite(LoadCacheSecurityTest.class)); + suite.addTest(new TestSuite(ThinClientSecurityTest.class)); return suite; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java index e56eacbb05f8c..9bb759fb2b2c3 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java @@ -1,8 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processor.security; import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityPermissionSet; +/** + * Test security data for subject configuration. + */ public class TestSecurityData { /** Login. */ private String login; @@ -13,16 +33,32 @@ public class TestSecurityData { /** Security permission set. */ private SecurityPermissionSet prmSet; + /** + * Default constructor. + */ public TestSecurityData() { // No-op. } + /** + * @param login Login. + * @param pwd Password. + * @param prmSet Permissions. + */ public TestSecurityData(String login, String pwd, SecurityPermissionSet prmSet) { this.login = login; this.pwd = pwd; this.prmSet = prmSet; } + /** + * @param login Login. + * @param prmSet Permissions. + */ + public TestSecurityData(String login, SecurityPermissionSet prmSet) { + this(login, "", prmSet); + } + /** * Getting security permission set. */ @@ -71,6 +107,9 @@ public TestSecurityData setPwd(String pwd) { return this; } + /** + * @return Security credentials. + */ public SecurityCredentials credentials() { return new SecurityCredentials(getLogin(), getPwd(), null); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java index 96f42f3b6e310..4210c77bef3db 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java @@ -1,8 +1,25 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processor.security; -import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.security.SecurityPermissionSet; @@ -15,9 +32,11 @@ public class TestSecurityPluginConfiguration implements PluginConfiguration { public static final String DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME = "org.apache.ignite.internal.processor.security.TestSecurityProcessor"; + /** Node security data. */ private TestSecurityData nodeSecData = new TestSecurityData(); - private Collection clientsSecData = new ArrayList<>(); + /** Clients security data. */ + private Collection clientsSecData = Collections.emptyList(); /** Security processor class name. */ private String secProcCls; @@ -70,22 +89,34 @@ public TestSecurityPluginConfiguration setPwd(String pwd) { return this; } + /** + * @param nodeSecData Node security data. + */ public TestSecurityPluginConfiguration nodeSecData(TestSecurityData nodeSecData) { this.nodeSecData = nodeSecData; return this; } + /** + * @return Node security data. + */ public TestSecurityData nodeSecData() { return nodeSecData; } + /** + * @param data Array of client security data. + */ public TestSecurityPluginConfiguration clientSecData(TestSecurityData... data) { - clientsSecData.addAll(Arrays.asList(data)); + clientsSecData = Collections.unmodifiableCollection(Arrays.asList(data)); return this; } + /** + * @return Collection of client security data. + */ public Collection clientsSecData() { return clientsSecData; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java index 5bc1cc10acc42..1a3686ec40ca0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -67,7 +67,7 @@ public TestSecurityProcessor(GridKernalContext ctx) { .setType(REMOTE_NODE) .setId(node.id()) .setAddr(new InetSocketAddress(F.first(node.addresses()), 0)) - .setLogin(cred.getUserObject()) + .setLogin(cred.getLogin()) .setPerms(PERMS.get(cred)) ); } @@ -131,7 +131,7 @@ public TestSecurityProcessor(GridKernalContext ctx) { ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, nodeSecData.credentials()); - for(TestSecurityData data : configuration().clientsSecData()) + for (TestSecurityData data : configuration().clientsSecData()) PERMS.put(data.credentials(), data.getPermissions()); } @@ -141,7 +141,7 @@ public TestSecurityProcessor(GridKernalContext ctx) { PERMS.remove(configuration().nodeSecData().credentials()); - for(TestSecurityData data : configuration().clientsSecData()) + for (TestSecurityData data : configuration().clientsSecData()) PERMS.remove(data.credentials()); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java index 2f3c568d00c21..43606d4ce82d9 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java @@ -22,12 +22,12 @@ import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; +import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; /** * */ -public abstract class AbstractCacheSecurityTest extends AbstractContextResolverSecurityProcessorTest { +public abstract class AbstractCacheSecurityTest extends AbstractResolveSecurityContextTest { /** Cache name for tests. */ protected static final String CACHE_WITHOUT_PERMS = "SECOND_TEST_CACHE"; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java index 0881780728ee3..b50fbd1a376d1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java @@ -75,7 +75,7 @@ private void failCall(CustomInvoke c) { c.call(); } catch (Throwable e) { - assertCauseMessage(e); + assertCause(e); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java index 8a8fafb29b29f..2e3c55f630b8d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java @@ -39,7 +39,7 @@ public void testDataStreamer() { private void failReceiver(IgniteEx initiator, IgniteEx remote) { assert !remote.localNode().isClient(); - assertCauseMessage( + assertCause( GridTestUtils.assertThrowsWithCause( () -> { try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_WITHOUT_PERMS)) { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java index a7ccc29ad925a..cecb54a753b5b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java @@ -73,7 +73,7 @@ private void successLoad(IgniteEx initiator, IgniteEx remote) { private void failLoad(IgniteEx initiator, IgniteEx remote) { assert !remote.localNode().isClient(); - assertCauseMessage( + assertCause( GridTestUtils.assertThrowsWithCause( () -> initiator.cache(CACHE_WITHOUT_PERMS) .loadCache( diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java index f2b1e42d0ac63..85d8f593c7a5f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java @@ -66,7 +66,7 @@ public void testScanQuery() throws Exception { private void failQuery(IgniteEx initiator, IgniteEx remote, String cacheName) { assert !remote.localNode().isClient(); - assertCauseMessage( + assertCause( GridTestUtils.assertThrowsWithCause( () -> { initiator.cache(cacheName).query( @@ -109,7 +109,7 @@ private void successQuery(IgniteEx initiator, IgniteEx remote, String cacheName) private void failTransform(IgniteEx initiator, IgniteEx remote, String cacheName) { assert !remote.localNode().isClient(); - assertCauseMessage( + assertCause( GridTestUtils.assertThrowsWithCause( () -> { initiator.cache(cacheName).query( diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java index cdcccbc82a5f1..7c85da08fde8f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java @@ -1,8 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processor.security.client.thin; +import java.util.function.Consumer; import org.apache.ignite.Ignition; +import org.apache.ignite.client.ClientAuthorizationException; import org.apache.ignite.client.Config; import org.apache.ignite.client.IgniteClient; +import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.ClientConfiguration; import org.apache.ignite.configuration.DataRegionConfiguration; import org.apache.ignite.configuration.DataStorageConfiguration; @@ -14,14 +34,49 @@ import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.plugin.security.SecurityPermission; -public class ThinClientSecurityTest extends AbstractSecurityTest { +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.hamcrest.core.Is.is; +import static org.hamcrest.core.IsNull.notNullValue; +import static org.hamcrest.core.StringContains.containsString; +import static org.junit.Assert.assertThat; +/** + * Security tests for thin client. + */ +public class ThinClientSecurityTest extends AbstractSecurityTest { + /** Client. */ private static final String CLIENT = "client"; + /** Client that has system permissions. */ + private static final String CLIENT_SYS_PERM = "client_sys_perm"; + + /** Cache. */ + private static final String CACHE = "TEST_CACHE"; + + /** Forbidden cache. */ + private static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; + + /** Cache to test system oper permissions. */ + private static final String SYS_OPER_CACHE = "SYS_OPER_TEST_CACHE"; + + /** Empty array of permissions. */ + private static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; + + /** + * @param clientData Array of client security data. + */ protected IgniteConfiguration getConfiguration(TestSecurityData... clientData) throws Exception { return getConfiguration(G.allGrids().size(), clientData); } + /** + * @param idx Index. + * @param clientData Array of client security data. + */ protected IgniteConfiguration getConfiguration(int idx, TestSecurityData... clientData) throws Exception { @@ -40,39 +95,109 @@ protected IgniteConfiguration getConfiguration(int idx, .setLogin("srv_" + instanceName) .setPermissions(allowAll()) .clientSecData(clientData) + ) + .setCacheConfiguration( + new CacheConfiguration().setName(CACHE), + new CacheConfiguration().setName(FORBIDDEN_CACHE) ); } + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - startGrid( + IgniteEx ignite = startGrid( getConfiguration( - new TestSecurityData(CLIENT, "", builder().build()) + new TestSecurityData( + CLIENT, + builder() + .appendCachePermissions(CACHE, CACHE_READ, CACHE_PUT, CACHE_REMOVE) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS) + .build() + ), + new TestSecurityData( + CLIENT_SYS_PERM, + builder() + .appendSystemPermissions(CACHE_CREATE, CACHE_DESTROY) + .build() + ) ) - ).cluster().active(true); + ); + + ignite.cluster().active(true); } - public void test() throws Exception { - grid(0).getOrCreateCache("TEST_CACHE").put("key", "value for test"); + /** + * @throws Exception If error occurs. + */ + public void testCacheOperations() throws Exception { + executeOperation(c -> c.cache(CACHE).put("key", "value")); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).put("key", "value")); - try (IgniteClient client = Ignition.startClient(new ClientConfiguration().setAddresses(Config.SERVER) - .setUserName("client") - .setUserPassword(""))) { + executeOperation(c -> c.cache(CACHE).get("key")); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).get("key")); - System.out.println( - client.cache("TEST_CACHE").get("key") - ); + executeOperation(c -> c.cache(CACHE).remove("key")); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).remove("key")); + + try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { + assertThat(sysPrmClnt.createCache(SYS_OPER_CACHE), notNullValue()); + + sysPrmClnt.destroyCache(SYS_OPER_CACHE); + + try { + sysPrmClnt.cache(SYS_OPER_CACHE).put("key", "any value"); + + fail(); + } + catch (Exception e) { + assertThat(e.getMessage(), containsString("Cache does not exist")); + } } - /*try (IgniteClient client = Ignition.startClient(new ClientConfiguration().setAddresses(Config.SERVER) - .setUserName("client_2") - .setUserPassword("123"))) { + executeForbiddenOperation(c -> c.createCache(SYS_OPER_CACHE)); + executeForbiddenOperation(c -> c.destroyCache(CACHE)); + } - System.out.println( - client.cache("TEST_CACHE").get("key") - ); - }*/ + /** + * @param cons Consumer. + */ + private void executeOperation(Consumer cons) throws Exception { + try (IgniteClient client = startClient(CLIENT)) { + cons.accept(client); + } } + /** + * @param cons Consumer. + */ + private void executeForbiddenOperation(Consumer cons) { + try (IgniteClient client = startClient(CLIENT)) { + cons.accept(client); + + fail(); + + } + catch (Exception e) { + assertThrowable(e); + } + } + + /** + * @param throwable Throwable. + */ + private void assertThrowable(Throwable throwable) { + assertThat(throwable instanceof ClientAuthorizationException, is(true)); + } + + /** + * @param userName User name. + */ + private IgniteClient startClient(String userName) { + return Ignition.startClient( + new ClientConfiguration().setAddresses(Config.SERVER) + .setUserName(userName) + .setUserPassword("") + ); + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/package-info.java new file mode 100644 index 0000000000000..f07e8a86f8301 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/package-info.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Contains security tests for Thin Client. + */ +package org.apache.ignite.internal.processor.security.client.thin; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java index cb7f268f3b6e5..46f61c2941307 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java @@ -18,12 +18,12 @@ package org.apache.ignite.internal.processor.security.compute; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; +import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; /** * Abstract compute security test. */ -public abstract class AbstractComputeTaskSecurityTest extends AbstractContextResolverSecurityProcessorTest { +public abstract class AbstractComputeTaskSecurityTest extends AbstractResolveSecurityContextTest { /** */ public void test() { checkSuccess(srvAllPerms, clntAllPerms); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java index 61eb14d102950..63ed04d012bea 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java @@ -92,7 +92,7 @@ private void successCompute(IgniteEx initiator, IgniteEx remote, */ private void failCompute(IgniteEx initiator, IgniteEx remote, TriConsumer consumer) { - assertCauseMessage( + assertCause( GridTestUtils.assertThrowsWithCause( () -> consumer.accept(initiator.compute(), "fail_key", -1) , SecurityException.class diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java index 1bcde39c01797..658283de7c5f3 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java @@ -194,7 +194,7 @@ private void successClosure(IgniteEx initiator, IgniteEx remote, */ private void failClosure(IgniteEx initiator, IgniteEx remote, TriConsumer consumer) { - assertCauseMessage( + assertCause( GridTestUtils.assertThrowsWithCause( () -> consumer.accept( diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java index b96117a79e0fd..db41c4c0e53f9 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java @@ -20,7 +20,7 @@ import java.util.concurrent.ExecutionException; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractContextResolverSecurityProcessorTest; +import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.testframework.GridTestUtils; @@ -32,7 +32,7 @@ /** * Security tests for an execute server task. */ -public class ExecuteServiceTaskSecurityTest extends AbstractContextResolverSecurityProcessorTest { +public class ExecuteServiceTaskSecurityTest extends AbstractResolveSecurityContextTest { /** */ public void testExecute() throws Exception { successExecute(clntAllPerms, clntReadOnlyPerm); @@ -75,7 +75,7 @@ private void successExecute(IgniteEx initiator, IgniteEx remote) throws Exceptio * @param remote Remote node. */ private void failExecute(IgniteEx initiator, IgniteEx remote) { - assertCauseMessage( + assertCause( GridTestUtils.assertThrowsWithCause( () -> { try { From d465f6f06573108d0241588c75c8ca61b5574cc4 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 23 Nov 2018 11:35:48 +0300 Subject: [PATCH 22/98] IGNITE-9560 fix comments --- .../query/h2/ddl/DdlStatementsProcessor.java | 1 - .../cache/IgniteDataStreamerSecurityTest.java | 17 +++++++++++++++++ .../security/cache/LoadCacheSecurityTest.java | 17 +++++++++++++++++ .../security/cache/ScanQuerySecurityTest.java | 17 +++++++++++++++++ 4 files changed, 51 insertions(+), 1 deletion(-) diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java index 400dc7e749b37..5c2865abe1350 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java @@ -328,7 +328,6 @@ else if (stmt0 instanceof GridSqlDropIndex) { } } else if (stmt0 instanceof GridSqlCreateTable) { - //todo MY_TODO написать тест, возмжно это уже лишнее ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, SecurityContextHolder.get()); GridSqlCreateTable cmd = (GridSqlCreateTable)stmt0; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java index 2e3c55f630b8d..180e787915ad1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processor.security.cache; import java.util.Map; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java index cecb54a753b5b..d50d6e552e787 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processor.security.cache; import java.util.UUID; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java index 85d8f593c7a5f..c7d6c00c120e8 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processor.security.cache; import java.util.UUID; From 05297d966a1b4f0ac79b7509209a42b6f8822019 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 23 Nov 2018 14:22:12 +0300 Subject: [PATCH 23/98] IGNITE-9560 fix comments --- .../cache/EntryProcessorSecurityTest.java | 146 +++++------------- 1 file changed, 42 insertions(+), 104 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java index b50fbd1a376d1..fca9724041902 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java @@ -48,10 +48,10 @@ public void testEntryProcessor() { private void successEntryProcessor(IgniteEx initiator, IgniteEx remote) { assert !remote.localNode().isClient(); - new Invoke(initiator, remote).call(); - new InvokeAll(initiator, remote).call(); - new InvokeAsync(initiator, remote).call(); - new InvokeAllAsync(initiator, remote).call(); + invoke(initiator, remote); + invokeAll(initiator, remote); + invokeAsync(initiator, remote); + invokeAllAsync(initiator, remote); } /** @@ -61,129 +61,66 @@ private void successEntryProcessor(IgniteEx initiator, IgniteEx remote) { private void failEntryProcessor(IgniteEx initiator, IgniteEx remote) { assert !remote.localNode().isClient(); - failCall(new Invoke(initiator, remote)); - failCall(new InvokeAll(initiator, remote)); - failCall(new InvokeAsync(initiator, remote)); - failCall(new InvokeAllAsync(initiator, remote)); + failCall(() -> invoke(initiator, remote)); + failCall(() -> invokeAll(initiator, remote)); + failCall(() -> invokeAsync(initiator, remote)); + failCall(() -> invokeAllAsync(initiator, remote)); } /** - * @param c CustomInvoke. + * @param r Runnable. */ - private void failCall(CustomInvoke c) { + private void failCall(Runnable r) { try { - c.call(); + r.run(); } catch (Throwable e) { assertCause(e); } } - /** */ - abstract class CustomInvoke { - /** Initiator. */ - protected final IgniteEx initiator; - - /** Remote. */ - protected final IgniteEx remote; - - /** - * @param initiator Initiator. - * @param remote Remote. - */ - protected CustomInvoke(IgniteEx initiator, IgniteEx remote) { - this.initiator = initiator; - this.remote = remote; - } - - /** - * Calling of invokeXXX method - */ - abstract void call(); - } - /** - * Call invoke method. + * @param initiator Initiator. + * @param remote Remote. */ - class Invoke extends CustomInvoke { - /** - * @param initiator Initiator. - * @param remote Remote. - */ - public Invoke(IgniteEx initiator, IgniteEx remote) { - super(initiator, remote); - } - - /** {@inheritDoc} */ - @Override public void call() { - initiator.cache(CACHE_WITHOUT_PERMS).invoke( - primaryKey(remote), - new TestEntryProcessor(remote.localNode().id()) - ); - } + private void invoke(IgniteEx initiator, IgniteEx remote) { + initiator.cache(CACHE_WITHOUT_PERMS).invoke( + primaryKey(remote), + new TestEntryProcessor(remote.localNode().id()) + ); } /** - * Call invokeAsync method. + * @param initiator Initiator. + * @param remote Remote. */ - class InvokeAsync extends CustomInvoke { - /** - * @param initiator Initiator. - * @param remote Remote. - */ - public InvokeAsync(IgniteEx initiator, IgniteEx remote) { - super(initiator, remote); - } - - /** {@inheritDoc} */ - @Override public void call() { - initiator.cache(CACHE_WITHOUT_PERMS).invokeAsync( - primaryKey(remote), - new TestEntryProcessor(remote.localNode().id()) - ).get(); - } + private void invokeAsync(IgniteEx initiator, IgniteEx remote) { + initiator.cache(CACHE_WITHOUT_PERMS).invokeAsync( + primaryKey(remote), + new TestEntryProcessor(remote.localNode().id()) + ).get(); } /** - * Call invokeAll method. + * @param initiator Initiator. + * @param remote Remote. */ - class InvokeAll extends CustomInvoke { - /** - * @param initiator Initiator. - * @param remote Remote. - */ - public InvokeAll(IgniteEx initiator, IgniteEx remote) { - super(initiator, remote); - } - - /** {@inheritDoc} */ - @Override public void call() { - initiator.cache(CACHE_WITHOUT_PERMS).invokeAll( - Collections.singleton(primaryKey(remote)), - new TestEntryProcessor(remote.localNode().id()) - ).values().stream().findFirst().ifPresent(EntryProcessorResult::get); - } + private void invokeAll(IgniteEx initiator, IgniteEx remote) { + initiator.cache(CACHE_WITHOUT_PERMS).invokeAll( + Collections.singleton(primaryKey(remote)), + new TestEntryProcessor(remote.localNode().id()) + ).values().stream().findFirst().ifPresent(EntryProcessorResult::get); } /** - * Call invokeAllAsync method. + * @param initiator Initiator. + * @param remote Remote. */ - class InvokeAllAsync extends CustomInvoke { - /** - * @param initiator Initiator. - * @param remote Remote. - */ - public InvokeAllAsync(IgniteEx initiator, IgniteEx remote) { - super(initiator, remote); - } - - /** {@inheritDoc} */ - @Override public void call() { - initiator.cache(CACHE_WITHOUT_PERMS).invokeAllAsync( - Collections.singleton(primaryKey(remote)), - new TestEntryProcessor(remote.localNode().id()) - ).get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); - } + private void invokeAllAsync(IgniteEx initiator, IgniteEx remote) { + initiator.cache(CACHE_WITHOUT_PERMS).invokeAllAsync( + Collections.singleton(primaryKey(remote)), + new TestEntryProcessor(remote.localNode().id()) + ).get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); } /** @@ -205,8 +142,9 @@ public TestEntryProcessor(UUID remoteId) { Object... objects) throws EntryProcessorException { IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - if (remoteId.equals(loc.localNode().id())) - loc.context().security().authorize(CACHE_NAME, SecurityPermission.CACHE_PUT); + assertEquals(remoteId, loc.localNode().id()); + + loc.context().security().authorize(CACHE_NAME, SecurityPermission.CACHE_PUT); return null; } From 349afb5e507777e4b8e0209ea8deb86f21c5976d Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 28 Nov 2018 11:31:16 +0300 Subject: [PATCH 24/98] IGNITE-9560 fix comments --- .../AbstractCacheSecurityTest.java | 3 +- .../AbstractResolveSecurityContextTest.java | 30 +++- .../security/AbstractSecurityTest.java | 4 + .../TestSecurityPluginConfiguration.java | 8 - .../security/TestSecurityProcessor.java | 7 +- .../TestSecurityProcessorProvider.java | 17 ++- .../cache/EntryProcessorSecurityTest.java | 27 ++-- .../security/cache/LoadCacheSecurityTest.java | 57 +++---- .../security/cache/ScanQuerySecurityTest.java | 144 ++++++------------ .../{thin => }/ThinClientSecurityTest.java | 11 +- .../client/{thin => }/package-info.java | 2 +- .../compute/ComputeTaskSecurityTest.java | 2 +- .../DistributedClosureSecurityTest.java | 2 +- .../ExecuteServiceTaskSecurityTest.java | 95 +++++------- .../IgniteDataStreamerSecurityTest.java | 65 +++----- .../security/datastreamer/package-info.java | 21 +++ .../ResolveSecurityContextTestSuite.java} | 8 +- .../ignite/testsuites/package-info.java | 21 +++ 18 files changed, 237 insertions(+), 287 deletions(-) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{cache => }/AbstractCacheSecurityTest.java (94%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/{thin => }/ThinClientSecurityTest.java (96%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/{thin => }/package-info.java (92%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{cache => datastreamer}/IgniteDataStreamerSecurityTest.java (59%) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/package-info.java rename modules/security/src/test/java/org/apache/ignite/{internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java => testsuites/ResolveSecurityContextTestSuite.java} (88%) create mode 100644 modules/security/src/test/java/org/apache/ignite/testsuites/package-info.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java similarity index 94% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java index 43606d4ce82d9..8abe4ee6d0e31 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/AbstractCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java @@ -15,14 +15,13 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache; +package org.apache.ignite.internal.processor.security; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.affinity.Affinity; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; /** * diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java index b0a479c2ba9b6..b82e34e413d70 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java @@ -18,6 +18,7 @@ package org.apache.ignite.internal.processor.security; import java.util.concurrent.atomic.AtomicInteger; +import java.util.function.Supplier; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; @@ -27,6 +28,8 @@ import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.core.Is.is; +import static org.hamcrest.core.IsNull.nullValue; import static org.junit.Assert.assertThat; /** @@ -79,12 +82,37 @@ public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { .setReadFromBackup(false)); } + /** + * @param s Supplier. + */ + protected void assertAllowed(Supplier s) { + Integer val = s.get(); + + assertThat(srvAllPerms.cache(CACHE_NAME).get("key"), is(val)); + } + + /** + * @param s Supplier. + */ + protected void assertForbidden(Supplier s) { + try { + s.get(); + + fail("Should not happen"); + } + catch (Throwable e) { + assertThat(X.cause(e, SecurityException.class), notNullValue()); + } + + assertThat(srvAllPerms.cache(CACHE_NAME).get("fail_key"), nullValue()); + } + /** * Assert that the passed throwable contains a cause exception with given type. * * @param throwable Throwable. */ - protected void assertCause(Throwable throwable) { + protected void assertCauseSecurityException(Throwable throwable) { assertThat(X.cause(throwable, SecurityException.class), notNullValue()); } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index a5aa875ccd951..39ea86f115d36 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -13,6 +13,9 @@ * Common class for security tests. */ public class AbstractSecurityTest extends GridCommonAbstractTest { + /** Test security processor. */ + public static final String TEST_SECURITY_PROCESSOR = "org.apache.ignite.internal.processor.security.TestSecurityProcessor"; + /** {@inheritDoc} */ @Override protected void afterTestsStopped() throws Exception { super.afterTestsStopped(); @@ -41,6 +44,7 @@ protected IgniteConfiguration getConfiguration(String instanceName, .setAuthenticationEnabled(true) .setPluginConfigurations( new TestSecurityPluginConfiguration() + .setSecurityProcessorClass(TEST_SECURITY_PROCESSOR) .setLogin(login) .setPwd(pwd) .setPermissions(prmSet) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java index 4210c77bef3db..d3bec4ee2948a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java @@ -20,7 +20,6 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; -import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.security.SecurityPermissionSet; @@ -28,10 +27,6 @@ * Security configuration for test. */ public class TestSecurityPluginConfiguration implements PluginConfiguration { - /** Default test security processor class name. */ - public static final String DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME = - "org.apache.ignite.internal.processor.security.TestSecurityProcessor"; - /** Node security data. */ private TestSecurityData nodeSecData = new TestSecurityData(); @@ -125,9 +120,6 @@ public Collection clientsSecData() { * Getting security processor class name. */ public String getSecurityProcessorClass() { - if (F.isEmpty(secProcCls)) - return DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME; - return secProcCls; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java index 1a3686ec40ca0..3db93bfe7c8fb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -61,7 +61,6 @@ public TestSecurityProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) { - return new TestSecurityContext( new TestSecuritySubject() .setType(REMOTE_NODE) @@ -78,7 +77,7 @@ public TestSecurityProcessor(GridKernalContext ctx) { } /** {@inheritDoc} */ - @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { + @Override public SecurityContext authenticate(AuthenticationContext ctx) { return new TestSecurityContext( new TestSecuritySubject() .setType(ctx.subjectType()) @@ -90,12 +89,12 @@ public TestSecurityProcessor(GridKernalContext ctx) { } /** {@inheritDoc} */ - @Override public Collection authenticatedSubjects() throws IgniteCheckedException { + @Override public Collection authenticatedSubjects() { return Collections.emptyList(); } /** {@inheritDoc} */ - @Override public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException { + @Override public SecuritySubject authenticatedSubject(UUID subjId) { return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java index acbaa887bcdd8..ddfa786ddcec1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java @@ -20,7 +20,6 @@ import java.io.Serializable; import java.lang.reflect.Constructor; import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.configuration.IgniteConfiguration; @@ -41,6 +40,10 @@ * Security processor provider for tests. */ public class TestSecurityProcessorProvider implements PluginProvider { + /** Default test security processor class name. */ + public static final String DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME = + "org.apache.ignite.internal.processors.security.os.GridOsSecurityProcessor"; + /** {@inheritDoc} */ @Override public String name() { return "TestSecurityProcessorProvider"; @@ -63,7 +66,7 @@ public class TestSecurityProcessorProvider implements PluginProvider { } /** {@inheritDoc} */ - @Override public void initExtensions(PluginContext ctx, ExtensionRegistry registry) throws IgniteCheckedException { + @Override public void initExtensions(PluginContext ctx, ExtensionRegistry registry) { // No-op. } @@ -113,7 +116,7 @@ public class TestSecurityProcessorProvider implements PluginProvider { * * @param ctx Context. */ - private String securityProcessorClass(PluginContext ctx){ + private String securityProcessorClass(PluginContext ctx) { IgniteConfiguration igniteCfg = ctx.igniteConfiguration(); if (igniteCfg.getPluginConfigurations() != null) { @@ -123,7 +126,7 @@ private String securityProcessorClass(PluginContext ctx){ } } - throw new IllegalStateException("Security processor class isn't defined."); + return DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME; } /** {@inheritDoc} */ @@ -132,17 +135,17 @@ private String securityProcessorClass(PluginContext ctx){ } /** {@inheritDoc} */ - @Override public void start(PluginContext ctx) throws IgniteCheckedException { + @Override public void start(PluginContext ctx) { // No-op. } /** {@inheritDoc} */ - @Override public void stop(boolean cancel) throws IgniteCheckedException { + @Override public void stop(boolean cancel) { // No-op. } /** {@inheritDoc} */ - @Override public void onIgniteStart() throws IgniteCheckedException { + @Override public void onIgniteStart() { // No-op. } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java index fca9724041902..be2309a189439 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java @@ -25,6 +25,7 @@ import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; import org.apache.ignite.plugin.security.SecurityPermission; /** @@ -33,19 +34,19 @@ public class EntryProcessorSecurityTest extends AbstractCacheSecurityTest { /** */ public void testEntryProcessor() { - successEntryProcessor(clntAllPerms, srvAllPerms); - successEntryProcessor(clntAllPerms, srvReadOnlyPerm); - successEntryProcessor(srvAllPerms, srvReadOnlyPerm); + assertAllowed(clntAllPerms, srvAllPerms); + assertAllowed(clntAllPerms, srvReadOnlyPerm); + assertAllowed(srvAllPerms, srvReadOnlyPerm); - failEntryProcessor(clntReadOnlyPerm, srvAllPerms); - failEntryProcessor(srvReadOnlyPerm, srvAllPerms); + assertForbidden(clntReadOnlyPerm, srvAllPerms); + assertForbidden(srvReadOnlyPerm, srvAllPerms); } /** * @param initiator Initiator node. * @param remote Remote node. */ - private void successEntryProcessor(IgniteEx initiator, IgniteEx remote) { + private void assertAllowed(IgniteEx initiator, IgniteEx remote) { assert !remote.localNode().isClient(); invoke(initiator, remote); @@ -58,24 +59,24 @@ private void successEntryProcessor(IgniteEx initiator, IgniteEx remote) { * @param initiator Initiator node. * @param remote Remote node. */ - private void failEntryProcessor(IgniteEx initiator, IgniteEx remote) { + private void assertForbidden(IgniteEx initiator, IgniteEx remote) { assert !remote.localNode().isClient(); - failCall(() -> invoke(initiator, remote)); - failCall(() -> invokeAll(initiator, remote)); - failCall(() -> invokeAsync(initiator, remote)); - failCall(() -> invokeAllAsync(initiator, remote)); + forbiddenCall(() -> invoke(initiator, remote)); + forbiddenCall(() -> invokeAll(initiator, remote)); + forbiddenCall(() -> invokeAsync(initiator, remote)); + forbiddenCall(() -> invokeAllAsync(initiator, remote)); } /** * @param r Runnable. */ - private void failCall(Runnable r) { + private void forbiddenCall(Runnable r) { try { r.run(); } catch (Throwable e) { - assertCause(e); + assertCauseSecurityException(e); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java index d50d6e552e787..5297c033feb0d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java @@ -26,15 +26,10 @@ import org.apache.ignite.cache.store.CacheStoreAdapter; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; -import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.resources.IgniteInstanceResource; -import org.apache.ignite.testframework.GridTestUtils; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.core.IsNull.nullValue; -import static org.junit.Assert.assertThat; /** * Security tests for cache data load. @@ -55,52 +50,36 @@ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { }; } - /** */ + /** + * + */ public void testLoadCache() { - successLoad(clntAllPerms, srvAllPerms); - successLoad(clntAllPerms, srvReadOnlyPerm); - successLoad(srvAllPerms, srvAllPerms); - successLoad(srvAllPerms, srvReadOnlyPerm); - - failLoad(clntReadOnlyPerm, srvAllPerms); - failLoad(srvReadOnlyPerm, srvAllPerms); - failLoad(srvReadOnlyPerm, srvReadOnlyPerm); + assertAllowed(() -> load(clntAllPerms, srvAllPerms, "key")); + assertAllowed(() -> load(clntAllPerms, srvReadOnlyPerm, "key")); + assertAllowed(() -> load(srvAllPerms, srvAllPerms, "key")); + assertAllowed(() -> load(srvAllPerms, srvReadOnlyPerm, "key")); + + assertForbidden(() -> load(clntReadOnlyPerm, srvAllPerms, "fail_key")); + assertForbidden(() -> load(srvReadOnlyPerm, srvAllPerms, "fail_key")); + assertForbidden(() -> load(srvReadOnlyPerm, srvReadOnlyPerm, "fail_key")); } /** * @param initiator Initiator node. - * @param remote Remote node. + * @param remote Remoute node. + * @param key Key. + * @return Value that will be to put into cache with passed key. */ - private void successLoad(IgniteEx initiator, IgniteEx remote) { + private Integer load(IgniteEx initiator, IgniteEx remote, String key) { assert !remote.localNode().isClient(); Integer val = values.getAndIncrement(); initiator.cache(CACHE_WITHOUT_PERMS).loadCache( - new TestClosure(remote.localNode().id(), "key", val) - ); - - assertThat(srvAllPerms.cache(CACHE_NAME).get("key"), is(val)); - } - - /** - * @param initiator Initiator node. - * @param remote Remote node. - */ - private void failLoad(IgniteEx initiator, IgniteEx remote) { - assert !remote.localNode().isClient(); - - assertCause( - GridTestUtils.assertThrowsWithCause( - () -> initiator.cache(CACHE_WITHOUT_PERMS) - .loadCache( - new TestClosure(remote.localNode().id(), "fail_key", -1) - ) - , SecurityException.class - ) + new TestClosure(remote.localNode().id(), key, val) ); - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + return val; } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java index c7d6c00c120e8..6cdd35b5b3cda 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java @@ -23,140 +23,92 @@ import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; -import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.resources.IgniteInstanceResource; -import org.apache.ignite.testframework.GridTestUtils; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; /** * Security test for scan query. */ public class ScanQuerySecurityTest extends AbstractCacheSecurityTest { - /** */ + /** + * + */ public void testScanQuery() throws Exception { putTestData(srvAllPerms, CACHE_NAME); putTestData(srvAllPerms, CACHE_WITHOUT_PERMS); awaitPartitionMapExchange(); - successQuery(clntAllPerms, srvAllPerms, CACHE_NAME); - successQuery(srvAllPerms, srvAllPerms, CACHE_NAME); - successQuery(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); - successQuery(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); - - successTransform(clntAllPerms, srvAllPerms, CACHE_NAME); - successTransform(srvAllPerms, srvAllPerms, CACHE_NAME); - successTransform(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); - successTransform(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS); - - successQuery(clntAllPerms, srvReadOnlyPerm, CACHE_NAME); - successQuery(srvAllPerms, srvReadOnlyPerm, CACHE_NAME); - successQuery(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); - successQuery(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); - - successTransform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME); - successTransform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME); - successTransform(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); - successTransform(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS); - - failQuery(clntReadOnlyPerm, srvAllPerms, CACHE_NAME); - failQuery(srvReadOnlyPerm, srvAllPerms, CACHE_NAME); - failQuery(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); - failQuery(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); - - failTransform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME); - failTransform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME); - failTransform(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); - failTransform(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS); - } - - /** - * @param initiator Initiator. - * @param remote Remote. - * @param cacheName Cache name. - */ - private void failQuery(IgniteEx initiator, IgniteEx remote, String cacheName) { - assert !remote.localNode().isClient(); - - assertCause( - GridTestUtils.assertThrowsWithCause( - () -> { - initiator.cache(cacheName).query( - new ScanQuery<>( - new QueryFilter(remote.localNode().id(), "fail_key", -1) - ) - ).getAll(); - } - , SecurityException.class - ) - ); - - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertAllowed(() -> query(clntAllPerms, srvAllPerms, CACHE_NAME, "key")); + assertAllowed(() -> query(srvAllPerms, srvAllPerms, CACHE_NAME, "key")); + assertAllowed(() -> query(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS, "key")); + assertAllowed(() -> query(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS, "key")); + + assertAllowed(() -> transform(clntAllPerms, srvAllPerms, CACHE_NAME, "key")); + assertAllowed(() -> transform(srvAllPerms, srvAllPerms, CACHE_NAME, "key")); + assertAllowed(() -> transform(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS, "key")); + assertAllowed(() -> transform(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS, "key")); + + assertAllowed(() -> query(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); + assertAllowed(() -> query(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); + assertAllowed(() -> query(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS, "key")); + assertAllowed(() -> query(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS, "key")); + + assertAllowed(() -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); + assertAllowed(() -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); + assertAllowed(() -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS, "key")); + assertAllowed(() -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS, "key")); + + assertForbidden(() -> query(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); + assertForbidden(() -> query(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); + assertForbidden(() -> query(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS, "fail_key")); + assertForbidden(() -> query(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS, "fail_key")); + + assertForbidden(() -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); + assertForbidden(() -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); + assertForbidden(() -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS, "fail_key")); + assertForbidden(() -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS, "fail_key")); } /** - * @param initiator Initiator. - * @param remote Remote. - * @param cacheName Cache name. + * @param initiator Initiator node. + * @param remote Remoute node. + * @param key Key. + * @return Value that will be to put into cache with passed key. */ - private void successQuery(IgniteEx initiator, IgniteEx remote, String cacheName) { + private Integer query(IgniteEx initiator, IgniteEx remote, String cacheName, String key) { assert !remote.localNode().isClient(); Integer val = values.getAndIncrement(); initiator.cache(cacheName).query( new ScanQuery<>( - new QueryFilter(remote.localNode().id(), "key", val) + new QueryFilter(remote.localNode().id(), key, val) ) ).getAll(); - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); - } - - /** - * @param initiator Initiator. - * @param remote Remote. - * @param cacheName Cache name. - */ - private void failTransform(IgniteEx initiator, IgniteEx remote, String cacheName) { - assert !remote.localNode().isClient(); - - assertCause( - GridTestUtils.assertThrowsWithCause( - () -> { - initiator.cache(cacheName).query( - new ScanQuery<>((k, v) -> true), - new Transformer(remote.localNode().id(), "fail_key", -1) - ).getAll(); - } - , SecurityException.class - ) - ); - - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + return val; } /** - * @param initiator Initiator. - * @param remote Remote. - * @param cacheName Cache name. + * @param initiator Initiator node. + * @param remote Remoute node. + * @param key Key. + * @return Value that will be to put into cache with passed key. */ - private void successTransform(IgniteEx initiator, IgniteEx remote, String cacheName) { + private Integer transform(IgniteEx initiator, IgniteEx remote, String cacheName, String key) { assert !remote.localNode().isClient(); Integer val = values.getAndIncrement(); initiator.cache(cacheName).query( new ScanQuery<>((k, v) -> true), - new Transformer(remote.localNode().id(), "key", val) + new Transformer(remote.localNode().id(), key, val) ).getAll(); - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + return val; } /** @@ -209,7 +161,7 @@ protected void put() { /** * Test query filter. - * */ + */ static class QueryFilter extends CommonClosure implements IgniteBiPredicate { /** * @param remoteId Remote id. diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java index 7c85da08fde8f..8e4327fd16a3a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/ThinClientSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.client.thin; +package org.apache.ignite.internal.processor.security.client; import java.util.function.Consumer; import org.apache.ignite.Ignition; @@ -92,6 +92,7 @@ protected IgniteConfiguration getConfiguration(int idx, .setAuthenticationEnabled(true) .setPluginConfigurations( new TestSecurityPluginConfiguration() + .setSecurityProcessorClass(TEST_SECURITY_PROCESSOR) .setLogin("srv_" + instanceName) .setPermissions(allowAll()) .clientSecData(clientData) @@ -140,6 +141,12 @@ public void testCacheOperations() throws Exception { executeOperation(c -> c.cache(CACHE).remove("key")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).remove("key")); + } + + /** + * @throws Exception If error occurs. + */ + /*public void testSysOperation() throws Exception { try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { assertThat(sysPrmClnt.createCache(SYS_OPER_CACHE), notNullValue()); @@ -157,7 +164,7 @@ public void testCacheOperations() throws Exception { executeForbiddenOperation(c -> c.createCache(SYS_OPER_CACHE)); executeForbiddenOperation(c -> c.destroyCache(CACHE)); - } + }*/ /** * @param cons Consumer. diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/package-info.java similarity index 92% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/package-info.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/package-info.java index f07e8a86f8301..fd21bbbe114bf 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/thin/package-info.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/package-info.java @@ -18,4 +18,4 @@ /** * Contains security tests for Thin Client. */ -package org.apache.ignite.internal.processor.security.client.thin; \ No newline at end of file +package org.apache.ignite.internal.processor.security.client; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java index 63ed04d012bea..137ee002c83eb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java @@ -92,7 +92,7 @@ private void successCompute(IgniteEx initiator, IgniteEx remote, */ private void failCompute(IgniteEx initiator, IgniteEx remote, TriConsumer consumer) { - assertCause( + assertCauseSecurityException( GridTestUtils.assertThrowsWithCause( () -> consumer.accept(initiator.compute(), "fail_key", -1) , SecurityException.class diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java index 658283de7c5f3..37fa96f2f8b38 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java @@ -194,7 +194,7 @@ private void successClosure(IgniteEx initiator, IgniteEx remote, */ private void failClosure(IgniteEx initiator, IgniteEx remote, TriConsumer consumer) { - assertCause( + assertCauseSecurityException( GridTestUtils.assertThrowsWithCause( () -> consumer.accept( diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java index db41c4c0e53f9..4da02fbcbaec5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java @@ -17,85 +17,58 @@ package org.apache.ignite.internal.processor.security.compute; -import java.util.concurrent.ExecutionException; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.testframework.GridTestUtils; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; /** * Security tests for an execute server task. */ public class ExecuteServiceTaskSecurityTest extends AbstractResolveSecurityContextTest { - /** */ - public void testExecute() throws Exception { - successExecute(clntAllPerms, clntReadOnlyPerm); - successExecute(clntAllPerms, srvReadOnlyPerm); - successExecute(srvAllPerms, clntReadOnlyPerm); - successExecute(srvAllPerms, srvReadOnlyPerm); - successExecute(srvAllPerms, srvAllPerms); - successExecute(clntAllPerms, clntAllPerms); - - failExecute(clntReadOnlyPerm, srvAllPerms); - failExecute(clntReadOnlyPerm, clntAllPerms); - failExecute(srvReadOnlyPerm, srvAllPerms); - failExecute(srvReadOnlyPerm, clntAllPerms); - failExecute(srvReadOnlyPerm, srvReadOnlyPerm); - failExecute(clntReadOnlyPerm, clntReadOnlyPerm); - } - /** - * @param initiator Initiator node. - * @param remote Remote node. + * */ - private void successExecute(IgniteEx initiator, IgniteEx remote) throws Exception { - int val = values.getAndIncrement(); + public void testExecute() { + assertAllowed(() -> execute(clntAllPerms, clntReadOnlyPerm, "key")); + assertAllowed(() -> execute(clntAllPerms, srvReadOnlyPerm, "key")); + assertAllowed(() -> execute(srvAllPerms, clntReadOnlyPerm, "key")); + assertAllowed(() -> execute(srvAllPerms, srvReadOnlyPerm, "key")); + assertAllowed(() -> execute(srvAllPerms, srvAllPerms, "key")); + assertAllowed(() -> execute(clntAllPerms, clntAllPerms, "key")); - initiator.executorService(initiator.cluster().forNode(remote.localNode())) - .submit( - new IgniteRunnable() { - @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME) - .put("key", val); - } - } - ).get(); - - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + assertForbidden(() -> execute(clntReadOnlyPerm, srvAllPerms, "fail_key")); + assertForbidden(() -> execute(clntReadOnlyPerm, clntAllPerms, "fail_key")); + assertForbidden(() -> execute(srvReadOnlyPerm, srvAllPerms, "fail_key")); + assertForbidden(() -> execute(srvReadOnlyPerm, clntAllPerms, "fail_key")); + assertForbidden(() -> execute(srvReadOnlyPerm, srvReadOnlyPerm, "fail_key")); + assertForbidden(() -> execute(clntReadOnlyPerm, clntReadOnlyPerm, "fail_key")); } /** * @param initiator Initiator node. - * @param remote Remote node. + * @param remote Remoute node. + * @param key Key. + * @return Value that will be to put into cache with passed key. */ - private void failExecute(IgniteEx initiator, IgniteEx remote) { - assertCause( - GridTestUtils.assertThrowsWithCause( - () -> { - try { - initiator.executorService(initiator.cluster().forNode(remote.localNode())) - .submit( - new IgniteRunnable() { - @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME).put("fail_key", -1); - } - } - ).get(); - } - catch (InterruptedException | ExecutionException e) { - throw new RuntimeException(e); + private Integer execute(IgniteEx initiator, IgniteEx remote, String key) { + Integer val = values.getAndIncrement(); + + try { + initiator.executorService(initiator.cluster().forNode(remote.localNode())) + .submit( + new IgniteRunnable() { + @Override public void run() { + Ignition.localIgnite().cache(CACHE_NAME) + .put(key, val); + } } - } - , SecurityException.class - ) - ); + ).get(); + } + catch (Exception e) { + throw new RuntimeException(e); + } - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + return val; } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java similarity index 59% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java index 180e787915ad1..bc69d3288a85b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache; +package org.apache.ignite.internal.processor.security.datastreamer; import java.util.Map; import java.util.UUID; @@ -24,76 +24,47 @@ import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; import org.apache.ignite.lang.IgniteBiInClosure; -import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.stream.StreamVisitor; -import org.apache.ignite.testframework.GridTestUtils; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; /** * Security tests for IgniteDataStream receiver. */ public class IgniteDataStreamerSecurityTest extends AbstractCacheSecurityTest { - /** */ - public void testDataStreamer() { - successReceiver(clntAllPerms, srvAllPerms); - successReceiver(clntAllPerms, srvReadOnlyPerm); - successReceiver(srvAllPerms, srvAllPerms); - successReceiver(srvAllPerms, srvReadOnlyPerm); - - failReceiver(clntReadOnlyPerm, srvAllPerms); - failReceiver(srvReadOnlyPerm, srvAllPerms); - failReceiver(srvReadOnlyPerm, srvReadOnlyPerm); - } - /** - * @param initiator Initiator node. - * @param remote Remote node. + * */ - private void failReceiver(IgniteEx initiator, IgniteEx remote) { - assert !remote.localNode().isClient(); - - assertCause( - GridTestUtils.assertThrowsWithCause( - () -> { - try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_WITHOUT_PERMS)) { - strm.receiver( - StreamVisitor.from( - new TestClosure(remote.localNode().id(), "fail_key", -1) - )); - - strm.addData(primaryKey(remote), 100); - } - } - , SecurityException.class - ) - ); - - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + public void testDataStreamer() { + assertAllowed(() -> load(clntAllPerms, srvAllPerms, "key")); + assertAllowed(() -> load(clntAllPerms, srvReadOnlyPerm, "key")); + assertAllowed(() -> load(srvAllPerms, srvAllPerms, "key")); + assertAllowed(() -> load(srvAllPerms, srvReadOnlyPerm, "key")); + + assertForbidden(() -> load(clntReadOnlyPerm, srvAllPerms, "fail_key")); + assertForbidden(() -> load(srvReadOnlyPerm, srvAllPerms, "fail_key")); + assertForbidden(() -> load(srvReadOnlyPerm, srvReadOnlyPerm, "fail_key")); } /** * @param initiator Initiator node. - * @param remote Remote node. + * @param remote Remoute node. + * @param key Key. + * @return Value that will be to put into cache with passed key. */ - private void successReceiver(IgniteEx initiator, IgniteEx remote) { - assert !remote.localNode().isClient(); - + private Integer load(IgniteEx initiator, IgniteEx remote, String key) { Integer val = values.getAndIncrement(); try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_WITHOUT_PERMS)) { strm.receiver( StreamVisitor.from( - new TestClosure(remote.localNode().id(), "key", val) + new TestClosure(remote.localNode().id(), key, val) )); strm.addData(primaryKey(remote), 100); } - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + return val; } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/package-info.java new file mode 100644 index 0000000000000..68c2b42c8db19 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/package-info.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Contains security tests for Data Streamer. + */ +package org.apache.ignite.internal.processor.security.datastreamer; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java similarity index 88% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java rename to modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java index 08b34adc406da..409f6c500b610 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/SecurityContextResolverSecurityProcessorTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java @@ -15,15 +15,15 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.testsuites; import java.util.Set; import junit.framework.TestSuite; import org.apache.ignite.internal.processor.security.cache.EntryProcessorSecurityTest; -import org.apache.ignite.internal.processor.security.cache.IgniteDataStreamerSecurityTest; +import org.apache.ignite.internal.processor.security.datastreamer.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.cache.LoadCacheSecurityTest; import org.apache.ignite.internal.processor.security.cache.ScanQuerySecurityTest; -import org.apache.ignite.internal.processor.security.client.thin.ThinClientSecurityTest; +import org.apache.ignite.internal.processor.security.client.ThinClientSecurityTest; import org.apache.ignite.internal.processor.security.compute.ComputeTaskSecurityTest; import org.apache.ignite.internal.processor.security.compute.DistributedClosureSecurityTest; import org.apache.ignite.internal.processor.security.compute.ExecuteServiceTaskSecurityTest; @@ -32,7 +32,7 @@ /** * Security test suite. */ -public class SecurityContextResolverSecurityProcessorTestSuite extends TestSuite { +public class ResolveSecurityContextTestSuite extends TestSuite { /** * @return Test suite. * @throws Exception Thrown in case of the failure. diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/package-info.java b/modules/security/src/test/java/org/apache/ignite/testsuites/package-info.java new file mode 100644 index 0000000000000..998eaa88f3685 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/package-info.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Contains internal tests or test related classes and interfaces. + */ +package org.apache.ignite.testsuites; \ No newline at end of file From 98bb76590b1e3e0656e2f90f48d4f062199c01e3 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 3 Dec 2018 12:32:28 +0300 Subject: [PATCH 25/98] IGNITE-9560 Added messaging fix and tests. Deleted authorize from thin client requests. --- .../internal/GridMessageListenHandler.java | 2 +- .../managers/communication/GridIoManager.java | 54 +++--- .../odbc/ClientListenerNioListener.java | 5 + .../platform/client/ClientRequest.java | 11 -- .../cache/ClientCacheClearKeyRequest.java | 3 - .../cache/ClientCacheClearKeysRequest.java | 3 - .../client/cache/ClientCacheClearRequest.java | 3 - .../cache/ClientCacheContainsKeyRequest.java | 3 - .../cache/ClientCacheContainsKeysRequest.java | 3 - ...ntCacheCreateWithConfigurationRequest.java | 3 - .../ClientCacheCreateWithNameRequest.java | 3 - .../cache/ClientCacheDestroyRequest.java | 3 - .../cache/ClientCacheGetAllRequest.java | 6 +- .../ClientCacheGetAndPutIfAbsentRequest.java | 3 - .../cache/ClientCacheGetAndPutRequest.java | 3 - .../cache/ClientCacheGetAndRemoveRequest.java | 3 - .../ClientCacheGetAndReplaceRequest.java | 3 - ...heGetOrCreateWithConfigurationRequest.java | 3 - ...ClientCacheGetOrCreateWithNameRequest.java | 3 - .../client/cache/ClientCacheGetRequest.java | 2 - .../cache/ClientCacheGetSizeRequest.java | 6 +- .../cache/ClientCacheLocalPeekRequest.java | 3 - .../ClientCacheNodePartitionsRequest.java | 2 - .../cache/ClientCachePutAllRequest.java | 8 +- .../cache/ClientCachePutIfAbsentRequest.java | 3 - .../client/cache/ClientCachePutRequest.java | 3 - .../cache/ClientCacheRemoveAllRequest.java | 3 - .../ClientCacheRemoveIfEqualsRequest.java | 3 - .../cache/ClientCacheRemoveKeyRequest.java | 3 - .../cache/ClientCacheRemoveKeysRequest.java | 3 - .../ClientCacheReplaceIfEqualsRequest.java | 3 - .../cache/ClientCacheReplaceRequest.java | 3 - .../client/cache/ClientCacheRequest.java | 32 ---- .../cache/ClientCacheScanQueryRequest.java | 3 - .../security/CurrentRemoteInitiator.java | 113 +++++++++++++ .../CurrentRemoteInitiatorIdentifier.java | 71 -------- .../processors/security/RemoteInitiator.java | 59 +++++++ ...urityContextResolverSecurityProcessor.java | 31 ++-- .../security/AbstractSecurityTest.java | 4 + .../client/ThinClientSecurityTest.java | 78 ++++++++- .../messaging/IgniteMessagingTest.java | 155 ++++++++++++++++++ .../security/messaging/package-info.java | 21 +++ .../ResolveSecurityContextTestSuite.java | 2 + 43 files changed, 489 insertions(+), 245 deletions(-) create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiator.java delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/RemoteInitiator.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/package-info.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java index c146eca255aba..7bfc6da05d7b8 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java @@ -134,7 +134,7 @@ public GridMessageListenHandler(GridMessageListenHandler orig) { /** {@inheritDoc} */ @Override public RegisterStatus register(UUID nodeId, UUID routineId, final GridKernalContext ctx) throws IgniteCheckedException { - ctx.io().addUserMessageListener(topic, pred); + ctx.io().addUserMessageListener(topic, pred, nodeId); return RegisterStatus.REGISTERED; } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 9909ac925b88e..cfa9fedd0518f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,7 +70,7 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; -import org.apache.ignite.internal.processors.security.CurrentRemoteInitiatorIdentifier; +import org.apache.ignite.internal.processors.security.CurrentRemoteInitiator; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -141,9 +141,6 @@ public class GridIoManager extends GridManagerAdapter CUR_PLC = new ThreadLocal<>(); - /** Current remote initiator node. */ - private static final CurrentRemoteInitiatorIdentifier CUR_RMT_INITIATOR = new CurrentRemoteInitiatorIdentifier(); - /** Listeners by topic. */ private final ConcurrentMap lsnrMap = new ConcurrentHashMap<>(); @@ -1568,7 +1565,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - CUR_RMT_INITIATOR.set(ctx, nodeId); + CurrentRemoteInitiator.set(ctx, nodeId); try { lsnr.onMessage(nodeId, msg, plc); @@ -1577,24 +1574,17 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(oldPlc); - CUR_RMT_INITIATOR.remove(ctx, nodeId); + CurrentRemoteInitiator.remove(ctx, nodeId); } } /** * @return Current IO policy */ - @Nullable public static Byte currentPolicy() { + public static @Nullable Byte currentPolicy() { return CUR_PLC.get(); } - /** - * @return Current near node's id. - */ - @Nullable public static UUID currentRemoteInitiator(){ - return CUR_RMT_INITIATOR.get(); - } - /** * @param nodeId Node ID. * @param sndErr Send error. @@ -1993,12 +1983,17 @@ else if (loc) { } } + public void addUserMessageListener(final @Nullable Object topic, final @Nullable IgniteBiPredicate p) { + addUserMessageListener(topic, p, null); + } + /** * @param topic Topic to subscribe to. * @param p Message predicate. */ @SuppressWarnings("unchecked") - public void addUserMessageListener(@Nullable final Object topic, @Nullable final IgniteBiPredicate p) { + public void addUserMessageListener(final @Nullable Object topic, + final @Nullable IgniteBiPredicate p, final @Nullable UUID nodeId) { if (p != null) { try { if (p instanceof PlatformMessageFilter) @@ -2007,7 +2002,7 @@ public void addUserMessageListener(@Nullable final Object topic, @Nullable final ctx.resource().injectGeneric(p); addMessageListener(TOPIC_COMM_USER, - new GridUserMessageListener(topic, (IgniteBiPredicate)p)); + new GridUserMessageListener(topic, (IgniteBiPredicate)p, nodeId)); } catch (IgniteCheckedException e) { throw new IgniteException(e); @@ -2446,15 +2441,29 @@ private class GridUserMessageListener implements GridMessageListener { /** User message topic. */ private final Object topic; + private final UUID initNodeId; + /** * @param topic User topic. * @param predLsnr Predicate listener. + * @param initNodeId Node id that registered given listener. * @throws IgniteCheckedException If failed to inject resources to predicates. */ - GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr) + GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr, @Nullable UUID initNodeId) throws IgniteCheckedException { this.topic = topic; this.predLsnr = predLsnr; + this.initNodeId = initNodeId; + } + + /** + * @param topic User topic. + * @param predLsnr Predicate listener. + * @throws IgniteCheckedException If failed to inject resources to predicates. + */ + GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr) + throws IgniteCheckedException { + this(topic, predLsnr, null); } /** {@inheritDoc} */ @@ -2551,8 +2560,15 @@ private class GridUserMessageListener implements GridMessageListener { if (msgBody != null) { if (predLsnr != null) { - if (!predLsnr.apply(nodeId, msgBody)) - removeMessageListener(TOPIC_COMM_USER, this); + CurrentRemoteInitiator.set(ctx, initNodeId); + + try { + if (!predLsnr.apply(nodeId, msgBody)) + removeMessageListener(TOPIC_COMM_USER, this); + } + finally { + CurrentRemoteInitiator.remove(ctx, initNodeId); + } } } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java index debef427d3f8b..2b4eba2ca77a2 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java @@ -33,6 +33,7 @@ import org.apache.ignite.internal.processors.odbc.odbc.OdbcConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientStatus; +import org.apache.ignite.internal.processors.security.CurrentRemoteInitiator; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.processors.security.SecurityContextHolder; import org.apache.ignite.internal.util.GridSpinBusyLock; @@ -167,6 +168,8 @@ public ClientListenerNioListener(GridKernalContext ctx, GridSpinBusyLock busyLoc AuthorizationContext authCtx = connCtx.authorizationContext(); SecurityContext oldSecCtx = SecurityContextHolder.push(connCtx.securityContext()); + CurrentRemoteInitiator.set(connCtx.securityContext()); + if (authCtx != null) AuthorizationContext.context(authCtx); @@ -176,6 +179,8 @@ public ClientListenerNioListener(GridKernalContext ctx, GridSpinBusyLock busyLoc finally { SecurityContextHolder.pop(oldSecCtx); + CurrentRemoteInitiator.remove(); + if (authCtx != null) AuthorizationContext.clear(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequest.java index 6a5351777847e..ce2c6d7dea2dc 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequest.java @@ -20,7 +20,6 @@ import org.apache.ignite.binary.BinaryRawReader; import org.apache.ignite.internal.processors.odbc.ClientListenerRequest; import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Thin client request. @@ -76,14 +75,4 @@ protected static void runWithSecurityExceptionHandler(Runnable runnable) { ); } } - - /** - * Authorize for specified permission. - */ - protected void authorize(ClientConnectionContext ctx, SecurityPermission perm) { -// SecurityContext secCtx = ctx.securityContext(); -// -// if (secCtx != null) -// runWithSecurityExceptionHandler(() -> ctx.kernalContext().security().authorize(null, perm, secCtx)); - } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearKeyRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearKeyRequest.java index 5f8e952234bf8..6bcbbe89b2636 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearKeyRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearKeyRequest.java @@ -20,7 +20,6 @@ import org.apache.ignite.internal.binary.BinaryRawReaderEx; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Clear key request. @@ -38,8 +37,6 @@ public ClientCacheClearKeyRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_REMOVE); - cache(ctx).clear(key()); return super.process(ctx); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearKeysRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearKeysRequest.java index d803f697420f3..04eb7f60c9502 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearKeysRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearKeysRequest.java @@ -20,7 +20,6 @@ import org.apache.ignite.internal.binary.BinaryRawReaderEx; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Clear keys request. @@ -38,8 +37,6 @@ public ClientCacheClearKeysRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_REMOVE); - cache(ctx).clearAll(keys()); return super.process(ctx); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearRequest.java index 59d0ec5fefcda..3bf236b767b24 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheClearRequest.java @@ -20,7 +20,6 @@ import org.apache.ignite.binary.BinaryRawReader; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache clear request. @@ -37,8 +36,6 @@ public ClientCacheClearRequest(BinaryRawReader reader) { /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_REMOVE); - cache(ctx).clear(); return super.process(ctx); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheContainsKeyRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheContainsKeyRequest.java index 386f448bb4b53..8470828e424a1 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheContainsKeyRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheContainsKeyRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientBooleanResponse; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * ContainsKey request. @@ -39,8 +38,6 @@ public ClientCacheContainsKeyRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ); - boolean val = cache(ctx).containsKey(key()); return new ClientBooleanResponse(requestId(), val); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheContainsKeysRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheContainsKeysRequest.java index b5184bfc1afc9..41e13068db1f5 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheContainsKeysRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheContainsKeysRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientBooleanResponse; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * ContainsKeys request. @@ -39,8 +38,6 @@ public ClientCacheContainsKeysRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ); - boolean val = cache(ctx).containsKeys(keys()); return new ClientBooleanResponse(requestId(), val); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheCreateWithConfigurationRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheCreateWithConfigurationRequest.java index 9f1d63fccabc2..064ed3e59271e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheCreateWithConfigurationRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheCreateWithConfigurationRequest.java @@ -26,7 +26,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientResponse; import org.apache.ignite.internal.processors.platform.client.ClientStatus; import org.apache.ignite.internal.processors.platform.client.IgniteClientException; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache create with configuration request. @@ -50,8 +49,6 @@ public ClientCacheCreateWithConfigurationRequest(BinaryRawReader reader, ClientL /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_CREATE); - try { // Use security exception handler since the code authorizes "enable on-heap cache" permission runWithSecurityExceptionHandler(() -> ctx.kernalContext().grid().createCache(cacheCfg)); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheCreateWithNameRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheCreateWithNameRequest.java index cacf099b4f81f..9155d76bfee00 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheCreateWithNameRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheCreateWithNameRequest.java @@ -24,7 +24,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientResponse; import org.apache.ignite.internal.processors.platform.client.ClientStatus; import org.apache.ignite.internal.processors.platform.client.IgniteClientException; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache create with name request. @@ -46,8 +45,6 @@ public ClientCacheCreateWithNameRequest(BinaryRawReader reader) { /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_CREATE); - try { ctx.kernalContext().grid().createCache(cacheName); } catch (CacheExistsException e) { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheDestroyRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheDestroyRequest.java index b6f85eec3d9fc..6645a03a06b4f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheDestroyRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheDestroyRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientRequest; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache destroy request. @@ -43,8 +42,6 @@ public ClientCacheDestroyRequest(BinaryRawReader reader) { /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_DESTROY); - String cacheName = ClientCacheRequest.cacheDescriptor(ctx, cacheId).cacheName(); ctx.kernalContext().grid().destroyCache(cacheName); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAllRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAllRequest.java index a07305c4ce14b..6d7943b869e23 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAllRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAllRequest.java @@ -17,13 +17,11 @@ package org.apache.ignite.internal.processors.platform.client.cache; +import java.util.Map; import org.apache.ignite.internal.binary.BinaryRawReaderEx; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import java.util.Map; -import org.apache.ignite.plugin.security.SecurityPermission; - /** * GetAll request. */ @@ -40,8 +38,6 @@ public ClientCacheGetAllRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ); - Map val = cache(ctx).getAll(keys()); return new ClientCacheGetAllResponse(requestId(), val); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndPutIfAbsentRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndPutIfAbsentRequest.java index 8713a211bb4eb..836021313c5fc 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndPutIfAbsentRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndPutIfAbsentRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientObjectResponse; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache get and put if absent request. @@ -39,8 +38,6 @@ public ClientCacheGetAndPutIfAbsentRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT); - Object res = cache(ctx).getAndPutIfAbsent(key(), val()); return new ClientObjectResponse(requestId(), res); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndPutRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndPutRequest.java index dde5181303cef..7a540e8473ac9 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndPutRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndPutRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientObjectResponse; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache get and put request. @@ -39,8 +38,6 @@ public ClientCacheGetAndPutRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT); - Object res = cache(ctx).getAndPut(key(), val()); return new ClientObjectResponse(requestId(), res); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndRemoveRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndRemoveRequest.java index 3b9dd4bab88c3..e4fd735b186ac 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndRemoveRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndRemoveRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientObjectResponse; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache get and remove request. @@ -39,8 +38,6 @@ public ClientCacheGetAndRemoveRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ, SecurityPermission.CACHE_REMOVE); - Object val = cache(ctx).getAndRemove(key()); return new ClientObjectResponse(requestId(), val); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndReplaceRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndReplaceRequest.java index 8ba157a762c9c..dba8639e4c07a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndReplaceRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetAndReplaceRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientObjectResponse; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache get and replace request. @@ -39,8 +38,6 @@ public ClientCacheGetAndReplaceRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT); - Object res = cache(ctx).getAndReplace(key(), val()); return new ClientObjectResponse(requestId(), res); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetOrCreateWithConfigurationRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetOrCreateWithConfigurationRequest.java index b005fb235cf9f..a00df9ab6fdb5 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetOrCreateWithConfigurationRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetOrCreateWithConfigurationRequest.java @@ -26,7 +26,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientResponse; import org.apache.ignite.internal.processors.platform.client.ClientStatus; import org.apache.ignite.internal.processors.platform.client.IgniteClientException; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache get or create with configuration request. @@ -50,8 +49,6 @@ public ClientCacheGetOrCreateWithConfigurationRequest(BinaryRawReader reader, Cl /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_CREATE); - try { // Use security exception handler since the code authorizes "enable on-heap cache" permission runWithSecurityExceptionHandler(() -> ctx.kernalContext().grid().getOrCreateCache(cacheCfg)); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetOrCreateWithNameRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetOrCreateWithNameRequest.java index 3c4ce7b06a694..94dd115d6075f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetOrCreateWithNameRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetOrCreateWithNameRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientRequest; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache create with name request. @@ -43,8 +42,6 @@ public ClientCacheGetOrCreateWithNameRequest(BinaryRawReader reader) { /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_CREATE); - ctx.kernalContext().grid().getOrCreateCache(cacheName); return super.process(ctx); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetRequest.java index dc17cbfbce548..ce8f158eb8c01 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetRequest.java @@ -39,8 +39,6 @@ public ClientCacheGetRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ); - Object val = cache(ctx).get(key()); return new ClientObjectResponse(requestId(), val); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetSizeRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetSizeRequest.java index ea88fa39de527..fb931a76075d0 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetSizeRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetSizeRequest.java @@ -22,7 +22,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientLongResponse; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache size request. @@ -43,15 +42,12 @@ public ClientCacheGetSizeRequest(BinaryRawReader reader) { modes = new CachePeekMode[cnt]; - for (int i = 0; i < cnt; i++) { + for (int i = 0; i < cnt; i++) modes[i] = CachePeekMode.fromOrdinal(reader.readByte()); - } } /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ); - long res = cache(ctx).sizeLong(modes); return new ClientLongResponse(requestId(), res); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheLocalPeekRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheLocalPeekRequest.java index 068bbc9792c18..2002664d00714 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheLocalPeekRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheLocalPeekRequest.java @@ -22,7 +22,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientObjectResponse; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache local peek request. @@ -41,8 +40,6 @@ public ClientCacheLocalPeekRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ); - Object val = cache(ctx).localPeek(key(), CachePeekMode.ALL); return new ClientObjectResponse(requestId(), val); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheNodePartitionsRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheNodePartitionsRequest.java index 5e33860604c92..5c407de846b5f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheNodePartitionsRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheNodePartitionsRequest.java @@ -28,7 +28,6 @@ import org.apache.ignite.internal.processors.odbc.ClientListenerProcessor; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cluster node list request. @@ -45,7 +44,6 @@ public ClientCacheNodePartitionsRequest(BinaryRawReader reader) { /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ); IgniteCache cache = cache(ctx); GridDiscoveryManager discovery = ctx.kernalContext().discovery(); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutAllRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutAllRequest.java index 57e31443b474a..bf16507780b29 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutAllRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutAllRequest.java @@ -17,14 +17,12 @@ package org.apache.ignite.internal.processors.platform.client.cache; +import java.util.LinkedHashMap; +import java.util.Map; import org.apache.ignite.internal.binary.BinaryRawReaderEx; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import java.util.LinkedHashMap; -import java.util.Map; -import org.apache.ignite.plugin.security.SecurityPermission; - /** * PutAll request. */ @@ -51,8 +49,6 @@ public ClientCachePutAllRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_PUT); - cache(ctx).putAll(map); return super.process(ctx); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutIfAbsentRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutIfAbsentRequest.java index ec81bc0c0fe48..4dd2cde58ce06 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutIfAbsentRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutIfAbsentRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientBooleanResponse; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache put if absent request. @@ -39,8 +38,6 @@ public ClientCachePutIfAbsentRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT); - boolean res = cache(ctx).putIfAbsent(key(), val()); return new ClientBooleanResponse(requestId(), res); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutRequest.java index 116460eece965..2c396b7ede87a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCachePutRequest.java @@ -20,7 +20,6 @@ import org.apache.ignite.internal.binary.BinaryRawReaderEx; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache put request. @@ -38,8 +37,6 @@ public ClientCachePutRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_PUT); - cache(ctx).put(key(), val()); return super.process(ctx); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveAllRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveAllRequest.java index a3733a9d4e8d3..7d79f835ba42e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveAllRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveAllRequest.java @@ -20,7 +20,6 @@ import org.apache.ignite.binary.BinaryRawReader; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache removeAll request. @@ -37,8 +36,6 @@ public ClientCacheRemoveAllRequest(BinaryRawReader reader) { /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_REMOVE); - cache(ctx).removeAll(); return super.process(ctx); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveIfEqualsRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveIfEqualsRequest.java index 26c191f5b5553..b86f2f8895d64 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveIfEqualsRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveIfEqualsRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientBooleanResponse; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache remove request with value. @@ -39,8 +38,6 @@ public ClientCacheRemoveIfEqualsRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ, SecurityPermission.CACHE_REMOVE); - boolean res = cache(ctx).remove(key(), val()); return new ClientBooleanResponse(requestId(), res); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveKeyRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveKeyRequest.java index 5af9743b3cac3..a68c32730f4fe 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveKeyRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveKeyRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientBooleanResponse; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Remove request. @@ -39,8 +38,6 @@ public ClientCacheRemoveKeyRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_REMOVE); - boolean val = cache(ctx).remove(key()); return new ClientBooleanResponse(requestId(), val); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveKeysRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveKeysRequest.java index 62dea00201af8..043b5688a3f43 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveKeysRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRemoveKeysRequest.java @@ -20,7 +20,6 @@ import org.apache.ignite.internal.binary.BinaryRawReaderEx; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Remove keys request. @@ -38,8 +37,6 @@ public ClientCacheRemoveKeysRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_REMOVE); - cache(ctx).removeAll(keys()); return super.process(ctx); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheReplaceIfEqualsRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheReplaceIfEqualsRequest.java index 056367d71d2a9..8645fbb817322 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheReplaceIfEqualsRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheReplaceIfEqualsRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientBooleanResponse; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache replace request. @@ -44,8 +43,6 @@ public ClientCacheReplaceIfEqualsRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT); - boolean res = cache(ctx).replace(key(), val(), newVal); return new ClientBooleanResponse(requestId(), res); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheReplaceRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheReplaceRequest.java index ea04593e7cf15..bd7a642bb39e0 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheReplaceRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheReplaceRequest.java @@ -21,7 +21,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientBooleanResponse; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientResponse; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache replace request. @@ -39,8 +38,6 @@ public ClientCacheReplaceRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT); - boolean res = cache(ctx).replace(key(), val()); return new ClientBooleanResponse(requestId(), res); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRequest.java index 9e39b5618c686..52b799f345120 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheRequest.java @@ -24,8 +24,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientRequest; import org.apache.ignite.internal.processors.platform.client.ClientStatus; import org.apache.ignite.internal.processors.platform.client.IgniteClientException; -import org.apache.ignite.internal.processors.security.SecurityContext; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Cache get request. @@ -121,34 +119,4 @@ public static DynamicCacheDescriptor cacheDescriptor(ClientConnectionContext ctx protected int cacheId() { return cacheId; } - - /** {@inheritDoc} */ - @Override protected void authorize(ClientConnectionContext ctx, SecurityPermission perm) { - SecurityContext secCtx = ctx.securityContext(); - - if (secCtx != null) { - DynamicCacheDescriptor cacheDesc = cacheDescriptor(ctx, cacheId); - - runWithSecurityExceptionHandler(() -> { - ctx.kernalContext().security().authorize(cacheDesc.cacheName(), perm, secCtx); - }); - } - } - - /** - * Authorize for multiple permissions. - */ - protected void authorize(ClientConnectionContext ctx, SecurityPermission... perm) - throws IgniteClientException { - SecurityContext secCtx = ctx.securityContext(); - - if (secCtx != null) { - DynamicCacheDescriptor cacheDesc = cacheDescriptor(ctx, cacheId); - - runWithSecurityExceptionHandler(() -> { - for (SecurityPermission p : perm) - ctx.kernalContext().security().authorize(cacheDesc.cacheName(), p, secCtx); - }); - } - } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheScanQueryRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheScanQueryRequest.java index 70b6966e999c4..26ab236e8be1e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheScanQueryRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheScanQueryRequest.java @@ -28,7 +28,6 @@ import org.apache.ignite.internal.processors.platform.client.ClientResponse; import org.apache.ignite.internal.processors.platform.utils.PlatformUtils; import org.apache.ignite.lang.IgniteBiPredicate; -import org.apache.ignite.plugin.security.SecurityPermission; /** * Scan query request. @@ -81,8 +80,6 @@ public ClientCacheScanQueryRequest(BinaryRawReaderEx reader) { /** {@inheritDoc} */ @Override public ClientResponse process(ClientConnectionContext ctx) { - authorize(ctx, SecurityPermission.CACHE_READ); - IgniteCache cache = filterPlatform == FILTER_PLATFORM_JAVA && !isKeepBinary() ? rawCache(ctx) : cache(ctx); ScanQuery qry = new ScanQuery() diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiator.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiator.java new file mode 100644 index 0000000000000..36cf1e3e33b8c --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiator.java @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.ArrayDeque; +import java.util.UUID; +import org.apache.ignite.internal.GridKernalContext; +import org.jetbrains.annotations.Nullable; + +/** + * Current remote initiator holder. + */ +public final class CurrentRemoteInitiator { + /** Stack. */ + private static final ThreadLocalStack stack = new ThreadLocalStack<>(); + + /** + * Set Remote Initaitor to holder. + * + * @param ctx Kernal context. + * @param nodeId Node id. + */ + public static void set(GridKernalContext ctx, UUID nodeId) { + if (!ctx.localNodeId().equals(nodeId)) + stack.push(new RemoteInitiator(nodeId)); + } + + /** + * Set Remote Initaitor to holder. + * + * @param secCtx Security context. + */ + public static void set(SecurityContext secCtx) { + stack.push(new RemoteInitiator(secCtx)); + } + + /** + * Getting current Remote Initiator. + * + * @return Node id. + */ + public static @Nullable RemoteInitiator get() { + return stack.peek(); + } + + /** + * Remove Remote Initiator if passed id isn't local node id. + * + * @param ctx Kernal context. + * @param nodeId Node's id. + */ + public static void remove(GridKernalContext ctx, UUID nodeId) { + if (!ctx.localNodeId().equals(nodeId)) + stack.pop(); + } + + /** + * Remove Remote Initiator if passed id isn't local node id. + */ + public static void remove() { + stack.pop(); + } + + private static class ThreadLocalStack { + /** Local. */ + private final ThreadLocal> loc = ThreadLocal.withInitial(ArrayDeque::new); + + /** + * {@link java.util.ArrayDeque#push(Object)} + */ + public void push(T item) { + assert item != null; + + loc.get().push(item); + } + + /** + * {@link java.util.ArrayDeque#peek()} + */ + public T peek() { + return loc.get().peek(); + } + + /** + * {@link java.util.ArrayDeque#pop()} + */ + public T pop() { + return loc.get().pop(); + } + + /** + * @return True if stack is empty. + */ + public boolean isEmpty() { + return loc.get().isEmpty(); + } + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java deleted file mode 100644 index 66b8f6f26b812..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiatorIdentifier.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.UUID; -import org.apache.ignite.internal.GridKernalContext; -import org.jetbrains.annotations.Nullable; - -/** - * Class contains node id into the thread local variable. All methods ignore passed local node id. - */ -public class CurrentRemoteInitiatorIdentifier { - /** Initiator. */ - private final ThreadLocal initiator = new ThreadLocal<>(); - - /** - * Set initiator node id. If passed node id is local node id then it'll be ignored. - * - * @param ctx Kernal context. - * @param nodeId Node id. - * @return True if id was set. - */ - public boolean set(GridKernalContext ctx, UUID nodeId) { - if (!ctx.localNodeId().equals(nodeId)) { - UUID oldNodeId = initiator.get(); - - assert oldNodeId == null : "oldNodeId=" + oldNodeId; - - initiator.set(nodeId); - - return true; - } - - return false; - } - - /** - * Getting current initiator node id. - * - * @return Node id. - */ - @Nullable public UUID get() { - return initiator.get(); - } - - /** - * Remove node id if passed id isn't local node id. - * - * @param ctx Kernal context. - * @param nodeId Node's id. - */ - public void remove(GridKernalContext ctx, UUID nodeId) { - if (!ctx.localNodeId().equals(nodeId)) - initiator.remove(); - } -} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/RemoteInitiator.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/RemoteInitiator.java new file mode 100644 index 0000000000000..264d77930462b --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/RemoteInitiator.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.UUID; + +/** + * Remoute initiator data. + */ +public class RemoteInitiator { + /** Node id. */ + private UUID nodeId; + + /** Security context. */ + private SecurityContext secCtx; + + /** + * @param nodeId Node id. + */ + public RemoteInitiator(UUID nodeId) { + this.nodeId = nodeId; + } + + /** + * @param secCtx Security context. + */ + public RemoteInitiator(SecurityContext secCtx) { + this.secCtx = secCtx; + } + + /** + * @return Node id. + */ + public UUID nodeId() { + return nodeId; + } + + /** + * @return Security context. + */ + public SecurityContext securityContext() { + return secCtx; + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java index 7b444b3963411..89f578704532e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java @@ -27,7 +27,6 @@ import org.apache.ignite.events.DiscoveryEvent; import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteNodeAttributes; -import org.apache.ignite.internal.managers.communication.GridIoManager; import org.apache.ignite.internal.managers.discovery.DiscoCache; import org.apache.ignite.internal.managers.eventstorage.DiscoveryEventListener; import org.apache.ignite.internal.util.typedef.internal.U; @@ -90,12 +89,12 @@ public SecurityContextResolverSecurityProcessor(GridKernalContext ctx, GridSecur } /** - * Get current initiator node's id. + * Get current initiator data. * * @return Initiator node's id. */ - private UUID currentRemoteInitiatorId() { - return GridIoManager.currentRemoteInitiator(); + private RemoteInitiator currentRemoteInitiator() { + return CurrentRemoteInitiator.get(); } /** @@ -117,7 +116,7 @@ private SecurityContext securityCtx(SecurityContext passed) { else { /*If the SecurityContext was passed and there is a current remote initiator then we have got an invalid case.*/ - assert currentRemoteInitiatorId() == null; + assert currentRemoteInitiator() == null; } assert res != null; @@ -133,16 +132,22 @@ private SecurityContext securityCtx(SecurityContext passed) { private SecurityContext currentRemoteInitiatorContext() { SecurityContext secCtx = null; - final UUID nodeId = currentRemoteInitiatorId(); + final RemoteInitiator cur = currentRemoteInitiator(); - if (nodeId != null) { - secCtx = secCtxs.computeIfAbsent(nodeId, - new Function() { - @Override public SecurityContext apply(UUID uuid) { - return nodeSecurityContext(ctx.discovery().node(nodeId)); + if (cur != null) { + if (cur.securityContext() != null) + secCtx = cur.securityContext(); + else { + UUID nodeId = cur.nodeId(); - } - }); + secCtx = secCtxs.computeIfAbsent(nodeId, + new Function() { + @Override public SecurityContext apply(UUID uuid) { + return nodeSecurityContext(ctx.discovery().node(nodeId)); + + } + }); + } } return secCtx; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index 39ea86f115d36..f426e80456784 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -5,6 +5,7 @@ import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; @@ -16,6 +17,9 @@ public class AbstractSecurityTest extends GridCommonAbstractTest { /** Test security processor. */ public static final String TEST_SECURITY_PROCESSOR = "org.apache.ignite.internal.processor.security.TestSecurityProcessor"; + /** Empty array of permissions. */ + protected static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; + /** {@inheritDoc} */ @Override protected void afterTestsStopped() throws Exception { super.afterTestsStopped(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java index 8e4327fd16a3a..f38919115cedb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java @@ -17,6 +17,9 @@ package org.apache.ignite.internal.processor.security.client; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import java.util.function.Consumer; import org.apache.ignite.Ignition; import org.apache.ignite.client.ClientAuthorizationException; @@ -32,13 +35,13 @@ import org.apache.ignite.internal.processor.security.TestSecurityData; import org.apache.ignite.internal.processor.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.plugin.security.SecurityPermission; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; import static org.hamcrest.core.Is.is; import static org.hamcrest.core.IsNull.notNullValue; import static org.hamcrest.core.StringContains.containsString; @@ -54,6 +57,9 @@ public class ThinClientSecurityTest extends AbstractSecurityTest { /** Client that has system permissions. */ private static final String CLIENT_SYS_PERM = "client_sys_perm"; + /** Client that has system permissions. */ + private static final String CLIENT_CACHE_TASK_OPER = "client_task_oper"; + /** Cache. */ private static final String CACHE = "TEST_CACHE"; @@ -63,8 +69,13 @@ public class ThinClientSecurityTest extends AbstractSecurityTest { /** Cache to test system oper permissions. */ private static final String SYS_OPER_CACHE = "SYS_OPER_TEST_CACHE"; - /** Empty array of permissions. */ - private static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; + /** Remove all task name. */ + public static final String REMOVE_ALL_TASK = + "org.apache.ignite.internal.processors.cache.distributed.GridDistributedCacheAdapter$RemoveAllTask"; + + /** Clear task name. */ + public static final String CLEAR_TASK = + "org.apache.ignite.internal.processors.cache.GridCacheAdapter$ClearTask"; /** * @param clientData Array of client security data. @@ -121,6 +132,14 @@ protected IgniteConfiguration getConfiguration(int idx, builder() .appendSystemPermissions(CACHE_CREATE, CACHE_DESTROY) .build() + ), + new TestSecurityData( + CLIENT_CACHE_TASK_OPER, + builder() + .appendCachePermissions(CACHE, CACHE_REMOVE) + .appendTaskPermissions(REMOVE_ALL_TASK, TASK_EXECUTE) + .appendTaskPermissions(CLEAR_TASK, TASK_EXECUTE) + .build() ) ) ); @@ -131,22 +150,69 @@ protected IgniteConfiguration getConfiguration(int idx, /** * @throws Exception If error occurs. */ - public void testCacheOperations() throws Exception { + public void testCacheSinglePermOperations() throws Exception { executeOperation(c -> c.cache(CACHE).put("key", "value")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).put("key", "value")); + Map map = new HashMap<>(); + + map.put("key", "value"); + executeOperation(c -> c.cache(CACHE).putAll(map)); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).putAll(map)); + executeOperation(c -> c.cache(CACHE).get("key")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).get("key")); + executeOperation(c -> c.cache(CACHE).getAll(Collections.singleton("key"))); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAll(Collections.singleton("key"))); + + executeOperation(c -> c.cache(CACHE).containsKey("key")); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).containsKey("key")); + executeOperation(c -> c.cache(CACHE).remove("key")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).remove("key")); + } + /** + * @throws Exception If error occurs. + */ + public void testCacheMultiplePermOperations() throws Exception { + executeOperation(c -> c.cache(CACHE).replace("key", "value")); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).replace("key", "value")); + + executeOperation(c -> c.cache(CACHE).putIfAbsent("key", "value")); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).putIfAbsent("key", "value")); + + executeOperation(c -> c.cache(CACHE).getAndPut("key", "value")); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAndPut("key", "value")); + + executeOperation(c -> c.cache(CACHE).getAndRemove("key")); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAndRemove("key")); + + executeOperation(c -> c.cache(CACHE).getAndReplace("key", "value")); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAndReplace("key", "value")); } /** + * That test shows wrong case when client has permission for a remove operation but a removeAll operation is + * forbidden for it. + * * @throws Exception If error occurs. */ - /*public void testSysOperation() throws Exception { + public void testCacheTaskPermOperations() throws Exception { + try (IgniteClient client = startClient(CLIENT_CACHE_TASK_OPER)) { + client.cache(CACHE).removeAll(); + client.cache(CACHE).clear(); + } + + executeForbiddenOperation(c -> c.cache(CACHE).removeAll()); + executeForbiddenOperation(c -> c.cache(CACHE).clear()); + } + + /** + * @throws Exception If error occurs. + */ + public void testSysOperation() throws Exception { try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { assertThat(sysPrmClnt.createCache(SYS_OPER_CACHE), notNullValue()); @@ -164,7 +230,7 @@ public void testCacheOperations() throws Exception { executeForbiddenOperation(c -> c.createCache(SYS_OPER_CACHE)); executeForbiddenOperation(c -> c.destroyCache(CACHE)); - }*/ + } /** * @param cons Consumer. diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java new file mode 100644 index 0000000000000..6d667a6f3275e --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java @@ -0,0 +1,155 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.messaging; + +import java.util.UUID; +import java.util.concurrent.BrokenBarrierException; +import java.util.concurrent.CyclicBarrier; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; +import java.util.function.Function; +import org.apache.ignite.IgniteMessaging; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; +import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.testframework.junits.GridAbstractTest; + +import static org.hamcrest.core.Is.is; +import static org.hamcrest.core.IsNull.nullValue; +import static org.junit.Assert.assertThat; + +/** + * Security tests for IgniteMessaging. + */ +public class IgniteMessagingTest extends AbstractResolveSecurityContextTest { + /** Sever node that has all permissions for TEST_CACHE. */ + private IgniteEx evntAllPerms; + + /** Sever node that hasn't permissions for TEST_CACHE. */ + private IgniteEx evntNotPerms; + + @Override protected void beforeTestsStarted() throws Exception { + evntAllPerms = startGrid("evnt_all_perms", allowAll()); + + evntNotPerms = startGrid("evnt_not_perms", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, EMPTY_PERMS).build()); + + super.beforeTestsStarted(); + } + + /** Barrier. */ + private static final CyclicBarrier BARRIER = new CyclicBarrier(2); + + /** + * + */ + public void testMessaging() throws Exception { + awaitPartitionMapExchange(); + + assertResult("key", key -> messaging(clntAllPerms, clntReadOnlyPerm, evntAllPerms, key)); + assertResult("key", key -> messaging(clntAllPerms, srvReadOnlyPerm, evntAllPerms, key)); + assertResult("key", key -> messaging(srvAllPerms, clntReadOnlyPerm, evntAllPerms, key)); + assertResult("key", key -> messaging(srvAllPerms, srvReadOnlyPerm, evntAllPerms, key)); + + assertResult("key", key -> messaging(clntAllPerms, srvReadOnlyPerm, evntNotPerms, key)); + assertResult("key", key -> messaging(clntAllPerms, clntReadOnlyPerm, evntNotPerms, key)); + assertResult("key", key -> messaging(srvAllPerms, srvReadOnlyPerm, evntNotPerms, key)); + assertResult("key", key -> messaging(srvAllPerms, clntReadOnlyPerm, evntNotPerms, key)); + + assertResult("fail_key", key -> messaging(clntReadOnlyPerm, srvAllPerms, evntAllPerms, key)); + assertResult("fail_key", key -> messaging(clntReadOnlyPerm, clntAllPerms, evntAllPerms, key)); + assertResult("fail_key", key -> messaging(srvReadOnlyPerm, srvAllPerms, evntAllPerms, key)); + assertResult("fail_key", key -> messaging(srvReadOnlyPerm, clntAllPerms, evntAllPerms, key)); + + assertResult("fail_key", key -> messaging(clntReadOnlyPerm, srvAllPerms, evntNotPerms, key)); + assertResult("fail_key", key -> messaging(clntReadOnlyPerm, clntAllPerms, evntNotPerms, key)); + assertResult("fail_key", key -> messaging(srvReadOnlyPerm, srvAllPerms, evntNotPerms, key)); + assertResult("fail_key", key -> messaging(srvReadOnlyPerm, clntAllPerms, evntNotPerms, key)); + } + + /** + * @param lsnr Listener node. + * @param remote Remote node. + * @param evt Event node. + * @param key Key. + */ + private Integer messaging(IgniteEx lsnr, IgniteEx remote, IgniteEx evt, String key) { + BARRIER.reset(); + + IgniteMessaging messaging = lsnr.message(lsnr.cluster().forNode(remote.localNode())); + + Integer val = values.incrementAndGet(); + + String topic = "HOT_TOPIC " + val; + + UUID lsnrId = messaging.remoteListen(topic, + new IgniteBiPredicate() { + @Override public boolean apply(UUID uuid, Object o) { + try { + Ignition.localIgnite().cache(CACHE_NAME).put(key, val); + + return true; + } + finally { + barrierAwait(); + } + } + } + ); + + try { + evt.message(evt.cluster().forNode(remote.localNode())).send(topic, "Fire!"); + } + finally { + barrierAwait(); + + messaging.stopRemoteListen(lsnrId); + } + + return val; + } + + /** + * Call await method on {@link #BARRIER} with {@link GridAbstractTest#getTestTimeout()} timeout. + */ + private void barrierAwait() { + try { + BARRIER.await(getTestTimeout(), TimeUnit.MILLISECONDS); + } + catch (InterruptedException | BrokenBarrierException | TimeoutException e) { + fail(e.toString()); + } + } + + /** + * @param key Key. + * @param f Function. + */ + private void assertResult(String key, Function f) { + assert "key".equals(key) || "fail_key".equals(key); + + Integer val = f.apply(key); + + if ("key".equals(key)) + assertThat(srvAllPerms.cache(CACHE_NAME).get("key"), is(val)); + else if ("fail_key".equals(key)) + assertThat(srvAllPerms.cache(CACHE_NAME).get("fail_key"), nullValue()); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/package-info.java new file mode 100644 index 0000000000000..b34aa8409304d --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/package-info.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Contains security tests for Ignite Messaging. + */ +package org.apache.ignite.internal.processor.security.messaging; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java index 409f6c500b610..dc6444e44716d 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java @@ -27,6 +27,7 @@ import org.apache.ignite.internal.processor.security.compute.ComputeTaskSecurityTest; import org.apache.ignite.internal.processor.security.compute.DistributedClosureSecurityTest; import org.apache.ignite.internal.processor.security.compute.ExecuteServiceTaskSecurityTest; +import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingTest; import org.jetbrains.annotations.Nullable; /** @@ -56,6 +57,7 @@ public static TestSuite suite(final @Nullable Set ignoredTests) { suite.addTest(new TestSuite(IgniteDataStreamerSecurityTest.class)); suite.addTest(new TestSuite(LoadCacheSecurityTest.class)); suite.addTest(new TestSuite(ThinClientSecurityTest.class)); + suite.addTest(new TestSuite(IgniteMessagingTest.class)); return suite; } From 62b192f3e4b56f3c80eedc3f25f19bc437a0f243 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 6 Dec 2018 10:41:30 +0300 Subject: [PATCH 26/98] IGNITE-9560 Grid Security Manager. --- .../ignite/internal/GridKernalContext.java | 14 +- .../internal/GridKernalContextImpl.java | 11 +- .../managers/communication/GridIoManager.java | 15 +- .../processors/cache/GridCacheProcessor.java | 97 +++++---- .../reader/StandaloneGridKernalContext.java | 4 +- .../odbc/ClientListenerNioListener.java | 13 +- .../cache/ClientCacheGetSizeRequest.java | 3 +- .../processors/rest/GridRestProcessor.java | 10 +- .../security/CurrentRemoteInitiator.java | 113 ---------- .../security/GridSecurityManager.java | 103 +++++++++ .../security/GridSecurityManagerImpl.java | 174 +++++++++++++++ .../GridSecurityProcessorWrapper.java | 186 ---------------- .../security/GridSecuritySession.java | 9 + .../security/GridSecuritySessionImpl.java | 26 +++ .../processors/security/RemoteInitiator.java | 59 ----- ...urityContextResolverSecurityProcessor.java | 204 ------------------ .../processors/query/h2/IgniteH2Indexing.java | 2 +- .../query/h2/ddl/DdlStatementsProcessor.java | 4 +- 18 files changed, 402 insertions(+), 645 deletions(-) delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiator.java create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrapper.java create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/RemoteInitiator.java delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java index e19450e254179..5ed39d2e62368 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java @@ -33,17 +33,16 @@ import org.apache.ignite.internal.managers.failover.GridFailoverManager; import org.apache.ignite.internal.managers.indexing.GridIndexingManager; import org.apache.ignite.internal.managers.loadbalancer.GridLoadBalancerManager; -import org.apache.ignite.internal.processors.cache.mvcc.MvccProcessor; -import org.apache.ignite.internal.processors.compress.CompressionProcessor; -import org.apache.ignite.internal.worker.WorkersRegistry; import org.apache.ignite.internal.processors.affinity.GridAffinityProcessor; import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor; import org.apache.ignite.internal.processors.cache.GridCacheProcessor; +import org.apache.ignite.internal.processors.cache.mvcc.MvccProcessor; import org.apache.ignite.internal.processors.cache.persistence.filename.PdsFoldersResolver; import org.apache.ignite.internal.processors.cacheobject.IgniteCacheObjectProcessor; import org.apache.ignite.internal.processors.closure.GridClosureProcessor; import org.apache.ignite.internal.processors.cluster.ClusterProcessor; import org.apache.ignite.internal.processors.cluster.GridClusterStateProcessor; +import org.apache.ignite.internal.processors.compress.CompressionProcessor; import org.apache.ignite.internal.processors.continuous.GridContinuousProcessor; import org.apache.ignite.internal.processors.datastreamer.DataStreamProcessor; import org.apache.ignite.internal.processors.datastructures.DataStructuresProcessor; @@ -64,7 +63,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.GridSecurityManager; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -75,6 +74,7 @@ import org.apache.ignite.internal.util.IgniteExceptionRegistry; import org.apache.ignite.internal.util.StripedExecutor; import org.apache.ignite.internal.util.tostring.GridToStringExclude; +import org.apache.ignite.internal.worker.WorkersRegistry; import org.apache.ignite.plugin.PluginNotFoundException; import org.apache.ignite.plugin.PluginProvider; import org.apache.ignite.thread.IgniteStripedThreadPoolExecutor; @@ -406,11 +406,11 @@ public interface GridKernalContext extends Iterable { public GridCollisionManager collision(); /** - * Gets authentication processor. + * Gets security manager. * - * @return Authentication processor. + * @return Security manager. */ - public GridSecurityProcessor security(); + public GridSecurityManager security(); /** * Gets load balancing manager. diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java index 41f6a39827a3f..15e1b196d4644 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java @@ -50,7 +50,8 @@ import org.apache.ignite.internal.managers.loadbalancer.GridLoadBalancerManager; import org.apache.ignite.internal.processors.cache.mvcc.MvccProcessor; import org.apache.ignite.internal.processors.compress.CompressionProcessor; -import org.apache.ignite.internal.processors.security.SecurityContextResolverSecurityProcessor; +import org.apache.ignite.internal.processors.security.GridSecurityManager; +import org.apache.ignite.internal.processors.security.GridSecurityManagerImpl; import org.apache.ignite.internal.worker.WorkersRegistry; import org.apache.ignite.internal.processors.affinity.GridAffinityProcessor; import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor; @@ -159,7 +160,7 @@ public class GridKernalContextImpl implements GridKernalContext, Externalizable /** */ @GridToStringExclude - private GridSecurityProcessor securityProc; + private GridSecurityManager securityMgr; /** */ @GridToStringExclude @@ -566,7 +567,7 @@ else if (comp instanceof GridFailoverManager) else if (comp instanceof GridCollisionManager) colMgr = (GridCollisionManager)comp; else if (comp instanceof GridSecurityProcessor) - securityProc = new SecurityContextResolverSecurityProcessor(this,(GridSecurityProcessor)comp); + securityMgr = new GridSecurityManagerImpl(this,(GridSecurityProcessor)comp); else if (comp instanceof GridLoadBalancerManager) loadMgr = (GridLoadBalancerManager)comp; else if (comp instanceof GridIndexingManager) @@ -805,8 +806,8 @@ else if (helper instanceof HadoopHelper) } /** {@inheritDoc} */ - @Override public GridSecurityProcessor security() { - return securityProc; + @Override public GridSecurityManager security() { + return securityMgr; } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index cfa9fedd0518f..7b780fea04f29 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,7 +70,7 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; -import org.apache.ignite.internal.processors.security.CurrentRemoteInitiator; +import org.apache.ignite.internal.processors.security.GridSecuritySession; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -1565,16 +1565,12 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - CurrentRemoteInitiator.set(ctx, nodeId); - - try { + try(GridSecuritySession s = ctx.security().context(nodeId)) { lsnr.onMessage(nodeId, msg, plc); } finally { if (change) CUR_PLC.set(oldPlc); - - CurrentRemoteInitiator.remove(ctx, nodeId); } } @@ -2560,15 +2556,10 @@ private class GridUserMessageListener implements GridMessageListener { if (msgBody != null) { if (predLsnr != null) { - CurrentRemoteInitiator.set(ctx, initNodeId); - - try { + try(GridSecuritySession s = ctx.security().context(initNodeId)) { if (!predLsnr.apply(nodeId, msgBody)) removeMessageListener(TOPIC_COMM_USER, this); } - finally { - CurrentRemoteInitiator.remove(ctx, initNodeId); - } } } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index 6a79a3d4eb9da..3a4370b32c8cb 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -133,6 +133,7 @@ import org.apache.ignite.internal.processors.query.schema.SchemaNodeLeaveExchangeWorkerTask; import org.apache.ignite.internal.processors.query.schema.message.SchemaAbstractDiscoveryMessage; import org.apache.ignite.internal.processors.query.schema.message.SchemaProposeDiscoveryMessage; +import org.apache.ignite.internal.processors.security.GridSecuritySession; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.suggestions.GridPerformanceSuggestions; @@ -3187,25 +3188,9 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, StringBuilder errorMessage = new StringBuilder(); - SecurityContext secCtx = null; + errorMessage.append(authoritizeCreateCache(node, nodeData)); for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { - try { - if(cacheInfo.cacheType() == CacheType.USER){ - if(secCtx == null) - secCtx = securityContext(node); - - if(secCtx != null) - authorizeCacheCreate(cacheInfo.cacheData().config(), secCtx); - } - } - catch (SecurityException | IgniteCheckedException ex) { - if (errorMessage.length() > 0) - errorMessage.append("\n"); - - errorMessage.append(ex.getMessage()); - } - DynamicCacheDescriptor localDesc = cacheDescriptor(cacheInfo.cacheData().config().getName()); if (localDesc == null) @@ -3214,14 +3199,12 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, QuerySchemaPatch schemaPatch = localDesc.makeSchemaPatch(cacheInfo.cacheData().queryEntities()); if (schemaPatch.hasConflicts() || (isGridActive && !schemaPatch.isEmpty())) { - if (errorMessage.length() > 0) - errorMessage.append("\n"); - if (schemaPatch.hasConflicts()) - errorMessage.append(String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, + appendOnNewLine(errorMessage, String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, localDesc.cacheName(), schemaPatch.getConflictsMessage())); else - errorMessage.append(String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, localDesc.cacheName())); + appendOnNewLine(errorMessage, String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, + localDesc.cacheName())); } } @@ -3236,14 +3219,53 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, } /** - * Getting node security context. + * @param sb String Builder. + * @param val Value. + */ + private void appendOnNewLine(StringBuilder sb, String val){ + if (sb.length() > 0) + sb.append("\n"); + + sb.append(val); + } + + /** + * Check permission for cache creation. * - * @param node Node. + * @param node Cluste node. + * @param nodeData Discovery data. + * @return String with an error message. */ - @Nullable private SecurityContext securityContext(ClusterNode node) throws IgniteCheckedException { - byte[] secCtxBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + private String authoritizeCreateCache(ClusterNode node, CacheJoinNodeDiscoveryData nodeData) { + StringBuilder sb = new StringBuilder(); - return secCtxBytes != null ? U.unmarshal(marsh, secCtxBytes, U.resolveClassLoader(ctx.config())) : null; + try { + byte[] secCtxBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + + if (secCtxBytes != null) { + SecurityContext secCtx = U.unmarshal(marsh, secCtxBytes, U.resolveClassLoader(ctx.config())); + + for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { + try { + if (cacheInfo.cacheType() == CacheType.USER) { + try (GridSecuritySession s = ctx.security().context(secCtx)) { + ctx.security().authorize(SecurityPermission.CACHE_CREATE); + } + + securityCheckOnheapCacheEnabled(cacheInfo.cacheData().config()); + } + } + catch (SecurityException ex) { + appendOnNewLine(sb, ex.getMessage()); + } + } + } + } + catch (IgniteCheckedException e) { + sb.append(e.getMessage()); + } + + return sb.toString(); } /** @@ -4178,31 +4200,30 @@ private Collection initiateCacheChanges( } /** - * Authorize creating cache. + * Сheck of IGNITE_DISABLE_ONHEAP_CACHE system property. * - * @param cfg Cache configuration. - * @param secCtx Optional security context. + * @param cfg Cache config. */ - private void authorizeCacheCreate(CacheConfiguration cfg, SecurityContext secCtx) { - ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, secCtx); - + private void securityCheckOnheapCacheEnabled(CacheConfiguration cfg) { if (cfg != null && cfg.isOnheapCacheEnabled() && IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DISABLE_ONHEAP_CACHE)) throw new SecurityException("Authorization failed for enabling on-heap cache."); } /** - * Authorize dynamic cache management for this node. + * Authorize dynamic cache management. * * @param req start/stop cache request. */ private void authorizeCacheChange(DynamicCacheChangeRequest req) { - // Null security context means authorize this node. if (req.cacheType() == null || req.cacheType() == CacheType.USER) { if (req.stop()) - ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY); - else - authorizeCacheCreate(req.startCacheConfiguration(), null); + ctx.security().authorize(SecurityPermission.CACHE_DESTROY); + else{ + ctx.security().authorize(SecurityPermission.CACHE_CREATE); + + securityCheckOnheapCacheEnabled(req.startCacheConfiguration()); + } } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java index 03bac2baccf93..5e9eb4caba868 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java @@ -78,7 +78,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.GridSecurityManager; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -445,7 +445,7 @@ protected IgniteConfiguration prepareIgniteConfiguration() { } /** {@inheritDoc} */ - @Override public GridSecurityProcessor security() { + @Override public GridSecurityManager security() { return null; } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java index 2b4eba2ca77a2..67d35527832c9 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java @@ -33,9 +33,7 @@ import org.apache.ignite.internal.processors.odbc.odbc.OdbcConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientStatus; -import org.apache.ignite.internal.processors.security.CurrentRemoteInitiator; -import org.apache.ignite.internal.processors.security.SecurityContext; -import org.apache.ignite.internal.processors.security.SecurityContextHolder; +import org.apache.ignite.internal.processors.security.GridSecuritySession; import org.apache.ignite.internal.util.GridSpinBusyLock; import org.apache.ignite.internal.util.nio.GridNioServerListenerAdapter; import org.apache.ignite.internal.util.nio.GridNioSession; @@ -166,21 +164,14 @@ public ClientListenerNioListener(GridKernalContext ctx, GridSpinBusyLock busyLoc ClientListenerResponse resp; AuthorizationContext authCtx = connCtx.authorizationContext(); - SecurityContext oldSecCtx = SecurityContextHolder.push(connCtx.securityContext()); - - CurrentRemoteInitiator.set(connCtx.securityContext()); if (authCtx != null) AuthorizationContext.context(authCtx); - try { + try(GridSecuritySession s = ctx.security().context(connCtx.securityContext())) { resp = handler.handle(req); } finally { - SecurityContextHolder.pop(oldSecCtx); - - CurrentRemoteInitiator.remove(); - if (authCtx != null) AuthorizationContext.clear(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetSizeRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetSizeRequest.java index fb931a76075d0..ef9697e5936a7 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetSizeRequest.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/cache/ClientCacheGetSizeRequest.java @@ -42,8 +42,9 @@ public ClientCacheGetSizeRequest(BinaryRawReader reader) { modes = new CachePeekMode[cnt]; - for (int i = 0; i < cnt; i++) + for (int i = 0; i < cnt; i++) { modes[i] = CachePeekMode.fromOrdinal(reader.readByte()); + } } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index 30d2f0a1328d2..59e8a27517fd9 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -62,6 +62,7 @@ import org.apache.ignite.internal.processors.rest.request.GridRestRequest; import org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest; import org.apache.ignite.internal.processors.rest.request.RestQueryRequest; +import org.apache.ignite.internal.processors.security.GridSecuritySession; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.GridSpinReadWriteLock; import org.apache.ignite.internal.util.future.GridFinishedFuture; @@ -269,7 +270,9 @@ private IgniteInternalFuture handleRequest(final GridRestReque if (secCtx0 == null || ses.isTokenExpired(sesTokTtl)) ses.secCtx = secCtx0 = authenticate(req, ses); - authorize(req, secCtx0); + try(GridSecuritySession s = ctx.security().context(secCtx0)) { + authorize(req); + } } catch (SecurityException e) { assert secCtx0 != null; @@ -814,10 +817,9 @@ private SecurityContext authenticate(GridRestRequest req, Session ses) throws Ig /** * @param req REST request. - * @param sCtx Security context. * @throws SecurityException If authorization failed. */ - private void authorize(GridRestRequest req, SecurityContext sCtx) throws SecurityException { + private void authorize(GridRestRequest req) throws SecurityException { SecurityPermission perm = null; String name = null; @@ -920,7 +922,7 @@ private void authorize(GridRestRequest req, SecurityContext sCtx) throws Securit } if (perm != null) - ctx.security().authorize(name, perm, sCtx); + ctx.security().authorize(name, perm); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiator.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiator.java deleted file mode 100644 index 36cf1e3e33b8c..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/CurrentRemoteInitiator.java +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.ArrayDeque; -import java.util.UUID; -import org.apache.ignite.internal.GridKernalContext; -import org.jetbrains.annotations.Nullable; - -/** - * Current remote initiator holder. - */ -public final class CurrentRemoteInitiator { - /** Stack. */ - private static final ThreadLocalStack stack = new ThreadLocalStack<>(); - - /** - * Set Remote Initaitor to holder. - * - * @param ctx Kernal context. - * @param nodeId Node id. - */ - public static void set(GridKernalContext ctx, UUID nodeId) { - if (!ctx.localNodeId().equals(nodeId)) - stack.push(new RemoteInitiator(nodeId)); - } - - /** - * Set Remote Initaitor to holder. - * - * @param secCtx Security context. - */ - public static void set(SecurityContext secCtx) { - stack.push(new RemoteInitiator(secCtx)); - } - - /** - * Getting current Remote Initiator. - * - * @return Node id. - */ - public static @Nullable RemoteInitiator get() { - return stack.peek(); - } - - /** - * Remove Remote Initiator if passed id isn't local node id. - * - * @param ctx Kernal context. - * @param nodeId Node's id. - */ - public static void remove(GridKernalContext ctx, UUID nodeId) { - if (!ctx.localNodeId().equals(nodeId)) - stack.pop(); - } - - /** - * Remove Remote Initiator if passed id isn't local node id. - */ - public static void remove() { - stack.pop(); - } - - private static class ThreadLocalStack { - /** Local. */ - private final ThreadLocal> loc = ThreadLocal.withInitial(ArrayDeque::new); - - /** - * {@link java.util.ArrayDeque#push(Object)} - */ - public void push(T item) { - assert item != null; - - loc.get().push(item); - } - - /** - * {@link java.util.ArrayDeque#peek()} - */ - public T peek() { - return loc.get().peek(); - } - - /** - * {@link java.util.ArrayDeque#pop()} - */ - public T pop() { - return loc.get().pop(); - } - - /** - * @return True if stack is empty. - */ - public boolean isEmpty() { - return loc.get().isEmpty(); - } - } -} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java new file mode 100644 index 0000000000000..97abc9cf692b2 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java @@ -0,0 +1,103 @@ +package org.apache.ignite.internal.processors.security; + +import java.util.Collection; +import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; + +/** + * Grid Security Manager. + */ +public interface GridSecurityManager { + /** + * Create {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until session + * {@link GridSecuritySession} will be closed. + * + * @param secCtx Security Context. + * @return Grid security Session. + */ + public GridSecuritySession context(SecurityContext secCtx); + + /** + * Create {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by node + * with given noddeId until session {@link GridSecuritySession} will be closed. + * + * @param nodeId Node id. + * @return Grid security Session. + */ + public GridSecuritySession context(UUID nodeId); + + /** + * Authenticates grid node with it's attributes via underlying Authenticator. + * + * @param node Node id to authenticate. + * @param cred Security credentials. + * @return {@code True} if succeeded, {@code false} otherwise. + * @throws IgniteCheckedException If error occurred. + */ + public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException; + + /** + * Gets flag indicating whether all nodes or coordinator only should run the authentication for joining node. + * + * @return {@code True} if all nodes should run authentication process, {@code false} otherwise. + */ + public boolean isGlobalNodeAuthentication(); + + /** + * Authenticates subject via underlying Authenticator. + * + * @param ctx Authentication context. + * @return {@code True} if succeeded, {@code false} otherwise. + * @throws IgniteCheckedException If error occurred. + */ + public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException; + + /** + * Gets collection of authenticated nodes. + * + * @return Collection of authenticated nodes. + * @throws IgniteCheckedException If error occurred. + */ + public Collection authenticatedSubjects() throws IgniteCheckedException; + + /** + * Gets authenticated node subject. + * + * @param subjId Subject ID. + * @return Security subject. + * @throws IgniteCheckedException If error occurred. + */ + public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException; + + /** + * Authorizes grid operation. + * + * @param name Cache name or task class name. + * @param perm Permission to authorize. + * @throws SecurityException If security check failed. + */ + public void authorize(String name, SecurityPermission perm) throws SecurityException; + + /** + * Authorizes grid system operation. + * + * @param perm Permission to authorize. + * @throws SecurityException If security check failed. + */ + public default void authorize(SecurityPermission perm) throws SecurityException { + authorize(null, perm); + } + + /** + * @return GridSecurityProcessor is enable. + */ + public boolean enabled(); +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java new file mode 100644 index 0000000000000..9a3cef3296a07 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java @@ -0,0 +1,174 @@ +package org.apache.ignite.internal.processors.security; + +import java.util.Collection; +import java.util.Map; +import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.IgniteException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.IgniteNodeAttributes; +import org.apache.ignite.internal.managers.eventstorage.DiscoveryEventListener; +import org.apache.ignite.internal.util.typedef.internal.U; +import org.apache.ignite.marshaller.MarshallerUtils; +import org.apache.ignite.marshaller.jdk.JdkMarshaller; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; + +import static org.apache.ignite.events.EventType.EVT_NODE_FAILED; +import static org.apache.ignite.events.EventType.EVT_NODE_LEFT; + +/** + * Default Grid security Manager implementation. + */ +public class GridSecurityManagerImpl implements GridSecurityManager { + /** Local node's security context. */ + private SecurityContext locSecCtx; + + /** Current security context. */ + private final ThreadLocal curSecCtx = ThreadLocal.withInitial(this::localSecurityContext); + + /** Grid kernal context. */ + private final GridKernalContext ctx; + + /** Security processor. */ + private final GridSecurityProcessor secPrc; + + /** Must use JDK marshaller for Security Subject. */ + private final JdkMarshaller marsh; + + /** Map of security contexts. Key is node's id. */ + private final Map secCtxs = new ConcurrentHashMap<>(); + + /** Listener, thet removes absolet data from {@link #secCtxs}. */ + private DiscoveryEventListener lsnr; + + /** + * @param ctx Grid kernal context. + * @param secPrc Security processor. + */ + public GridSecurityManagerImpl(GridKernalContext ctx, GridSecurityProcessor secPrc) { + this.ctx = ctx; + this.secPrc = secPrc; + marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName()); + } + + /** {@inheritDoc} */ + @Override public GridSecuritySession context(SecurityContext secCtx) { + assert secCtx != null; + + SecurityContext old = curSecCtx.get(); + + curSecCtx.set(secCtx); + + return new GridSecuritySessionImpl(this, old); + } + + /** {@inheritDoc} */ + @Override public GridSecuritySession context(UUID nodeId) { + if (lsnr == null) { + lsnr = (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()); + + ctx.event().addDiscoveryEventListener(lsnr, EVT_NODE_FAILED, EVT_NODE_LEFT); + } + + return context( + secCtxs.computeIfAbsent(nodeId, + uuid -> nodeSecurityContext(ctx.discovery().node(uuid)) + ) + ); + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) + throws IgniteCheckedException { + return secPrc.authenticateNode(node, cred); + } + + /** {@inheritDoc} */ + @Override public boolean isGlobalNodeAuthentication() { + return secPrc.isGlobalNodeAuthentication(); + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { + return secPrc.authenticate(ctx); + } + + /** {@inheritDoc} */ + @Override public Collection authenticatedSubjects() throws IgniteCheckedException { + return secPrc.authenticatedSubjects(); + } + + /** {@inheritDoc} */ + @Override public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException { + return secPrc.authenticatedSubject(subjId); + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm) throws SecurityException { + SecurityContext secCtx = curSecCtx.get(); + + assert secCtx != null; + + secPrc.authorize(name, perm, secCtx); + } + + /** {@inheritDoc} */ + @Override public boolean enabled() { + return secPrc.enabled(); + } + + /** + * Getting local node's security context. + * + * @return Security context of local node. + */ + private SecurityContext localSecurityContext() { + SecurityContext res = locSecCtx; + + if (res == null) { + res = nodeSecurityContext(ctx.discovery().localNode()); + + locSecCtx = res; + } + + return res; + } + + /** + * Getting node's security context. + * + * @param node Node. + * @return Node's security context. + */ + private SecurityContext nodeSecurityContext(ClusterNode node) { + byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); + + byte[] subjBytesV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + + if (subjBytes == null && subjBytesV2 == null) + throw new SecurityException("Security context isn't certain."); + + try { + if (subjBytesV2 != null) + return U.unmarshal(marsh, subjBytesV2, U.resolveClassLoader(ctx.config())); + + try { + SecurityUtils.serializeVersion(1); + + return U.unmarshal(marsh, subjBytes, U.resolveClassLoader(ctx.config())); + } + finally { + SecurityUtils.restoreDefaultSerializeVersion(); + } + } + catch (IgniteCheckedException e) { + throw new IgniteException("Failed to get security context.", e); + } + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrapper.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrapper.java deleted file mode 100644 index 4ed32283f113a..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessorWrapper.java +++ /dev/null @@ -1,186 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.Collection; -import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.IgniteLogger; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteInternalFuture; -import org.apache.ignite.internal.util.tostring.GridToStringExclude; -import org.apache.ignite.lang.IgniteFuture; -import org.apache.ignite.plugin.security.AuthenticationContext; -import org.apache.ignite.plugin.security.SecurityCredentials; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecuritySubject; -import org.apache.ignite.spi.IgniteNodeValidationResult; -import org.apache.ignite.spi.discovery.DiscoveryDataBag; -import org.jetbrains.annotations.Nullable; - -/** - * Wrapper class for implementation of {@link GridSecurityProcessor}. - */ -public class GridSecurityProcessorWrapper implements GridSecurityProcessor { - /** Logger. */ - @GridToStringExclude - protected final IgniteLogger log; - - /** Kernal context. */ - protected final GridKernalContext ctx; - - /** Original security processor. */ - protected final GridSecurityProcessor original; - - /** - * @param ctx Grid kernal context. - * @param original Original grid security processor. - */ - public GridSecurityProcessorWrapper(GridKernalContext ctx, GridSecurityProcessor original) { - assert ctx != null; - assert original != null; - - this.ctx = ctx; - this.original = original; - - log = ctx.log(original.getClass()); - } - - /** - * @return Orginal GridSecurityProcessor. - */ - public GridSecurityProcessor original(){ - return original; - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticateNode(ClusterNode node, - SecurityCredentials cred) throws IgniteCheckedException { - return original.authenticateNode(node, cred); - } - - /** {@inheritDoc} */ - @Override public boolean isGlobalNodeAuthentication() { - return original.isGlobalNodeAuthentication(); - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { - return original.authenticate(ctx); - } - - /** {@inheritDoc} */ - @Override public Collection authenticatedSubjects() throws IgniteCheckedException { - return original.authenticatedSubjects(); - } - - /** {@inheritDoc} */ - @Override public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException { - return original.authenticatedSubject(subjId); - } - - /** {@inheritDoc} */ - @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) - throws SecurityException { - original.authorize(name, perm, securityCtx); - } - - /** {@inheritDoc} */ - @Override public void onSessionExpired(UUID subjId) { - original.onSessionExpired(subjId); - } - - /** {@inheritDoc} */ - @Override public boolean enabled() { - return original.enabled(); - } - - /** {@inheritDoc} */ - @Override public void start() throws IgniteCheckedException { - original.start(); - } - - /** {@inheritDoc} */ - @Override public void stop(boolean cancel) throws IgniteCheckedException { - original.stop(cancel); - } - - /** {@inheritDoc} */ - @Override public void onKernalStart(boolean active) throws IgniteCheckedException { - original.onKernalStart(active); - } - - /** {@inheritDoc} */ - @Override public void onKernalStop(boolean cancel) { - original.onKernalStop(cancel); - } - - /** {@inheritDoc} */ - @Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) { - original.collectJoiningNodeData(dataBag); - } - - /** {@inheritDoc} */ - @Override public void collectGridNodeData(DiscoveryDataBag dataBag) { - original.collectGridNodeData(dataBag); - } - - /** {@inheritDoc} */ - @Override public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) { - original.onGridDataReceived(data); - } - - /** {@inheritDoc} */ - @Override public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) { - original.onJoiningNodeDataReceived(data); - } - - /** {@inheritDoc} */ - @Override public void printMemoryStats() { - original.printMemoryStats(); - } - - /** {@inheritDoc} */ - @Override @Nullable public IgniteNodeValidationResult validateNode(ClusterNode node) { - return original.validateNode(node); - } - - /** {@inheritDoc} */ - @Override @Nullable public IgniteNodeValidationResult validateNode(ClusterNode node, - DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { - return original.validateNode(node, discoData); - } - - /** {@inheritDoc} */ - @Override @Nullable public DiscoveryDataExchangeType discoveryDataType() { - return original.discoveryDataType(); - } - - /** {@inheritDoc} */ - @Override public void onDisconnected(IgniteFuture reconnectFut) throws IgniteCheckedException { - original.onDisconnected(reconnectFut); - } - - /** {@inheritDoc} */ - @Override @Nullable public IgniteInternalFuture onReconnected(boolean clusterRestarted) - throws IgniteCheckedException { - return original.onReconnected(clusterRestarted); - } -} \ No newline at end of file diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java new file mode 100644 index 0000000000000..207cdffcb2dc5 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java @@ -0,0 +1,9 @@ +package org.apache.ignite.internal.processors.security; + +/** + * Representation of Grid Security Session. + */ +public interface GridSecuritySession extends AutoCloseable { + /** {@inheritDoc} */ + @Override public void close(); +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java new file mode 100644 index 0000000000000..e776f3da4ba4b --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java @@ -0,0 +1,26 @@ +package org.apache.ignite.internal.processors.security; + +/** + * + */ +public class GridSecuritySessionImpl implements GridSecuritySession { + /** Grid Security Manager. */ + private final GridSecurityManager mngr; + + /** Security context. */ + private final SecurityContext secCtx; + + /** + * @param mngr Grid Security Manager. + * @param secCtx Security context. + */ + public GridSecuritySessionImpl(GridSecurityManager mngr, SecurityContext secCtx) { + this.mngr = mngr; + this.secCtx = secCtx; + } + + /** {@inheritDoc} */ + @Override public void close() { + mngr.context(secCtx); + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/RemoteInitiator.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/RemoteInitiator.java deleted file mode 100644 index 264d77930462b..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/RemoteInitiator.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.UUID; - -/** - * Remoute initiator data. - */ -public class RemoteInitiator { - /** Node id. */ - private UUID nodeId; - - /** Security context. */ - private SecurityContext secCtx; - - /** - * @param nodeId Node id. - */ - public RemoteInitiator(UUID nodeId) { - this.nodeId = nodeId; - } - - /** - * @param secCtx Security context. - */ - public RemoteInitiator(SecurityContext secCtx) { - this.secCtx = secCtx; - } - - /** - * @return Node id. - */ - public UUID nodeId() { - return nodeId; - } - - /** - * @return Security context. - */ - public SecurityContext securityContext() { - return secCtx; - } -} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java deleted file mode 100644 index 89f578704532e..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextResolverSecurityProcessor.java +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; -import java.util.function.Function; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.IgniteException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.events.DiscoveryEvent; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteNodeAttributes; -import org.apache.ignite.internal.managers.discovery.DiscoCache; -import org.apache.ignite.internal.managers.eventstorage.DiscoveryEventListener; -import org.apache.ignite.internal.util.typedef.internal.U; -import org.apache.ignite.marshaller.MarshallerUtils; -import org.apache.ignite.marshaller.jdk.JdkMarshaller; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; - -import static org.apache.ignite.events.EventType.EVT_NODE_FAILED; -import static org.apache.ignite.events.EventType.EVT_NODE_LEFT; - -/** - * Wrapper that provides getting current security context for the {@link GridSecurityProcessor#authorize(String, - * SecurityPermission, SecurityContext)} method. - */ -public class SecurityContextResolverSecurityProcessor extends GridSecurityProcessorWrapper { - /** Local node's security context. */ - private SecurityContext locSecCtx; - - /** Must use JDK marshaller for Security Subject. */ - private final JdkMarshaller marsh; - - /** Map of security contexts. Key is node's id. */ - private final Map secCtxs = new ConcurrentHashMap<>(); - - /** - * @param ctx Grid kernal context. - * @param original Original grid security processor. - */ - public SecurityContextResolverSecurityProcessor(GridKernalContext ctx, GridSecurityProcessor original) { - super(ctx, original); - - marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName()); - } - - /** {@inheritDoc} */ - @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) - throws SecurityException { - if (enabled()) { - SecurityContext curSecCtx = securityCtx(securityCtx); - - if (log.isDebugEnabled()) - log.debug("Authorize [name=" + name + ", perm=" + perm + "secCtx=" + curSecCtx + ']'); - - original.authorize(name, perm, curSecCtx); - } - } - - /** {@inheritDoc} */ - @Override public void onKernalStart(boolean active) throws IgniteCheckedException { - super.onKernalStart(active); - - if (enabled()) { - ctx.event().addDiscoveryEventListener(new DiscoveryEventListener() { - @Override public void onEvent(DiscoveryEvent evt, DiscoCache discoCache) { - secCtxs.remove(evt.eventNode().id()); - } - }, EVT_NODE_FAILED, EVT_NODE_LEFT); - } - } - - /** - * Get current initiator data. - * - * @return Initiator node's id. - */ - private RemoteInitiator currentRemoteInitiator() { - return CurrentRemoteInitiator.get(); - } - - /** - * Getting current security context. - * - * @param passed Security context that was passed to {@link #authorize(String, SecurityPermission, - * SecurityContext)}. - * @return Current security context. - */ - private SecurityContext securityCtx(SecurityContext passed) { - SecurityContext res = passed; - - if (res == null) { - res = currentRemoteInitiatorContext(); - - if (res == null) - res = localSecurityContext(); - } - else { - /*If the SecurityContext was passed and there is a current remote initiator - then we have got an invalid case.*/ - assert currentRemoteInitiator() == null; - } - - assert res != null; - - return res; - } - - /** - * Getting current initiator node's security context. - * - * @return Security context of initiator node. - */ - private SecurityContext currentRemoteInitiatorContext() { - SecurityContext secCtx = null; - - final RemoteInitiator cur = currentRemoteInitiator(); - - if (cur != null) { - if (cur.securityContext() != null) - secCtx = cur.securityContext(); - else { - UUID nodeId = cur.nodeId(); - - secCtx = secCtxs.computeIfAbsent(nodeId, - new Function() { - @Override public SecurityContext apply(UUID uuid) { - return nodeSecurityContext(ctx.discovery().node(nodeId)); - - } - }); - } - } - - return secCtx; - } - - /** - * Getting local node's security context. - * - * @return Security context of local node. - */ - private SecurityContext localSecurityContext() { - SecurityContext res = locSecCtx; - - if (res == null) { - res = nodeSecurityContext(ctx.discovery().localNode()); - - locSecCtx = res; - } - - return res; - } - - /** - * Getting node's security context. - * - * @param node Node. - * @return Node's security context. - */ - private SecurityContext nodeSecurityContext(ClusterNode node) { - byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); - - byte[] subjBytesV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - - if (subjBytes == null && subjBytesV2 == null) - throw new SecurityException("Security context isn't certain."); - - try { - if (subjBytesV2 != null) - return U.unmarshal(marsh, subjBytesV2, U.resolveClassLoader(ctx.config())); - - try { - SecurityUtils.serializeVersion(1); - - return U.unmarshal(marsh, subjBytes, U.resolveClassLoader(ctx.config())); - } - finally { - SecurityUtils.restoreDefaultSerializeVersion(); - } - } - catch (IgniteCheckedException e) { - throw new IgniteException("Failed to get security context.", e); - } - } -} diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java index e42fc6a9b3380..caaa31d00fd56 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java @@ -2029,7 +2029,7 @@ private void checkSecurity(Collection cacheIds) { DynamicCacheDescriptor desc = ctx.cache().cacheDescriptor(cacheId); if (desc != null) - ctx.security().authorize(desc.cacheName(), SecurityPermission.CACHE_READ, null); + ctx.security().authorize(desc.cacheName(), SecurityPermission.CACHE_READ); } } diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java index 6308eab05e312..46e37c75032b2 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java @@ -326,7 +326,7 @@ else if (stmt0 instanceof GridSqlDropIndex) { } } else if (stmt0 instanceof GridSqlCreateTable) { - ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, null); + ctx.security().authorize(SecurityPermission.CACHE_CREATE); GridSqlCreateTable cmd = (GridSqlCreateTable)stmt0; @@ -359,7 +359,7 @@ else if (stmt0 instanceof GridSqlCreateTable) { } } else if (stmt0 instanceof GridSqlDropTable) { - ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, null); + ctx.security().authorize(SecurityPermission.CACHE_DESTROY); GridSqlDropTable cmd = (GridSqlDropTable)stmt0; From fd21279dc298aa9246513532b6f5772186c59ad4 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 7 Dec 2018 15:30:47 +0300 Subject: [PATCH 27/98] IGNITE-9560 fix comments --- .../managers/communication/GridIoManager.java | 4 +- .../processors/cache/GridCacheProcessor.java | 99 +++++++------------ .../odbc/ClientListenerNioListener.java | 2 +- .../processors/rest/GridRestProcessor.java | 2 +- .../security/GridSecurityManager.java | 43 +++----- .../security/GridSecurityManagerImpl.java | 19 +--- .../security/GridSecurityProcessor.java | 12 --- .../security/GridSecuritySessionImpl.java | 2 +- .../security/AbstractCacheSecurityTest.java | 6 +- .../AbstractResolveSecurityContextTest.java | 4 +- .../security/AbstractSecurityTest.java | 4 +- .../TestSecurityPluginConfiguration.java | 16 +-- .../security/TestSecurityProcessor.java | 4 +- .../cache/EntryProcessorSecurityTest.java | 8 +- .../security/cache/LoadCacheSecurityTest.java | 4 +- .../security/cache/ScanQuerySecurityTest.java | 26 ++--- .../client/ThinClientSecurityTest.java | 46 +++++---- .../IgniteDataStreamerSecurityTest.java | 2 +- .../messaging/IgniteMessagingTest.java | 3 +- 19 files changed, 120 insertions(+), 186 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 7b780fea04f29..21d6ef432fc9a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -1565,7 +1565,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - try(GridSecuritySession s = ctx.security().context(nodeId)) { + try(GridSecuritySession s = ctx.security().startSession(nodeId)) { lsnr.onMessage(nodeId, msg, plc); } finally { @@ -2556,7 +2556,7 @@ private class GridUserMessageListener implements GridMessageListener { if (msgBody != null) { if (predLsnr != null) { - try(GridSecuritySession s = ctx.security().context(initNodeId)) { + try(GridSecuritySession s = ctx.security().startSession(initNodeId)) { if (!predLsnr.apply(nodeId, msgBody)) removeMessageListener(TOPIC_COMM_USER, this); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index 3a4370b32c8cb..a355eb07c37bc 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -3188,9 +3188,33 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, StringBuilder errorMessage = new StringBuilder(); - errorMessage.append(authoritizeCreateCache(node, nodeData)); + SecurityContext secCtx = null; + + byte[] secCtxBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + + if (secCtxBytes != null) { + try { + secCtx = U.unmarshal(marsh, secCtxBytes, U.resolveClassLoader(ctx.config())); + }catch (IgniteCheckedException ex){ + errorMessage.append(ex.getMessage()); + } + } for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { + try { + if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) { + try (GridSecuritySession s = ctx.security().startSession(secCtx)) { + authorizeCacheCreate(cacheInfo.cacheData().config()); + } + } + } + catch (SecurityException ex) { + if (errorMessage.length() > 0) + errorMessage.append("\n"); + + errorMessage.append(ex.getMessage()); + } + DynamicCacheDescriptor localDesc = cacheDescriptor(cacheInfo.cacheData().config().getName()); if (localDesc == null) @@ -3199,12 +3223,14 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, QuerySchemaPatch schemaPatch = localDesc.makeSchemaPatch(cacheInfo.cacheData().queryEntities()); if (schemaPatch.hasConflicts() || (isGridActive && !schemaPatch.isEmpty())) { + if (errorMessage.length() > 0) + errorMessage.append("\n"); + if (schemaPatch.hasConflicts()) - appendOnNewLine(errorMessage, String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, + errorMessage.append(String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, localDesc.cacheName(), schemaPatch.getConflictsMessage())); else - appendOnNewLine(errorMessage, String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, - localDesc.cacheName())); + errorMessage.append(String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, localDesc.cacheName())); } } @@ -3218,56 +3244,6 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, return null; } - /** - * @param sb String Builder. - * @param val Value. - */ - private void appendOnNewLine(StringBuilder sb, String val){ - if (sb.length() > 0) - sb.append("\n"); - - sb.append(val); - } - - /** - * Check permission for cache creation. - * - * @param node Cluste node. - * @param nodeData Discovery data. - * @return String with an error message. - */ - private String authoritizeCreateCache(ClusterNode node, CacheJoinNodeDiscoveryData nodeData) { - StringBuilder sb = new StringBuilder(); - - try { - byte[] secCtxBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - - if (secCtxBytes != null) { - SecurityContext secCtx = U.unmarshal(marsh, secCtxBytes, U.resolveClassLoader(ctx.config())); - - for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { - try { - if (cacheInfo.cacheType() == CacheType.USER) { - try (GridSecuritySession s = ctx.security().context(secCtx)) { - ctx.security().authorize(SecurityPermission.CACHE_CREATE); - } - - securityCheckOnheapCacheEnabled(cacheInfo.cacheData().config()); - } - } - catch (SecurityException ex) { - appendOnNewLine(sb, ex.getMessage()); - } - } - } - } - catch (IgniteCheckedException e) { - sb.append(e.getMessage()); - } - - return sb.toString(); - } - /** * @param msg Message. */ @@ -4200,11 +4176,13 @@ private Collection initiateCacheChanges( } /** - * Сheck of IGNITE_DISABLE_ONHEAP_CACHE system property. + * Authorize creating cache. * - * @param cfg Cache config. + * @param cfg Cache configuration. */ - private void securityCheckOnheapCacheEnabled(CacheConfiguration cfg) { + private void authorizeCacheCreate(CacheConfiguration cfg) { + ctx.security().authorize(SecurityPermission.CACHE_CREATE); + if (cfg != null && cfg.isOnheapCacheEnabled() && IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DISABLE_ONHEAP_CACHE)) throw new SecurityException("Authorization failed for enabling on-heap cache."); @@ -4219,11 +4197,8 @@ private void authorizeCacheChange(DynamicCacheChangeRequest req) { if (req.cacheType() == null || req.cacheType() == CacheType.USER) { if (req.stop()) ctx.security().authorize(SecurityPermission.CACHE_DESTROY); - else{ - ctx.security().authorize(SecurityPermission.CACHE_CREATE); - - securityCheckOnheapCacheEnabled(req.startCacheConfiguration()); - } + else + authorizeCacheCreate(req.startCacheConfiguration()); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java index 67d35527832c9..71a64d1e4246d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java @@ -168,7 +168,7 @@ public ClientListenerNioListener(GridKernalContext ctx, GridSpinBusyLock busyLoc if (authCtx != null) AuthorizationContext.context(authCtx); - try(GridSecuritySession s = ctx.security().context(connCtx.securityContext())) { + try(GridSecuritySession s = ctx.security().startSession(connCtx.securityContext())) { resp = handler.handle(req); } finally { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index 59e8a27517fd9..97ee9150a2d53 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -270,7 +270,7 @@ private IgniteInternalFuture handleRequest(final GridRestReque if (secCtx0 == null || ses.isTokenExpired(sesTokTtl)) ses.secCtx = secCtx0 = authenticate(req, ses); - try(GridSecuritySession s = ctx.security().context(secCtx0)) { + try(GridSecuritySession s = ctx.security().startSession(secCtx0)) { authorize(req); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java index 97abc9cf692b2..48eb0bbbbff63 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java @@ -16,64 +16,47 @@ public interface GridSecurityManager { /** * Create {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link - * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until session - * {@link GridSecuritySession} will be closed. + * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until + * session {@link GridSecuritySession} will be closed. * * @param secCtx Security Context. * @return Grid security Session. */ - public GridSecuritySession context(SecurityContext secCtx); + public GridSecuritySession startSession(SecurityContext secCtx); /** * Create {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link - * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by node - * with given noddeId until session {@link GridSecuritySession} will be closed. + * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by + * node with given noddeId until session {@link GridSecuritySession} will be closed. * * @param nodeId Node id. * @return Grid security Session. */ - public GridSecuritySession context(UUID nodeId); + public GridSecuritySession startSession(UUID nodeId); /** - * Authenticates grid node with it's attributes via underlying Authenticator. - * - * @param node Node id to authenticate. - * @param cred Security credentials. - * @return {@code True} if succeeded, {@code false} otherwise. - * @throws IgniteCheckedException If error occurred. + * Delegate call to {@link GridSecurityProcessor#authenticateNode(org.apache.ignite.cluster.ClusterNode, + * org.apache.ignite.plugin.security.SecurityCredentials)} */ public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException; /** - * Gets flag indicating whether all nodes or coordinator only should run the authentication for joining node. - * - * @return {@code True} if all nodes should run authentication process, {@code false} otherwise. + * Delegate call to {@link GridSecurityProcessor#isGlobalNodeAuthentication()} */ public boolean isGlobalNodeAuthentication(); /** - * Authenticates subject via underlying Authenticator. - * - * @param ctx Authentication context. - * @return {@code True} if succeeded, {@code false} otherwise. - * @throws IgniteCheckedException If error occurred. + * Delegate call to {@link GridSecurityProcessor#authenticate(AuthenticationContext)} */ public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException; /** - * Gets collection of authenticated nodes. - * - * @return Collection of authenticated nodes. - * @throws IgniteCheckedException If error occurred. + * Delegate call to {@link GridSecurityProcessor#authenticatedSubjects()} */ public Collection authenticatedSubjects() throws IgniteCheckedException; /** - * Gets authenticated node subject. - * - * @param subjId Subject ID. - * @return Security subject. - * @throws IgniteCheckedException If error occurred. + * Delegate call to {@link GridSecurityProcessor#authenticatedSubject(UUID)} */ public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException; @@ -97,7 +80,7 @@ public default void authorize(SecurityPermission perm) throws SecurityException } /** - * @return GridSecurityProcessor is enable. + * Delegate call to {@link GridSecurityProcessor#enabled()} */ public boolean enabled(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java index 9a3cef3296a07..b89ef19f321f1 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java @@ -26,9 +26,6 @@ * Default Grid security Manager implementation. */ public class GridSecurityManagerImpl implements GridSecurityManager { - /** Local node's security context. */ - private SecurityContext locSecCtx; - /** Current security context. */ private final ThreadLocal curSecCtx = ThreadLocal.withInitial(this::localSecurityContext); @@ -58,7 +55,7 @@ public GridSecurityManagerImpl(GridKernalContext ctx, GridSecurityProcessor secP } /** {@inheritDoc} */ - @Override public GridSecuritySession context(SecurityContext secCtx) { + @Override public GridSecuritySession startSession(SecurityContext secCtx) { assert secCtx != null; SecurityContext old = curSecCtx.get(); @@ -69,14 +66,14 @@ public GridSecurityManagerImpl(GridKernalContext ctx, GridSecurityProcessor secP } /** {@inheritDoc} */ - @Override public GridSecuritySession context(UUID nodeId) { + @Override public GridSecuritySession startSession(UUID nodeId) { if (lsnr == null) { lsnr = (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()); ctx.event().addDiscoveryEventListener(lsnr, EVT_NODE_FAILED, EVT_NODE_LEFT); } - return context( + return startSession( secCtxs.computeIfAbsent(nodeId, uuid -> nodeSecurityContext(ctx.discovery().node(uuid)) ) @@ -129,15 +126,7 @@ public GridSecurityManagerImpl(GridKernalContext ctx, GridSecurityProcessor secP * @return Security context of local node. */ private SecurityContext localSecurityContext() { - SecurityContext res = locSecCtx; - - if (res == null) { - res = nodeSecurityContext(ctx.discovery().localNode()); - - locSecCtx = res; - } - - return res; + return nodeSecurityContext(ctx.discovery().localNode()); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java index 05c14451bf5f8..3eb1497206e7a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java @@ -86,18 +86,6 @@ public interface GridSecurityProcessor extends GridProcessor { public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException; - /** - * Authorizes grid operation. - * - * @param name Cache name or task class name. - * @param perm Permission to authorize. - * @throws SecurityException If security check failed. - */ - public default void authorize(String name, SecurityPermission perm) - throws SecurityException{ - authorize(name, perm, null); - } - /** * Callback invoked when subject session got expired. * diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java index e776f3da4ba4b..d2608761f47a0 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java @@ -21,6 +21,6 @@ public GridSecuritySessionImpl(GridSecurityManager mngr, SecurityContext secCtx) /** {@inheritDoc} */ @Override public void close() { - mngr.context(secCtx); + mngr.startSession(secCtx); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java index 8abe4ee6d0e31..82e6a179ca4e1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java @@ -28,7 +28,7 @@ */ public abstract class AbstractCacheSecurityTest extends AbstractResolveSecurityContextTest { /** Cache name for tests. */ - protected static final String CACHE_WITHOUT_PERMS = "SECOND_TEST_CACHE"; + protected static final String CACHE_READ_ONLY_PERM = "CACHE_READ_ONLY_PERM"; /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { @@ -46,7 +46,7 @@ protected CacheConfiguration[] getCacheConfigurations() { .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false), new CacheConfiguration<>() - .setName(CACHE_WITHOUT_PERMS) + .setName(CACHE_READ_ONLY_PERM) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false) }; @@ -59,7 +59,7 @@ protected CacheConfiguration[] getCacheConfigurations() { * @return Key. */ protected Integer primaryKey(IgniteEx ignite) { - Affinity affinity = ignite.affinity(CACHE_WITHOUT_PERMS); + Affinity affinity = ignite.affinity(CACHE_READ_ONLY_PERM); int i = 0; do { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java index b82e34e413d70..9204b234bd212 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java @@ -58,9 +58,9 @@ public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - srvAllPerms = startGrid("srv_all_perms", allowAll()); + srvAllPerms = startGrid("srv_all_perms", allowAllPermissionSet()); - clntAllPerms = startGrid("clnt_all_perms", allowAll(), true); + clntAllPerms = startGrid("clnt_all_perms", allowAllPermissionSet(), true); srvReadOnlyPerm = startGrid("srv_read_only_perm", builder().defaultAllowAll(true) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index f426e80456784..b05547bf68d8c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -127,9 +127,9 @@ protected SecurityPermissionSetBuilder builder() { } /** - * Getting allow all security permissions. + * Getting allow all security permission set. */ - protected SecurityPermissionSet allowAll() { + protected SecurityPermissionSet allowAllPermissionSet() { return builder().defaultAllowAll(true).build(); } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java index d3bec4ee2948a..2879518d0fa91 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java @@ -30,8 +30,8 @@ public class TestSecurityPluginConfiguration implements PluginConfiguration { /** Node security data. */ private TestSecurityData nodeSecData = new TestSecurityData(); - /** Clients security data. */ - private Collection clientsSecData = Collections.emptyList(); + /** Thin clients security data. */ + private Collection thinClientsSecData = Collections.emptyList(); /** Security processor class name. */ private String secProcCls; @@ -101,19 +101,19 @@ public TestSecurityData nodeSecData() { } /** - * @param data Array of client security data. + * @param data Array of thin client security data. */ - public TestSecurityPluginConfiguration clientSecData(TestSecurityData... data) { - clientsSecData = Collections.unmodifiableCollection(Arrays.asList(data)); + public TestSecurityPluginConfiguration thinClientSecData(TestSecurityData... data) { + thinClientsSecData = Collections.unmodifiableCollection(Arrays.asList(data)); return this; } /** - * @return Collection of client security data. + * @return Collection of thin client security data. */ - public Collection clientsSecData() { - return clientsSecData; + public Collection thinClientsSecData() { + return thinClientsSecData; } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java index 3db93bfe7c8fb..ffdcf98a1501c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java @@ -130,7 +130,7 @@ public TestSecurityProcessor(GridKernalContext ctx) { ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, nodeSecData.credentials()); - for (TestSecurityData data : configuration().clientsSecData()) + for (TestSecurityData data : configuration().thinClientsSecData()) PERMS.put(data.credentials(), data.getPermissions()); } @@ -140,7 +140,7 @@ public TestSecurityProcessor(GridKernalContext ctx) { PERMS.remove(configuration().nodeSecData().credentials()); - for (TestSecurityData data : configuration().clientsSecData()) + for (TestSecurityData data : configuration().thinClientsSecData()) PERMS.remove(data.credentials()); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java index be2309a189439..3191169b8421f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java @@ -85,7 +85,7 @@ private void forbiddenCall(Runnable r) { * @param remote Remote. */ private void invoke(IgniteEx initiator, IgniteEx remote) { - initiator.cache(CACHE_WITHOUT_PERMS).invoke( + initiator.cache(CACHE_READ_ONLY_PERM).invoke( primaryKey(remote), new TestEntryProcessor(remote.localNode().id()) ); @@ -96,7 +96,7 @@ private void invoke(IgniteEx initiator, IgniteEx remote) { * @param remote Remote. */ private void invokeAsync(IgniteEx initiator, IgniteEx remote) { - initiator.cache(CACHE_WITHOUT_PERMS).invokeAsync( + initiator.cache(CACHE_READ_ONLY_PERM).invokeAsync( primaryKey(remote), new TestEntryProcessor(remote.localNode().id()) ).get(); @@ -107,7 +107,7 @@ private void invokeAsync(IgniteEx initiator, IgniteEx remote) { * @param remote Remote. */ private void invokeAll(IgniteEx initiator, IgniteEx remote) { - initiator.cache(CACHE_WITHOUT_PERMS).invokeAll( + initiator.cache(CACHE_READ_ONLY_PERM).invokeAll( Collections.singleton(primaryKey(remote)), new TestEntryProcessor(remote.localNode().id()) ).values().stream().findFirst().ifPresent(EntryProcessorResult::get); @@ -118,7 +118,7 @@ private void invokeAll(IgniteEx initiator, IgniteEx remote) { * @param remote Remote. */ private void invokeAllAsync(IgniteEx initiator, IgniteEx remote) { - initiator.cache(CACHE_WITHOUT_PERMS).invokeAllAsync( + initiator.cache(CACHE_READ_ONLY_PERM).invokeAllAsync( Collections.singleton(primaryKey(remote)), new TestEntryProcessor(remote.localNode().id()) ).get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java index 5297c033feb0d..7a30e665d16a9 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java @@ -43,7 +43,7 @@ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false), new CacheConfiguration() - .setName(CACHE_WITHOUT_PERMS) + .setName(CACHE_READ_ONLY_PERM) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false) .setCacheStoreFactory(new TestStoreFactory()) @@ -75,7 +75,7 @@ private Integer load(IgniteEx initiator, IgniteEx remote, String key) { Integer val = values.getAndIncrement(); - initiator.cache(CACHE_WITHOUT_PERMS).loadCache( + initiator.cache(CACHE_READ_ONLY_PERM).loadCache( new TestClosure(remote.localNode().id(), key, val) ); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java index 6cdd35b5b3cda..7e452c8549032 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java @@ -37,39 +37,39 @@ public class ScanQuerySecurityTest extends AbstractCacheSecurityTest { */ public void testScanQuery() throws Exception { putTestData(srvAllPerms, CACHE_NAME); - putTestData(srvAllPerms, CACHE_WITHOUT_PERMS); + putTestData(srvAllPerms, CACHE_READ_ONLY_PERM); awaitPartitionMapExchange(); assertAllowed(() -> query(clntAllPerms, srvAllPerms, CACHE_NAME, "key")); assertAllowed(() -> query(srvAllPerms, srvAllPerms, CACHE_NAME, "key")); - assertAllowed(() -> query(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS, "key")); - assertAllowed(() -> query(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS, "key")); + assertAllowed(() -> query(clntAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, "key")); + assertAllowed(() -> query(srvAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, "key")); assertAllowed(() -> transform(clntAllPerms, srvAllPerms, CACHE_NAME, "key")); assertAllowed(() -> transform(srvAllPerms, srvAllPerms, CACHE_NAME, "key")); - assertAllowed(() -> transform(clntAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS, "key")); - assertAllowed(() -> transform(srvAllPerms, srvAllPerms, CACHE_WITHOUT_PERMS, "key")); + assertAllowed(() -> transform(clntAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, "key")); + assertAllowed(() -> transform(srvAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, "key")); assertAllowed(() -> query(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); assertAllowed(() -> query(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); - assertAllowed(() -> query(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS, "key")); - assertAllowed(() -> query(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS, "key")); + assertAllowed(() -> query(clntAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, "key")); + assertAllowed(() -> query(srvAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, "key")); assertAllowed(() -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); assertAllowed(() -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); - assertAllowed(() -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS, "key")); - assertAllowed(() -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_WITHOUT_PERMS, "key")); + assertAllowed(() -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, "key")); + assertAllowed(() -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, "key")); assertForbidden(() -> query(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); assertForbidden(() -> query(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); - assertForbidden(() -> query(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS, "fail_key")); - assertForbidden(() -> query(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS, "fail_key")); + assertForbidden(() -> query(clntReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, "fail_key")); + assertForbidden(() -> query(srvReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, "fail_key")); assertForbidden(() -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); assertForbidden(() -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); - assertForbidden(() -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS, "fail_key")); - assertForbidden(() -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_WITHOUT_PERMS, "fail_key")); + assertForbidden(() -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, "fail_key")); + assertForbidden(() -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, "fail_key")); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java index f38919115cedb..1866a2bde71f1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java @@ -67,7 +67,7 @@ public class ThinClientSecurityTest extends AbstractSecurityTest { private static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; /** Cache to test system oper permissions. */ - private static final String SYS_OPER_CACHE = "SYS_OPER_TEST_CACHE"; + private static final String DYNAMIC_CACHE = "DYNAMIC_TEST_CACHE"; /** Remove all task name. */ public static final String REMOVE_ALL_TASK = @@ -105,8 +105,8 @@ protected IgniteConfiguration getConfiguration(int idx, new TestSecurityPluginConfiguration() .setSecurityProcessorClass(TEST_SECURITY_PROCESSOR) .setLogin("srv_" + instanceName) - .setPermissions(allowAll()) - .clientSecData(clientData) + .setPermissions(allowAllPermissionSet()) + .thinClientSecData(clientData) ) .setCacheConfiguration( new CacheConfiguration().setName(CACHE), @@ -151,25 +151,25 @@ protected IgniteConfiguration getConfiguration(int idx, * @throws Exception If error occurs. */ public void testCacheSinglePermOperations() throws Exception { - executeOperation(c -> c.cache(CACHE).put("key", "value")); + executeOperation(CLIENT, c -> c.cache(CACHE).put("key", "value")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).put("key", "value")); Map map = new HashMap<>(); map.put("key", "value"); - executeOperation(c -> c.cache(CACHE).putAll(map)); + executeOperation(CLIENT, c -> c.cache(CACHE).putAll(map)); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).putAll(map)); - executeOperation(c -> c.cache(CACHE).get("key")); + executeOperation(CLIENT, c -> c.cache(CACHE).get("key")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).get("key")); - executeOperation(c -> c.cache(CACHE).getAll(Collections.singleton("key"))); + executeOperation(CLIENT, c -> c.cache(CACHE).getAll(Collections.singleton("key"))); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAll(Collections.singleton("key"))); - executeOperation(c -> c.cache(CACHE).containsKey("key")); + executeOperation(CLIENT, c -> c.cache(CACHE).containsKey("key")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).containsKey("key")); - executeOperation(c -> c.cache(CACHE).remove("key")); + executeOperation(CLIENT, c -> c.cache(CACHE).remove("key")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).remove("key")); } @@ -177,19 +177,19 @@ public void testCacheSinglePermOperations() throws Exception { * @throws Exception If error occurs. */ public void testCacheMultiplePermOperations() throws Exception { - executeOperation(c -> c.cache(CACHE).replace("key", "value")); + executeOperation(CLIENT, c -> c.cache(CACHE).replace("key", "value")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).replace("key", "value")); - executeOperation(c -> c.cache(CACHE).putIfAbsent("key", "value")); + executeOperation(CLIENT, c -> c.cache(CACHE).putIfAbsent("key", "value")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).putIfAbsent("key", "value")); - executeOperation(c -> c.cache(CACHE).getAndPut("key", "value")); + executeOperation(CLIENT, c -> c.cache(CACHE).getAndPut("key", "value")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAndPut("key", "value")); - executeOperation(c -> c.cache(CACHE).getAndRemove("key")); + executeOperation(CLIENT, c -> c.cache(CACHE).getAndRemove("key")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAndRemove("key")); - executeOperation(c -> c.cache(CACHE).getAndReplace("key", "value")); + executeOperation(CLIENT, c -> c.cache(CACHE).getAndReplace("key", "value")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAndReplace("key", "value")); } @@ -200,10 +200,8 @@ public void testCacheMultiplePermOperations() throws Exception { * @throws Exception If error occurs. */ public void testCacheTaskPermOperations() throws Exception { - try (IgniteClient client = startClient(CLIENT_CACHE_TASK_OPER)) { - client.cache(CACHE).removeAll(); - client.cache(CACHE).clear(); - } + executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).removeAll()); + executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).clear()); executeForbiddenOperation(c -> c.cache(CACHE).removeAll()); executeForbiddenOperation(c -> c.cache(CACHE).clear()); @@ -214,12 +212,12 @@ public void testCacheTaskPermOperations() throws Exception { */ public void testSysOperation() throws Exception { try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { - assertThat(sysPrmClnt.createCache(SYS_OPER_CACHE), notNullValue()); + assertThat(sysPrmClnt.createCache(DYNAMIC_CACHE), notNullValue()); - sysPrmClnt.destroyCache(SYS_OPER_CACHE); + sysPrmClnt.destroyCache(DYNAMIC_CACHE); try { - sysPrmClnt.cache(SYS_OPER_CACHE).put("key", "any value"); + sysPrmClnt.cache(DYNAMIC_CACHE).put("key", "any value"); fail(); } @@ -228,15 +226,15 @@ public void testSysOperation() throws Exception { } } - executeForbiddenOperation(c -> c.createCache(SYS_OPER_CACHE)); + executeForbiddenOperation(c -> c.createCache(DYNAMIC_CACHE)); executeForbiddenOperation(c -> c.destroyCache(CACHE)); } /** * @param cons Consumer. */ - private void executeOperation(Consumer cons) throws Exception { - try (IgniteClient client = startClient(CLIENT)) { + private void executeOperation(String clientName, Consumer cons) throws Exception { + try (IgniteClient client = startClient(clientName)) { cons.accept(client); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java index bc69d3288a85b..28de83adf08dc 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java @@ -55,7 +55,7 @@ public void testDataStreamer() { private Integer load(IgniteEx initiator, IgniteEx remote, String key) { Integer val = values.getAndIncrement(); - try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_WITHOUT_PERMS)) { + try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_READ_ONLY_PERM)) { strm.receiver( StreamVisitor.from( new TestClosure(remote.localNode().id(), key, val) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java index 6d667a6f3275e..06a9b12f0721c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java @@ -44,8 +44,9 @@ public class IgniteMessagingTest extends AbstractResolveSecurityContextTest { /** Sever node that hasn't permissions for TEST_CACHE. */ private IgniteEx evntNotPerms; + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - evntAllPerms = startGrid("evnt_all_perms", allowAll()); + evntAllPerms = startGrid("evnt_all_perms", allowAllPermissionSet()); evntNotPerms = startGrid("evnt_not_perms", builder().defaultAllowAll(true) From ecd56e0ab5d462ea941a4044f6ce40a36e8189fc Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 10 Dec 2018 11:30:19 +0300 Subject: [PATCH 28/98] IGNITE-9560 fix comments --- .../AbstractResolveSecurityContextTest.java | 29 ++++--- .../security/cache/LoadCacheSecurityTest.java | 27 +++---- .../security/cache/ScanQuerySecurityTest.java | 79 ++++++++----------- .../ExecuteServiceTaskSecurityTest.java | 35 ++++---- .../IgniteDataStreamerSecurityTest.java | 25 +++--- .../messaging/IgniteMessagingTest.java | 63 +++++++++------ 6 files changed, 127 insertions(+), 131 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java index 9204b234bd212..519e7071fc588 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java @@ -18,11 +18,12 @@ package org.apache.ignite.internal.processor.security; import java.util.concurrent.atomic.AtomicInteger; -import java.util.function.Supplier; +import java.util.function.Consumer; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; @@ -82,21 +83,31 @@ public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { .setReadFromBackup(false)); } + private T2 entry(){ + int val = values.incrementAndGet(); + + return new T2<>("key_" + val, -1 * val); + } + /** - * @param s Supplier. + * @param c Consumer. */ - protected void assertAllowed(Supplier s) { - Integer val = s.get(); + protected void assertAllowed(Consumer> c) { + T2 entry = entry(); - assertThat(srvAllPerms.cache(CACHE_NAME).get("key"), is(val)); + c.accept(entry); + + assertThat(srvAllPerms.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); } /** - * @param s Supplier. + * @param c Consumer. */ - protected void assertForbidden(Supplier s) { + protected void assertForbidden(Consumer> c) { + T2 entry = entry(); + try { - s.get(); + c.accept(entry); fail("Should not happen"); } @@ -104,7 +115,7 @@ protected void assertForbidden(Supplier s) { assertThat(X.cause(e, SecurityException.class), notNullValue()); } - assertThat(srvAllPerms.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertThat(srvAllPerms.cache(CACHE_NAME).get(entry.getKey()), nullValue()); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java index 7a30e665d16a9..535437d16f116 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java @@ -27,6 +27,7 @@ import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; +import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.resources.IgniteInstanceResource; @@ -54,32 +55,26 @@ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { * */ public void testLoadCache() { - assertAllowed(() -> load(clntAllPerms, srvAllPerms, "key")); - assertAllowed(() -> load(clntAllPerms, srvReadOnlyPerm, "key")); - assertAllowed(() -> load(srvAllPerms, srvAllPerms, "key")); - assertAllowed(() -> load(srvAllPerms, srvReadOnlyPerm, "key")); - - assertForbidden(() -> load(clntReadOnlyPerm, srvAllPerms, "fail_key")); - assertForbidden(() -> load(srvReadOnlyPerm, srvAllPerms, "fail_key")); - assertForbidden(() -> load(srvReadOnlyPerm, srvReadOnlyPerm, "fail_key")); + assertAllowed((t) -> load(clntAllPerms, srvAllPerms, t)); + assertAllowed((t) -> load(clntAllPerms, srvReadOnlyPerm, t)); + assertAllowed((t) -> load(srvAllPerms, srvAllPerms, t)); + assertAllowed((t) -> load(srvAllPerms, srvReadOnlyPerm, t)); + + assertForbidden((t) -> load(clntReadOnlyPerm, srvAllPerms, t)); + assertForbidden((t) -> load(srvReadOnlyPerm, srvAllPerms, t)); + assertForbidden((t) -> load(srvReadOnlyPerm, srvReadOnlyPerm, t)); } /** * @param initiator Initiator node. * @param remote Remoute node. - * @param key Key. - * @return Value that will be to put into cache with passed key. */ - private Integer load(IgniteEx initiator, IgniteEx remote, String key) { + private void load(IgniteEx initiator, IgniteEx remote, T2 entry) { assert !remote.localNode().isClient(); - Integer val = values.getAndIncrement(); - initiator.cache(CACHE_READ_ONLY_PERM).loadCache( - new TestClosure(remote.localNode().id(), key, val) + new TestClosure(remote.localNode().id(), entry.getKey(), entry.getValue()) ); - - return val; } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java index 7e452c8549032..62ec0548f3c6a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java @@ -24,6 +24,7 @@ import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; +import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.resources.IgniteInstanceResource; @@ -41,74 +42,62 @@ public void testScanQuery() throws Exception { awaitPartitionMapExchange(); - assertAllowed(() -> query(clntAllPerms, srvAllPerms, CACHE_NAME, "key")); - assertAllowed(() -> query(srvAllPerms, srvAllPerms, CACHE_NAME, "key")); - assertAllowed(() -> query(clntAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, "key")); - assertAllowed(() -> query(srvAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, "key")); - - assertAllowed(() -> transform(clntAllPerms, srvAllPerms, CACHE_NAME, "key")); - assertAllowed(() -> transform(srvAllPerms, srvAllPerms, CACHE_NAME, "key")); - assertAllowed(() -> transform(clntAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, "key")); - assertAllowed(() -> transform(srvAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, "key")); - - assertAllowed(() -> query(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); - assertAllowed(() -> query(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); - assertAllowed(() -> query(clntAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, "key")); - assertAllowed(() -> query(srvAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, "key")); - - assertAllowed(() -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); - assertAllowed(() -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, "key")); - assertAllowed(() -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, "key")); - assertAllowed(() -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, "key")); - - assertForbidden(() -> query(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); - assertForbidden(() -> query(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); - assertForbidden(() -> query(clntReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, "fail_key")); - assertForbidden(() -> query(srvReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, "fail_key")); - - assertForbidden(() -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); - assertForbidden(() -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, "fail_key")); - assertForbidden(() -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, "fail_key")); - assertForbidden(() -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, "fail_key")); + assertAllowed((t) -> query(clntAllPerms, srvAllPerms, CACHE_NAME, t)); + assertAllowed((t) -> query(srvAllPerms, srvAllPerms, CACHE_NAME, t)); + assertAllowed((t) -> query(clntAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + assertAllowed((t) -> query(srvAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + + assertAllowed((t) -> transform(clntAllPerms, srvAllPerms, CACHE_NAME, t)); + assertAllowed((t) -> transform(srvAllPerms, srvAllPerms, CACHE_NAME, t)); + assertAllowed((t) -> transform(clntAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + assertAllowed((t) -> transform(srvAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + + assertAllowed((t) -> query(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); + assertAllowed((t) -> query(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); + assertAllowed((t) -> query(clntAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, t)); + assertAllowed((t) -> query(srvAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, t)); + + assertAllowed((t) -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); + assertAllowed((t) -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); + assertAllowed((t) -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, t)); + assertAllowed((t) -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, t)); + + assertForbidden((t) -> query(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); + assertForbidden((t) -> query(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); + assertForbidden((t) -> query(clntReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + assertForbidden((t) -> query(srvReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + + assertForbidden((t) -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); + assertForbidden((t) -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); + assertForbidden((t) -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + assertForbidden((t) -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, t)); } /** * @param initiator Initiator node. * @param remote Remoute node. - * @param key Key. - * @return Value that will be to put into cache with passed key. */ - private Integer query(IgniteEx initiator, IgniteEx remote, String cacheName, String key) { + private void query(IgniteEx initiator, IgniteEx remote, String cacheName, T2 entry) { assert !remote.localNode().isClient(); - Integer val = values.getAndIncrement(); - initiator.cache(cacheName).query( new ScanQuery<>( - new QueryFilter(remote.localNode().id(), key, val) + new QueryFilter(remote.localNode().id(), entry.getKey(), entry.getValue()) ) ).getAll(); - - return val; } /** * @param initiator Initiator node. * @param remote Remoute node. - * @param key Key. - * @return Value that will be to put into cache with passed key. */ - private Integer transform(IgniteEx initiator, IgniteEx remote, String cacheName, String key) { + private void transform(IgniteEx initiator, IgniteEx remote, String cacheName, T2 entry) { assert !remote.localNode().isClient(); - Integer val = values.getAndIncrement(); - initiator.cache(cacheName).query( new ScanQuery<>((k, v) -> true), - new Transformer(remote.localNode().id(), key, val) + new Transformer(remote.localNode().id(), entry.getKey(), entry.getValue()) ).getAll(); - - return val; } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java index 4da02fbcbaec5..554506b07a9a5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java @@ -20,6 +20,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; +import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteRunnable; /** @@ -30,37 +31,33 @@ public class ExecuteServiceTaskSecurityTest extends AbstractResolveSecurityConte * */ public void testExecute() { - assertAllowed(() -> execute(clntAllPerms, clntReadOnlyPerm, "key")); - assertAllowed(() -> execute(clntAllPerms, srvReadOnlyPerm, "key")); - assertAllowed(() -> execute(srvAllPerms, clntReadOnlyPerm, "key")); - assertAllowed(() -> execute(srvAllPerms, srvReadOnlyPerm, "key")); - assertAllowed(() -> execute(srvAllPerms, srvAllPerms, "key")); - assertAllowed(() -> execute(clntAllPerms, clntAllPerms, "key")); + assertAllowed((t) -> execute(clntAllPerms, clntReadOnlyPerm, t)); + assertAllowed((t) -> execute(clntAllPerms, srvReadOnlyPerm, t)); + assertAllowed((t) -> execute(srvAllPerms, clntReadOnlyPerm, t)); + assertAllowed((t) -> execute(srvAllPerms, srvReadOnlyPerm, t)); + assertAllowed((t) -> execute(srvAllPerms, srvAllPerms, t)); + assertAllowed((t) -> execute(clntAllPerms, clntAllPerms, t)); - assertForbidden(() -> execute(clntReadOnlyPerm, srvAllPerms, "fail_key")); - assertForbidden(() -> execute(clntReadOnlyPerm, clntAllPerms, "fail_key")); - assertForbidden(() -> execute(srvReadOnlyPerm, srvAllPerms, "fail_key")); - assertForbidden(() -> execute(srvReadOnlyPerm, clntAllPerms, "fail_key")); - assertForbidden(() -> execute(srvReadOnlyPerm, srvReadOnlyPerm, "fail_key")); - assertForbidden(() -> execute(clntReadOnlyPerm, clntReadOnlyPerm, "fail_key")); + assertForbidden((t) -> execute(clntReadOnlyPerm, srvAllPerms, t)); + assertForbidden((t) -> execute(clntReadOnlyPerm, clntAllPerms, t)); + assertForbidden((t) -> execute(srvReadOnlyPerm, srvAllPerms, t)); + assertForbidden((t) -> execute(srvReadOnlyPerm, clntAllPerms, t)); + assertForbidden((t) -> execute(srvReadOnlyPerm, srvReadOnlyPerm, t)); + assertForbidden((t) -> execute(clntReadOnlyPerm, clntReadOnlyPerm, t)); } /** * @param initiator Initiator node. * @param remote Remoute node. - * @param key Key. - * @return Value that will be to put into cache with passed key. */ - private Integer execute(IgniteEx initiator, IgniteEx remote, String key) { - Integer val = values.getAndIncrement(); - + private void execute(IgniteEx initiator, IgniteEx remote, T2 entry) { try { initiator.executorService(initiator.cluster().forNode(remote.localNode())) .submit( new IgniteRunnable() { @Override public void run() { Ignition.localIgnite().cache(CACHE_NAME) - .put(key, val); + .put(entry.getKey(), entry.getValue()); } } ).get(); @@ -68,7 +65,5 @@ private Integer execute(IgniteEx initiator, IgniteEx remote, String key) { catch (Exception e) { throw new RuntimeException(e); } - - return val; } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java index 28de83adf08dc..2d5bb61d88807 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java @@ -25,6 +25,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; +import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.stream.StreamVisitor; @@ -36,35 +37,29 @@ public class IgniteDataStreamerSecurityTest extends AbstractCacheSecurityTest { * */ public void testDataStreamer() { - assertAllowed(() -> load(clntAllPerms, srvAllPerms, "key")); - assertAllowed(() -> load(clntAllPerms, srvReadOnlyPerm, "key")); - assertAllowed(() -> load(srvAllPerms, srvAllPerms, "key")); - assertAllowed(() -> load(srvAllPerms, srvReadOnlyPerm, "key")); + assertAllowed((t) -> load(clntAllPerms, srvAllPerms, t)); + assertAllowed((t) -> load(clntAllPerms, srvReadOnlyPerm, t)); + assertAllowed((t) -> load(srvAllPerms, srvAllPerms, t)); + assertAllowed((t) -> load(srvAllPerms, srvReadOnlyPerm, t)); - assertForbidden(() -> load(clntReadOnlyPerm, srvAllPerms, "fail_key")); - assertForbidden(() -> load(srvReadOnlyPerm, srvAllPerms, "fail_key")); - assertForbidden(() -> load(srvReadOnlyPerm, srvReadOnlyPerm, "fail_key")); + assertForbidden((t) -> load(clntReadOnlyPerm, srvAllPerms, t)); + assertForbidden((t) -> load(srvReadOnlyPerm, srvAllPerms, t)); + assertForbidden((t) -> load(srvReadOnlyPerm, srvReadOnlyPerm, t)); } /** * @param initiator Initiator node. * @param remote Remoute node. - * @param key Key. - * @return Value that will be to put into cache with passed key. */ - private Integer load(IgniteEx initiator, IgniteEx remote, String key) { - Integer val = values.getAndIncrement(); - + private void load(IgniteEx initiator, IgniteEx remote, T2 entry) { try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_READ_ONLY_PERM)) { strm.receiver( StreamVisitor.from( - new TestClosure(remote.localNode().id(), key, val) + new TestClosure(remote.localNode().id(), entry.getKey(), entry.getValue()) )); strm.addData(primaryKey(remote), 100); } - - return val; } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java index 06a9b12f0721c..4c7b0c4b17d10 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java @@ -64,25 +64,25 @@ public class IgniteMessagingTest extends AbstractResolveSecurityContextTest { public void testMessaging() throws Exception { awaitPartitionMapExchange(); - assertResult("key", key -> messaging(clntAllPerms, clntReadOnlyPerm, evntAllPerms, key)); - assertResult("key", key -> messaging(clntAllPerms, srvReadOnlyPerm, evntAllPerms, key)); - assertResult("key", key -> messaging(srvAllPerms, clntReadOnlyPerm, evntAllPerms, key)); - assertResult("key", key -> messaging(srvAllPerms, srvReadOnlyPerm, evntAllPerms, key)); - - assertResult("key", key -> messaging(clntAllPerms, srvReadOnlyPerm, evntNotPerms, key)); - assertResult("key", key -> messaging(clntAllPerms, clntReadOnlyPerm, evntNotPerms, key)); - assertResult("key", key -> messaging(srvAllPerms, srvReadOnlyPerm, evntNotPerms, key)); - assertResult("key", key -> messaging(srvAllPerms, clntReadOnlyPerm, evntNotPerms, key)); - - assertResult("fail_key", key -> messaging(clntReadOnlyPerm, srvAllPerms, evntAllPerms, key)); - assertResult("fail_key", key -> messaging(clntReadOnlyPerm, clntAllPerms, evntAllPerms, key)); - assertResult("fail_key", key -> messaging(srvReadOnlyPerm, srvAllPerms, evntAllPerms, key)); - assertResult("fail_key", key -> messaging(srvReadOnlyPerm, clntAllPerms, evntAllPerms, key)); - - assertResult("fail_key", key -> messaging(clntReadOnlyPerm, srvAllPerms, evntNotPerms, key)); - assertResult("fail_key", key -> messaging(clntReadOnlyPerm, clntAllPerms, evntNotPerms, key)); - assertResult("fail_key", key -> messaging(srvReadOnlyPerm, srvAllPerms, evntNotPerms, key)); - assertResult("fail_key", key -> messaging(srvReadOnlyPerm, clntAllPerms, evntNotPerms, key)); + assertAllowedResult(key -> messaging(clntAllPerms, clntReadOnlyPerm, evntAllPerms, key)); + assertAllowedResult(key -> messaging(clntAllPerms, srvReadOnlyPerm, evntAllPerms, key)); + assertAllowedResult(key -> messaging(srvAllPerms, clntReadOnlyPerm, evntAllPerms, key)); + assertAllowedResult(key -> messaging(srvAllPerms, srvReadOnlyPerm, evntAllPerms, key)); + + assertAllowedResult(key -> messaging(clntAllPerms, srvReadOnlyPerm, evntNotPerms, key)); + assertAllowedResult(key -> messaging(clntAllPerms, clntReadOnlyPerm, evntNotPerms, key)); + assertAllowedResult(key -> messaging(srvAllPerms, srvReadOnlyPerm, evntNotPerms, key)); + assertAllowedResult(key -> messaging(srvAllPerms, clntReadOnlyPerm, evntNotPerms, key)); + + assertForbiddenResult(key -> messaging(clntReadOnlyPerm, srvAllPerms, evntAllPerms, key)); + assertForbiddenResult(key -> messaging(clntReadOnlyPerm, clntAllPerms, evntAllPerms, key)); + assertForbiddenResult(key -> messaging(srvReadOnlyPerm, srvAllPerms, evntAllPerms, key)); + assertForbiddenResult(key -> messaging(srvReadOnlyPerm, clntAllPerms, evntAllPerms, key)); + + assertForbiddenResult(key -> messaging(clntReadOnlyPerm, srvAllPerms, evntNotPerms, key)); + assertForbiddenResult(key -> messaging(clntReadOnlyPerm, clntAllPerms, evntNotPerms, key)); + assertForbiddenResult(key -> messaging(srvReadOnlyPerm, srvAllPerms, evntNotPerms, key)); + assertForbiddenResult(key -> messaging(srvReadOnlyPerm, clntAllPerms, evntNotPerms, key)); } /** @@ -140,17 +140,28 @@ private void barrierAwait() { } /** - * @param key Key. * @param f Function. */ - private void assertResult(String key, Function f) { - assert "key".equals(key) || "fail_key".equals(key); + private void assertAllowedResult(Function f) { + assertResult(f, false); + } + + /** + * @param f Function. + */ + private void assertForbiddenResult(Function f) { + assertResult(f, true); + } + + /** + * @param f Function. + * @param failExpected True if expectaed fail behavior. + */ + private void assertResult(Function f, boolean failExpected) { + String key = failExpected ? "fail_key" : "key"; Integer val = f.apply(key); - if ("key".equals(key)) - assertThat(srvAllPerms.cache(CACHE_NAME).get("key"), is(val)); - else if ("fail_key".equals(key)) - assertThat(srvAllPerms.cache(CACHE_NAME).get("fail_key"), nullValue()); + assertThat(srvAllPerms.cache(CACHE_NAME).get(key), failExpected ? nullValue() : is(val)); } } From 18f2dc3bdab4bc650d397349c4679db41c9f2a1e Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 11 Dec 2018 16:54:31 +0300 Subject: [PATCH 29/98] IGNITE-9560 Added Server/Client node tests. --- .../AbstractResolveSecurityContextTest.java | 34 +---- .../security/AbstractSecurityTest.java | 83 +++++++++++++ .../cache/ClientNodeCachePermissionsTest.java | 116 ++++++++++++++++++ .../cache/EntryProcessorSecurityTest.java | 20 +-- .../cache/ServerNodeCachePermissionsTest.java | 28 +++++ ...java => AuthorizeOperationsTestSuite.java} | 6 +- 6 files changed, 238 insertions(+), 49 deletions(-) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ServerNodeCachePermissionsTest.java rename modules/security/src/test/java/org/apache/ignite/testsuites/{ResolveSecurityContextTestSuite.java => AuthorizeOperationsTestSuite.java} (88%) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java index 519e7071fc588..2391406af1807 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java @@ -17,7 +17,6 @@ package org.apache.ignite.internal.processor.security; -import java.util.concurrent.atomic.AtomicInteger; import java.util.function.Consumer; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.configuration.CacheConfiguration; @@ -29,20 +28,12 @@ import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.core.Is.is; -import static org.hamcrest.core.IsNull.nullValue; import static org.junit.Assert.assertThat; /** * */ public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { - /** Cache name for tests. */ - protected static final String CACHE_NAME = "TEST_CACHE"; - - /** Values. */ - protected AtomicInteger values = new AtomicInteger(0); - /** Sever node that has all permissions for TEST_CACHE. */ protected IgniteEx srvAllPerms; @@ -83,39 +74,18 @@ public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { .setReadFromBackup(false)); } - private T2 entry(){ - int val = values.incrementAndGet(); - - return new T2<>("key_" + val, -1 * val); - } - /** * @param c Consumer. */ protected void assertAllowed(Consumer> c) { - T2 entry = entry(); - - c.accept(entry); - - assertThat(srvAllPerms.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); + assertAllowed(srvAllPerms, CACHE_NAME, c); } /** * @param c Consumer. */ protected void assertForbidden(Consumer> c) { - T2 entry = entry(); - - try { - c.accept(entry); - - fail("Should not happen"); - } - catch (Throwable e) { - assertThat(X.cause(e, SecurityException.class), notNullValue()); - } - - assertThat(srvAllPerms.cache(CACHE_NAME).get(entry.getKey()), nullValue()); + assertForbidden(srvAllPerms, CACHE_NAME, c); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index b05547bf68d8c..95cb271e80285 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -1,15 +1,26 @@ package org.apache.ignite.internal.processor.security; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.function.Consumer; +import org.apache.ignite.Ignite; import org.apache.ignite.configuration.DataRegionConfiguration; import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.internal.util.typedef.T2; +import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.core.Is.is; +import static org.hamcrest.core.IsNull.nullValue; +import static org.junit.Assert.assertThat; + /** * Common class for security tests. */ @@ -20,6 +31,12 @@ public class AbstractSecurityTest extends GridCommonAbstractTest { /** Empty array of permissions. */ protected static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; + /** Cache name for tests. */ + protected static final String CACHE_NAME = "TEST_CACHE"; + + /** Values. */ + protected AtomicInteger values = new AtomicInteger(0); + /** {@inheritDoc} */ @Override protected void afterTestsStopped() throws Exception { super.afterTestsStopped(); @@ -119,6 +136,18 @@ protected IgniteEx startGrid(String instanceName, String login, String pwd, return startGrid(getConfiguration(instanceName, login, pwd, prmSet)); } + /** + * @param instanceName Instance name. + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + * @param isClient If true then client mode. + */ + protected IgniteEx startGrid(String instanceName, String login, String pwd, + SecurityPermissionSet prmSet, boolean isClient) throws Exception { + return startGrid(getConfiguration(instanceName, login, pwd, prmSet).setClientMode(isClient)); + } + /** * Getting security permission set builder. */ @@ -132,4 +161,58 @@ protected SecurityPermissionSetBuilder builder() { protected SecurityPermissionSet allowAllPermissionSet() { return builder().defaultAllowAll(true).build(); } + + /** + * @return Cache entry for test. + */ + protected T2 entry(){ + int val = values.incrementAndGet(); + + return new T2<>("key_" + val, -1 * val); + } + + /** + * @param c Consumer. + */ + protected void assertAllowed(Ignite validator, String cacheName, Consumer> c) { + T2 entry = entry(); + + c.accept(entry); + + assertThat(validator.cache(cacheName).get(entry.getKey()), is(entry.getValue())); + } + + /** + * @param c Consumer. + */ + protected void assertForbidden(Ignite validator, String cacheName, Consumer> c) { + T2 entry = entry(); + + try { + c.accept(entry); + + fail("Should not happen."); + } + catch (Throwable e) { + assertThat(X.cause(e, SecurityException.class), notNullValue()); + } + + assertThat(validator.cache(cacheName).get(entry.getKey()), nullValue()); + } + + /** + * @param r Runnable. + */ + protected void forbiddenRun(Runnable r){ + try { + r.run(); + + fail("Should not happen."); + } + catch (Throwable e) { + e.printStackTrace(); + + assertThat(X.cause(e, SecurityException.class), notNullValue()); + } + } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java new file mode 100644 index 0000000000000..dfa6a6b34cd8f --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java @@ -0,0 +1,116 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import org.apache.ignite.Ignite; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.processor.security.AbstractSecurityTest; + +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; + +/** + * Test CRUD cache permissions for client node. + */ +public class ClientNodeCachePermissionsTest extends AbstractSecurityTest { + /** Cache. */ + private static final String CACHE = "TEST_CACHE"; + + /** Forbidden cache. */ + private static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + return super.getConfiguration(igniteInstanceName) + .setCacheConfiguration( + new CacheConfiguration().setName(CACHE), + new CacheConfiguration().setName(FORBIDDEN_CACHE) + ); + } + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid("sever", allowAllPermissionSet()).cluster().active(true); + } + + /** + * @return Node client mode. + */ + protected boolean isClient() { + return true; + } + + /** + * + */ + public void testCrudCachePermissions() throws Exception { + Ignite node = startGrid("test_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE, CACHE_READ, CACHE_PUT, CACHE_REMOVE) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient()); + + node.cache(CACHE).put("key", "value"); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).put("key", "value")); + + Map map = new HashMap<>(); + + map.put("key", "value"); + node.cache(CACHE).putAll(map); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).putAll(map)); + + node.cache(CACHE).get("key"); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).get("key")); + + node.cache(CACHE).getAll(Collections.singleton("key")); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAll(Collections.singleton("key"))); + + node.cache(CACHE).containsKey("key"); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).containsKey("key")); + + node.cache(CACHE).remove("key"); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).remove("key")); + + node.cache(CACHE).removeAll(Collections.singleton("key")); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).removeAll(Collections.singleton("key"))); + + node.cache(CACHE).clear(); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).clear()); + + node.cache(CACHE).replace("key", "value"); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).replace("key", "value")); + + node.cache(CACHE).putIfAbsent("key", "value"); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).putIfAbsent("key", "value")); + + node.cache(CACHE).getAndPut("key", "value"); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAndPut("key", "value")); + + node.cache(CACHE).getAndRemove("key"); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAndRemove("key")); + + node.cache(CACHE).getAndReplace("key", "value"); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAndReplace("key", "value")); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java index 3191169b8421f..234f5ea2cd8ba 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java @@ -62,22 +62,10 @@ private void assertAllowed(IgniteEx initiator, IgniteEx remote) { private void assertForbidden(IgniteEx initiator, IgniteEx remote) { assert !remote.localNode().isClient(); - forbiddenCall(() -> invoke(initiator, remote)); - forbiddenCall(() -> invokeAll(initiator, remote)); - forbiddenCall(() -> invokeAsync(initiator, remote)); - forbiddenCall(() -> invokeAllAsync(initiator, remote)); - } - - /** - * @param r Runnable. - */ - private void forbiddenCall(Runnable r) { - try { - r.run(); - } - catch (Throwable e) { - assertCauseSecurityException(e); - } + forbiddenRun(() -> invoke(initiator, remote)); + forbiddenRun(() -> invokeAll(initiator, remote)); + forbiddenRun(() -> invokeAsync(initiator, remote)); + forbiddenRun(() -> invokeAllAsync(initiator, remote)); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ServerNodeCachePermissionsTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ServerNodeCachePermissionsTest.java new file mode 100644 index 0000000000000..c8a9d791eec1a --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ServerNodeCachePermissionsTest.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache; + +/** + * Test CRUD cache permissions for server node. + */ +public class ServerNodeCachePermissionsTest extends ClientNodeCachePermissionsTest { + /** {@inheritDoc} */ + @Override protected boolean isClient() { + return false; + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java similarity index 88% rename from modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java rename to modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index dc6444e44716d..eb57682a9c3a4 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/ResolveSecurityContextTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -19,7 +19,9 @@ import java.util.Set; import junit.framework.TestSuite; +import org.apache.ignite.internal.processor.security.cache.ClientNodeCachePermissionsTest; import org.apache.ignite.internal.processor.security.cache.EntryProcessorSecurityTest; +import org.apache.ignite.internal.processor.security.cache.ServerNodeCachePermissionsTest; import org.apache.ignite.internal.processor.security.datastreamer.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.cache.LoadCacheSecurityTest; import org.apache.ignite.internal.processor.security.cache.ScanQuerySecurityTest; @@ -33,7 +35,7 @@ /** * Security test suite. */ -public class ResolveSecurityContextTestSuite extends TestSuite { +public class AuthorizeOperationsTestSuite extends TestSuite { /** * @return Test suite. * @throws Exception Thrown in case of the failure. @@ -58,6 +60,8 @@ public static TestSuite suite(final @Nullable Set ignoredTests) { suite.addTest(new TestSuite(LoadCacheSecurityTest.class)); suite.addTest(new TestSuite(ThinClientSecurityTest.class)); suite.addTest(new TestSuite(IgniteMessagingTest.class)); + suite.addTest(new TestSuite(ClientNodeCachePermissionsTest.class)); + suite.addTest(new TestSuite(ServerNodeCachePermissionsTest.class)); return suite; } From 2db4a9b79e5f6af3a0706caecd9b07bc6522e29e Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 11 Dec 2018 17:40:13 +0300 Subject: [PATCH 30/98] IGNITE-9560 Added Data Streamer cache permissions test on Server/Client nodes. --- .../cache/ClientNodeCachePermissionsTest.java | 41 +++---- .../client/ThinClientSecurityTest.java | 10 +- ...ntNodeDataStreamerCachePermissionTest.java | 116 ++++++++++++++++++ ...erNodeDataStreamerCachePermissionTest.java | 28 +++++ .../AuthorizeOperationsTestSuite.java | 4 + 5 files changed, 168 insertions(+), 31 deletions(-) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ServerNodeDataStreamerCachePermissionTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java index dfa6a6b34cd8f..339d7227749fe 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java @@ -18,13 +18,12 @@ package org.apache.ignite.internal.processor.security.cache; import java.util.Collections; -import java.util.HashMap; -import java.util.Map; import org.apache.ignite.Ignite; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.processor.security.AbstractSecurityTest; +import static java.util.Collections.singletonMap; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; @@ -33,9 +32,6 @@ * Test CRUD cache permissions for client node. */ public class ClientNodeCachePermissionsTest extends AbstractSecurityTest { - /** Cache. */ - private static final String CACHE = "TEST_CACHE"; - /** Forbidden cache. */ private static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; @@ -43,7 +39,7 @@ public class ClientNodeCachePermissionsTest extends AbstractSecurityTest { @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { return super.getConfiguration(igniteInstanceName) .setCacheConfiguration( - new CacheConfiguration().setName(CACHE), + new CacheConfiguration().setName(CACHE_NAME), new CacheConfiguration().setName(FORBIDDEN_CACHE) ); } @@ -68,49 +64,46 @@ protected boolean isClient() { public void testCrudCachePermissions() throws Exception { Ignite node = startGrid("test_node", builder().defaultAllowAll(true) - .appendCachePermissions(CACHE, CACHE_READ, CACHE_PUT, CACHE_REMOVE) + .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient()); - node.cache(CACHE).put("key", "value"); + node.cache(CACHE_NAME).put("key", "value"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).put("key", "value")); - Map map = new HashMap<>(); - - map.put("key", "value"); - node.cache(CACHE).putAll(map); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).putAll(map)); + node.cache(CACHE_NAME).putAll(singletonMap("key", "value")); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).putAll(singletonMap("key", "value"))); - node.cache(CACHE).get("key"); + node.cache(CACHE_NAME).get("key"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).get("key")); - node.cache(CACHE).getAll(Collections.singleton("key")); + node.cache(CACHE_NAME).getAll(Collections.singleton("key")); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAll(Collections.singleton("key"))); - node.cache(CACHE).containsKey("key"); + node.cache(CACHE_NAME).containsKey("key"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).containsKey("key")); - node.cache(CACHE).remove("key"); + node.cache(CACHE_NAME).remove("key"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).remove("key")); - node.cache(CACHE).removeAll(Collections.singleton("key")); + node.cache(CACHE_NAME).removeAll(Collections.singleton("key")); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).removeAll(Collections.singleton("key"))); - node.cache(CACHE).clear(); + node.cache(CACHE_NAME).clear(); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).clear()); - node.cache(CACHE).replace("key", "value"); + node.cache(CACHE_NAME).replace("key", "value"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).replace("key", "value")); - node.cache(CACHE).putIfAbsent("key", "value"); + node.cache(CACHE_NAME).putIfAbsent("key", "value"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).putIfAbsent("key", "value")); - node.cache(CACHE).getAndPut("key", "value"); + node.cache(CACHE_NAME).getAndPut("key", "value"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAndPut("key", "value")); - node.cache(CACHE).getAndRemove("key"); + node.cache(CACHE_NAME).getAndRemove("key"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAndRemove("key")); - node.cache(CACHE).getAndReplace("key", "value"); + node.cache(CACHE_NAME).getAndReplace("key", "value"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAndReplace("key", "value")); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java index 1866a2bde71f1..f9b6ce52d8289 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java @@ -18,8 +18,6 @@ package org.apache.ignite.internal.processor.security.client; import java.util.Collections; -import java.util.HashMap; -import java.util.Map; import java.util.function.Consumer; import org.apache.ignite.Ignition; import org.apache.ignite.client.ClientAuthorizationException; @@ -36,6 +34,7 @@ import org.apache.ignite.internal.processor.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.typedef.G; +import static java.util.Collections.singletonMap; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; @@ -154,11 +153,8 @@ public void testCacheSinglePermOperations() throws Exception { executeOperation(CLIENT, c -> c.cache(CACHE).put("key", "value")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).put("key", "value")); - Map map = new HashMap<>(); - - map.put("key", "value"); - executeOperation(CLIENT, c -> c.cache(CACHE).putAll(map)); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).putAll(map)); + executeOperation(CLIENT, c -> c.cache(CACHE).putAll(singletonMap("key", "value"))); + executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).putAll(singletonMap("key", "value"))); executeOperation(CLIENT, c -> c.cache(CACHE).get("key")); executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).get("key")); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java new file mode 100644 index 0000000000000..f4469ef4d0b55 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java @@ -0,0 +1,116 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.datastreamer; + +import java.util.Map; +import java.util.function.Consumer; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteDataStreamer; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.processor.security.AbstractSecurityTest; +import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; + +import static java.util.Collections.singletonList; +import static java.util.Collections.singletonMap; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.junit.Assert.assertThat; + +/** + * Test cache permissions for Data Streamer on Client node. + */ +public class ClientNodeDataStreamerCachePermissionTest extends AbstractSecurityTest { + /** Forbidden cache. */ + private static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid("server", allowAllPermissionSet()).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + return super.getConfiguration(igniteInstanceName) + .setCacheConfiguration( + new CacheConfiguration().setName(CACHE_NAME), + new CacheConfiguration().setName(FORBIDDEN_CACHE) + ); + } + + /** + * @return Node client mode. + */ + protected boolean isClient() { + return true; + } + + /** + * @throws Exception If fail. + */ + public void test() throws Exception { + Ignite node = startGrid("test_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_PUT) + .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) + .build(), isClient()); + + allowed(node, s -> s.addData("k", 1)); + forbidden(node, s -> s.addData("k", 1)); + + allowed(node, s -> s .addData(singletonMap("key", 2))); + forbidden(node, s -> s.addData(singletonMap("key", 2))); + + Map.Entry entry = entry(); + + allowed(node, s -> s.addData(entry)); + forbidden(node, s -> s.addData(entry)); + + allowed(node, s -> s.addData(singletonList(entry()))); + forbidden(node, s -> s.addData(singletonList(entry()))); + + } + + /** + * @param node Node. + * @param c Consumer. + */ + private void allowed(Ignite node, Consumer> c) { + try (IgniteDataStreamer s = node.dataStreamer(CACHE_NAME)) { + c.accept(s); + } + } + + /** + * @param node Node. + * @param c Consumer. + */ + private void forbidden(Ignite node, Consumer> c) { + try (IgniteDataStreamer s = node.dataStreamer(FORBIDDEN_CACHE)) { + c.accept(s); + + fail("Should not happen"); + } + catch (Throwable e) { + assertThat(X.cause(e, SecurityException.class), notNullValue()); + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ServerNodeDataStreamerCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ServerNodeDataStreamerCachePermissionTest.java new file mode 100644 index 0000000000000..53976a0039e10 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ServerNodeDataStreamerCachePermissionTest.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.datastreamer; + +/** + * Test cache permissions for Data Streamer on Server node. + */ +public class ServerNodeDataStreamerCachePermissionTest extends ClientNodeDataStreamerCachePermissionTest { + /** {@inheritDoc} */ + @Override protected boolean isClient() { + return false; + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index eb57682a9c3a4..231d6543be66a 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -22,6 +22,7 @@ import org.apache.ignite.internal.processor.security.cache.ClientNodeCachePermissionsTest; import org.apache.ignite.internal.processor.security.cache.EntryProcessorSecurityTest; import org.apache.ignite.internal.processor.security.cache.ServerNodeCachePermissionsTest; +import org.apache.ignite.internal.processor.security.datastreamer.ClientNodeDataStreamerCachePermissionTest; import org.apache.ignite.internal.processor.security.datastreamer.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.cache.LoadCacheSecurityTest; import org.apache.ignite.internal.processor.security.cache.ScanQuerySecurityTest; @@ -29,6 +30,7 @@ import org.apache.ignite.internal.processor.security.compute.ComputeTaskSecurityTest; import org.apache.ignite.internal.processor.security.compute.DistributedClosureSecurityTest; import org.apache.ignite.internal.processor.security.compute.ExecuteServiceTaskSecurityTest; +import org.apache.ignite.internal.processor.security.datastreamer.ServerNodeDataStreamerCachePermissionTest; import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingTest; import org.jetbrains.annotations.Nullable; @@ -62,6 +64,8 @@ public static TestSuite suite(final @Nullable Set ignoredTests) { suite.addTest(new TestSuite(IgniteMessagingTest.class)); suite.addTest(new TestSuite(ClientNodeCachePermissionsTest.class)); suite.addTest(new TestSuite(ServerNodeCachePermissionsTest.class)); + suite.addTest(new TestSuite(ClientNodeDataStreamerCachePermissionTest.class)); + suite.addTest(new TestSuite(ServerNodeDataStreamerCachePermissionTest.class)); return suite; } From bc7e40d184762e3b12775e5811357365f9682d30 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 12 Dec 2018 17:10:23 +0300 Subject: [PATCH 31/98] IGNITE-9560 Added execute task permission test for Execute service. --- .../security/AbstractCachePermissionTest.java | 38 +++++++++++ .../security/AbstractPermissionTest.java | 37 ++++++++++ .../security/AbstractSecurityTest.java | 12 ++-- .../cache/ClientNodeCachePermissionsTest.java | 32 +-------- .../ClientNodeExecuteTaskPermissionTest.java | 68 +++++++++++++++++++ .../ServerNodeExecuteTaskPermissionTest.java | 11 +++ ...ntNodeDataStreamerCachePermissionTest.java | 32 +-------- .../AuthorizeOperationsTestSuite.java | 4 ++ 8 files changed, 170 insertions(+), 64 deletions(-) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeExecuteTaskPermissionTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeExecuteTaskPermissionTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java new file mode 100644 index 0000000000000..5a90675e90778 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; + +/** + * + */ +public abstract class AbstractCachePermissionTest extends AbstractPermissionTest { + /** Forbidden cache. */ + protected static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + return super.getConfiguration(igniteInstanceName) + .setCacheConfiguration( + new CacheConfiguration().setName(CACHE_NAME), + new CacheConfiguration().setName(FORBIDDEN_CACHE) + ); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java new file mode 100644 index 0000000000000..6edc7788a7a48 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security; + +/** + * + */ +public abstract class AbstractPermissionTest extends AbstractSecurityTest { + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid("server", allowAllPermissionSet()).cluster().active(true); + } + + /** + * @return Node client mode. + */ + protected boolean isClient() { + return true; + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index 95cb271e80285..e83554bb2dd3d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -165,7 +165,7 @@ protected SecurityPermissionSet allowAllPermissionSet() { /** * @return Cache entry for test. */ - protected T2 entry(){ + protected T2 entry() { int val = values.incrementAndGet(); return new T2<>("key_" + val, -1 * val); @@ -203,16 +203,20 @@ protected void assertForbidden(Ignite validator, String cacheName, Consumer ALLOWED = () -> "RESULT"; + + /** Forbidden task. */ + private static final IgniteCallable FORBIDDEN = () -> { + fail("Should not be invoked."); + + return null; + }; + + /** + * @throws Exception If failed. + */ + public void test() throws Exception { + Ignite ignite = startGrid("client", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED.getClass().getName(), SecurityPermission.TASK_EXECUTE) + .appendTaskPermissions(FORBIDDEN.getClass().getName(), EMPTY_PERMS) + .build(), isClient() + ); + + assertThat(ignite.executorService().submit(ALLOWED).get(), is("RESULT")); + forbiddenRun(() -> ignite.executorService().submit(FORBIDDEN)); + + Future f = ignite.executorService().invokeAll(singletonList(ALLOWED)) + .stream().findFirst().get(); + + assertThat(f.get(), is("RESULT")); + forbiddenRun(() -> ignite.executorService().invokeAll(singletonList(FORBIDDEN))); + + assertThat(ignite.executorService().invokeAny(singletonList(ALLOWED)), is("RESULT")); + forbiddenRun(() -> ignite.executorService().invokeAny(singletonList(FORBIDDEN))); + + } +} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeExecuteTaskPermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeExecuteTaskPermissionTest.java new file mode 100644 index 0000000000000..18c647b4d170a --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeExecuteTaskPermissionTest.java @@ -0,0 +1,11 @@ +package org.apache.ignite.internal.processor.security.compute; + +/** + * Test task execute permission for Executor Service on Server node. + */ +public class ServerNodeExecuteTaskPermissionTest extends ClientNodeExecuteTaskPermissionTest { + /** {@inheritDoc} */ + @Override protected boolean isClient() { + return false; + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java index f4469ef4d0b55..bbdbb8cb287d8 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java @@ -21,9 +21,7 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.processor.security.AbstractSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; @@ -36,33 +34,7 @@ /** * Test cache permissions for Data Streamer on Client node. */ -public class ClientNodeDataStreamerCachePermissionTest extends AbstractSecurityTest { - /** Forbidden cache. */ - private static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid("server", allowAllPermissionSet()).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { - return super.getConfiguration(igniteInstanceName) - .setCacheConfiguration( - new CacheConfiguration().setName(CACHE_NAME), - new CacheConfiguration().setName(FORBIDDEN_CACHE) - ); - } - - /** - * @return Node client mode. - */ - protected boolean isClient() { - return true; - } - +public class ClientNodeDataStreamerCachePermissionTest extends AbstractCachePermissionTest { /** * @throws Exception If fail. */ diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index 231d6543be66a..5014994bf0c4a 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -22,6 +22,8 @@ import org.apache.ignite.internal.processor.security.cache.ClientNodeCachePermissionsTest; import org.apache.ignite.internal.processor.security.cache.EntryProcessorSecurityTest; import org.apache.ignite.internal.processor.security.cache.ServerNodeCachePermissionsTest; +import org.apache.ignite.internal.processor.security.compute.ClientNodeExecuteTaskPermissionTest; +import org.apache.ignite.internal.processor.security.compute.ServerNodeExecuteTaskPermissionTest; import org.apache.ignite.internal.processor.security.datastreamer.ClientNodeDataStreamerCachePermissionTest; import org.apache.ignite.internal.processor.security.datastreamer.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.cache.LoadCacheSecurityTest; @@ -66,6 +68,8 @@ public static TestSuite suite(final @Nullable Set ignoredTests) { suite.addTest(new TestSuite(ServerNodeCachePermissionsTest.class)); suite.addTest(new TestSuite(ClientNodeDataStreamerCachePermissionTest.class)); suite.addTest(new TestSuite(ServerNodeDataStreamerCachePermissionTest.class)); + suite.addTest(new TestSuite(ClientNodeExecuteTaskPermissionTest.class)); + suite.addTest(new TestSuite(ServerNodeExecuteTaskPermissionTest.class)); return suite; } From 93fe24921baac7bcf45d3e025b9b900c0bdb93a6 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 14 Dec 2018 12:46:04 +0300 Subject: [PATCH 32/98] IGNITE-9560 Added test for compute service. --- .../security/AbstractSecurityTest.java | 29 +++- .../AbstractTaskExecutePermissionTest.java | 60 +++++++ .../ClientNodeExecuteTaskPermissionTest.java | 68 -------- ...skExecutePermissionForComputeTaskTest.java | 157 ++++++++++++++++++ ...tePermissionForDistributedClosureTest.java | 127 ++++++++++++++ ...ecutePermissionForExecutorServiceTest.java | 84 ++++++++++ .../DistributedClosureSecurityTest.java | 17 ++ .../ServerNodeExecuteTaskPermissionTest.java | 11 -- ...skExecutePermissionForComputeTaskTest.java | 29 ++++ ...tePermissionForDistributedClosureTest.java | 29 ++++ ...ecutePermissionForExecutorServiceTest.java | 29 ++++ .../AuthorizeOperationsTestSuite.java | 25 ++- 12 files changed, 577 insertions(+), 88 deletions(-) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeExecuteTaskPermissionTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForComputeTaskTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForDistributedClosureTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForExecutorServiceTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeExecuteTaskPermissionTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForComputeTaskTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForDistributedClosureTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForExecutorServiceTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index e83554bb2dd3d..7530a4ef1fb29 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processor.security; import java.util.concurrent.atomic.AtomicInteger; @@ -201,16 +218,26 @@ protected void assertForbidden(Ignite validator, String cacheName, Consumer void forbiddenRun(TestRunnable r, Class type) { try { r.run(); fail("Should not happen."); } catch (Throwable e) { - assertThat(X.cause(e, SecurityException.class), notNullValue()); + assertThat(X.cause(e, type), notNullValue()); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java new file mode 100644 index 0000000000000..42c48c07130a2 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute; + +import java.util.concurrent.atomic.AtomicBoolean; +import org.apache.ignite.internal.processor.security.AbstractPermissionTest; +import org.apache.ignite.lang.IgniteCallable; + +/** + * + */ +public abstract class AbstractTaskExecutePermissionTest extends AbstractPermissionTest { + /** Jingle bell. */ + protected static final AtomicBoolean JINGLE_BELL = new AtomicBoolean(false); + + /** Allowed callable. */ + protected static final IgniteCallable ALLOWED_CALLABLE = () -> { + JINGLE_BELL.set(true); + + return null; + }; + + /** Forbidden callable. */ + protected static final IgniteCallable FORBIDDEN_CALLABLE = () -> { + fail("Should not be invoked."); + + return null; + }; + + /** + * @param r TestRunnable. + */ + protected void allowRun(TestRunnable r) { + JINGLE_BELL.set(false); + + try { + r.run(); + } + catch (Exception e) { + throw new RuntimeException(e); + } + + assertTrue(JINGLE_BELL.get()); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeExecuteTaskPermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeExecuteTaskPermissionTest.java deleted file mode 100644 index 844eb64ce0204..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeExecuteTaskPermissionTest.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute; - -import java.util.concurrent.Future; -import org.apache.ignite.Ignite; -import org.apache.ignite.internal.processor.security.AbstractPermissionTest; -import org.apache.ignite.lang.IgniteCallable; -import org.apache.ignite.plugin.security.SecurityPermission; - -import static java.util.Collections.singletonList; -import static org.hamcrest.core.Is.is; -import static org.junit.Assert.assertThat; - -/** - * Test task execute permission for Executor Service on Client node. - */ -public class ClientNodeExecuteTaskPermissionTest extends AbstractPermissionTest { - /** Allowed task. */ - private static final IgniteCallable ALLOWED = () -> "RESULT"; - - /** Forbidden task. */ - private static final IgniteCallable FORBIDDEN = () -> { - fail("Should not be invoked."); - - return null; - }; - - /** - * @throws Exception If failed. - */ - public void test() throws Exception { - Ignite ignite = startGrid("client", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED.getClass().getName(), SecurityPermission.TASK_EXECUTE) - .appendTaskPermissions(FORBIDDEN.getClass().getName(), EMPTY_PERMS) - .build(), isClient() - ); - - assertThat(ignite.executorService().submit(ALLOWED).get(), is("RESULT")); - forbiddenRun(() -> ignite.executorService().submit(FORBIDDEN)); - - Future f = ignite.executorService().invokeAll(singletonList(ALLOWED)) - .stream().findFirst().get(); - - assertThat(f.get(), is("RESULT")); - forbiddenRun(() -> ignite.executorService().invokeAll(singletonList(FORBIDDEN))); - - assertThat(ignite.executorService().invokeAny(singletonList(ALLOWED)), is("RESULT")); - forbiddenRun(() -> ignite.executorService().invokeAny(singletonList(FORBIDDEN))); - - } -} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForComputeTaskTest.java new file mode 100644 index 0000000000000..23f43dbbd8fcc --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForComputeTaskTest.java @@ -0,0 +1,157 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute; + +import java.util.Collections; +import java.util.List; +import java.util.Map; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.compute.ComputeJob; +import org.apache.ignite.compute.ComputeJobResult; +import org.apache.ignite.compute.ComputeJobResultPolicy; +import org.apache.ignite.compute.ComputeTask; +import org.apache.ignite.compute.ComputeTaskFuture; +import org.apache.ignite.lang.IgniteFutureCancelledException; +import org.jetbrains.annotations.Nullable; + +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; + +/** + * Test task execute permission for compute task on Client node. + */ +public class ClientNodeTaskExecutePermissionForComputeTaskTest extends AbstractTaskExecutePermissionTest { + /** Allowed task. */ + private static final AllowedTask ALLOWED_TASK = new AllowedTask(); + + /** Forbidden task. */ + private static final ForbiddenTask FORBIDDEN_TASK = new ForbiddenTask(); + + /** + * @throws Exception If failed. + */ + public void testExecute() throws Exception { + Ignite node = startGrid("client_execute", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED_TASK.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) + .appendTaskPermissions(FORBIDDEN_TASK.getClass().getName(), EMPTY_PERMS) + .build(), isClient() + ); + + allowRun(() -> node.compute().execute(ALLOWED_TASK, 0)); + forbiddenRun(() -> node.compute().execute(FORBIDDEN_TASK, 0)); + + allowRun(() -> node.compute().executeAsync(ALLOWED_TASK, 0).get()); + forbiddenRun(() -> node.compute().executeAsync(FORBIDDEN_TASK, 0).get()); + } + + /** + * @throws Exception If failed. + */ + public void testAllowedCancel() throws Exception { + Ignite node = startGrid("client_allowed_cancel", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED_TASK.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) + .build(), isClient() + ); + + ComputeTaskFuture f = node.compute().executeAsync(ALLOWED_TASK, 0); + + f.cancel(); + + forbiddenRun(f::get, IgniteFutureCancelledException.class); + } + + /** + * @throws Exception If failed. + */ + public void testForbiddenCancel() throws Exception { + Ignite node = startGrid("client_forbidden_cancel", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED_TASK.getClass().getName(), TASK_EXECUTE) + .build(), isClient() + ); + + ComputeTaskFuture f = node.compute().executeAsync(ALLOWED_TASK, 0); + + forbiddenRun(f::cancel); + } + + /** + * Allowed task class. + */ + static class AllowedTask extends TestComputeTask { + /** {@inheritDoc} */ + @Override public @Nullable Map map(List subgrid, + @Nullable Object arg) throws IgniteException { + JINGLE_BELL.set(true); + + return super.map(subgrid, arg); + } + } + + /** + * Forbidden task class. + */ + static class ForbiddenTask extends TestComputeTask { + /** {@inheritDoc} */ + @Override public @Nullable Map map(List subgrid, + @Nullable Object arg) throws IgniteException { + fail("Should not be invoked."); + + return super.map(subgrid, arg); + } + } + + /** + * Abstract test compute task. + */ + abstract static class TestComputeTask implements ComputeTask { + /** {@inheritDoc} */ + @Override public @Nullable Map map(List subgrid, + @Nullable Object arg) throws IgniteException { + return Collections.singletonMap( + new ComputeJob() { + @Override public void cancel() { + // no-op + } + + @Override public Object execute() throws IgniteException { + return null; + } + }, subgrid.stream().findFirst().get() + ); + } + + /** {@inheritDoc} */ + @Override public ComputeJobResultPolicy result(ComputeJobResult res, + List rcvd) throws IgniteException { + if (res.getException() != null) + throw res.getException(); + + return ComputeJobResultPolicy.REDUCE; + } + + /** {@inheritDoc} */ + @Override public @Nullable Integer reduce(List results) throws IgniteException { + return null; + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForDistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForDistributedClosureTest.java new file mode 100644 index 0000000000000..e0c30721a4a6a --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForDistributedClosureTest.java @@ -0,0 +1,127 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute; + +import java.util.Collection; +import org.apache.ignite.Ignite; +import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.lang.IgniteFuture; +import org.apache.ignite.lang.IgniteFutureCancelledException; +import org.apache.ignite.lang.IgniteRunnable; + +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; + +/** + * Test task execute permission for compute broadcast on Client node. + */ +public class ClientNodeTaskExecutePermissionForDistributedClosureTest extends AbstractTaskExecutePermissionTest { + /** Allowed runnable. */ + private static final IgniteRunnable ALLOWED_RUNNABLE = () -> JINGLE_BELL.set(true); + + /** Forbidden runnable. */ + private static final IgniteRunnable FORBIDDEN_RUNNABLE = () -> fail("Should not be invoked."); + + /** Allow closure. */ + private static final IgniteClosure ALLOW_CLOSURE = a -> { + JINGLE_BELL.set(true); + + return null; + }; + + /** Forbidden closure. */ + private static final IgniteClosure FORBIDDEN_CLOSURE = a -> { + fail("Should not be invoked."); + + return null; + }; + + /** + * @throws Exception If failed. + */ + public void testExecute() throws Exception { + Ignite node = startGrid("client", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) + .appendTaskPermissions(FORBIDDEN_CALLABLE.getClass().getName(), EMPTY_PERMS) + .appendTaskPermissions(ALLOWED_RUNNABLE.getClass().getName(), TASK_EXECUTE) + .appendTaskPermissions(FORBIDDEN_RUNNABLE.getClass().getName(), EMPTY_PERMS) + .appendTaskPermissions(ALLOW_CLOSURE.getClass().getName(), TASK_EXECUTE) + .appendTaskPermissions(FORBIDDEN_CLOSURE.getClass().getName(), EMPTY_PERMS) + .build(), isClient() + ); + + allowRun(() -> node.compute().broadcast(ALLOWED_CALLABLE)); + forbiddenRun(() -> node.compute().broadcast(FORBIDDEN_CALLABLE)); + + allowRun(() -> node.compute().broadcastAsync(ALLOWED_CALLABLE).get()); + forbiddenRun(() -> node.compute().broadcastAsync(FORBIDDEN_CALLABLE).get()); + + allowRun(() -> node.compute().call(ALLOWED_CALLABLE)); + forbiddenRun(() -> node.compute().call(FORBIDDEN_CALLABLE)); + + allowRun(() -> node.compute().callAsync(ALLOWED_CALLABLE).get()); + forbiddenRun(() -> node.compute().callAsync(FORBIDDEN_CALLABLE).get()); + + allowRun(() -> node.compute().run(ALLOWED_RUNNABLE)); + forbiddenRun(() -> node.compute().run(FORBIDDEN_RUNNABLE)); + + allowRun(() -> node.compute().runAsync(ALLOWED_RUNNABLE).get()); + forbiddenRun(() -> node.compute().runAsync(FORBIDDEN_RUNNABLE).get()); + + Object arg = new Object(); + + allowRun(() -> node.compute().apply(ALLOW_CLOSURE, arg)); + forbiddenRun(() -> node.compute().apply(FORBIDDEN_CLOSURE, arg)); + + allowRun(() -> node.compute().applyAsync(ALLOW_CLOSURE, arg).get()); + forbiddenRun(() -> node.compute().applyAsync(FORBIDDEN_CLOSURE, arg).get()); + } + + /** + * @throws Exception If failed. + */ + public void testAllowedCancel() throws Exception { + Ignite node = startGrid("client_allowed_cancel", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) + .build(), isClient() + ); + + IgniteFuture> f = node.compute().broadcastAsync(ALLOWED_CALLABLE); + + f.cancel(); + + forbiddenRun(f::get, IgniteFutureCancelledException.class); + } + + /** + * @throws Exception If failed. + */ + public void testForbiddenCancel() throws Exception { + Ignite node = startGrid("client_forbidden_cancel", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) + .build(), isClient() + ); + + IgniteFuture> f = node.compute().broadcastAsync(ALLOWED_CALLABLE); + + forbiddenRun(f::cancel); + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForExecutorServiceTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForExecutorServiceTest.java new file mode 100644 index 0000000000000..27a0d72dc7835 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForExecutorServiceTest.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute; + +import java.util.concurrent.CancellationException; +import java.util.concurrent.Future; +import org.apache.ignite.Ignite; + +import static java.util.Collections.singletonList; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; + +/** + * Test task execute permission for Executor Service on Client node. + */ +public class ClientNodeTaskExecutePermissionForExecutorServiceTest extends AbstractTaskExecutePermissionTest { + /** + * @throws Exception If failed. + */ + public void testExecute() throws Exception { + Ignite ignite = startGrid("client", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) + .appendTaskPermissions(FORBIDDEN_CALLABLE.getClass().getName(), EMPTY_PERMS) + .build(), isClient() + ); + + allowRun(() -> ignite.executorService().submit(ALLOWED_CALLABLE).get()); + forbiddenRun(() -> ignite.executorService().submit(FORBIDDEN_CALLABLE).get()); + + allowRun(()->ignite.executorService().invokeAll(singletonList(ALLOWED_CALLABLE))); + forbiddenRun(() -> ignite.executorService().invokeAll(singletonList(FORBIDDEN_CALLABLE))); + + allowRun(()->ignite.executorService().invokeAny(singletonList(ALLOWED_CALLABLE))); + forbiddenRun(() -> ignite.executorService().invokeAny(singletonList(FORBIDDEN_CALLABLE))); + } + + /** + * @throws Exception If failed. + */ + public void testAllowedCancel() throws Exception { + Ignite ignite = startGrid("client_allowed_cancel", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) + .build(), isClient() + ); + + Future f = ignite.executorService().submit(ALLOWED_CALLABLE); + + f.cancel(true); + + forbiddenRun(f::get, CancellationException.class); + } + + /** + * @throws Exception If failed. + */ + public void testForbiddenCancel() throws Exception { + Ignite ignite = startGrid("client_forbidden_cancel", + builder().defaultAllowAll(true) + .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) + .build(), isClient() + ); + + Future f = ignite.executorService().submit(ALLOWED_CALLABLE); + + forbiddenRun(() -> f.cancel(true)); + } +} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java index 37fa96f2f8b38..ae0a7bbd7b829 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processor.security.compute; import org.apache.ignite.IgniteCompute; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeExecuteTaskPermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeExecuteTaskPermissionTest.java deleted file mode 100644 index 18c647b4d170a..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeExecuteTaskPermissionTest.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.apache.ignite.internal.processor.security.compute; - -/** - * Test task execute permission for Executor Service on Server node. - */ -public class ServerNodeExecuteTaskPermissionTest extends ClientNodeExecuteTaskPermissionTest { - /** {@inheritDoc} */ - @Override protected boolean isClient() { - return false; - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForComputeTaskTest.java new file mode 100644 index 0000000000000..049d68de1caa6 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForComputeTaskTest.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute; + +/** + * Test task execute permission for compute task on Server node. + */ +public class ServerNodeTaskExecutePermissionForComputeTaskTest + extends ClientNodeTaskExecutePermissionForComputeTaskTest { + /** {@inheritDoc} */ + @Override protected boolean isClient() { + return false; + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForDistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForDistributedClosureTest.java new file mode 100644 index 0000000000000..f88f23331a6ac --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForDistributedClosureTest.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute; + +/** + * Test task execute permission for compute broadcast on Server node. + */ +public class ServerNodeTaskExecutePermissionForDistributedClosureTest + extends ClientNodeTaskExecutePermissionForDistributedClosureTest { + /** {@inheritDoc} */ + @Override protected boolean isClient() { + return false; + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForExecutorServiceTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForExecutorServiceTest.java new file mode 100644 index 0000000000000..aa979b46ad14e --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForExecutorServiceTest.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute; + +/** + * Test task execute permission for Executor Service on Server node. + */ +public class ServerNodeTaskExecutePermissionForExecutorServiceTest + extends ClientNodeTaskExecutePermissionForExecutorServiceTest { + /** {@inheritDoc} */ + @Override protected boolean isClient() { + return false; + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index 5014994bf0c4a..fe2507bad0252 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -22,8 +22,12 @@ import org.apache.ignite.internal.processor.security.cache.ClientNodeCachePermissionsTest; import org.apache.ignite.internal.processor.security.cache.EntryProcessorSecurityTest; import org.apache.ignite.internal.processor.security.cache.ServerNodeCachePermissionsTest; -import org.apache.ignite.internal.processor.security.compute.ClientNodeExecuteTaskPermissionTest; -import org.apache.ignite.internal.processor.security.compute.ServerNodeExecuteTaskPermissionTest; +import org.apache.ignite.internal.processor.security.compute.ClientNodeTaskExecutePermissionForComputeTaskTest; +import org.apache.ignite.internal.processor.security.compute.ClientNodeTaskExecutePermissionForDistributedClosureTest; +import org.apache.ignite.internal.processor.security.compute.ClientNodeTaskExecutePermissionForExecutorServiceTest; +import org.apache.ignite.internal.processor.security.compute.ServerNodeTaskExecutePermissionForComputeTaskTest; +import org.apache.ignite.internal.processor.security.compute.ServerNodeTaskExecutePermissionForDistributedClosureTest; +import org.apache.ignite.internal.processor.security.compute.ServerNodeTaskExecutePermissionForExecutorServiceTest; import org.apache.ignite.internal.processor.security.datastreamer.ClientNodeDataStreamerCachePermissionTest; import org.apache.ignite.internal.processor.security.datastreamer.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.cache.LoadCacheSecurityTest; @@ -55,6 +59,17 @@ public static TestSuite suite() throws Exception { public static TestSuite suite(final @Nullable Set ignoredTests) { TestSuite suite = new TestSuite("Initiator Node's Security Context Test Suite"); + suite.addTest(new TestSuite(ClientNodeCachePermissionsTest.class)); + suite.addTest(new TestSuite(ServerNodeCachePermissionsTest.class)); + suite.addTest(new TestSuite(ClientNodeDataStreamerCachePermissionTest.class)); + suite.addTest(new TestSuite(ServerNodeDataStreamerCachePermissionTest.class)); + suite.addTest(new TestSuite(ClientNodeTaskExecutePermissionForExecutorServiceTest.class)); + suite.addTest(new TestSuite(ServerNodeTaskExecutePermissionForExecutorServiceTest.class)); + suite.addTest(new TestSuite(ClientNodeTaskExecutePermissionForDistributedClosureTest.class)); + suite.addTest(new TestSuite(ServerNodeTaskExecutePermissionForDistributedClosureTest.class)); + suite.addTest(new TestSuite(ClientNodeTaskExecutePermissionForComputeTaskTest.class)); + suite.addTest(new TestSuite(ServerNodeTaskExecutePermissionForComputeTaskTest.class)); + suite.addTest(new TestSuite(DistributedClosureSecurityTest.class)); suite.addTest(new TestSuite(ComputeTaskSecurityTest.class)); suite.addTest(new TestSuite(ExecuteServiceTaskSecurityTest.class)); @@ -64,12 +79,6 @@ public static TestSuite suite(final @Nullable Set ignoredTests) { suite.addTest(new TestSuite(LoadCacheSecurityTest.class)); suite.addTest(new TestSuite(ThinClientSecurityTest.class)); suite.addTest(new TestSuite(IgniteMessagingTest.class)); - suite.addTest(new TestSuite(ClientNodeCachePermissionsTest.class)); - suite.addTest(new TestSuite(ServerNodeCachePermissionsTest.class)); - suite.addTest(new TestSuite(ClientNodeDataStreamerCachePermissionTest.class)); - suite.addTest(new TestSuite(ServerNodeDataStreamerCachePermissionTest.class)); - suite.addTest(new TestSuite(ClientNodeExecuteTaskPermissionTest.class)); - suite.addTest(new TestSuite(ServerNodeExecuteTaskPermissionTest.class)); return suite; } From 90a615fb23559f336c5371dec2c4a59310e7d7f8 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 19 Dec 2018 16:09:49 +0300 Subject: [PATCH 33/98] IGNITE-9560 Added cache permission tests for ScanQuery, EntryProcessor, LoadCache --- .../ignite/internal/GridKernalContext.java | 4 +- .../internal/GridKernalContextImpl.java | 14 +- .../apache/ignite/internal/IgniteKernal.java | 3 +- .../managers/communication/GridIoManager.java | 20 +- .../eventstorage/GridEventStorageManager.java | 4 +- .../processors/cache/GridCacheProcessor.java | 50 +++-- .../reader/StandaloneGridKernalContext.java | 4 +- .../security/GridSecuritySession.java | 17 ++ .../security/GridSecuritySessionImpl.java | 27 ++- ...ager.java => IgniteSecurityProcessor.java} | 20 +- ....java => IgniteSecurityProcessorImpl.java} | 138 +++++++----- .../processors/security/SecurityUtils.java | 40 ++++ .../query/h2/ddl/DdlStatementsProcessor.java | 8 +- .../security/AbstractCachePermissionTest.java | 15 +- .../security/AbstractPermissionTest.java | 9 +- ...onsTest.java => CachePermissionsTest.java} | 27 ++- .../EntryProcessorCachePermissionTest.java | 149 +++++++++++++ .../cache/LoadCachePermissionTest.java | 201 ++++++++++++++++++ .../cache/ScanQueryCachePermissionTest.java | 76 +++++++ .../EntryProcessorSecurityTest.java | 2 +- .../{ => closure}/LoadCacheSecurityTest.java | 2 +- .../{ => closure}/ScanQuerySecurityTest.java | 2 +- .../package-info.java} | 11 +- .../AbstractTaskExecutePermissionTest.java | 38 +++- ...tePermissionForDistributedClosureTest.java | 29 --- ...ecutePermissionForExecutorServiceTest.java | 29 --- ...kExecutePermissionForComputeTaskTest.java} | 35 ++- ...ePermissionForDistributedClosureTest.java} | 34 ++- ...cutePermissionForExecutorServiceTest.java} | 32 ++- .../AbstractComputeTaskSecurityTest.java | 2 +- .../ComputeTaskSecurityTest.java | 2 +- .../DistributedClosureSecurityTest.java | 2 +- .../ExecuteServiceTaskSecurityTest.java | 2 +- .../package-info.java} | 12 +- ...a => DataStreamerCachePermissionTest.java} | 27 ++- .../IgniteDataStreamerSecurityTest.java | 2 +- .../package-info.java} | 11 +- .../AuthorizeOperationsTestSuite.java | 50 ++--- 38 files changed, 829 insertions(+), 321 deletions(-) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{GridSecurityManager.java => IgniteSecurityProcessor.java} (74%) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{GridSecurityManagerImpl.java => IgniteSecurityProcessorImpl.java} (53%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{ClientNodeCachePermissionsTest.java => CachePermissionsTest.java} (83%) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{ => closure}/EntryProcessorSecurityTest.java (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{ => closure}/LoadCacheSecurityTest.java (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{ => closure}/ScanQuerySecurityTest.java (99%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{ServerNodeCachePermissionsTest.java => closure/package-info.java} (73%) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForDistributedClosureTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForExecutorServiceTest.java rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ClientNodeTaskExecutePermissionForComputeTaskTest.java => TaskExecutePermissionForComputeTaskTest.java} (86%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ClientNodeTaskExecutePermissionForDistributedClosureTest.java => TaskExecutePermissionForDistributedClosureTest.java} (85%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ClientNodeTaskExecutePermissionForExecutorServiceTest.java => TaskExecutePermissionForExecutorServiceTest.java} (78%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ => closure}/AbstractComputeTaskSecurityTest.java (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ => closure}/ComputeTaskSecurityTest.java (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ => closure}/DistributedClosureSecurityTest.java (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ => closure}/ExecuteServiceTaskSecurityTest.java (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{ServerNodeTaskExecutePermissionForComputeTaskTest.java => closure/package-info.java} (69%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/{ClientNodeDataStreamerCachePermissionTest.java => DataStreamerCachePermissionTest.java} (80%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/{ => closure}/IgniteDataStreamerSecurityTest.java (99%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/{ServerNodeDataStreamerCachePermissionTest.java => closure/package-info.java} (76%) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java index 5ed39d2e62368..ad75b96ce19d9 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java @@ -63,7 +63,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityManager; +import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -410,7 +410,7 @@ public interface GridKernalContext extends Iterable { * * @return Security manager. */ - public GridSecurityManager security(); + public IgniteSecurityProcessor security(); /** * Gets load balancing manager. diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java index 15e1b196d4644..cb07c176f7911 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java @@ -50,8 +50,6 @@ import org.apache.ignite.internal.managers.loadbalancer.GridLoadBalancerManager; import org.apache.ignite.internal.processors.cache.mvcc.MvccProcessor; import org.apache.ignite.internal.processors.compress.CompressionProcessor; -import org.apache.ignite.internal.processors.security.GridSecurityManager; -import org.apache.ignite.internal.processors.security.GridSecurityManagerImpl; import org.apache.ignite.internal.worker.WorkersRegistry; import org.apache.ignite.internal.processors.affinity.GridAffinityProcessor; import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor; @@ -85,7 +83,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -160,7 +158,7 @@ public class GridKernalContextImpl implements GridKernalContext, Externalizable /** */ @GridToStringExclude - private GridSecurityManager securityMgr; + private IgniteSecurityProcessor securityProc; /** */ @GridToStringExclude @@ -566,8 +564,6 @@ else if (comp instanceof GridFailoverManager) failoverMgr = (GridFailoverManager)comp; else if (comp instanceof GridCollisionManager) colMgr = (GridCollisionManager)comp; - else if (comp instanceof GridSecurityProcessor) - securityMgr = new GridSecurityManagerImpl(this,(GridSecurityProcessor)comp); else if (comp instanceof GridLoadBalancerManager) loadMgr = (GridLoadBalancerManager)comp; else if (comp instanceof GridIndexingManager) @@ -646,6 +642,8 @@ else if (comp instanceof GridInternalSubscriptionProcessor) internalSubscriptionProc = (GridInternalSubscriptionProcessor)comp; else if (comp instanceof IgniteAuthenticationProcessor) authProc = (IgniteAuthenticationProcessor)comp; + else if (comp instanceof IgniteSecurityProcessor) + securityProc = (IgniteSecurityProcessor)comp; else if (comp instanceof CompressionProcessor) compressProc = (CompressionProcessor)comp; else if (!(comp instanceof DiscoveryNodeValidationProcessor @@ -806,8 +804,8 @@ else if (helper instanceof HadoopHelper) } /** {@inheritDoc} */ - @Override public GridSecurityManager security() { - return securityMgr; + @Override public IgniteSecurityProcessor security() { + return securityProc; } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index f7779805ebe1d..6e0d26cfd1447 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -161,6 +161,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.resource.GridSpringResourceContext; import org.apache.ignite.internal.processors.rest.GridRestProcessor; +import org.apache.ignite.internal.processors.security.IgniteSecurityProcessorImpl; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; @@ -978,7 +979,7 @@ public void start( startProcessor(new GridTimeoutProcessor(ctx)); // Start security processors. - startProcessor(createComponent(GridSecurityProcessor.class, ctx)); + startProcessor(new IgniteSecurityProcessorImpl(ctx, createComponent(GridSecurityProcessor.class, ctx))); // Start SPI managers. // NOTE: that order matters as there are dependencies between managers. diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 21d6ef432fc9a..80b6093ea3fa1 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -2010,15 +2010,9 @@ public void addUserMessageListener(final @Nullable Object topic, * @param topic Topic to unsubscribe from. * @param p Message predicate. */ - @SuppressWarnings("unchecked") public void removeUserMessageListener(@Nullable Object topic, IgniteBiPredicate p) { - try { - removeMessageListener(TOPIC_COMM_USER, - new GridUserMessageListener(topic, (IgniteBiPredicate)p)); - } - catch (IgniteCheckedException e) { - throw new IgniteException(e); - } + removeMessageListener(TOPIC_COMM_USER, + new GridUserMessageListener(topic, (IgniteBiPredicate)p)); } /** @@ -2437,16 +2431,16 @@ private class GridUserMessageListener implements GridMessageListener { /** User message topic. */ private final Object topic; + /** Initial node id. */ private final UUID initNodeId; /** * @param topic User topic. * @param predLsnr Predicate listener. * @param initNodeId Node id that registered given listener. - * @throws IgniteCheckedException If failed to inject resources to predicates. */ - GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr, @Nullable UUID initNodeId) - throws IgniteCheckedException { + GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr, + @Nullable UUID initNodeId) { this.topic = topic; this.predLsnr = predLsnr; this.initNodeId = initNodeId; @@ -2455,10 +2449,8 @@ private class GridUserMessageListener implements GridMessageListener { /** * @param topic User topic. * @param predLsnr Predicate listener. - * @throws IgniteCheckedException If failed to inject resources to predicates. */ - GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr) - throws IgniteCheckedException { + GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr) { this(topic, predLsnr, null); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java index 678a41ee00661..24b142d4d9a1d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java @@ -374,7 +374,7 @@ public int[] enabledEvents() { public synchronized void enableEvents(int[] types) { assert types != null; - ctx.security().authorize(null, SecurityPermission.EVENTS_ENABLE); + ctx.security().authorize(SecurityPermission.EVENTS_ENABLE); boolean[] userRecordableEvts0 = userRecordableEvts; boolean[] recordableEvts0 = recordableEvts; @@ -417,7 +417,7 @@ public synchronized void enableEvents(int[] types) { public synchronized void disableEvents(int[] types) { assert types != null; - ctx.security().authorize(null, SecurityPermission.EVENTS_DISABLE); + ctx.security().authorize(SecurityPermission.EVENTS_DISABLE); boolean[] userRecordableEvts0 = userRecordableEvts; boolean[] recordableEvts0 = recordableEvts; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index a355eb07c37bc..c19f054a4356d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -196,6 +196,7 @@ import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_TX_CONFIG; import static org.apache.ignite.internal.processors.cache.GridCacheUtils.isNearEnabled; import static org.apache.ignite.internal.processors.cache.GridCacheUtils.isPersistentCache; +import static org.apache.ignite.internal.processors.security.SecurityUtils.nodeSecurityContext; import static org.apache.ignite.internal.util.IgniteUtils.doInParallel; /** @@ -3175,7 +3176,7 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, } /** {@inheritDoc} */ - @Nullable @Override public IgniteNodeValidationResult validateNode( + @Override public @Nullable IgniteNodeValidationResult validateNode( ClusterNode node, JoiningNodeDiscoveryData discoData ) { if(!cachesInfo.isMergeConfigSupports(node)) @@ -3186,33 +3187,30 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, boolean isGridActive = ctx.state().clusterState().active(); - StringBuilder errorMessage = new StringBuilder(); + StringBuilder errorMsg = new StringBuilder(); SecurityContext secCtx = null; - byte[] secCtxBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - - if (secCtxBytes != null) { + if (ctx.security().enabled()) { try { - secCtx = U.unmarshal(marsh, secCtxBytes, U.resolveClassLoader(ctx.config())); - }catch (IgniteCheckedException ex){ - errorMessage.append(ex.getMessage()); + secCtx = nodeSecurityContext(marsh, U.resolveClassLoader(ctx.config()), node); + } + catch (SecurityException se) { + errorMsg.append(se.getMessage()); } } for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { - try { - if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) { - try (GridSecuritySession s = ctx.security().startSession(secCtx)) { - authorizeCacheCreate(cacheInfo.cacheData().config()); - } + if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) { + try (GridSecuritySession s = ctx.security().startSession(secCtx)) { + authorizeCacheCreate(cacheInfo.cacheData().config()); } - } - catch (SecurityException ex) { - if (errorMessage.length() > 0) - errorMessage.append("\n"); + catch (SecurityException ex) { + if (errorMsg.length() > 0) + errorMsg.append("\n"); - errorMessage.append(ex.getMessage()); + errorMsg.append(ex.getMessage()); + } } DynamicCacheDescriptor localDesc = cacheDescriptor(cacheInfo.cacheData().config().getName()); @@ -3223,19 +3221,19 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, QuerySchemaPatch schemaPatch = localDesc.makeSchemaPatch(cacheInfo.cacheData().queryEntities()); if (schemaPatch.hasConflicts() || (isGridActive && !schemaPatch.isEmpty())) { - if (errorMessage.length() > 0) - errorMessage.append("\n"); + if (errorMsg.length() > 0) + errorMsg.append("\n"); if (schemaPatch.hasConflicts()) - errorMessage.append(String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, + errorMsg.append(String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, localDesc.cacheName(), schemaPatch.getConflictsMessage())); else - errorMessage.append(String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, localDesc.cacheName())); + errorMsg.append(String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, localDesc.cacheName())); } } - if (errorMessage.length() > 0) { - String msg = errorMessage.toString(); + if (errorMsg.length() > 0) { + String msg = errorMsg.toString(); return new IgniteNodeValidationResult(node.id(), msg, msg); } @@ -4181,7 +4179,7 @@ private Collection initiateCacheChanges( * @param cfg Cache configuration. */ private void authorizeCacheCreate(CacheConfiguration cfg) { - ctx.security().authorize(SecurityPermission.CACHE_CREATE); + ctx.security().authorize(cfg.getName(), SecurityPermission.CACHE_CREATE); if (cfg != null && cfg.isOnheapCacheEnabled() && IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DISABLE_ONHEAP_CACHE)) @@ -4196,7 +4194,7 @@ private void authorizeCacheCreate(CacheConfiguration cfg) { private void authorizeCacheChange(DynamicCacheChangeRequest req) { if (req.cacheType() == null || req.cacheType() == CacheType.USER) { if (req.stop()) - ctx.security().authorize(SecurityPermission.CACHE_DESTROY); + ctx.security().authorize(req.cacheName(), SecurityPermission.CACHE_DESTROY); else authorizeCacheCreate(req.startCacheConfiguration()); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java index 5e9eb4caba868..01c6f0068f382 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java @@ -78,7 +78,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityManager; +import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -445,7 +445,7 @@ protected IgniteConfiguration prepareIgniteConfiguration() { } /** {@inheritDoc} */ - @Override public GridSecurityManager security() { + @Override public IgniteSecurityProcessor security() { return null; } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java index 207cdffcb2dc5..b6ee5d6efbcbc 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processors.security; /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java index d2608761f47a0..68d430335538e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processors.security; /** @@ -5,22 +22,22 @@ */ public class GridSecuritySessionImpl implements GridSecuritySession { /** Grid Security Manager. */ - private final GridSecurityManager mngr; + private final IgniteSecurityProcessor proc; /** Security context. */ private final SecurityContext secCtx; /** - * @param mngr Grid Security Manager. + * @param proc Grid Security Manager. * @param secCtx Security context. */ - public GridSecuritySessionImpl(GridSecurityManager mngr, SecurityContext secCtx) { - this.mngr = mngr; + public GridSecuritySessionImpl(IgniteSecurityProcessor proc, SecurityContext secCtx) { + this.proc = proc; this.secCtx = secCtx; } /** {@inheritDoc} */ @Override public void close() { - mngr.startSession(secCtx); + proc.startSession(secCtx); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java similarity index 74% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index 48eb0bbbbff63..3ad4dddf84aab 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -11,11 +11,11 @@ import org.apache.ignite.plugin.security.SecuritySubject; /** - * Grid Security Manager. + * Ignite Security Processor. */ -public interface GridSecurityManager { +public interface IgniteSecurityProcessor { /** - * Create {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * Creates {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until * session {@link GridSecuritySession} will be closed. * @@ -25,7 +25,7 @@ public interface GridSecurityManager { public GridSecuritySession startSession(SecurityContext secCtx); /** - * Create {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * Creates {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by * node with given noddeId until session {@link GridSecuritySession} will be closed. * @@ -35,28 +35,28 @@ public interface GridSecurityManager { public GridSecuritySession startSession(UUID nodeId); /** - * Delegate call to {@link GridSecurityProcessor#authenticateNode(org.apache.ignite.cluster.ClusterNode, + * Delegates call to {@link GridSecurityProcessor#authenticateNode(org.apache.ignite.cluster.ClusterNode, * org.apache.ignite.plugin.security.SecurityCredentials)} */ public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException; /** - * Delegate call to {@link GridSecurityProcessor#isGlobalNodeAuthentication()} + * Delegates call to {@link GridSecurityProcessor#isGlobalNodeAuthentication()} */ public boolean isGlobalNodeAuthentication(); /** - * Delegate call to {@link GridSecurityProcessor#authenticate(AuthenticationContext)} + * Delegates call to {@link GridSecurityProcessor#authenticate(AuthenticationContext)} */ public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException; /** - * Delegate call to {@link GridSecurityProcessor#authenticatedSubjects()} + * Delegates call to {@link GridSecurityProcessor#authenticatedSubjects()} */ public Collection authenticatedSubjects() throws IgniteCheckedException; /** - * Delegate call to {@link GridSecurityProcessor#authenticatedSubject(UUID)} + * Delegates call to {@link GridSecurityProcessor#authenticatedSubject(UUID)} */ public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException; @@ -80,7 +80,7 @@ public default void authorize(SecurityPermission perm) throws SecurityException } /** - * Delegate call to {@link GridSecurityProcessor#enabled()} + * Delegates call to {@link GridSecurityProcessor#enabled()} */ public boolean enabled(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java similarity index 53% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index b89ef19f321f1..a7466bf89dd09 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityManagerImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -5,12 +5,12 @@ import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteNodeAttributes; -import org.apache.ignite.internal.managers.eventstorage.DiscoveryEventListener; +import org.apache.ignite.internal.IgniteInternalFuture; +import org.apache.ignite.internal.processors.GridProcessor; import org.apache.ignite.internal.util.typedef.internal.U; +import org.apache.ignite.lang.IgniteFuture; import org.apache.ignite.marshaller.MarshallerUtils; import org.apache.ignite.marshaller.jdk.JdkMarshaller; import org.apache.ignite.plugin.security.AuthenticationContext; @@ -18,14 +18,18 @@ import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.spi.IgniteNodeValidationResult; +import org.apache.ignite.spi.discovery.DiscoveryDataBag; +import org.jetbrains.annotations.Nullable; import static org.apache.ignite.events.EventType.EVT_NODE_FAILED; import static org.apache.ignite.events.EventType.EVT_NODE_LEFT; +import static org.apache.ignite.internal.processors.security.SecurityUtils.nodeSecurityContext; /** * Default Grid security Manager implementation. */ -public class GridSecurityManagerImpl implements GridSecurityManager { +public class IgniteSecurityProcessorImpl implements IgniteSecurityProcessor, GridProcessor { /** Current security context. */ private final ThreadLocal curSecCtx = ThreadLocal.withInitial(this::localSecurityContext); @@ -41,14 +45,11 @@ public class GridSecurityManagerImpl implements GridSecurityManager { /** Map of security contexts. Key is node's id. */ private final Map secCtxs = new ConcurrentHashMap<>(); - /** Listener, thet removes absolet data from {@link #secCtxs}. */ - private DiscoveryEventListener lsnr; - /** * @param ctx Grid kernal context. * @param secPrc Security processor. */ - public GridSecurityManagerImpl(GridKernalContext ctx, GridSecurityProcessor secPrc) { + public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor secPrc) { this.ctx = ctx; this.secPrc = secPrc; marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName()); @@ -67,15 +68,11 @@ public GridSecurityManagerImpl(GridKernalContext ctx, GridSecurityProcessor secP /** {@inheritDoc} */ @Override public GridSecuritySession startSession(UUID nodeId) { - if (lsnr == null) { - lsnr = (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()); - - ctx.event().addDiscoveryEventListener(lsnr, EVT_NODE_FAILED, EVT_NODE_LEFT); - } - return startSession( secCtxs.computeIfAbsent(nodeId, - uuid -> nodeSecurityContext(ctx.discovery().node(uuid)) + uuid -> nodeSecurityContext( + marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().node(uuid) + ) ) ); } @@ -120,44 +117,89 @@ public GridSecurityManagerImpl(GridKernalContext ctx, GridSecurityProcessor secP return secPrc.enabled(); } + /** {@inheritDoc} */ + @Override public void start() throws IgniteCheckedException { + secPrc.start(); + } + + /** {@inheritDoc} */ + @Override public void stop(boolean cancel) throws IgniteCheckedException { + secPrc.stop(cancel); + } + + /** {@inheritDoc} */ + @Override public void onKernalStart(boolean active) throws IgniteCheckedException { + ctx.event().addDiscoveryEventListener( + (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()), EVT_NODE_FAILED, EVT_NODE_LEFT + ); + + secPrc.onKernalStart(active); + } + + /** {@inheritDoc} */ + @Override public void onKernalStop(boolean cancel) { + secPrc.onKernalStop(cancel); + } + + /** {@inheritDoc} */ + @Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) { + secPrc.collectJoiningNodeData(dataBag); + } + + /** {@inheritDoc} */ + @Override public void collectGridNodeData(DiscoveryDataBag dataBag) { + secPrc.collectGridNodeData(dataBag); + } + + /** {@inheritDoc} */ + @Override public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) { + secPrc.onGridDataReceived(data); + } + + /** {@inheritDoc} */ + @Override public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) { + secPrc.onJoiningNodeDataReceived(data); + } + + /** {@inheritDoc} */ + @Override public void printMemoryStats() { + secPrc.printMemoryStats(); + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteNodeValidationResult validateNode( + ClusterNode node) { + return secPrc.validateNode(node); + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteNodeValidationResult validateNode( + ClusterNode node, DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { + return secPrc.validateNode(node, discoData); + } + + /** {@inheritDoc} */ + @Override public @Nullable DiscoveryDataExchangeType discoveryDataType() { + return secPrc.discoveryDataType(); + } + + /** {@inheritDoc} */ + @Override public void onDisconnected(IgniteFuture reconnectFut) throws IgniteCheckedException { + secPrc.onDisconnected(reconnectFut); + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteInternalFuture onReconnected( + boolean clusterRestarted) throws IgniteCheckedException { + return secPrc.onReconnected(clusterRestarted); + } + /** * Getting local node's security context. * * @return Security context of local node. */ private SecurityContext localSecurityContext() { - return nodeSecurityContext(ctx.discovery().localNode()); - } - - /** - * Getting node's security context. - * - * @param node Node. - * @return Node's security context. - */ - private SecurityContext nodeSecurityContext(ClusterNode node) { - byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); - - byte[] subjBytesV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - - if (subjBytes == null && subjBytesV2 == null) - throw new SecurityException("Security context isn't certain."); - - try { - if (subjBytesV2 != null) - return U.unmarshal(marsh, subjBytesV2, U.resolveClassLoader(ctx.config())); - - try { - SecurityUtils.serializeVersion(1); - - return U.unmarshal(marsh, subjBytes, U.resolveClassLoader(ctx.config())); - } - finally { - SecurityUtils.restoreDefaultSerializeVersion(); - } - } - catch (IgniteCheckedException e) { - throw new IgniteException("Failed to get security context.", e); - } + return nodeSecurityContext(marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().localNode()); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java index 1cd6719d9fa5c..191919d26992f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java @@ -21,8 +21,14 @@ import java.util.Collection; import java.util.HashMap; import java.util.Map; +import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteSystemProperties; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.IgniteNodeAttributes; +import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.lang.IgniteProductVersion; +import org.apache.ignite.marshaller.Marshaller; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; /** @@ -89,4 +95,38 @@ public static Map> compatibleServicePermi return srvcPerms; } + + /** + * Getting node's security context. + * + * @param marsh Marshaller. + * @param ldr Class loader. + * @param node Node. + * @return Node's security context. + */ + public static SecurityContext nodeSecurityContext(Marshaller marsh, ClassLoader ldr, ClusterNode node) { + byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); + + byte[] subjBytesV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + + if (subjBytes == null && subjBytesV2 == null) + throw new SecurityException("Security context isn't certain."); + + try { + if (subjBytesV2 != null) + return U.unmarshal(marsh, subjBytesV2, ldr); + + try { + serializeVersion(1); + + return U.unmarshal(marsh, subjBytes, ldr); + } + finally { + restoreDefaultSerializeVersion(); + } + } + catch (IgniteCheckedException e) { + throw new SecurityException("Failed to get security context.", e); + } + } } diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java index 46e37c75032b2..ccd8938ac281d 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java @@ -326,10 +326,10 @@ else if (stmt0 instanceof GridSqlDropIndex) { } } else if (stmt0 instanceof GridSqlCreateTable) { - ctx.security().authorize(SecurityPermission.CACHE_CREATE); - GridSqlCreateTable cmd = (GridSqlCreateTable)stmt0; + ctx.security().authorize(cmd.tableName(), SecurityPermission.CACHE_CREATE); + isDdlOnSchemaSupported(cmd.schemaName()); GridH2Table tbl = idx.dataTable(cmd.schemaName(), cmd.tableName()); @@ -359,10 +359,10 @@ else if (stmt0 instanceof GridSqlCreateTable) { } } else if (stmt0 instanceof GridSqlDropTable) { - ctx.security().authorize(SecurityPermission.CACHE_DESTROY); - GridSqlDropTable cmd = (GridSqlDropTable)stmt0; + ctx.security().authorize(cmd.tableName(), SecurityPermission.CACHE_DESTROY); + isDdlOnSchemaSupported(cmd.schemaName()); GridH2Table tbl = idx.dataTable(cmd.schemaName(), cmd.tableName()); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java index 5a90675e90778..18d24b3ec434a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java @@ -30,9 +30,16 @@ public abstract class AbstractCachePermissionTest extends AbstractPermissionTest /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { return super.getConfiguration(igniteInstanceName) - .setCacheConfiguration( - new CacheConfiguration().setName(CACHE_NAME), - new CacheConfiguration().setName(FORBIDDEN_CACHE) - ); + .setCacheConfiguration(getCacheConfigurations()); + } + + /** + * @return Array of cache configurations. + */ + protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration().setName(CACHE_NAME), + new CacheConfiguration().setName(FORBIDDEN_CACHE) + }; } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java index 6edc7788a7a48..780739571b201 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java @@ -29,9 +29,12 @@ public abstract class AbstractPermissionTest extends AbstractSecurityTest { } /** - * @return Node client mode. + * Getting login prefix. + * + * @param isClient True if is client mode. + * @return Prefix. */ - protected boolean isClient() { - return true; + protected String loginPrefix(boolean isClient) { + return isClient ? "client" : "server"; } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java similarity index 83% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java index 6c99311431667..69cea3e6eb284 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ClientNodeCachePermissionsTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java @@ -27,17 +27,32 @@ import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; /** - * Test CRUD cache permissions for client node. + * Test CRUD cache permissions. */ -public class ClientNodeCachePermissionsTest extends AbstractCachePermissionTest { +public class CachePermissionsTest extends AbstractCachePermissionTest { /** - * + * @throws Exception If fail. */ - public void testCrudCachePermissions() throws Exception { - Ignite node = startGrid("test_node", + public void testServerNode() throws Exception { + testCrudCachePermissions(false); + } + + /** + * @throws Exception If fail. + */ + public void testClientNode() throws Exception { + testCrudCachePermissions(true); + } + + /** + * @param isClient True if is client mode. + * @throws Exception If failed. + */ + private void testCrudCachePermissions(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_test_node", builder().defaultAllowAll(true) .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient()); + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); node.cache(CACHE_NAME).put("key", "value"); forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).put("key", "value")); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java new file mode 100644 index 0000000000000..3a911667b141f --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java @@ -0,0 +1,149 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache; + +import org.apache.ignite.Ignite; +import org.apache.ignite.cache.CacheEntryProcessor; +import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; +import org.apache.ignite.internal.util.typedef.T2; + +import static java.util.Collections.singleton; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; + +/** + * Test cache permission for Entry processor. + */ +public class EntryProcessorCachePermissionTest extends AbstractCachePermissionTest { + /** Server node. */ + private Ignite srvNode; + + /** Client node. */ + private Ignite clientNode; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + srvNode = startGrid("server_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); + + clientNode = startGrid("client_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_PUT, CACHE_READ) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); + + super.beforeTestsStarted(); + } + + /** + * + */ + public void test() { + invoke(srvNode); + invoke(clientNode); + + invokeAll(srvNode); + invokeAll(clientNode); + + invokeAsync(srvNode); + invokeAsync(clientNode); + + invokeAsyncAll(srvNode); + invokeAsyncAll(clientNode); + } + + /** + * @param node Node. + */ + private void invoke(Ignite node) { + assertAllowed(node, CACHE_NAME, + (t) -> node.cache(CACHE_NAME).invoke( + t.getKey(), processor(t) + ) + ); + + assertForbidden(node, CACHE_NAME, + (t) -> node.cache(FORBIDDEN_CACHE).invoke( + t.getKey(), processor(t) + ) + ); + } + + /** + * @param node Node. + */ + private void invokeAll(Ignite node) { + assertAllowed(node, CACHE_NAME, + (t) -> node.cache(CACHE_NAME).invokeAll( + singleton(t.getKey()), processor(t) + ) + ); + + assertForbidden(node, CACHE_NAME, + (t) -> node.cache(FORBIDDEN_CACHE).invokeAll( + singleton(t.getKey()), processor(t) + ) + ); + } + + /** + * @param node Node. + */ + private void invokeAsync(Ignite node) { + assertAllowed(node, CACHE_NAME, + (t) -> node.cache(CACHE_NAME).invokeAsync( + t.getKey(), processor(t) + ).get() + ); + + assertForbidden(node, CACHE_NAME, + (t) -> node.cache(FORBIDDEN_CACHE).invokeAsync( + t.getKey(), processor(t) + ).get() + ); + } + + /** + * @param node Node. + */ + private void invokeAsyncAll(Ignite node) { + assertAllowed(node, CACHE_NAME, + (t) -> node.cache(CACHE_NAME).invokeAllAsync( + singleton(t.getKey()), processor(t) + ).get() + ); + + assertForbidden(node, CACHE_NAME, + (t) -> node.cache(FORBIDDEN_CACHE).invokeAllAsync( + singleton(t.getKey()), processor(t) + ).get() + ); + } + + /** + * @param t T2. + */ + private static CacheEntryProcessor processor(T2 t) { + return (entry, o) -> { + entry.setValue(t.getValue()); + + return null; + }; + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java new file mode 100644 index 0000000000000..11e477a25b75b --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java @@ -0,0 +1,201 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache; + +import com.google.common.collect.Sets; +import java.io.Serializable; +import java.util.Collection; +import java.util.Map; +import javax.cache.Cache; +import javax.cache.configuration.FactoryBuilder; +import javax.cache.integration.CacheLoaderException; +import javax.cache.integration.CacheWriterException; +import org.apache.ignite.Ignite; +import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.cache.store.CacheStore; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; +import org.apache.ignite.internal.util.lang.gridfunc.ContainsPredicate; +import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.internal.util.typedef.T2; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.jetbrains.annotations.Nullable; + +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; + +/** + * Test cache permission for Load cache. + */ +public class LoadCachePermissionTest extends AbstractCachePermissionTest { + /** Entry. */ + private static T2 entry; + + /** Server node. */ + private Ignite srvNode; + + /** Client node. */ + private Ignite clientNode; + + /** {@inheritDoc} */ + @Override protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.REPLICATED) + .setCacheStoreFactory(FactoryBuilder.factoryOf(new T2BasedStore())), + + new CacheConfiguration() + .setName(FORBIDDEN_CACHE) + .setCacheMode(CacheMode.REPLICATED) + .setCacheStoreFactory(FactoryBuilder.factoryOf(new T2BasedStore())) + }; + } + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + srvNode = startGrid("server_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); + + clientNode = startGrid("client_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_PUT) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); + + super.beforeTestsStarted(); + } + + /** + * + */ + public void test() { + load(srvNode); + load(clientNode); + + loadAsync(srvNode); + loadAsync(clientNode); + + localLoad(srvNode); + + localLoadAsync(srvNode); + } + + /** + * @param r Runnable. + */ + private void allowed(Runnable r) { + assertAllowed(srvNode, CACHE_NAME, + (t) -> { + entry = t; + + r.run(); + } + ); + } + + /** + * @param node Node. + */ + private void load(Ignite node) { + allowed(() -> node.cache(CACHE_NAME).loadCache(null)); + + //todo Security Improvement Phase-2. + // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).loadCache(null)); + } + + /** + * @param node Node. + */ + private void loadAsync(Ignite node) { + allowed(() -> node.cache(CACHE_NAME).loadCache(null)); + + //todo Security Improvement Phase-2. + // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).loadCacheAsync(null).get()); + } + + /** + * @param node Node. + */ + private void localLoad(Ignite node) { + allowed(() -> node.cache(CACHE_NAME).localLoadCache(null)); + + //todo Security Improvement Phase-2. + // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).localLoadCache(null)); + } + + /** + * @param node Node. + */ + private void localLoadAsync(Ignite node) { + allowed(() -> node.cache(CACHE_NAME).localLoadCacheAsync(null).get()); + + //todo Security Improvement Phase-2. + // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).localLoadCacheAsync(null).get()); + } + + /** + * + */ + static class T2BasedStore implements CacheStore, Serializable { + /** {@inheritDoc} */ + @Override public void loadCache(IgniteBiInClosure clo, + @Nullable Object... args) throws CacheLoaderException { + assert entry != null; + + clo.apply(entry.getKey(), entry.getValue()); + } + + /** {@inheritDoc} */ + @Override public void sessionEnd(boolean commit) throws CacheWriterException { + // No-op + } + + /** {@inheritDoc} */ + @Override public Integer load(String key) throws CacheLoaderException { + return entry.get(key); + } + + /** {@inheritDoc} */ + @Override public Map loadAll(Iterable keys) throws CacheLoaderException { + return F.view(entry, new ContainsPredicate<>(Sets.newHashSet(keys))); + } + + /** {@inheritDoc} */ + @Override public void write( + Cache.Entry entry) throws CacheWriterException { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void writeAll(Collection> entries) { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void delete(Object key) throws CacheWriterException { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void deleteAll(Collection keys) throws CacheWriterException { + throw new UnsupportedOperationException(); + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java new file mode 100644 index 0000000000000..f4aac70b91ec7 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache; + +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteDataStreamer; +import org.apache.ignite.cache.query.ScanQuery; +import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; +import org.apache.ignite.internal.util.typedef.G; + +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; + +/** + * Test cache permission for invoking of Scan Query. + */ +public class ScanQueryCachePermissionTest extends AbstractCachePermissionTest { + /** + * @throws Exception If fail. + */ + public void testServerNode() throws Exception { + testScanQuery(false); + } + + /** + * @throws Exception If fail. + */ + public void testClientNode() throws Exception { + testScanQuery(true); + } + + /** + * @param isClient True if is client mode. + * @throws Exception If failed. + */ + private void testScanQuery(boolean isClient) throws Exception { + putTestData(); + + Ignite node = startGrid(loginPrefix(isClient) + "_test_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_READ) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); + + assertFalse(node.cache(CACHE_NAME).query(new ScanQuery()).getAll().isEmpty()); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).query(new ScanQuery()).getAll()); + } + + /** + * + */ + private void putTestData() { + Ignite ignite = G.allGrids().stream().findFirst().get(); + + try (IgniteDataStreamer strAllowedCache = ignite.dataStreamer(CACHE_NAME); + IgniteDataStreamer strForbiddenCache = ignite.dataStreamer(FORBIDDEN_CACHE)) { + for (int i = 1; i <= 10; i++) { + strAllowedCache.addData(Integer.toString(i), i); + strForbiddenCache.addData(Integer.toString(i), i); + } + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java index 234f5ea2cd8ba..bdbbbc9d9e8a0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache; +package org.apache.ignite.internal.processor.security.cache.closure; import java.util.Collections; import java.util.UUID; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java index 535437d16f116..828d376789692 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache; +package org.apache.ignite.internal.processor.security.cache.closure; import java.util.UUID; import javax.cache.Cache; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java similarity index 99% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java index 62ec0548f3c6a..47396b6340c95 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache; +package org.apache.ignite.internal.processor.security.cache.closure; import java.util.UUID; import javax.cache.Cache; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ServerNodeCachePermissionsTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/package-info.java similarity index 73% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ServerNodeCachePermissionsTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/package-info.java index c8a9d791eec1a..faffca2917edf 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ServerNodeCachePermissionsTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/package-info.java @@ -15,14 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache; - /** - * Test CRUD cache permissions for server node. + * Contains security tests for cache closures. */ -public class ServerNodeCachePermissionsTest extends ClientNodeCachePermissionsTest { - /** {@inheritDoc} */ - @Override protected boolean isClient() { - return false; - } -} +package org.apache.ignite.internal.processor.security.cache.closure; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java index 42c48c07130a2..1110d7c9b166a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java @@ -22,7 +22,7 @@ import org.apache.ignite.lang.IgniteCallable; /** - * + * Abstract class for task execute permission tests. */ public abstract class AbstractTaskExecutePermissionTest extends AbstractPermissionTest { /** Jingle bell. */ @@ -42,6 +42,42 @@ public abstract class AbstractTaskExecutePermissionTest extends AbstractPermissi return null; }; + /** + * @throws Exception If failed. + */ + public void testServerNode() throws Exception { + testExecute(false); + testAllowedCancel(false); + testForbiddenCancel(false); + } + + /** + * @throws Exception If failed. + */ + public void testClientNode() throws Exception { + testExecute(true); + testAllowedCancel(true); + testForbiddenCancel(true); + } + + /** + * @param isClient True if is client mode. + * @throws Exception If failed. + */ + protected abstract void testExecute(boolean isClient) throws Exception; + + /** + * @param isClient True if is client mode. + * @throws Exception If failed. + */ + protected abstract void testAllowedCancel(boolean isClient) throws Exception; + + /** + * @param isClient True if is client mode. + * @throws Exception If failed. + */ + protected abstract void testForbiddenCancel(boolean isClient) throws Exception; + /** * @param r TestRunnable. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForDistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForDistributedClosureTest.java deleted file mode 100644 index f88f23331a6ac..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForDistributedClosureTest.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute; - -/** - * Test task execute permission for compute broadcast on Server node. - */ -public class ServerNodeTaskExecutePermissionForDistributedClosureTest - extends ClientNodeTaskExecutePermissionForDistributedClosureTest { - /** {@inheritDoc} */ - @Override protected boolean isClient() { - return false; - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForExecutorServiceTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForExecutorServiceTest.java deleted file mode 100644 index aa979b46ad14e..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForExecutorServiceTest.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute; - -/** - * Test task execute permission for Executor Service on Server node. - */ -public class ServerNodeTaskExecutePermissionForExecutorServiceTest - extends ClientNodeTaskExecutePermissionForExecutorServiceTest { - /** {@inheritDoc} */ - @Override protected boolean isClient() { - return false; - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java similarity index 86% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForComputeTaskTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java index 23f43dbbd8fcc..e7edebdfe71d5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java @@ -35,24 +35,22 @@ import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; /** - * Test task execute permission for compute task on Client node. + * Test task execute permission for compute task. */ -public class ClientNodeTaskExecutePermissionForComputeTaskTest extends AbstractTaskExecutePermissionTest { +public class TaskExecutePermissionForComputeTaskTest extends AbstractTaskExecutePermissionTest { /** Allowed task. */ private static final AllowedTask ALLOWED_TASK = new AllowedTask(); /** Forbidden task. */ private static final ForbiddenTask FORBIDDEN_TASK = new ForbiddenTask(); - /** - * @throws Exception If failed. - */ - public void testExecute() throws Exception { - Ignite node = startGrid("client_execute", + /** {@inheritDoc} */ + @Override protected void testExecute(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_execute", builder().defaultAllowAll(true) .appendTaskPermissions(ALLOWED_TASK.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) .appendTaskPermissions(FORBIDDEN_TASK.getClass().getName(), EMPTY_PERMS) - .build(), isClient() + .build(), isClient ); allowRun(() -> node.compute().execute(ALLOWED_TASK, 0)); @@ -62,14 +60,13 @@ public void testExecute() throws Exception { forbiddenRun(() -> node.compute().executeAsync(FORBIDDEN_TASK, 0).get()); } - /** - * @throws Exception If failed. - */ - public void testAllowedCancel() throws Exception { - Ignite node = startGrid("client_allowed_cancel", + + /** {@inheritDoc} */ + @Override protected void testAllowedCancel(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_allowed_cancel", builder().defaultAllowAll(true) .appendTaskPermissions(ALLOWED_TASK.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) - .build(), isClient() + .build(), isClient ); ComputeTaskFuture f = node.compute().executeAsync(ALLOWED_TASK, 0); @@ -79,14 +76,12 @@ public void testAllowedCancel() throws Exception { forbiddenRun(f::get, IgniteFutureCancelledException.class); } - /** - * @throws Exception If failed. - */ - public void testForbiddenCancel() throws Exception { - Ignite node = startGrid("client_forbidden_cancel", + /** {@inheritDoc} */ + @Override protected void testForbiddenCancel(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_forbidden_cancel", builder().defaultAllowAll(true) .appendTaskPermissions(ALLOWED_TASK.getClass().getName(), TASK_EXECUTE) - .build(), isClient() + .build(), isClient ); ComputeTaskFuture f = node.compute().executeAsync(ALLOWED_TASK, 0); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForDistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java similarity index 85% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForDistributedClosureTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java index e0c30721a4a6a..bc547c39f2e42 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForDistributedClosureTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java @@ -28,9 +28,9 @@ import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; /** - * Test task execute permission for compute broadcast on Client node. + * Test task execute permission for compute broadcast. */ -public class ClientNodeTaskExecutePermissionForDistributedClosureTest extends AbstractTaskExecutePermissionTest { +public class TaskExecutePermissionForDistributedClosureTest extends AbstractTaskExecutePermissionTest { /** Allowed runnable. */ private static final IgniteRunnable ALLOWED_RUNNABLE = () -> JINGLE_BELL.set(true); @@ -51,11 +51,10 @@ public class ClientNodeTaskExecutePermissionForDistributedClosureTest extends Ab return null; }; - /** - * @throws Exception If failed. - */ - public void testExecute() throws Exception { - Ignite node = startGrid("client", + + /** {@inheritDoc} */ + @Override protected void testExecute(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_node", builder().defaultAllowAll(true) .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) .appendTaskPermissions(FORBIDDEN_CALLABLE.getClass().getName(), EMPTY_PERMS) @@ -63,7 +62,7 @@ public void testExecute() throws Exception { .appendTaskPermissions(FORBIDDEN_RUNNABLE.getClass().getName(), EMPTY_PERMS) .appendTaskPermissions(ALLOW_CLOSURE.getClass().getName(), TASK_EXECUTE) .appendTaskPermissions(FORBIDDEN_CLOSURE.getClass().getName(), EMPTY_PERMS) - .build(), isClient() + .build(), isClient ); allowRun(() -> node.compute().broadcast(ALLOWED_CALLABLE)); @@ -93,14 +92,12 @@ public void testExecute() throws Exception { forbiddenRun(() -> node.compute().applyAsync(FORBIDDEN_CLOSURE, arg).get()); } - /** - * @throws Exception If failed. - */ - public void testAllowedCancel() throws Exception { - Ignite node = startGrid("client_allowed_cancel", + /** {@inheritDoc} */ + @Override protected void testAllowedCancel(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_allowed_cancel", builder().defaultAllowAll(true) .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) - .build(), isClient() + .build(), isClient ); IgniteFuture> f = node.compute().broadcastAsync(ALLOWED_CALLABLE); @@ -110,14 +107,13 @@ public void testAllowedCancel() throws Exception { forbiddenRun(f::get, IgniteFutureCancelledException.class); } - /** - * @throws Exception If failed. - */ - public void testForbiddenCancel() throws Exception { + + /** {@inheritDoc} */ + @Override protected void testForbiddenCancel(boolean isClient) throws Exception { Ignite node = startGrid("client_forbidden_cancel", builder().defaultAllowAll(true) .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) - .build(), isClient() + .build(), isClient ); IgniteFuture> f = node.compute().broadcastAsync(ALLOWED_CALLABLE); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForExecutorServiceTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java similarity index 78% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForExecutorServiceTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java index 27a0d72dc7835..2594857fca6ca 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ClientNodeTaskExecutePermissionForExecutorServiceTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java @@ -26,18 +26,16 @@ import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; /** - * Test task execute permission for Executor Service on Client node. + * Test task execute permission for Executor Service. */ -public class ClientNodeTaskExecutePermissionForExecutorServiceTest extends AbstractTaskExecutePermissionTest { - /** - * @throws Exception If failed. - */ - public void testExecute() throws Exception { - Ignite ignite = startGrid("client", +public class TaskExecutePermissionForExecutorServiceTest extends AbstractTaskExecutePermissionTest { + /** {@inheritDoc} */ + @Override protected void testExecute(boolean isClient) throws Exception { + Ignite ignite = startGrid(loginPrefix(isClient) + "_node", builder().defaultAllowAll(true) .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) .appendTaskPermissions(FORBIDDEN_CALLABLE.getClass().getName(), EMPTY_PERMS) - .build(), isClient() + .build(), isClient ); allowRun(() -> ignite.executorService().submit(ALLOWED_CALLABLE).get()); @@ -50,14 +48,12 @@ public void testExecute() throws Exception { forbiddenRun(() -> ignite.executorService().invokeAny(singletonList(FORBIDDEN_CALLABLE))); } - /** - * @throws Exception If failed. - */ - public void testAllowedCancel() throws Exception { - Ignite ignite = startGrid("client_allowed_cancel", + /** {@inheritDoc} */ + @Override protected void testAllowedCancel(boolean isClient) throws Exception { + Ignite ignite = startGrid(loginPrefix(isClient) + "_allowed_cancel", builder().defaultAllowAll(true) .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) - .build(), isClient() + .build(), isClient ); Future f = ignite.executorService().submit(ALLOWED_CALLABLE); @@ -67,14 +63,12 @@ public void testAllowedCancel() throws Exception { forbiddenRun(f::get, CancellationException.class); } - /** - * @throws Exception If failed. - */ - public void testForbiddenCancel() throws Exception { + /** {@inheritDoc} */ + @Override protected void testForbiddenCancel(boolean isClient) throws Exception { Ignite ignite = startGrid("client_forbidden_cancel", builder().defaultAllowAll(true) .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) - .build(), isClient() + .build(), isClient ); Future f = ignite.executorService().submit(ALLOWED_CALLABLE); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java index 46f61c2941307..a65c5811ebdae 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.compute; +package org.apache.ignite.internal.processor.security.compute.closure; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java index 137ee002c83eb..aae9a0f1e8412 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.compute; +package org.apache.ignite.internal.processor.security.compute.closure; import java.util.HashMap; import java.util.List; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java index ae0a7bbd7b829..22b2e5decb161 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.compute; +package org.apache.ignite.internal.processor.security.compute.closure; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java index 554506b07a9a5..b46d6d9186fe2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecuteServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.compute; +package org.apache.ignite.internal.processor.security.compute.closure; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/package-info.java similarity index 69% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForComputeTaskTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/package-info.java index 049d68de1caa6..1f32285ebe7e0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ServerNodeTaskExecutePermissionForComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/package-info.java @@ -15,15 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.compute; - /** - * Test task execute permission for compute task on Server node. + * Contains security tests for compute closure. */ -public class ServerNodeTaskExecutePermissionForComputeTaskTest - extends ClientNodeTaskExecutePermissionForComputeTaskTest { - /** {@inheritDoc} */ - @Override protected boolean isClient() { - return false; - } -} +package org.apache.ignite.internal.processor.security.compute.closure; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java similarity index 80% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java index bbdbb8cb287d8..0ba851b01bc4c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ClientNodeDataStreamerCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java @@ -32,23 +32,38 @@ import static org.junit.Assert.assertThat; /** - * Test cache permissions for Data Streamer on Client node. + * Test cache permissions for Data Streamer. */ -public class ClientNodeDataStreamerCachePermissionTest extends AbstractCachePermissionTest { +public class DataStreamerCachePermissionTest extends AbstractCachePermissionTest { /** * @throws Exception If fail. */ - public void test() throws Exception { - Ignite node = startGrid("test_node", + public void testServerNode() throws Exception { + testDataStreamer(false); + } + + /** + * @throws Exception If fail. + */ + public void testClientNode() throws Exception { + testDataStreamer(true); + } + + /** + * @param isClient True if is client mode. + * @throws Exception If fail. + */ + private void testDataStreamer(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_test_node", builder().defaultAllowAll(true) .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) - .build(), isClient()); + .build(), isClient); allowed(node, s -> s.addData("k", 1)); forbidden(node, s -> s.addData("k", 1)); - allowed(node, s -> s .addData(singletonMap("key", 2))); + allowed(node, s -> s.addData(singletonMap("key", 2))); forbidden(node, s -> s.addData(singletonMap("key", 2))); Map.Entry entry = entry(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java similarity index 99% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java index 2d5bb61d88807..e70f7d02e1343 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.datastreamer; +package org.apache.ignite.internal.processor.security.datastreamer.closure; import java.util.Map; import java.util.UUID; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ServerNodeDataStreamerCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/package-info.java similarity index 76% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ServerNodeDataStreamerCachePermissionTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/package-info.java index 53976a0039e10..3d0ccbb4e4cc3 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/ServerNodeDataStreamerCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/package-info.java @@ -15,14 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.datastreamer; - /** - * Test cache permissions for Data Streamer on Server node. + * Contains security tests for Data Streamer closure. */ -public class ServerNodeDataStreamerCachePermissionTest extends ClientNodeDataStreamerCachePermissionTest { - /** {@inheritDoc} */ - @Override protected boolean isClient() { - return false; - } -} +package org.apache.ignite.internal.processor.security.datastreamer.closure; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index fe2507bad0252..969af7827ef48 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -19,24 +19,22 @@ import java.util.Set; import junit.framework.TestSuite; -import org.apache.ignite.internal.processor.security.cache.ClientNodeCachePermissionsTest; -import org.apache.ignite.internal.processor.security.cache.EntryProcessorSecurityTest; -import org.apache.ignite.internal.processor.security.cache.ServerNodeCachePermissionsTest; -import org.apache.ignite.internal.processor.security.compute.ClientNodeTaskExecutePermissionForComputeTaskTest; -import org.apache.ignite.internal.processor.security.compute.ClientNodeTaskExecutePermissionForDistributedClosureTest; -import org.apache.ignite.internal.processor.security.compute.ClientNodeTaskExecutePermissionForExecutorServiceTest; -import org.apache.ignite.internal.processor.security.compute.ServerNodeTaskExecutePermissionForComputeTaskTest; -import org.apache.ignite.internal.processor.security.compute.ServerNodeTaskExecutePermissionForDistributedClosureTest; -import org.apache.ignite.internal.processor.security.compute.ServerNodeTaskExecutePermissionForExecutorServiceTest; -import org.apache.ignite.internal.processor.security.datastreamer.ClientNodeDataStreamerCachePermissionTest; -import org.apache.ignite.internal.processor.security.datastreamer.IgniteDataStreamerSecurityTest; -import org.apache.ignite.internal.processor.security.cache.LoadCacheSecurityTest; -import org.apache.ignite.internal.processor.security.cache.ScanQuerySecurityTest; +import org.apache.ignite.internal.processor.security.cache.CachePermissionsTest; +import org.apache.ignite.internal.processor.security.cache.EntryProcessorCachePermissionTest; +import org.apache.ignite.internal.processor.security.cache.LoadCachePermissionTest; +import org.apache.ignite.internal.processor.security.cache.ScanQueryCachePermissionTest; +import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorSecurityTest; +import org.apache.ignite.internal.processor.security.cache.closure.LoadCacheSecurityTest; +import org.apache.ignite.internal.processor.security.cache.closure.ScanQuerySecurityTest; import org.apache.ignite.internal.processor.security.client.ThinClientSecurityTest; -import org.apache.ignite.internal.processor.security.compute.ComputeTaskSecurityTest; -import org.apache.ignite.internal.processor.security.compute.DistributedClosureSecurityTest; -import org.apache.ignite.internal.processor.security.compute.ExecuteServiceTaskSecurityTest; -import org.apache.ignite.internal.processor.security.datastreamer.ServerNodeDataStreamerCachePermissionTest; +import org.apache.ignite.internal.processor.security.compute.TaskExecutePermissionForComputeTaskTest; +import org.apache.ignite.internal.processor.security.compute.TaskExecutePermissionForDistributedClosureTest; +import org.apache.ignite.internal.processor.security.compute.TaskExecutePermissionForExecutorServiceTest; +import org.apache.ignite.internal.processor.security.compute.closure.ComputeTaskSecurityTest; +import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureSecurityTest; +import org.apache.ignite.internal.processor.security.compute.closure.ExecuteServiceTaskSecurityTest; +import org.apache.ignite.internal.processor.security.datastreamer.DataStreamerCachePermissionTest; +import org.apache.ignite.internal.processor.security.datastreamer.closure.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingTest; import org.jetbrains.annotations.Nullable; @@ -59,16 +57,14 @@ public static TestSuite suite() throws Exception { public static TestSuite suite(final @Nullable Set ignoredTests) { TestSuite suite = new TestSuite("Initiator Node's Security Context Test Suite"); - suite.addTest(new TestSuite(ClientNodeCachePermissionsTest.class)); - suite.addTest(new TestSuite(ServerNodeCachePermissionsTest.class)); - suite.addTest(new TestSuite(ClientNodeDataStreamerCachePermissionTest.class)); - suite.addTest(new TestSuite(ServerNodeDataStreamerCachePermissionTest.class)); - suite.addTest(new TestSuite(ClientNodeTaskExecutePermissionForExecutorServiceTest.class)); - suite.addTest(new TestSuite(ServerNodeTaskExecutePermissionForExecutorServiceTest.class)); - suite.addTest(new TestSuite(ClientNodeTaskExecutePermissionForDistributedClosureTest.class)); - suite.addTest(new TestSuite(ServerNodeTaskExecutePermissionForDistributedClosureTest.class)); - suite.addTest(new TestSuite(ClientNodeTaskExecutePermissionForComputeTaskTest.class)); - suite.addTest(new TestSuite(ServerNodeTaskExecutePermissionForComputeTaskTest.class)); + suite.addTest(new TestSuite(CachePermissionsTest.class)); + suite.addTest(new TestSuite(DataStreamerCachePermissionTest.class)); + suite.addTest(new TestSuite(ScanQueryCachePermissionTest.class)); + suite.addTest(new TestSuite(LoadCachePermissionTest.class)); + suite.addTest(new TestSuite(EntryProcessorCachePermissionTest.class)); + suite.addTest(new TestSuite(TaskExecutePermissionForExecutorServiceTest.class)); + suite.addTest(new TestSuite(TaskExecutePermissionForDistributedClosureTest.class)); + suite.addTest(new TestSuite(TaskExecutePermissionForComputeTaskTest.class)); suite.addTest(new TestSuite(DistributedClosureSecurityTest.class)); suite.addTest(new TestSuite(ComputeTaskSecurityTest.class)); From 8a76382bbcb5e0a6c7c17af401473eae46cacf14 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 21 Dec 2018 13:51:39 +0300 Subject: [PATCH 34/98] IGNITE-9560 Fix comments. --- .../managers/communication/GridIoManager.java | 2 +- .../security/IgniteSecurityProcessor.java | 5 + .../security/IgniteSecurityProcessorImpl.java | 6 + .../security/AbstractCacheSecurityTest.java | 6 +- .../security/AbstractSecurityTest.java | 44 +++- .../closure/EntryProcessorSecurityTest.java | 10 +- .../cache/closure/LoadCacheSecurityTest.java | 6 +- .../cache/closure/ScanQuerySecurityTest.java | 28 +-- .../client/ThinClientSecurityTest.java | 61 +++--- .../AbstractTaskExecutePermissionTest.java | 192 ++++++++++++++---- ...skExecutePermissionForComputeTaskTest.java | 90 ++------ ...tePermissionForDistributedClosureTest.java | 111 +++------- ...ecutePermissionForExecutorServiceTest.java | 63 ++---- .../closure/ComputeTaskSecurityTest.java | 2 +- .../DistributedClosureSecurityTest.java | 127 ++---------- .../ExecuteServiceTaskSecurityTest.java | 2 +- .../IgniteDataStreamerSecurityTest.java | 4 +- .../messaging/IgniteMessagingTest.java | 79 ++++--- 18 files changed, 390 insertions(+), 448 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 07f37e0aacfa4..9dbf7c7835d2b 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -1574,7 +1574,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj /** * @return Current IO policy */ - public static @Nullable Byte currentPolicy() { + @Nullable public static Byte currentPolicy() { return CUR_PLC.get(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index 3ad4dddf84aab..c62130eb7d165 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -60,6 +60,11 @@ public interface IgniteSecurityProcessor { */ public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException; + /** + * Delegates call to {@link GridSecurityProcessor#onSessionExpired(UUID)} + */ + public void onSessionExpired(UUID subjId); + /** * Authorizes grid operation. * diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index a7466bf89dd09..d3e7da2046c70 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -52,6 +52,7 @@ public class IgniteSecurityProcessorImpl implements IgniteSecurityProcessor, Gri public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor secPrc) { this.ctx = ctx; this.secPrc = secPrc; + marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName()); } @@ -103,6 +104,11 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor return secPrc.authenticatedSubject(subjId); } + /** {@inheritDoc} */ + @Override public void onSessionExpired(UUID subjId) { + secPrc.onSessionExpired(subjId); + } + /** {@inheritDoc} */ @Override public void authorize(String name, SecurityPermission perm) throws SecurityException { SecurityContext secCtx = curSecCtx.get(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java index 82e6a179ca4e1..cea885927db05 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java @@ -28,7 +28,7 @@ */ public abstract class AbstractCacheSecurityTest extends AbstractResolveSecurityContextTest { /** Cache name for tests. */ - protected static final String CACHE_READ_ONLY_PERM = "CACHE_READ_ONLY_PERM"; + protected static final String COMMON_USE_CACHE = "COMMON_USE_CACHE"; /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { @@ -46,7 +46,7 @@ protected CacheConfiguration[] getCacheConfigurations() { .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false), new CacheConfiguration<>() - .setName(CACHE_READ_ONLY_PERM) + .setName(COMMON_USE_CACHE) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false) }; @@ -59,7 +59,7 @@ protected CacheConfiguration[] getCacheConfigurations() { * @return Key. */ protected Integer primaryKey(IgniteEx ignite) { - Affinity affinity = ignite.affinity(CACHE_READ_ONLY_PERM); + Affinity affinity = ignite.affinity(COMMON_USE_CACHE); int i = 0; do { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index 7530a4ef1fb29..a13feabdd8928 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -228,22 +228,56 @@ protected void forbiddenRun(TestRunnable r) { /** * @param r Runnable. - * @param type Expected exception type. + * @param types Array of expected exception types. */ - protected void forbiddenRun(TestRunnable r, Class type) { + protected void forbiddenRun(TestRunnable r, Class... types) { try { r.run(); fail("Should not happen."); } catch (Throwable e) { - assertThat(X.cause(e, type), notNullValue()); + assertThat(cause(e, types), notNullValue()); } } - /** */ + /** + * Gets first cause if passed in {@code 'Throwable'} has one of given classes in {@code 'cause'} hierarchy. + *

+ * Note that this method follows includes {@link Throwable#getSuppressed()} into check. + * + * @param t Throwable to check (if {@code null}, {@code null} is returned). + * @param types Array of cause classes to get cause (if {@code null}, {@code null} is returned). + * @return First causing exception of passed in class, {@code null} otherwise. + */ + private Throwable cause(Throwable t, Class... types) { + for (Throwable th = t; th != null; th = th.getCause()) { + for (Class cls : types) { + if (cls.isAssignableFrom(th.getClass())) + return th; + + for (Throwable n : th.getSuppressed()) { + Throwable found = cause(n, cls); + + if (found != null) + return found; + } + } + + if (th.getCause() == th) + break; + } + + return null; + } + + /** + * + */ public interface TestRunnable { - /** */ + /** + * + */ void run() throws Exception; } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java index bdbbbc9d9e8a0..6c02bb8ec714a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java @@ -29,7 +29,7 @@ import org.apache.ignite.plugin.security.SecurityPermission; /** - * Security tests for EntityProcessor. + * Testing permissions when EntryProcessor closure is executed cache operations on remote node. */ public class EntryProcessorSecurityTest extends AbstractCacheSecurityTest { /** */ @@ -73,7 +73,7 @@ private void assertForbidden(IgniteEx initiator, IgniteEx remote) { * @param remote Remote. */ private void invoke(IgniteEx initiator, IgniteEx remote) { - initiator.cache(CACHE_READ_ONLY_PERM).invoke( + initiator.cache(COMMON_USE_CACHE).invoke( primaryKey(remote), new TestEntryProcessor(remote.localNode().id()) ); @@ -84,7 +84,7 @@ private void invoke(IgniteEx initiator, IgniteEx remote) { * @param remote Remote. */ private void invokeAsync(IgniteEx initiator, IgniteEx remote) { - initiator.cache(CACHE_READ_ONLY_PERM).invokeAsync( + initiator.cache(COMMON_USE_CACHE).invokeAsync( primaryKey(remote), new TestEntryProcessor(remote.localNode().id()) ).get(); @@ -95,7 +95,7 @@ private void invokeAsync(IgniteEx initiator, IgniteEx remote) { * @param remote Remote. */ private void invokeAll(IgniteEx initiator, IgniteEx remote) { - initiator.cache(CACHE_READ_ONLY_PERM).invokeAll( + initiator.cache(COMMON_USE_CACHE).invokeAll( Collections.singleton(primaryKey(remote)), new TestEntryProcessor(remote.localNode().id()) ).values().stream().findFirst().ifPresent(EntryProcessorResult::get); @@ -106,7 +106,7 @@ private void invokeAll(IgniteEx initiator, IgniteEx remote) { * @param remote Remote. */ private void invokeAllAsync(IgniteEx initiator, IgniteEx remote) { - initiator.cache(CACHE_READ_ONLY_PERM).invokeAllAsync( + initiator.cache(COMMON_USE_CACHE).invokeAllAsync( Collections.singleton(primaryKey(remote)), new TestEntryProcessor(remote.localNode().id()) ).get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java index 828d376789692..f44bbf51d408c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java @@ -33,7 +33,7 @@ import org.apache.ignite.resources.IgniteInstanceResource; /** - * Security tests for cache data load. + * Testing permissions when the filter of Load cache is executed cache operations on remote node. */ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { /** {@inheritDoc} */ @@ -44,7 +44,7 @@ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false), new CacheConfiguration() - .setName(CACHE_READ_ONLY_PERM) + .setName(COMMON_USE_CACHE) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false) .setCacheStoreFactory(new TestStoreFactory()) @@ -72,7 +72,7 @@ public void testLoadCache() { private void load(IgniteEx initiator, IgniteEx remote, T2 entry) { assert !remote.localNode().isClient(); - initiator.cache(CACHE_READ_ONLY_PERM).loadCache( + initiator.cache(COMMON_USE_CACHE).loadCache( new TestClosure(remote.localNode().id(), entry.getKey(), entry.getValue()) ); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java index 47396b6340c95..2429f7917ee0e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java @@ -30,7 +30,7 @@ import org.apache.ignite.resources.IgniteInstanceResource; /** - * Security test for scan query. + * Testing permissions when the filter of ScanQuery is executed cache operations on remote node. */ public class ScanQuerySecurityTest extends AbstractCacheSecurityTest { /** @@ -38,39 +38,39 @@ public class ScanQuerySecurityTest extends AbstractCacheSecurityTest { */ public void testScanQuery() throws Exception { putTestData(srvAllPerms, CACHE_NAME); - putTestData(srvAllPerms, CACHE_READ_ONLY_PERM); + putTestData(srvAllPerms, COMMON_USE_CACHE); awaitPartitionMapExchange(); assertAllowed((t) -> query(clntAllPerms, srvAllPerms, CACHE_NAME, t)); assertAllowed((t) -> query(srvAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> query(clntAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, t)); - assertAllowed((t) -> query(srvAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + assertAllowed((t) -> query(clntAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); + assertAllowed((t) -> query(srvAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); assertAllowed((t) -> transform(clntAllPerms, srvAllPerms, CACHE_NAME, t)); assertAllowed((t) -> transform(srvAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> transform(clntAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, t)); - assertAllowed((t) -> transform(srvAllPerms, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + assertAllowed((t) -> transform(clntAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); + assertAllowed((t) -> transform(srvAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); assertAllowed((t) -> query(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); assertAllowed((t) -> query(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> query(clntAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, t)); - assertAllowed((t) -> query(srvAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, t)); + assertAllowed((t) -> query(clntAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); + assertAllowed((t) -> query(srvAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); assertAllowed((t) -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); assertAllowed((t) -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, t)); - assertAllowed((t) -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_READ_ONLY_PERM, t)); + assertAllowed((t) -> transform(clntAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); + assertAllowed((t) -> transform(srvAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); assertForbidden((t) -> query(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); assertForbidden((t) -> query(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> query(clntReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, t)); - assertForbidden((t) -> query(srvReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + assertForbidden((t) -> query(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); + assertForbidden((t) -> query(srvReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); assertForbidden((t) -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); assertForbidden((t) -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, t)); - assertForbidden((t) -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_READ_ONLY_PERM, t)); + assertForbidden((t) -> transform(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); + assertForbidden((t) -> transform(srvReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java index f9b6ce52d8289..8b1372fc0d8b5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java @@ -17,6 +17,8 @@ package org.apache.ignite.internal.processor.security.client; +import java.util.Arrays; +import java.util.Collection; import java.util.Collections; import java.util.function.Consumer; import org.apache.ignite.Ignition; @@ -150,43 +152,11 @@ protected IgniteConfiguration getConfiguration(int idx, * @throws Exception If error occurs. */ public void testCacheSinglePermOperations() throws Exception { - executeOperation(CLIENT, c -> c.cache(CACHE).put("key", "value")); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).put("key", "value")); + for (Consumer c : consumers(CACHE)) + executeOperation(CLIENT, c); - executeOperation(CLIENT, c -> c.cache(CACHE).putAll(singletonMap("key", "value"))); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).putAll(singletonMap("key", "value"))); - - executeOperation(CLIENT, c -> c.cache(CACHE).get("key")); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).get("key")); - - executeOperation(CLIENT, c -> c.cache(CACHE).getAll(Collections.singleton("key"))); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAll(Collections.singleton("key"))); - - executeOperation(CLIENT, c -> c.cache(CACHE).containsKey("key")); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).containsKey("key")); - - executeOperation(CLIENT, c -> c.cache(CACHE).remove("key")); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).remove("key")); - } - - /** - * @throws Exception If error occurs. - */ - public void testCacheMultiplePermOperations() throws Exception { - executeOperation(CLIENT, c -> c.cache(CACHE).replace("key", "value")); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).replace("key", "value")); - - executeOperation(CLIENT, c -> c.cache(CACHE).putIfAbsent("key", "value")); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).putIfAbsent("key", "value")); - - executeOperation(CLIENT, c -> c.cache(CACHE).getAndPut("key", "value")); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAndPut("key", "value")); - - executeOperation(CLIENT, c -> c.cache(CACHE).getAndRemove("key")); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAndRemove("key")); - - executeOperation(CLIENT, c -> c.cache(CACHE).getAndReplace("key", "value")); - executeForbiddenOperation(c -> c.cache(FORBIDDEN_CACHE).getAndReplace("key", "value")); + for (Consumer c : consumers(FORBIDDEN_CACHE)) + executeForbiddenOperation(c); } /** @@ -226,6 +196,25 @@ public void testSysOperation() throws Exception { executeForbiddenOperation(c -> c.destroyCache(CACHE)); } + /** + * @param cacheName Cache name. + */ + private Collection> consumers(final String cacheName) { + return Arrays.asList( + c -> c.cache(cacheName).put("key", "value"), + c -> c.cache(cacheName).putAll(singletonMap("key", "value")), + c -> c.cache(cacheName).get("key"), + c -> c.cache(cacheName).getAll(Collections.singleton("key")), + c -> c.cache(cacheName).containsKey("key"), + c -> c.cache(cacheName).remove("key"), + c -> c.cache(cacheName).replace("key", "value"), + c -> c.cache(cacheName).putIfAbsent("key", "value"), + c -> c.cache(cacheName).getAndPut("key", "value"), + c -> c.cache(cacheName).getAndRemove("key"), + c -> c.cache(cacheName).getAndReplace("key", "value") + ); + } + /** * @param cons Consumer. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java index 1110d7c9b166a..d4b1bf387485b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java @@ -17,72 +17,119 @@ package org.apache.ignite.internal.processor.security.compute; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.List; +import java.util.concurrent.CancellationException; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Future; import java.util.concurrent.atomic.AtomicBoolean; -import org.apache.ignite.internal.processor.security.AbstractPermissionTest; -import org.apache.ignite.lang.IgniteCallable; +import java.util.function.Supplier; +import org.apache.ignite.Ignite; +import org.apache.ignite.internal.processor.security.AbstractSecurityTest; +import org.apache.ignite.lang.IgniteFuture; +import org.apache.ignite.lang.IgniteFutureCancelledException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; + +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; /** * Abstract class for task execute permission tests. */ -public abstract class AbstractTaskExecutePermissionTest extends AbstractPermissionTest { - /** Jingle bell. */ - protected static final AtomicBoolean JINGLE_BELL = new AtomicBoolean(false); +public abstract class AbstractTaskExecutePermissionTest extends AbstractSecurityTest { + /** Flag that shows task was executed. */ + protected static final AtomicBoolean IS_EXECUTED = new AtomicBoolean(false); + + /** Server allowed all task permissions. */ + protected Ignite srvAllowed; + + /** Server forbidden all task permissions. */ + protected Ignite srvForbidden; + + /** Server forbidden cancel task permission. */ + protected Ignite srvForbiddenCancel; + + /** Client allowed all task permissions. */ + protected Ignite clntAllowed; + + /** Client forbidden all task permissions. */ + protected Ignite clntForbidden; - /** Allowed callable. */ - protected static final IgniteCallable ALLOWED_CALLABLE = () -> { - JINGLE_BELL.set(true); + /** Client forbidden cancel task permission. */ + protected Ignite clntForbiddenCancel; - return null; - }; + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); - /** Forbidden callable. */ - protected static final IgniteCallable FORBIDDEN_CALLABLE = () -> { - fail("Should not be invoked."); + srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); - return null; - }; + srvForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS)); + + srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); + + clntAllowed = startGrid("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), true); + + clntForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS), true); + + clntForbiddenCancel = startGrid("clnt_forbidden_cnl", permissions(TASK_EXECUTE), true); + + srvAllowed.cluster().active(true); + } /** - * @throws Exception If failed. + * */ - public void testServerNode() throws Exception { - testExecute(false); - testAllowedCancel(false); - testForbiddenCancel(false); + public void test() { + for (TestRunnable r : runnablesForNodes(srvAllowed, clntAllowed)) + allowRun(r); + + for (TestRunnable r : runnablesForNodes(srvForbidden, clntForbidden)) + forbiddenRun(r); + + allowedCancel(cancelSupplier(srvAllowed)); + allowedCancel(cancelSupplier(clntAllowed)); + + forbiddenCancel(cancelSupplier(srvForbiddenCancel)); + forbiddenCancel(cancelSupplier(clntForbiddenCancel)); } /** - * @throws Exception If failed. + * @param perms Permissions. */ - public void testClientNode() throws Exception { - testExecute(true); - testAllowedCancel(true); - testForbiddenCancel(true); - } + protected abstract SecurityPermissionSet permissions(SecurityPermission... perms); /** - * @param isClient True if is client mode. - * @throws Exception If failed. + * @param node Node. */ - protected abstract void testExecute(boolean isClient) throws Exception; + protected abstract Supplier cancelSupplier(Ignite node); /** - * @param isClient True if is client mode. - * @throws Exception If failed. + * @param node Node. + * @return Array of runnable that invoke set of compute methods on passed node. */ - protected abstract void testAllowedCancel(boolean isClient) throws Exception; + protected abstract TestRunnable[] runnables(Ignite node); /** - * @param isClient True if is client mode. - * @throws Exception If failed. + * @param nodes Array of nodes. */ - protected abstract void testForbiddenCancel(boolean isClient) throws Exception; + private Collection runnablesForNodes(Ignite... nodes) { + List res = new ArrayList<>(); + + for (Ignite node : nodes) + res.addAll(Arrays.asList(runnables(node))); + + return res; + } /** * @param r TestRunnable. */ - protected void allowRun(TestRunnable r) { - JINGLE_BELL.set(false); + private void allowRun(TestRunnable r) { + IS_EXECUTED.set(false); try { r.run(); @@ -91,6 +138,75 @@ protected void allowRun(TestRunnable r) { throw new RuntimeException(e); } - assertTrue(JINGLE_BELL.get()); + assertTrue(IS_EXECUTED.get()); + } + + /** + * @param s Supplier. + */ + private void forbiddenCancel(Supplier s) { + FutureAdapter f = s.get(); + + forbiddenRun(f::cancel); + } + + /** + * @param s Supplier. + */ + private void allowedCancel(Supplier s) { + FutureAdapter f = s.get(); + + f.cancel(); + + forbiddenRun(f::get, CancellationException.class, IgniteFutureCancelledException.class); + } + + /** + * + */ + static class FutureAdapter { + /** Ignite future. */ + private final IgniteFuture igniteFut; + + /** Future. */ + private final Future fut; + + /** + * @param igniteFut Ignite future. + */ + public FutureAdapter(IgniteFuture igniteFut) { + this.igniteFut = igniteFut; + fut = null; + } + + /** + * @param fut Future. + */ + public FutureAdapter(Future fut) { + this.fut = fut; + igniteFut = null; + } + + + /** + * + */ + public void cancel() { + assert igniteFut != null || fut != null; + + if (igniteFut != null) + igniteFut.cancel(); + else + fut.cancel(true); + } + + /** + * + */ + public Object get() throws ExecutionException, InterruptedException { + assert igniteFut != null || fut != null; + + return igniteFut != null ? igniteFut.get() : fut.get(); + } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java index e7edebdfe71d5..38759ef775f88 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java @@ -20,6 +20,7 @@ import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.function.Supplier; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterNode; @@ -27,101 +28,46 @@ import org.apache.ignite.compute.ComputeJobResult; import org.apache.ignite.compute.ComputeJobResultPolicy; import org.apache.ignite.compute.ComputeTask; -import org.apache.ignite.compute.ComputeTaskFuture; -import org.apache.ignite.lang.IgniteFutureCancelledException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.jetbrains.annotations.Nullable; -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; - /** * Test task execute permission for compute task. */ public class TaskExecutePermissionForComputeTaskTest extends AbstractTaskExecutePermissionTest { /** Allowed task. */ - private static final AllowedTask ALLOWED_TASK = new AllowedTask(); - - /** Forbidden task. */ - private static final ForbiddenTask FORBIDDEN_TASK = new ForbiddenTask(); + private static final AllowedTask TEST_TASK = new AllowedTask(); /** {@inheritDoc} */ - @Override protected void testExecute(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_execute", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED_TASK.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) - .appendTaskPermissions(FORBIDDEN_TASK.getClass().getName(), EMPTY_PERMS) - .build(), isClient - ); - - allowRun(() -> node.compute().execute(ALLOWED_TASK, 0)); - forbiddenRun(() -> node.compute().execute(FORBIDDEN_TASK, 0)); - - allowRun(() -> node.compute().executeAsync(ALLOWED_TASK, 0).get()); - forbiddenRun(() -> node.compute().executeAsync(FORBIDDEN_TASK, 0).get()); + @Override protected SecurityPermissionSet permissions(SecurityPermission... perms) { + return builder().defaultAllowAll(true) + .appendTaskPermissions(TEST_TASK.getClass().getName(), perms) + .build(); } - /** {@inheritDoc} */ - @Override protected void testAllowedCancel(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_allowed_cancel", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED_TASK.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) - .build(), isClient - ); - - ComputeTaskFuture f = node.compute().executeAsync(ALLOWED_TASK, 0); - - f.cancel(); - - forbiddenRun(f::get, IgniteFutureCancelledException.class); + @Override protected TestRunnable[] runnables(Ignite node){ + return new TestRunnable[]{ + () -> node.compute().execute(TEST_TASK, 0), + () -> node.compute().executeAsync(TEST_TASK, 0).get() + }; } /** {@inheritDoc} */ - @Override protected void testForbiddenCancel(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_forbidden_cancel", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED_TASK.getClass().getName(), TASK_EXECUTE) - .build(), isClient - ); - - ComputeTaskFuture f = node.compute().executeAsync(ALLOWED_TASK, 0); - - forbiddenRun(f::cancel); - } - - /** - * Allowed task class. - */ - static class AllowedTask extends TestComputeTask { - /** {@inheritDoc} */ - @Override public @Nullable Map map(List subgrid, - @Nullable Object arg) throws IgniteException { - JINGLE_BELL.set(true); - - return super.map(subgrid, arg); - } - } - - /** - * Forbidden task class. - */ - static class ForbiddenTask extends TestComputeTask { - /** {@inheritDoc} */ - @Override public @Nullable Map map(List subgrid, - @Nullable Object arg) throws IgniteException { - fail("Should not be invoked."); - - return super.map(subgrid, arg); - } + @Override protected Supplier cancelSupplier(Ignite node) { + return () -> new FutureAdapter(node.compute().executeAsync(TEST_TASK, 0)); } /** * Abstract test compute task. */ - abstract static class TestComputeTask implements ComputeTask { + static class AllowedTask implements ComputeTask { /** {@inheritDoc} */ @Override public @Nullable Map map(List subgrid, @Nullable Object arg) throws IgniteException { + IS_EXECUTED.set(true); + return Collections.singletonMap( new ComputeJob() { @Override public void cancel() { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java index bc547c39f2e42..18e9190bd198e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java @@ -17,107 +17,60 @@ package org.apache.ignite.internal.processor.security.compute; -import java.util.Collection; +import java.util.function.Supplier; import org.apache.ignite.Ignite; +import org.apache.ignite.lang.IgniteCallable; import org.apache.ignite.lang.IgniteClosure; -import org.apache.ignite.lang.IgniteFuture; -import org.apache.ignite.lang.IgniteFutureCancelledException; import org.apache.ignite.lang.IgniteRunnable; - -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; /** * Test task execute permission for compute broadcast. */ public class TaskExecutePermissionForDistributedClosureTest extends AbstractTaskExecutePermissionTest { - /** Allowed runnable. */ - private static final IgniteRunnable ALLOWED_RUNNABLE = () -> JINGLE_BELL.set(true); - - /** Forbidden runnable. */ - private static final IgniteRunnable FORBIDDEN_RUNNABLE = () -> fail("Should not be invoked."); - - /** Allow closure. */ - private static final IgniteClosure ALLOW_CLOSURE = a -> { - JINGLE_BELL.set(true); + /** Test callable. */ + protected static final IgniteCallable TEST_CALLABLE = () -> { + IS_EXECUTED.set(true); return null; }; - /** Forbidden closure. */ - private static final IgniteClosure FORBIDDEN_CLOSURE = a -> { - fail("Should not be invoked."); + /** Test runnable. */ + private static final IgniteRunnable TEST_RUNNABLE = () -> IS_EXECUTED.set(true); + + /** Test closure. */ + private static final IgniteClosure TEST_CLOSURE = a -> { + IS_EXECUTED.set(true); return null; }; - /** {@inheritDoc} */ - @Override protected void testExecute(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_node", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) - .appendTaskPermissions(FORBIDDEN_CALLABLE.getClass().getName(), EMPTY_PERMS) - .appendTaskPermissions(ALLOWED_RUNNABLE.getClass().getName(), TASK_EXECUTE) - .appendTaskPermissions(FORBIDDEN_RUNNABLE.getClass().getName(), EMPTY_PERMS) - .appendTaskPermissions(ALLOW_CLOSURE.getClass().getName(), TASK_EXECUTE) - .appendTaskPermissions(FORBIDDEN_CLOSURE.getClass().getName(), EMPTY_PERMS) - .build(), isClient - ); - - allowRun(() -> node.compute().broadcast(ALLOWED_CALLABLE)); - forbiddenRun(() -> node.compute().broadcast(FORBIDDEN_CALLABLE)); - - allowRun(() -> node.compute().broadcastAsync(ALLOWED_CALLABLE).get()); - forbiddenRun(() -> node.compute().broadcastAsync(FORBIDDEN_CALLABLE).get()); - - allowRun(() -> node.compute().call(ALLOWED_CALLABLE)); - forbiddenRun(() -> node.compute().call(FORBIDDEN_CALLABLE)); - - allowRun(() -> node.compute().callAsync(ALLOWED_CALLABLE).get()); - forbiddenRun(() -> node.compute().callAsync(FORBIDDEN_CALLABLE).get()); - - allowRun(() -> node.compute().run(ALLOWED_RUNNABLE)); - forbiddenRun(() -> node.compute().run(FORBIDDEN_RUNNABLE)); - - allowRun(() -> node.compute().runAsync(ALLOWED_RUNNABLE).get()); - forbiddenRun(() -> node.compute().runAsync(FORBIDDEN_RUNNABLE).get()); - - Object arg = new Object(); - - allowRun(() -> node.compute().apply(ALLOW_CLOSURE, arg)); - forbiddenRun(() -> node.compute().apply(FORBIDDEN_CLOSURE, arg)); - - allowRun(() -> node.compute().applyAsync(ALLOW_CLOSURE, arg).get()); - forbiddenRun(() -> node.compute().applyAsync(FORBIDDEN_CLOSURE, arg).get()); + @Override protected Supplier cancelSupplier(Ignite node) { + return () -> new FutureAdapter(node.compute().broadcastAsync(TEST_CALLABLE)); } /** {@inheritDoc} */ - @Override protected void testAllowedCancel(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_allowed_cancel", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) - .build(), isClient - ); - - IgniteFuture> f = node.compute().broadcastAsync(ALLOWED_CALLABLE); - - f.cancel(); - - forbiddenRun(f::get, IgniteFutureCancelledException.class); + @Override protected TestRunnable[] runnables(Ignite node) { + return new TestRunnable[]{ + () -> node.compute().broadcast(TEST_CALLABLE), + () -> node.compute().broadcastAsync(TEST_CALLABLE).get(), + () -> node.compute().call(TEST_CALLABLE), + () -> node.compute().callAsync(TEST_CALLABLE).get(), + () -> node.compute().run(TEST_RUNNABLE), + () -> node.compute().runAsync(TEST_RUNNABLE).get(), + () -> node.compute().apply(TEST_CLOSURE, new Object()), + () -> node.compute().applyAsync(TEST_CLOSURE, new Object()).get() + }; } - /** {@inheritDoc} */ - @Override protected void testForbiddenCancel(boolean isClient) throws Exception { - Ignite node = startGrid("client_forbidden_cancel", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) - .build(), isClient - ); - - IgniteFuture> f = node.compute().broadcastAsync(ALLOWED_CALLABLE); - - forbiddenRun(f::cancel); + @Override protected SecurityPermissionSet permissions(SecurityPermission... perms) { + return builder().defaultAllowAll(true) + .appendTaskPermissions(TEST_CALLABLE.getClass().getName(), perms) + .appendTaskPermissions(TEST_RUNNABLE.getClass().getName(), perms) + .appendTaskPermissions(TEST_CLOSURE.getClass().getName(), perms) + .build(); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java index 2594857fca6ca..a3395ac794ff1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java @@ -17,62 +17,43 @@ package org.apache.ignite.internal.processor.security.compute; -import java.util.concurrent.CancellationException; -import java.util.concurrent.Future; +import java.util.function.Supplier; import org.apache.ignite.Ignite; +import org.apache.ignite.lang.IgniteCallable; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import static java.util.Collections.singletonList; -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; /** * Test task execute permission for Executor Service. */ public class TaskExecutePermissionForExecutorServiceTest extends AbstractTaskExecutePermissionTest { - /** {@inheritDoc} */ - @Override protected void testExecute(boolean isClient) throws Exception { - Ignite ignite = startGrid(loginPrefix(isClient) + "_node", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) - .appendTaskPermissions(FORBIDDEN_CALLABLE.getClass().getName(), EMPTY_PERMS) - .build(), isClient - ); - - allowRun(() -> ignite.executorService().submit(ALLOWED_CALLABLE).get()); - forbiddenRun(() -> ignite.executorService().submit(FORBIDDEN_CALLABLE).get()); + /** Test callable. */ + protected static final IgniteCallable TEST_CALLABLE = () -> { + IS_EXECUTED.set(true); - allowRun(()->ignite.executorService().invokeAll(singletonList(ALLOWED_CALLABLE))); - forbiddenRun(() -> ignite.executorService().invokeAll(singletonList(FORBIDDEN_CALLABLE))); + return null; + }; - allowRun(()->ignite.executorService().invokeAny(singletonList(ALLOWED_CALLABLE))); - forbiddenRun(() -> ignite.executorService().invokeAny(singletonList(FORBIDDEN_CALLABLE))); + /** {@inheritDoc} */ + @Override protected SecurityPermissionSet permissions(SecurityPermission... perms) { + return builder().defaultAllowAll(true) + .appendTaskPermissions(TEST_CALLABLE.getClass().getName(), perms) + .build(); } /** {@inheritDoc} */ - @Override protected void testAllowedCancel(boolean isClient) throws Exception { - Ignite ignite = startGrid(loginPrefix(isClient) + "_allowed_cancel", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE, TASK_CANCEL) - .build(), isClient - ); - - Future f = ignite.executorService().submit(ALLOWED_CALLABLE); - - f.cancel(true); - - forbiddenRun(f::get, CancellationException.class); + @Override protected Supplier cancelSupplier(Ignite node) { + return () -> new FutureAdapter(node.executorService().submit(TEST_CALLABLE)); } /** {@inheritDoc} */ - @Override protected void testForbiddenCancel(boolean isClient) throws Exception { - Ignite ignite = startGrid("client_forbidden_cancel", - builder().defaultAllowAll(true) - .appendTaskPermissions(ALLOWED_CALLABLE.getClass().getName(), TASK_EXECUTE) - .build(), isClient - ); - - Future f = ignite.executorService().submit(ALLOWED_CALLABLE); - - forbiddenRun(() -> f.cancel(true)); + @Override protected TestRunnable[] runnables(Ignite node) { + return new TestRunnable[]{ + () -> node.executorService().submit(TEST_CALLABLE).get(), + () -> node.executorService().invokeAll(singletonList(TEST_CALLABLE)), + () -> node.executorService().invokeAny(singletonList(TEST_CALLABLE)) + }; } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java index aae9a0f1e8412..9877fedeedb10 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java @@ -40,7 +40,7 @@ import static org.junit.Assert.assertThat; /** - * Security tests for a compute task. + * Testing permissions when the compute task is executed cache operations on remote node. */ public class ComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { /** {@inheritDoc} */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java index 22b2e5decb161..299ad50d586c1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java @@ -17,6 +17,8 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Arrays; +import java.util.Collection; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; @@ -29,142 +31,58 @@ import static org.junit.Assert.assertThat; /** - * Security tests for distributed closure. + * Testing permissions when the compute closure is executed cache operations on remote node. */ public class DistributedClosureSecurityTest extends AbstractComputeTaskSecurityTest { /** {@inheritDoc} */ @Override protected void checkSuccess(IgniteEx initiator, IgniteEx remote) { - successClosure( - initiator, remote, - (cmp, k, v) -> cmp.broadcast( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ) - ); - - successClosure( - initiator, remote, - (cmp, k, v) -> cmp.broadcastAsync( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ).get() - ); - - successClosure( - initiator, remote, - (cmp, k, v) -> cmp.call( - () -> { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - - return null; - } - ) - ); - - successClosure( - initiator, remote, - (cmp, k, v) -> cmp.callAsync( - () -> { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - - return null; - } - ).get() - ); - - successClosure( - initiator, remote, - (cmp, k, v) -> cmp.run( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ) - ); - - successClosure( - initiator, remote, - (cmp, k, v) -> cmp.runAsync( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ).get() - ); - - successClosure( - initiator, remote, - (cmp, k, v) -> cmp.apply( - new IgniteClosure() { - @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - - return null; - } - }, new Object() - ) - ); - - successClosure( - initiator, remote, - (cmp, k, v) -> cmp.applyAsync( - new IgniteClosure() { - @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - - return null; - } - }, new Object() - ).get() - ); + for(TriConsumer c : consumers()) + successClosure(initiator, remote, c); } /** {@inheritDoc} */ @Override protected void checkFail(IgniteEx initiator, IgniteEx remote) { - failClosure( - initiator, remote, + for(TriConsumer c : consumers()) + failClosure(initiator, remote, c); + } + + /** + * @return Collection of TriConsumers that invoke IgniteCompute methods. + */ + private Collection> consumers() { + return Arrays.asList( (cmp, k, v) -> cmp.broadcast( () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ) - ); + ), - failClosure( - initiator, remote, (cmp, k, v) -> cmp.broadcastAsync( () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ).get() - ); + ).get(), - failClosure( - initiator, remote, (cmp, k, v) -> cmp.call( () -> { Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } - ) - ); + ), - failClosure( - initiator, remote, (cmp, k, v) -> cmp.callAsync( () -> { Ignition.localIgnite().cache(CACHE_NAME).put(k, v); return null; } - ).get() - ); + ).get(), - failClosure( - initiator, remote, (cmp, k, v) -> cmp.run( () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ) - ); + ), - failClosure( - initiator, remote, (cmp, k, v) -> cmp.runAsync( () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ).get() - ); + ).get(), - failClosure( - initiator, remote, (cmp, k, v) -> cmp.apply( new IgniteClosure() { @Override public Object apply(Object o) { @@ -173,11 +91,8 @@ public class DistributedClosureSecurityTest extends AbstractComputeTaskSecurityT return null; } }, new Object() - ) - ); + ), - failClosure( - initiator, remote, (cmp, k, v) -> cmp.applyAsync( new IgniteClosure() { @Override public Object apply(Object o) { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java index b46d6d9186fe2..53d880ecbf85d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java @@ -24,7 +24,7 @@ import org.apache.ignite.lang.IgniteRunnable; /** - * Security tests for an execute server task. + * Testing permissions when the service task is executed cache operations on remote node. */ public class ExecuteServiceTaskSecurityTest extends AbstractResolveSecurityContextTest { /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java index e70f7d02e1343..92e91b1e6c98b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java @@ -30,7 +30,7 @@ import org.apache.ignite.stream.StreamVisitor; /** - * Security tests for IgniteDataStream receiver. + * Testing permissions when the closure od DataStreamer is executed cache operations on remote node. */ public class IgniteDataStreamerSecurityTest extends AbstractCacheSecurityTest { /** @@ -52,7 +52,7 @@ public void testDataStreamer() { * @param remote Remoute node. */ private void load(IgniteEx initiator, IgniteEx remote, T2 entry) { - try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_READ_ONLY_PERM)) { + try (IgniteDataStreamer strm = initiator.dataStreamer(COMMON_USE_CACHE)) { strm.receiver( StreamVisitor.from( new TestClosure(remote.localNode().id(), entry.getKey(), entry.getValue()) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java index 4c7b0c4b17d10..62f540e78f646 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java @@ -22,11 +22,12 @@ import java.util.concurrent.CyclicBarrier; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; -import java.util.function.Function; +import java.util.function.Consumer; import org.apache.ignite.IgniteMessaging; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; +import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.testframework.junits.GridAbstractTest; @@ -35,7 +36,7 @@ import static org.junit.Assert.assertThat; /** - * Security tests for IgniteMessaging. + * Testing permissions when the message listener is executed cache operations on remote node. */ public class IgniteMessagingTest extends AbstractResolveSecurityContextTest { /** Sever node that has all permissions for TEST_CACHE. */ @@ -64,47 +65,45 @@ public class IgniteMessagingTest extends AbstractResolveSecurityContextTest { public void testMessaging() throws Exception { awaitPartitionMapExchange(); - assertAllowedResult(key -> messaging(clntAllPerms, clntReadOnlyPerm, evntAllPerms, key)); - assertAllowedResult(key -> messaging(clntAllPerms, srvReadOnlyPerm, evntAllPerms, key)); - assertAllowedResult(key -> messaging(srvAllPerms, clntReadOnlyPerm, evntAllPerms, key)); - assertAllowedResult(key -> messaging(srvAllPerms, srvReadOnlyPerm, evntAllPerms, key)); - - assertAllowedResult(key -> messaging(clntAllPerms, srvReadOnlyPerm, evntNotPerms, key)); - assertAllowedResult(key -> messaging(clntAllPerms, clntReadOnlyPerm, evntNotPerms, key)); - assertAllowedResult(key -> messaging(srvAllPerms, srvReadOnlyPerm, evntNotPerms, key)); - assertAllowedResult(key -> messaging(srvAllPerms, clntReadOnlyPerm, evntNotPerms, key)); - - assertForbiddenResult(key -> messaging(clntReadOnlyPerm, srvAllPerms, evntAllPerms, key)); - assertForbiddenResult(key -> messaging(clntReadOnlyPerm, clntAllPerms, evntAllPerms, key)); - assertForbiddenResult(key -> messaging(srvReadOnlyPerm, srvAllPerms, evntAllPerms, key)); - assertForbiddenResult(key -> messaging(srvReadOnlyPerm, clntAllPerms, evntAllPerms, key)); - - assertForbiddenResult(key -> messaging(clntReadOnlyPerm, srvAllPerms, evntNotPerms, key)); - assertForbiddenResult(key -> messaging(clntReadOnlyPerm, clntAllPerms, evntNotPerms, key)); - assertForbiddenResult(key -> messaging(srvReadOnlyPerm, srvAllPerms, evntNotPerms, key)); - assertForbiddenResult(key -> messaging(srvReadOnlyPerm, clntAllPerms, evntNotPerms, key)); + assertAllowedResult(t -> messaging(clntAllPerms, clntReadOnlyPerm, evntAllPerms, t)); + assertAllowedResult(t -> messaging(clntAllPerms, srvReadOnlyPerm, evntAllPerms, t)); + assertAllowedResult(t -> messaging(srvAllPerms, clntReadOnlyPerm, evntAllPerms, t)); + assertAllowedResult(t -> messaging(srvAllPerms, srvReadOnlyPerm, evntAllPerms, t)); + + assertAllowedResult(t -> messaging(clntAllPerms, srvReadOnlyPerm, evntNotPerms, t)); + assertAllowedResult(t -> messaging(clntAllPerms, clntReadOnlyPerm, evntNotPerms, t)); + assertAllowedResult(t -> messaging(srvAllPerms, srvReadOnlyPerm, evntNotPerms, t)); + assertAllowedResult(t -> messaging(srvAllPerms, clntReadOnlyPerm, evntNotPerms, t)); + + assertForbiddenResult(t -> messaging(clntReadOnlyPerm, srvAllPerms, evntAllPerms, t)); + assertForbiddenResult(t -> messaging(clntReadOnlyPerm, clntAllPerms, evntAllPerms, t)); + assertForbiddenResult(t -> messaging(srvReadOnlyPerm, srvAllPerms, evntAllPerms, t)); + assertForbiddenResult(t -> messaging(srvReadOnlyPerm, clntAllPerms, evntAllPerms, t)); + + assertForbiddenResult(t -> messaging(clntReadOnlyPerm, srvAllPerms, evntNotPerms, t)); + assertForbiddenResult(t -> messaging(clntReadOnlyPerm, clntAllPerms, evntNotPerms, t)); + assertForbiddenResult(t -> messaging(srvReadOnlyPerm, srvAllPerms, evntNotPerms, t)); + assertForbiddenResult(t -> messaging(srvReadOnlyPerm, clntAllPerms, evntNotPerms, t)); } /** * @param lsnr Listener node. * @param remote Remote node. * @param evt Event node. - * @param key Key. + * @param t Entry to put into test cache. */ - private Integer messaging(IgniteEx lsnr, IgniteEx remote, IgniteEx evt, String key) { + private void messaging(IgniteEx lsnr, IgniteEx remote, IgniteEx evt, T2 t) { BARRIER.reset(); IgniteMessaging messaging = lsnr.message(lsnr.cluster().forNode(remote.localNode())); - Integer val = values.incrementAndGet(); - - String topic = "HOT_TOPIC " + val; + String topic = "HOT_TOPIC " + t.getKey(); UUID lsnrId = messaging.remoteListen(topic, new IgniteBiPredicate() { @Override public boolean apply(UUID uuid, Object o) { try { - Ignition.localIgnite().cache(CACHE_NAME).put(key, val); + Ignition.localIgnite().cache(CACHE_NAME).put(t.getKey(), t.getValue()); return true; } @@ -123,8 +122,6 @@ private Integer messaging(IgniteEx lsnr, IgniteEx remote, IgniteEx evt, String k messaging.stopRemoteListen(lsnrId); } - - return val; } /** @@ -140,28 +137,28 @@ private void barrierAwait() { } /** - * @param f Function. + * @param c Consumer. */ - private void assertAllowedResult(Function f) { - assertResult(f, false); + private void assertAllowedResult(Consumer> c) { + assertResult(c, false); } /** - * @param f Function. + * @param c Consumer. */ - private void assertForbiddenResult(Function f) { - assertResult(f, true); + private void assertForbiddenResult(Consumer> c) { + assertResult(c, true); } /** - * @param f Function. - * @param failExpected True if expectaed fail behavior. + * @param c Consumer. + * @param failExp True if expectaed fail behavior. */ - private void assertResult(Function f, boolean failExpected) { - String key = failExpected ? "fail_key" : "key"; + private void assertResult(Consumer> c, boolean failExp) { + T2 t = entry(); - Integer val = f.apply(key); + c.accept(t); - assertThat(srvAllPerms.cache(CACHE_NAME).get(key), failExpected ? nullValue() : is(val)); + assertThat(srvAllPerms.cache(CACHE_NAME).get(t.getKey()), failExp ? nullValue() : is(t.getValue())); } } From bb7b62872c4152107d529da8bbd75c156b11abc7 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 21 Dec 2018 14:54:44 +0300 Subject: [PATCH 35/98] IGNITE-9560 Version 2.8.0 --- modules/security/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/security/pom.xml b/modules/security/pom.xml index 5d41d2c14b5d7..3c5a4c7b887a2 100644 --- a/modules/security/pom.xml +++ b/modules/security/pom.xml @@ -32,7 +32,7 @@ ignite-security - 2.7.0-SNAPSHOT + 2.8.0-SNAPSHOT http://ignite.apache.org From b0683e265679f968f82bb518cbbb996c8278fbc5 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 24 Dec 2018 17:13:20 +0300 Subject: [PATCH 36/98] IGNITE-9560 Renaming --- .../managers/communication/GridIoManager.java | 6 +++--- .../processors/cache/GridCacheProcessor.java | 4 ++-- .../processors/odbc/ClientListenerNioListener.java | 4 ++-- .../internal/processors/rest/GridRestProcessor.java | 4 ++-- .../processors/security/IgniteSecurityProcessor.java | 12 ++++++------ .../security/IgniteSecurityProcessorImpl.java | 6 +++--- ...curitySession.java => IgniteSecuritySession.java} | 2 +- ...ssionImpl.java => IgniteSecuritySessionImpl.java} | 4 ++-- ...est.java => ExecutorServiceTaskSecurityTest.java} | 2 +- .../testsuites/AuthorizeOperationsTestSuite.java | 4 ++-- 10 files changed, 24 insertions(+), 24 deletions(-) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{GridSecuritySession.java => IgniteSecuritySession.java} (93%) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{GridSecuritySessionImpl.java => IgniteSecuritySessionImpl.java} (88%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{ExecuteServiceTaskSecurityTest.java => ExecutorServiceTaskSecurityTest.java} (97%) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 9dbf7c7835d2b..8721700c345be 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,7 +70,7 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; -import org.apache.ignite.internal.processors.security.GridSecuritySession; +import org.apache.ignite.internal.processors.security.IgniteSecuritySession; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -1562,7 +1562,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - try(GridSecuritySession s = ctx.security().startSession(nodeId)) { + try(IgniteSecuritySession s = ctx.security().startSession(nodeId)) { lsnr.onMessage(nodeId, msg, plc); } finally { @@ -2539,7 +2539,7 @@ private class GridUserMessageListener implements GridMessageListener { if (msgBody != null) { if (predLsnr != null) { - try(GridSecuritySession s = ctx.security().startSession(initNodeId)) { + try(IgniteSecuritySession s = ctx.security().startSession(initNodeId)) { if (!predLsnr.apply(nodeId, msgBody)) removeMessageListener(TOPIC_COMM_USER, this); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index 51b127bf46218..e278841e43ecc 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -135,7 +135,7 @@ import org.apache.ignite.internal.processors.query.schema.SchemaNodeLeaveExchangeWorkerTask; import org.apache.ignite.internal.processors.query.schema.message.SchemaAbstractDiscoveryMessage; import org.apache.ignite.internal.processors.query.schema.message.SchemaProposeDiscoveryMessage; -import org.apache.ignite.internal.processors.security.GridSecuritySession; +import org.apache.ignite.internal.processors.security.IgniteSecuritySession; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.suggestions.GridPerformanceSuggestions; @@ -3235,7 +3235,7 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) { - try (GridSecuritySession s = ctx.security().startSession(secCtx)) { + try (IgniteSecuritySession s = ctx.security().startSession(secCtx)) { authorizeCacheCreate(cacheInfo.cacheData().config()); } catch (SecurityException ex) { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java index 71a64d1e4246d..3ace73856e1d9 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java @@ -33,7 +33,7 @@ import org.apache.ignite.internal.processors.odbc.odbc.OdbcConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientStatus; -import org.apache.ignite.internal.processors.security.GridSecuritySession; +import org.apache.ignite.internal.processors.security.IgniteSecuritySession; import org.apache.ignite.internal.util.GridSpinBusyLock; import org.apache.ignite.internal.util.nio.GridNioServerListenerAdapter; import org.apache.ignite.internal.util.nio.GridNioSession; @@ -168,7 +168,7 @@ public ClientListenerNioListener(GridKernalContext ctx, GridSpinBusyLock busyLoc if (authCtx != null) AuthorizationContext.context(authCtx); - try(GridSecuritySession s = ctx.security().startSession(connCtx.securityContext())) { + try(IgniteSecuritySession s = ctx.security().startSession(connCtx.securityContext())) { resp = handler.handle(req); } finally { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index dbe718c18fa9d..dd270d2ed18b3 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -63,7 +63,7 @@ import org.apache.ignite.internal.processors.rest.request.GridRestRequest; import org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest; import org.apache.ignite.internal.processors.rest.request.RestQueryRequest; -import org.apache.ignite.internal.processors.security.GridSecuritySession; +import org.apache.ignite.internal.processors.security.IgniteSecuritySession; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.GridSpinReadWriteLock; import org.apache.ignite.internal.util.future.GridFinishedFuture; @@ -271,7 +271,7 @@ private IgniteInternalFuture handleRequest(final GridRestReque if (secCtx0 == null || ses.isTokenExpired(sesTokTtl)) ses.secCtx = secCtx0 = authenticate(req, ses); - try(GridSecuritySession s = ctx.security().startSession(secCtx0)) { + try(IgniteSecuritySession s = ctx.security().startSession(secCtx0)) { authorize(req); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index c62130eb7d165..7c12aeb3f686e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -15,24 +15,24 @@ */ public interface IgniteSecurityProcessor { /** - * Creates {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * Creates {@link IgniteSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until - * session {@link GridSecuritySession} will be closed. + * session {@link IgniteSecuritySession} will be closed. * * @param secCtx Security Context. * @return Grid security Session. */ - public GridSecuritySession startSession(SecurityContext secCtx); + public IgniteSecuritySession startSession(SecurityContext secCtx); /** - * Creates {@link GridSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * Creates {@link IgniteSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by - * node with given noddeId until session {@link GridSecuritySession} will be closed. + * node with given noddeId until session {@link IgniteSecuritySession} will be closed. * * @param nodeId Node id. * @return Grid security Session. */ - public GridSecuritySession startSession(UUID nodeId); + public IgniteSecuritySession startSession(UUID nodeId); /** * Delegates call to {@link GridSecurityProcessor#authenticateNode(org.apache.ignite.cluster.ClusterNode, diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index d3e7da2046c70..cb16387f93b8f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -57,18 +57,18 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor } /** {@inheritDoc} */ - @Override public GridSecuritySession startSession(SecurityContext secCtx) { + @Override public IgniteSecuritySession startSession(SecurityContext secCtx) { assert secCtx != null; SecurityContext old = curSecCtx.get(); curSecCtx.set(secCtx); - return new GridSecuritySessionImpl(this, old); + return new IgniteSecuritySessionImpl(this, old); } /** {@inheritDoc} */ - @Override public GridSecuritySession startSession(UUID nodeId) { + @Override public IgniteSecuritySession startSession(UUID nodeId) { return startSession( secCtxs.computeIfAbsent(nodeId, uuid -> nodeSecurityContext( diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySession.java similarity index 93% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySession.java index b6ee5d6efbcbc..c074b9f51fcad 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySession.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySession.java @@ -20,7 +20,7 @@ /** * Representation of Grid Security Session. */ -public interface GridSecuritySession extends AutoCloseable { +public interface IgniteSecuritySession extends AutoCloseable { /** {@inheritDoc} */ @Override public void close(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySessionImpl.java similarity index 88% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySessionImpl.java index 68d430335538e..fde97f6c18d1c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySessionImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySessionImpl.java @@ -20,7 +20,7 @@ /** * */ -public class GridSecuritySessionImpl implements GridSecuritySession { +public class IgniteSecuritySessionImpl implements IgniteSecuritySession { /** Grid Security Manager. */ private final IgniteSecurityProcessor proc; @@ -31,7 +31,7 @@ public class GridSecuritySessionImpl implements GridSecuritySession { * @param proc Grid Security Manager. * @param secCtx Security context. */ - public GridSecuritySessionImpl(IgniteSecurityProcessor proc, SecurityContext secCtx) { + public IgniteSecuritySessionImpl(IgniteSecurityProcessor proc, SecurityContext secCtx) { this.proc = proc; this.secCtx = secCtx; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java index 53d880ecbf85d..cac43a35ad711 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecuteServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java @@ -26,7 +26,7 @@ /** * Testing permissions when the service task is executed cache operations on remote node. */ -public class ExecuteServiceTaskSecurityTest extends AbstractResolveSecurityContextTest { +public class ExecutorServiceTaskSecurityTest extends AbstractResolveSecurityContextTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index 969af7827ef48..ba036c644c49a 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -32,7 +32,7 @@ import org.apache.ignite.internal.processor.security.compute.TaskExecutePermissionForExecutorServiceTest; import org.apache.ignite.internal.processor.security.compute.closure.ComputeTaskSecurityTest; import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureSecurityTest; -import org.apache.ignite.internal.processor.security.compute.closure.ExecuteServiceTaskSecurityTest; +import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceTaskSecurityTest; import org.apache.ignite.internal.processor.security.datastreamer.DataStreamerCachePermissionTest; import org.apache.ignite.internal.processor.security.datastreamer.closure.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingTest; @@ -68,7 +68,7 @@ public static TestSuite suite(final @Nullable Set ignoredTests) { suite.addTest(new TestSuite(DistributedClosureSecurityTest.class)); suite.addTest(new TestSuite(ComputeTaskSecurityTest.class)); - suite.addTest(new TestSuite(ExecuteServiceTaskSecurityTest.class)); + suite.addTest(new TestSuite(ExecutorServiceTaskSecurityTest.class)); suite.addTest(new TestSuite(ScanQuerySecurityTest.class)); suite.addTest(new TestSuite(EntryProcessorSecurityTest.class)); suite.addTest(new TestSuite(IgniteDataStreamerSecurityTest.class)); From f0e12691a18324b95fcd00def9ebac15815c2b09 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 26 Dec 2018 12:51:46 +0300 Subject: [PATCH 37/98] IGNITE-9560 JUnit4 --- .../security/cache/CachePermissionsTest.java | 6 ++ .../EntryProcessorCachePermissionTest.java | 5 ++ .../cache/LoadCachePermissionTest.java | 5 ++ .../cache/ScanQueryCachePermissionTest.java | 6 ++ .../closure/EntryProcessorSecurityTest.java | 5 ++ .../cache/closure/LoadCacheSecurityTest.java | 5 ++ .../cache/closure/ScanQuerySecurityTest.java | 5 ++ .../client/ThinClientSecurityTest.java | 7 +++ .../AbstractTaskExecutePermissionTest.java | 5 ++ .../AbstractComputeTaskSecurityTest.java | 5 ++ .../ExecutorServiceTaskSecurityTest.java | 5 ++ .../DataStreamerCachePermissionTest.java | 6 ++ .../IgniteDataStreamerSecurityTest.java | 5 ++ .../messaging/IgniteMessagingTest.java | 5 ++ .../AuthorizeOperationsTestSuite.java | 59 ++++++++----------- 15 files changed, 100 insertions(+), 34 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java index 69cea3e6eb284..2a09357f1c8e9 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java @@ -20,6 +20,9 @@ import java.util.Collections; import org.apache.ignite.Ignite; import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; @@ -29,10 +32,12 @@ /** * Test CRUD cache permissions. */ +@RunWith(JUnit4.class) public class CachePermissionsTest extends AbstractCachePermissionTest { /** * @throws Exception If fail. */ + @Test public void testServerNode() throws Exception { testCrudCachePermissions(false); } @@ -40,6 +45,7 @@ public void testServerNode() throws Exception { /** * @throws Exception If fail. */ + @Test public void testClientNode() throws Exception { testCrudCachePermissions(true); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java index 3a911667b141f..4341e7eaf9d6c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java @@ -21,6 +21,9 @@ import org.apache.ignite.cache.CacheEntryProcessor; import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; import org.apache.ignite.internal.util.typedef.T2; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; import static java.util.Collections.singleton; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; @@ -29,6 +32,7 @@ /** * Test cache permission for Entry processor. */ +@RunWith(JUnit4.class) public class EntryProcessorCachePermissionTest extends AbstractCachePermissionTest { /** Server node. */ private Ignite srvNode; @@ -54,6 +58,7 @@ public class EntryProcessorCachePermissionTest extends AbstractCachePermissionTe /** * */ + @Test public void test() { invoke(srvNode); invoke(clientNode); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java index 11e477a25b75b..50a2da19e293f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java @@ -35,6 +35,9 @@ import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiInClosure; import org.jetbrains.annotations.Nullable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; @@ -42,6 +45,7 @@ /** * Test cache permission for Load cache. */ +@RunWith(JUnit4.class) public class LoadCachePermissionTest extends AbstractCachePermissionTest { /** Entry. */ private static T2 entry; @@ -85,6 +89,7 @@ public class LoadCachePermissionTest extends AbstractCachePermissionTest { /** * */ + @Test public void test() { load(srvNode); load(clientNode); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java index f4aac70b91ec7..3ee05449bd1d8 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java @@ -22,16 +22,21 @@ import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; import org.apache.ignite.internal.util.typedef.G; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; /** * Test cache permission for invoking of Scan Query. */ +@RunWith(JUnit4.class) public class ScanQueryCachePermissionTest extends AbstractCachePermissionTest { /** * @throws Exception If fail. */ + @Test public void testServerNode() throws Exception { testScanQuery(false); } @@ -39,6 +44,7 @@ public void testServerNode() throws Exception { /** * @throws Exception If fail. */ + @Test public void testClientNode() throws Exception { testScanQuery(true); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java index 6c02bb8ec714a..666a8bc8f64ac 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java @@ -27,12 +27,17 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; import org.apache.ignite.plugin.security.SecurityPermission; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; /** * Testing permissions when EntryProcessor closure is executed cache operations on remote node. */ +@RunWith(JUnit4.class) public class EntryProcessorSecurityTest extends AbstractCacheSecurityTest { /** */ + @Test public void testEntryProcessor() { assertAllowed(clntAllPerms, srvAllPerms); assertAllowed(clntAllPerms, srvReadOnlyPerm); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java index f44bbf51d408c..b1b9c56ca6884 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java @@ -31,10 +31,14 @@ import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.resources.IgniteInstanceResource; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; /** * Testing permissions when the filter of Load cache is executed cache operations on remote node. */ +@RunWith(JUnit4.class) public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { /** {@inheritDoc} */ @Override protected CacheConfiguration[] getCacheConfigurations() { @@ -54,6 +58,7 @@ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { /** * */ + @Test public void testLoadCache() { assertAllowed((t) -> load(clntAllPerms, srvAllPerms, t)); assertAllowed((t) -> load(clntAllPerms, srvReadOnlyPerm, t)); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java index 2429f7917ee0e..df6a2be913012 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java @@ -28,14 +28,19 @@ import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.resources.IgniteInstanceResource; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; /** * Testing permissions when the filter of ScanQuery is executed cache operations on remote node. */ +@RunWith(JUnit4.class) public class ScanQuerySecurityTest extends AbstractCacheSecurityTest { /** * */ + @Test public void testScanQuery() throws Exception { putTestData(srvAllPerms, CACHE_NAME); putTestData(srvAllPerms, COMMON_USE_CACHE); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java index 8b1372fc0d8b5..f7533be830d5a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java @@ -35,6 +35,9 @@ import org.apache.ignite.internal.processor.security.TestSecurityData; import org.apache.ignite.internal.processor.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.typedef.G; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; @@ -51,6 +54,7 @@ /** * Security tests for thin client. */ +@RunWith(JUnit4.class) public class ThinClientSecurityTest extends AbstractSecurityTest { /** Client. */ private static final String CLIENT = "client"; @@ -151,6 +155,7 @@ protected IgniteConfiguration getConfiguration(int idx, /** * @throws Exception If error occurs. */ + @Test public void testCacheSinglePermOperations() throws Exception { for (Consumer c : consumers(CACHE)) executeOperation(CLIENT, c); @@ -165,6 +170,7 @@ public void testCacheSinglePermOperations() throws Exception { * * @throws Exception If error occurs. */ + @Test public void testCacheTaskPermOperations() throws Exception { executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).removeAll()); executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).clear()); @@ -176,6 +182,7 @@ public void testCacheTaskPermOperations() throws Exception { /** * @throws Exception If error occurs. */ + @Test public void testSysOperation() throws Exception { try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { assertThat(sysPrmClnt.createCache(DYNAMIC_CACHE), notNullValue()); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java index d4b1bf387485b..5474e5501b011 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java @@ -32,6 +32,9 @@ import org.apache.ignite.lang.IgniteFutureCancelledException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; @@ -39,6 +42,7 @@ /** * Abstract class for task execute permission tests. */ +@RunWith(JUnit4.class) public abstract class AbstractTaskExecutePermissionTest extends AbstractSecurityTest { /** Flag that shows task was executed. */ protected static final AtomicBoolean IS_EXECUTED = new AtomicBoolean(false); @@ -83,6 +87,7 @@ public abstract class AbstractTaskExecutePermissionTest extends AbstractSecurity /** * */ + @Test public void test() { for (TestRunnable r : runnablesForNodes(srvAllowed, clntAllowed)) allowRun(r); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java index a65c5811ebdae..20543cbe635d4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java @@ -19,12 +19,17 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; /** * Abstract compute security test. */ +@RunWith(JUnit4.class) public abstract class AbstractComputeTaskSecurityTest extends AbstractResolveSecurityContextTest { /** */ + @Test public void test() { checkSuccess(srvAllPerms, clntAllPerms); checkSuccess(srvAllPerms, srvReadOnlyPerm); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java index cac43a35ad711..e2aec6024d370 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java @@ -22,14 +22,19 @@ import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; /** * Testing permissions when the service task is executed cache operations on remote node. */ +@RunWith(JUnit4.class) public class ExecutorServiceTaskSecurityTest extends AbstractResolveSecurityContextTest { /** * */ + @Test public void testExecute() { assertAllowed((t) -> execute(clntAllPerms, clntReadOnlyPerm, t)); assertAllowed((t) -> execute(clntAllPerms, srvReadOnlyPerm, t)); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java index 0ba851b01bc4c..88cbf4d323398 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java @@ -25,6 +25,9 @@ import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; import static java.util.Collections.singletonList; import static java.util.Collections.singletonMap; @@ -34,10 +37,12 @@ /** * Test cache permissions for Data Streamer. */ +@RunWith(JUnit4.class) public class DataStreamerCachePermissionTest extends AbstractCachePermissionTest { /** * @throws Exception If fail. */ + @Test public void testServerNode() throws Exception { testDataStreamer(false); } @@ -45,6 +50,7 @@ public void testServerNode() throws Exception { /** * @throws Exception If fail. */ + @Test public void testClientNode() throws Exception { testDataStreamer(true); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java index 92e91b1e6c98b..8d748f856c14b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java @@ -28,14 +28,19 @@ import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.stream.StreamVisitor; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; /** * Testing permissions when the closure od DataStreamer is executed cache operations on remote node. */ +@RunWith(JUnit4.class) public class IgniteDataStreamerSecurityTest extends AbstractCacheSecurityTest { /** * */ + @Test public void testDataStreamer() { assertAllowed((t) -> load(clntAllPerms, srvAllPerms, t)); assertAllowed((t) -> load(clntAllPerms, srvReadOnlyPerm, t)); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java index 62f540e78f646..2256257dca335 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java @@ -30,6 +30,9 @@ import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.testframework.junits.GridAbstractTest; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; import static org.hamcrest.core.Is.is; import static org.hamcrest.core.IsNull.nullValue; @@ -38,6 +41,7 @@ /** * Testing permissions when the message listener is executed cache operations on remote node. */ +@RunWith(JUnit4.class) public class IgniteMessagingTest extends AbstractResolveSecurityContextTest { /** Sever node that has all permissions for TEST_CACHE. */ private IgniteEx evntAllPerms; @@ -62,6 +66,7 @@ public class IgniteMessagingTest extends AbstractResolveSecurityContextTest { /** * */ + @Test public void testMessaging() throws Exception { awaitPartitionMapExchange(); diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index ba036c644c49a..fde5b31981b12 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -17,7 +17,7 @@ package org.apache.ignite.testsuites; -import java.util.Set; +import junit.framework.JUnit4TestAdapter; import junit.framework.TestSuite; import org.apache.ignite.internal.processor.security.cache.CachePermissionsTest; import org.apache.ignite.internal.processor.security.cache.EntryProcessorCachePermissionTest; @@ -36,45 +36,36 @@ import org.apache.ignite.internal.processor.security.datastreamer.DataStreamerCachePermissionTest; import org.apache.ignite.internal.processor.security.datastreamer.closure.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingTest; -import org.jetbrains.annotations.Nullable; +import org.junit.runner.RunWith; +import org.junit.runners.AllTests; /** * Security test suite. */ -public class AuthorizeOperationsTestSuite extends TestSuite { - /** - * @return Test suite. - * @throws Exception Thrown in case of the failure. - */ - public static TestSuite suite() throws Exception { - return suite(null); - } - - /** - * @param ignoredTests Tests don't include in the execution. Providing null means nothing to exclude. - * @return Test suite. - */ - public static TestSuite suite(final @Nullable Set ignoredTests) { - TestSuite suite = new TestSuite("Initiator Node's Security Context Test Suite"); +@RunWith(AllTests.class) +public class AuthorizeOperationsTestSuite { + /** */ + public static TestSuite suite() { + TestSuite suite = new TestSuite(AuthorizeOperationsTestSuite.class.getName()); - suite.addTest(new TestSuite(CachePermissionsTest.class)); - suite.addTest(new TestSuite(DataStreamerCachePermissionTest.class)); - suite.addTest(new TestSuite(ScanQueryCachePermissionTest.class)); - suite.addTest(new TestSuite(LoadCachePermissionTest.class)); - suite.addTest(new TestSuite(EntryProcessorCachePermissionTest.class)); - suite.addTest(new TestSuite(TaskExecutePermissionForExecutorServiceTest.class)); - suite.addTest(new TestSuite(TaskExecutePermissionForDistributedClosureTest.class)); - suite.addTest(new TestSuite(TaskExecutePermissionForComputeTaskTest.class)); + suite.addTest(new JUnit4TestAdapter(CachePermissionsTest.class)); + suite.addTest(new JUnit4TestAdapter(DataStreamerCachePermissionTest.class)); + suite.addTest(new JUnit4TestAdapter(ScanQueryCachePermissionTest.class)); + suite.addTest(new JUnit4TestAdapter(LoadCachePermissionTest.class)); + suite.addTest(new JUnit4TestAdapter(EntryProcessorCachePermissionTest.class)); + suite.addTest(new JUnit4TestAdapter(TaskExecutePermissionForExecutorServiceTest.class)); + suite.addTest(new JUnit4TestAdapter(TaskExecutePermissionForDistributedClosureTest.class)); + suite.addTest(new JUnit4TestAdapter(TaskExecutePermissionForComputeTaskTest.class)); - suite.addTest(new TestSuite(DistributedClosureSecurityTest.class)); - suite.addTest(new TestSuite(ComputeTaskSecurityTest.class)); - suite.addTest(new TestSuite(ExecutorServiceTaskSecurityTest.class)); - suite.addTest(new TestSuite(ScanQuerySecurityTest.class)); - suite.addTest(new TestSuite(EntryProcessorSecurityTest.class)); - suite.addTest(new TestSuite(IgniteDataStreamerSecurityTest.class)); - suite.addTest(new TestSuite(LoadCacheSecurityTest.class)); - suite.addTest(new TestSuite(ThinClientSecurityTest.class)); - suite.addTest(new TestSuite(IgniteMessagingTest.class)); + suite.addTest(new JUnit4TestAdapter(DistributedClosureSecurityTest.class)); + suite.addTest(new JUnit4TestAdapter(ComputeTaskSecurityTest.class)); + suite.addTest(new JUnit4TestAdapter(ExecutorServiceTaskSecurityTest.class)); + suite.addTest(new JUnit4TestAdapter(ScanQuerySecurityTest.class)); + suite.addTest(new JUnit4TestAdapter(EntryProcessorSecurityTest.class)); + suite.addTest(new JUnit4TestAdapter(IgniteDataStreamerSecurityTest.class)); + suite.addTest(new JUnit4TestAdapter(LoadCacheSecurityTest.class)); + suite.addTest(new JUnit4TestAdapter(ThinClientSecurityTest.class)); + suite.addTest(new JUnit4TestAdapter(IgniteMessagingTest.class)); return suite; } From 4442328c8cf1b960fed5ce42d5673cabcf14b5b4 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 24 Jan 2019 12:09:29 +0300 Subject: [PATCH 38/98] IGNITE-9560 Invoke a closure from the closure --- .../managers/communication/GridIoManager.java | 15 +- .../managers/communication/GridIoMessage.java | 29 +- .../security/IgniteSecurityProcessor.java | 7 +- .../security/IgniteSecurityProcessorImpl.java | 5 + .../service/IgniteServiceProcessor.java | 8 +- .../DataStreamerImplSelfTest.java | 2 + .../AbstractResolveSecurityContextTest.java | 5 + .../closure/EntryProcessorSecurityTest.java | 169 ++++++--- .../cache/closure/LoadCacheSecurityTest.java | 106 ++++-- .../cache/closure/ScanQuerySecurityTest.java | 214 ++++++++--- .../AbstractComputeTaskSecurityTest.java | 2 +- .../closure/ComputeTaskSecurityTest.java | 95 ++++- .../DistributedClosureSecurityTest.java | 354 ++++++++++++++---- .../ExecutorServiceTaskSecurityTest.java | 54 ++- .../IgniteDataStreamerSecurityTest.java | 103 +++-- 15 files changed, 916 insertions(+), 252 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 1d48526ae2843..b399818d18b03 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -1044,7 +1044,7 @@ private void processP2PMessage( assert obj != null; - invokeListener(msg.policy(), lsnr, nodeId, obj); + invokeListener(msg.policy(), lsnr, nodeId, obj, msg.secSubjId()); } finally { threadProcessingMessage(false, null); @@ -1187,7 +1187,7 @@ private void processRegularMessage0(GridIoMessage msg, UUID nodeId) { assert obj != null; - invokeListener(msg.policy(), lsnr, nodeId, obj); + invokeListener(msg.policy(), lsnr, nodeId, obj, msg.secSubjId()); } /** @@ -1549,8 +1549,9 @@ private void unwindMessageSet(GridCommunicationMessageSet msgSet, GridMessageLis * @param lsnr Listener. * @param nodeId Node ID. * @param msg Message. + * @param secSubjId Security subject taht will be used to open a security session. */ - private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Object msg) { + private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Object msg, UUID secSubjId) { Byte oldPlc = CUR_PLC.get(); boolean change = !F.eq(oldPlc, plc); @@ -1558,7 +1559,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - try(IgniteSecuritySession s = ctx.security().startSession(nodeId)) { + try(IgniteSecuritySession s = ctx.security().startSession(secSubjId)) { lsnr.onMessage(nodeId, msg, plc); } finally { @@ -1620,7 +1621,9 @@ private void send( assert !async || msg instanceof GridIoUserMessage : msg; // Async execution was added only for IgniteMessaging. assert topicOrd >= 0 || !(topic instanceof GridTopic) : msg; - GridIoMessage ioMsg = new GridIoMessage(plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); + UUID secSubjId = ctx.security().securityContext().subject().id(); + + GridIoMessage ioMsg = new GridIoMessage(secSubjId, plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); if (locNodeId.equals(node.id())) { assert plc != P2P_POOL; @@ -2765,7 +2768,7 @@ void unwind(GridMessageListener lsnr) { for (GridTuple3 t = msgs.poll(); t != null; t = msgs.poll()) { try { - invokeListener(plc, lsnr, nodeId, t.get1().message()); + invokeListener(plc, lsnr, nodeId, t.get1().message(), t.get1().secSubjId()); } finally { if (t.get3() != null) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java index fe61aec834672..78e08736d4870 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java @@ -20,6 +20,7 @@ import java.io.Externalizable; import java.nio.ByteBuffer; +import java.util.UUID; import org.apache.ignite.internal.ExecutorAwareMessage; import org.apache.ignite.internal.GridDirectTransient; import org.apache.ignite.internal.processors.cache.GridCacheMessage; @@ -67,6 +68,9 @@ public class GridIoMessage implements Message { /** Message. */ private Message msg; + /** Security subject id that will be used during message processing on an remote node. */ + private UUID secSubjId; + /** * No-op constructor to support {@link Externalizable} interface. * This constructor is not meant to be used for other purposes. @@ -76,6 +80,7 @@ public GridIoMessage() { } /** + * @param secSubjId Security subject id. * @param plc Policy. * @param topic Communication topic. * @param topicOrd Topic ordinal value. @@ -85,6 +90,7 @@ public GridIoMessage() { * @param skipOnTimeout Whether message can be skipped on timeout. */ public GridIoMessage( + UUID secSubjId, byte plc, Object topic, int topicOrd, @@ -93,10 +99,12 @@ public GridIoMessage( long timeout, boolean skipOnTimeout ) { + assert secSubjId != null; assert topic != null; assert topicOrd <= Byte.MAX_VALUE; assert msg != null; + this.secSubjId = secSubjId; this.plc = plc; this.msg = msg; this.topic = topic; @@ -113,6 +121,13 @@ byte policy() { return plc; } + /** + * @return Security subject id. + */ + UUID secSubjId() { + return secSubjId; + } + /** * @return Topic. */ @@ -245,6 +260,11 @@ boolean isOrdered() { writer.incrementState(); + case 7: + if (!writer.writeUuid("secSubjId", secSubjId)) + return false; + + writer.incrementState(); } return true; @@ -314,6 +334,13 @@ boolean isOrdered() { reader.incrementState(); + case 7: + secSubjId = reader.readUuid("secSubjId"); + + if (!reader.isLastRead()) + return false; + + reader.incrementState(); } return reader.afterMessageRead(GridIoMessage.class); @@ -326,7 +353,7 @@ boolean isOrdered() { /** {@inheritDoc} */ @Override public byte fieldsCount() { - return 7; + return 8; } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index 7c12aeb3f686e..75371efd46890 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -27,13 +27,18 @@ public interface IgniteSecurityProcessor { /** * Creates {@link IgniteSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by - * node with given noddeId until session {@link IgniteSecuritySession} will be closed. + * node with given nodeId until session {@link IgniteSecuritySession} will be closed. * * @param nodeId Node id. * @return Grid security Session. */ public IgniteSecuritySession startSession(UUID nodeId); + /** + * @return SecurityContext of opened session {@link IgniteSecuritySession}. + */ + public SecurityContext securityContext(); + /** * Delegates call to {@link GridSecurityProcessor#authenticateNode(org.apache.ignite.cluster.ClusterNode, * org.apache.ignite.plugin.security.SecurityCredentials)} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index cb16387f93b8f..259273a9341c1 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -78,6 +78,11 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor ); } + /** {@inheritDoc} */ + @Override public SecurityContext securityContext() { + return curSecCtx.get(); + } + /** {@inheritDoc} */ @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/service/IgniteServiceProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/service/IgniteServiceProcessor.java index c164c6f1e485b..c811cf591c06e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/service/IgniteServiceProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/service/IgniteServiceProcessor.java @@ -604,7 +604,7 @@ private PreparedConfigurations prepareServiceConfigurations(Collecti */ private SecurityException checkPermissions(String name, SecurityPermission perm) { try { - ctx.security().authorize(name, perm, null); + ctx.security().authorize(name, perm); return null; } @@ -858,7 +858,7 @@ private Map serviceTopology(String name) { return null; try { - ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE, null); + ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE); Collection ctxs = serviceContexts(name); @@ -929,7 +929,7 @@ private Map serviceTopology(String name) { @Override public T serviceProxy(ClusterGroup prj, String name, Class srvcCls, boolean sticky, long timeout) throws IgniteException { - ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE, null); + ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE); if (hasLocalNode(prj)) { ServiceContextImpl ctx = serviceContext(name); @@ -969,7 +969,7 @@ private boolean hasLocalNode(ClusterGroup prj) { return null; try { - ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE, null); + ctx.security().authorize(name, SecurityPermission.SERVICE_INVOKE); Collection ctxs = serviceContexts(name); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java index 1844e06aa4b1b..906fce1e96a19 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java @@ -23,6 +23,7 @@ import java.util.List; import java.util.Map; import java.util.Random; +import java.util.UUID; import java.util.concurrent.Callable; import java.util.concurrent.CountDownLatch; import java.util.concurrent.CyclicBarrier; @@ -606,6 +607,7 @@ private static class StaleTopologyCommunicationSpi extends TcpCommunicationSpi { -1); msg = new GridIoMessage( + GridTestUtils.getFieldValue(ioMsg, "secSubjId"), GridTestUtils.getFieldValue(ioMsg, "plc"), GridTestUtils.getFieldValue(ioMsg, "topic"), GridTestUtils.getFieldValue(ioMsg, "topicOrd"), diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java index 2391406af1807..233f5e37b619f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java @@ -37,6 +37,9 @@ public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { /** Sever node that has all permissions for TEST_CACHE. */ protected IgniteEx srvAllPerms; + /** Sever node that has all permissions for TEST_CACHE. */ + protected IgniteEx srvTransitionAllPerms; + /** Client node that has all permissions for TEST_CACHE. */ protected IgniteEx clntAllPerms; @@ -52,6 +55,8 @@ public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { srvAllPerms = startGrid("srv_all_perms", allowAllPermissionSet()); + srvTransitionAllPerms = startGrid("srv_trns_all_perms", allowAllPermissionSet()); + clntAllPerms = startGrid("clnt_all_perms", allowAllPermissionSet(), true); srvReadOnlyPerm = startGrid("srv_read_only_perm", diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java index 666a8bc8f64ac..c94003f72485a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java @@ -39,82 +39,101 @@ public class EntryProcessorSecurityTest extends AbstractCacheSecurityTest { /** */ @Test public void testEntryProcessor() { - assertAllowed(clntAllPerms, srvAllPerms); - assertAllowed(clntAllPerms, srvReadOnlyPerm); - assertAllowed(srvAllPerms, srvReadOnlyPerm); + checkInvoke(clntAllPerms, srvAllPerms, true); + checkInvoke(clntAllPerms, srvReadOnlyPerm, true); + checkInvoke(srvAllPerms, srvReadOnlyPerm, true); - assertForbidden(clntReadOnlyPerm, srvAllPerms); - assertForbidden(srvReadOnlyPerm, srvAllPerms); + checkInvoke(clntReadOnlyPerm, srvAllPerms, false); + checkInvoke(srvReadOnlyPerm, srvAllPerms, false); } /** * @param initiator Initiator node. * @param remote Remote node. */ - private void assertAllowed(IgniteEx initiator, IgniteEx remote) { + private void checkInvoke(IgniteEx initiator, IgniteEx remote, boolean isSuccess) { assert !remote.localNode().isClient(); - invoke(initiator, remote); - invokeAll(initiator, remote); - invokeAsync(initiator, remote); - invokeAllAsync(initiator, remote); - } + final UUID remoteId = remote.localNode().id(); - /** - * @param initiator Initiator node. - * @param remote Remote node. - */ - private void assertForbidden(IgniteEx initiator, IgniteEx remote) { - assert !remote.localNode().isClient(); + final Integer key = primaryKey(remote); - forbiddenRun(() -> invoke(initiator, remote)); - forbiddenRun(() -> invokeAll(initiator, remote)); - forbiddenRun(() -> invokeAsync(initiator, remote)); - forbiddenRun(() -> invokeAllAsync(initiator, remote)); - } - - /** - * @param initiator Initiator. - * @param remote Remote. - */ - private void invoke(IgniteEx initiator, IgniteEx remote) { - initiator.cache(COMMON_USE_CACHE).invoke( - primaryKey(remote), - new TestEntryProcessor(remote.localNode().id()) - ); - } + for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { + if (isSuccess) + invoke(ime, initiator, new TestEntryProcessor(remoteId), key); + else { + forbiddenRun( + () -> invoke(ime, initiator, new TestEntryProcessor(remoteId), key) + ); + } + } - /** - * @param initiator Initiator. - * @param remote Remote. - */ - private void invokeAsync(IgniteEx initiator, IgniteEx remote) { - initiator.cache(COMMON_USE_CACHE).invokeAsync( - primaryKey(remote), - new TestEntryProcessor(remote.localNode().id()) - ).get(); + final UUID transitionId = srvTransitionAllPerms.localNode().id(); + + final Integer transitionKey = primaryKey(srvTransitionAllPerms); + + for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { + if (isSuccess) { + invoke(ime, initiator, + new TestTransitionEntryProcessor(ime, transitionId, remoteId, key), + transitionKey); + } + else { + forbiddenRun( + () -> invoke(ime, initiator, + new TestTransitionEntryProcessor(ime, transitionId, remoteId, key), + transitionKey) + ); + } + } } /** + * @param ime Invoke Method. * @param initiator Initiator. - * @param remote Remote. + * @param ep Entry Processor. + * @param key Key. */ - private void invokeAll(IgniteEx initiator, IgniteEx remote) { - initiator.cache(COMMON_USE_CACHE).invokeAll( - Collections.singleton(primaryKey(remote)), - new TestEntryProcessor(remote.localNode().id()) - ).values().stream().findFirst().ifPresent(EntryProcessorResult::get); + static void invoke(InvokeMethodEnum ime, IgniteEx initiator, + EntryProcessor ep, Integer key) { + switch (ime) { + case INVOKE: + initiator.cache(COMMON_USE_CACHE) + .invoke(key, ep); + + break; + case INVOKE_ALL: + initiator.cache(COMMON_USE_CACHE) + .invokeAll(Collections.singleton(key), ep) + .values().stream().findFirst().ifPresent(EntryProcessorResult::get); + + break; + case INVOKE_ASYNC: + initiator.cache(COMMON_USE_CACHE) + .invokeAsync(key, ep).get(); + + break; + case INVOKE_ALL_ASYNC: + initiator.cache(COMMON_USE_CACHE) + .invokeAllAsync(Collections.singleton(key), ep) + .get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); + + break; + default: + throw new IllegalArgumentException("Unknown invoke method " + ime); + } } - /** - * @param initiator Initiator. - * @param remote Remote. - */ - private void invokeAllAsync(IgniteEx initiator, IgniteEx remote) { - initiator.cache(COMMON_USE_CACHE).invokeAllAsync( - Collections.singleton(primaryKey(remote)), - new TestEntryProcessor(remote.localNode().id()) - ).get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); + /** Enum for ways to invoke EntryProcessor. */ + enum InvokeMethodEnum { + /** Invoke. */ + INVOKE, + /** Invoke all. */ + INVOKE_ALL, + /** Invoke async. */ + INVOKE_ASYNC, + /** Invoke all async. */ + INVOKE_ALL_ASYNC } /** @@ -143,4 +162,40 @@ public TestEntryProcessor(UUID remoteId) { return null; } } + + /** + * Entry processor for tests with transition invoke call. + */ + static class TestTransitionEntryProcessor extends TestEntryProcessor { + /** */ + private final InvokeMethodEnum ime; + /** Transition node id */ + private final UUID transitionId; + + /** The key that is contained on primary partition on remote node for given cache. */ + private final Integer remoteKey; + + /** + * @param remoteId Remote id. + */ + public TestTransitionEntryProcessor(InvokeMethodEnum ime, UUID transitionId, UUID remoteId, Integer remoteKey) { + super(remoteId); + + this.ime = ime; + this.transitionId = transitionId; + this.remoteKey = remoteKey; + } + + /** {@inheritDoc} */ + @Override public Object process(MutableEntry entry, + Object... objects) throws EntryProcessorException { + IgniteEx loc = (IgniteEx)Ignition.localIgnite(); + + assertEquals(transitionId, loc.localNode().id()); + + invoke(ime, loc, new TestEntryProcessor(remoteId), remoteKey); + + return null; + } + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java index b1b9c56ca6884..5944ba9d09a86 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java @@ -40,6 +40,9 @@ */ @RunWith(JUnit4.class) public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { + /** Transition load cache. */ + private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; + /** {@inheritDoc} */ @Override protected CacheConfiguration[] getCacheConfigurations() { return new CacheConfiguration[] { @@ -51,6 +54,11 @@ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { .setName(COMMON_USE_CACHE) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false) + .setCacheStoreFactory(new TestStoreFactory()), + new CacheConfiguration() + .setName(TRANSITION_LOAD_CACHE) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false) .setCacheStoreFactory(new TestStoreFactory()) }; } @@ -60,26 +68,45 @@ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { */ @Test public void testLoadCache() { - assertAllowed((t) -> load(clntAllPerms, srvAllPerms, t)); - assertAllowed((t) -> load(clntAllPerms, srvReadOnlyPerm, t)); - assertAllowed((t) -> load(srvAllPerms, srvAllPerms, t)); - assertAllowed((t) -> load(srvAllPerms, srvReadOnlyPerm, t)); - - assertForbidden((t) -> load(clntReadOnlyPerm, srvAllPerms, t)); - assertForbidden((t) -> load(srvReadOnlyPerm, srvAllPerms, t)); - assertForbidden((t) -> load(srvReadOnlyPerm, srvReadOnlyPerm, t)); + testLoadCache(false); + testLoadCache(true); } /** - * @param initiator Initiator node. - * @param remote Remoute node. + * @param isTransition True for transition case. */ - private void load(IgniteEx initiator, IgniteEx remote, T2 entry) { + private void testLoadCache(boolean isTransition) { + assertAllowed((t) -> load(clntAllPerms, closure(srvAllPerms, t, isTransition))); + assertAllowed((t) -> load(clntAllPerms, closure(srvReadOnlyPerm, t, isTransition))); + assertAllowed((t) -> load(srvAllPerms, closure(srvAllPerms, t, isTransition))); + assertAllowed((t) -> load(srvAllPerms, closure(srvReadOnlyPerm, t, isTransition))); + + assertForbidden((t) -> load(clntReadOnlyPerm, closure(srvAllPerms, t, isTransition))); + assertForbidden((t) -> load(srvReadOnlyPerm, closure(srvAllPerms, t, isTransition))); + assertForbidden((t) -> load(srvReadOnlyPerm, closure(srvReadOnlyPerm, t, isTransition))); + } + + /** + * @param remote Remote. + * @param entry Entry to put into test cache. + * @param isTransition True if predicate to test transition case. + */ + private IgniteBiPredicate closure(IgniteEx remote, + T2 entry, boolean isTransition) { assert !remote.localNode().isClient(); - initiator.cache(COMMON_USE_CACHE).loadCache( - new TestClosure(remote.localNode().id(), entry.getKey(), entry.getValue()) - ); + if (isTransition) + return new TransitionTestClosure(srvTransitionAllPerms.localNode().id(), + remote.localNode().id(), entry); + return new TestClosure(remote.localNode().id(), entry); + } + + /** + * @param initiator Initiator node. + * @param p Predicate. + */ + private void load(IgniteEx initiator, IgniteBiPredicate p) { + initiator.cache(COMMON_USE_CACHE).loadCache(p); } /** @@ -87,33 +114,58 @@ private void load(IgniteEx initiator, IgniteEx remote, T2 entry */ static class TestClosure implements IgniteBiPredicate { /** Remote node id. */ - private final UUID remoteId; - - /** Key. */ - private final String key; + protected final UUID remoteId; - /** Value. */ - private final Integer val; + /** Data to put into test cache. */ + protected final T2 t2; /** Locale ignite. */ @IgniteInstanceResource protected Ignite loc; /** - * @param remoteId Remote id. - * @param key Key. - * @param val Value. + * @param remoteId Remote node id. + * @param t2 Data to put into test cache. */ - public TestClosure(UUID remoteId, String key, Integer val) { + public TestClosure(UUID remoteId, T2 t2) { this.remoteId = remoteId; - this.key = key; - this.val = val; + this.t2 = t2; } /** {@inheritDoc} */ @Override public boolean apply(Integer k, Integer v) { if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_NAME).put(key, val); + loc.cache(CACHE_NAME).put(t2.getKey(), t2.getValue()); + + return false; + } + } + + /** + * Closure for transition tests. + */ + static class TransitionTestClosure extends TestClosure { + /** Transition node id. */ + private final UUID transitionId; + + /** + * @param transitionId Transition node id. + * @param remoteId Remote node id. + * @param t2 Data to put into test cache. + */ + public TransitionTestClosure(UUID transitionId, UUID remoteId, T2 t2) { + super(remoteId, t2); + + this.transitionId = transitionId; + } + + /** {@inheritDoc} */ + @Override public boolean apply(Integer k, Integer v) { + if (transitionId.equals(loc.cluster().localNode().id())) { + loc.cache(TRANSITION_LOAD_CACHE).loadCache( + new TestClosure(remoteId, t2) + ); + } return false; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java index df6a2be913012..c62cd50e79ac1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java @@ -18,6 +18,7 @@ package org.apache.ignite.internal.processor.security.cache.closure; import java.util.UUID; +import java.util.concurrent.atomic.AtomicBoolean; import javax.cache.Cache; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; @@ -37,9 +38,7 @@ */ @RunWith(JUnit4.class) public class ScanQuerySecurityTest extends AbstractCacheSecurityTest { - /** - * - */ + /** */ @Test public void testScanQuery() throws Exception { putTestData(srvAllPerms, CACHE_NAME); @@ -67,6 +66,26 @@ public void testScanQuery() throws Exception { assertAllowed((t) -> transform(clntAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); assertAllowed((t) -> transform(srvAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); + assertAllowed((t) -> transitionQuery(clntAllPerms, srvAllPerms, CACHE_NAME, t)); + assertAllowed((t) -> transitionQuery(srvAllPerms, srvAllPerms, CACHE_NAME, t)); + assertAllowed((t) -> transitionQuery(clntAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); + assertAllowed((t) -> transitionQuery(srvAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); + + assertAllowed((t) -> transitionTransform(clntAllPerms, srvAllPerms, CACHE_NAME, t)); + assertAllowed((t) -> transitionTransform(srvAllPerms, srvAllPerms, CACHE_NAME, t)); + assertAllowed((t) -> transitionTransform(clntAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); + assertAllowed((t) -> transitionTransform(srvAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); + + assertAllowed((t) -> transitionQuery(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); + assertAllowed((t) -> transitionQuery(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); + assertAllowed((t) -> transitionQuery(clntAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); + assertAllowed((t) -> transitionQuery(srvAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); + + assertAllowed((t) -> transitionTransform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); + assertAllowed((t) -> transitionTransform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); + assertAllowed((t) -> transitionTransform(clntAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); + assertAllowed((t) -> transitionTransform(srvAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); + assertForbidden((t) -> query(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); assertForbidden((t) -> query(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); assertForbidden((t) -> query(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); @@ -76,6 +95,16 @@ public void testScanQuery() throws Exception { assertForbidden((t) -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); assertForbidden((t) -> transform(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); assertForbidden((t) -> transform(srvReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); + + assertForbidden((t) -> transitionQuery(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); + assertForbidden((t) -> transitionQuery(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); + assertForbidden((t) -> transitionQuery(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); + assertForbidden((t) -> transitionQuery(srvReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); + + assertForbidden((t) -> transitionTransform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); + assertForbidden((t) -> transitionTransform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); + assertForbidden((t) -> transitionTransform(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); + assertForbidden((t) -> transitionTransform(srvReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); } /** @@ -87,7 +116,22 @@ private void query(IgniteEx initiator, IgniteEx remote, String cacheName, T2( - new QueryFilter(remote.localNode().id(), entry.getKey(), entry.getValue()) + new QueryFilter(remote.localNode().id(), entry) + ) + ).getAll(); + } + + /** + * @param initiator Initiator node. + * @param remote Remoute node. + */ + private void transitionQuery(IgniteEx initiator, IgniteEx remote, String cacheName, T2 entry) { + assert !remote.localNode().isClient(); + + initiator.cache(cacheName).query( + new ScanQuery<>( + new TransitionQueryFilter(srvTransitionAllPerms.localNode().id(), + remote.localNode().id(), cacheName, entry) ) ).getAll(); } @@ -100,8 +144,21 @@ private void transform(IgniteEx initiator, IgniteEx remote, String cacheName, T2 assert !remote.localNode().isClient(); initiator.cache(cacheName).query( - new ScanQuery<>((k, v) -> true), - new Transformer(remote.localNode().id(), entry.getKey(), entry.getValue()) + new ScanQuery<>(new TransformerFilter(remote.localNode().id())), + new Transformer(entry) + ).getAll(); + } + + /** + * @param initiator Initiator node. + * @param remote Remoute node. + */ + private void transitionTransform(IgniteEx initiator, IgniteEx remote, String cacheName, T2 entry) { + assert !remote.localNode().isClient(); + + initiator.cache(cacheName).query( + new ScanQuery<>(new TransformerFilter(srvTransitionAllPerms.localNode().id())), + new TransitionTransformer(remote.localNode().id(), cacheName, entry) ).getAll(); } @@ -117,58 +174,68 @@ private void putTestData(IgniteEx ignite, String cacheName) { } /** - * Common class for test closures. + * Test query filter. */ - static class CommonClosure { - /** Remote node id. */ - protected final UUID remoteId; - - /** Key. */ - private final String key; - - /** Value. */ - private final Integer val; - + static class QueryFilter implements IgniteBiPredicate { /** Locale ignite. */ @IgniteInstanceResource protected Ignite loc; + /** Remote node id. */ + protected UUID remoteId; + + /** Data to put into test cache. */ + protected T2 t2; + /** - * @param remoteId Remote id. - * @param key Key. - * @param val Value. + * @param remoteId Remote node id. + * @param t2 Data to put into test cache. */ - public CommonClosure(UUID remoteId, String key, Integer val) { + public QueryFilter(UUID remoteId, T2 t2) { this.remoteId = remoteId; - this.key = key; - this.val = val; + this.t2 = t2; } - /** - * Put value to cache. - */ - protected void put() { + /** {@inheritDoc} */ + @Override public boolean apply(String s, Integer i) { if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_NAME).put(key, val); + loc.cache(CACHE_NAME).put(t2.getKey(), t2.getValue()); + + return false; } } - /** - * Test query filter. - */ - static class QueryFilter extends CommonClosure implements IgniteBiPredicate { + /** */ + static class TransitionQueryFilter extends QueryFilter { + /** Transition id. */ + private final UUID transitionId; + + /** Cache name. */ + private final String cacheName; + /** + * @param transitionId Transition id. * @param remoteId Remote id. - * @param key Key. - * @param val Value. + * @param cacheName Cache name. + * @param t2 Data to put into test cache. */ - public QueryFilter(UUID remoteId, String key, Integer val) { - super(remoteId, key, val); + public TransitionQueryFilter(UUID transitionId, UUID remoteId, + String cacheName, T2 t2) { + super(remoteId, t2); + + this.transitionId = transitionId; + this.cacheName = cacheName; } /** {@inheritDoc} */ @Override public boolean apply(String s, Integer i) { - put(); + if (transitionId.equals(loc.cluster().localNode().id())) { + loc.cache(cacheName).query( + new ScanQuery<>( + new QueryFilter(remoteId, t2) + ) + ).getAll(); + } return false; } @@ -177,21 +244,82 @@ public QueryFilter(UUID remoteId, String key, Integer val) { /** * Test transformer. */ - static class Transformer extends CommonClosure implements IgniteClosure, Integer> { + static class Transformer implements IgniteClosure, Integer> { + /** Locale ignite. */ + @IgniteInstanceResource + protected Ignite loc; + + /** Data to put into test cache. */ + protected final T2 t2; + + /** + * @param t2 Data to put into test cache. + */ + public Transformer(T2 t2) { + this.t2 = t2; + } + + /** {@inheritDoc} */ + @Override public Integer apply(Cache.Entry entry) { + loc.cache(CACHE_NAME).put(t2.getKey(), t2.getValue()); + + return entry.getValue(); + } + } + + /** */ + static class TransitionTransformer extends Transformer { + /** Remote node id. */ + private final UUID remoteId; + + /** Cache name. */ + private final String cacheName; + /** * @param remoteId Remote id. - * @param key Key. - * @param val Value. + * @param cacheName Cache name. + * @param t2 Data to put into test cache. */ - public Transformer(UUID remoteId, String key, Integer val) { - super(remoteId, key, val); + public TransitionTransformer(UUID remoteId, String cacheName, T2 t2) { + super(t2); + + this.remoteId = remoteId; + this.cacheName = cacheName; } /** {@inheritDoc} */ @Override public Integer apply(Cache.Entry entry) { - put(); + loc.cache(cacheName).query( + new ScanQuery<>(new TransformerFilter(remoteId)), + new Transformer(t2) + ).getAll(); return entry.getValue(); } } + + /** */ + static class TransformerFilter implements IgniteBiPredicate { + /** Node id. */ + private final UUID nodeId; + + /** Filter must return true only one time. */ + private AtomicBoolean b = new AtomicBoolean(true); + + /** Locale ignite. */ + @IgniteInstanceResource + protected Ignite loc; + + /** + * @param nodeId Node id. + */ + public TransformerFilter(UUID nodeId) { + this.nodeId = nodeId; + } + + /** {@inheritDoc} */ + @Override public boolean apply(String s, Integer integer) { + return nodeId.equals(loc.cluster().localNode().id()) && b.getAndSet(false); + } + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java index 20543cbe635d4..d5841b27084f6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java @@ -66,7 +66,7 @@ public void test() { * @param Third parameter type. */ @FunctionalInterface - protected interface TriConsumer { + protected interface C3 { /** * Performs this operation on the given arguments. * diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java index 9877fedeedb10..0c9d30743ce0b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java @@ -45,31 +45,59 @@ public class ComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { /** {@inheritDoc} */ @Override protected void checkSuccess(IgniteEx initiator, IgniteEx remote) { + final UUID remoteId = remote.localNode().id(); + successCompute( initiator, remote, (cmp, k, v) -> - cmp.execute(new TestComputeTask(remote.localNode().id(), k, v), 0) + cmp.execute(new TestComputeTask(remoteId, k, v), 0) ); + successCompute( + initiator, remote, + (cmp, k, v) -> + cmp.executeAsync(new TestComputeTask(remoteId, k, v), 0).get() + ); + + final UUID transitionId = srvTransitionAllPerms.localNode().id(); successCompute( initiator, remote, (cmp, k, v) -> - cmp.executeAsync(new TestComputeTask(remote.localNode().id(), k, v), 0).get() + cmp.execute(new TestTransitionComputeTask(transitionId, remoteId, k, v), 0) + ); + successCompute( + initiator, remote, + (cmp, k, v) -> + cmp.executeAsync(new TestTransitionComputeTask(transitionId, remoteId, k, v), 0).get() ); } /** {@inheritDoc} */ @Override protected void checkFail(IgniteEx initiator, IgniteEx remote) { + final UUID remoteId = remote.localNode().id(); + + failCompute( + initiator, remote, + (cmp, k, v) -> + cmp.execute(new TestComputeTask(remoteId, k, v), 0) + ); failCompute( initiator, remote, (cmp, k, v) -> - cmp.execute(new TestComputeTask(remote.localNode().id(), k, v), 0) + cmp.executeAsync(new TestComputeTask(remoteId, k, v), 0).get() ); + final UUID transitionId = srvTransitionAllPerms.localNode().id(); + failCompute( initiator, remote, (cmp, k, v) -> - cmp.executeAsync(new TestComputeTask(remote.localNode().id(), k, v), 0).get() + cmp.execute(new TestTransitionComputeTask(transitionId, remoteId, k, v), 0) + ); + failCompute( + initiator, remote, + (cmp, k, v) -> + cmp.executeAsync(new TestTransitionComputeTask(transitionId, remoteId, k, v), 0).get() ); } @@ -78,7 +106,7 @@ public class ComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { * @param remote Remote node. */ private void successCompute(IgniteEx initiator, IgniteEx remote, - TriConsumer consumer) { + C3 consumer) { int val = values.getAndIncrement(); consumer.accept(initiator.compute(), "key", val); @@ -91,7 +119,7 @@ private void successCompute(IgniteEx initiator, IgniteEx remote, * @param remote Remote node. */ private void failCompute(IgniteEx initiator, IgniteEx remote, - TriConsumer consumer) { + C3 consumer) { assertCauseSecurityException( GridTestUtils.assertThrowsWithCause( () -> consumer.accept(initiator.compute(), "fail_key", -1) @@ -107,17 +135,17 @@ private void failCompute(IgniteEx initiator, IgniteEx remote, */ static class TestComputeTask implements ComputeTask { /** Remote cluster node. */ - private final UUID remote; + protected final UUID remote; /** Key. */ - private final String key; + protected final String key; /** Value. */ - private final Integer val; + protected final Integer val; /** Locale ignite. */ @IgniteInstanceResource - private Ignite loc; + protected Ignite loc; /** * @param remote Remote. @@ -169,4 +197,51 @@ public TestComputeTask(UUID remote, String key, Integer val) { return null; } } + + /** + * Transition compute task for tests. + */ + static class TestTransitionComputeTask extends TestComputeTask { + /** Transition cluster node. */ + private final UUID transition; + + /** + * @param transition Transition. + * @param remote Remote. + * @param key Key. + * @param val Value. + */ + public TestTransitionComputeTask(UUID transition, UUID remote, String key, Integer val) { + super(remote, key, val); + + this.transition = transition; + } + + /** {@inheritDoc} */ + @Override public @Nullable Map map(List subgrid, + @Nullable Integer arg) throws IgniteException { + Map res = new HashMap<>(); + + res.put( + new ComputeJob() { + @IgniteInstanceResource + private Ignite loc; + + @Override public void cancel() { + // no-op + } + + @Override public Object execute() throws IgniteException { + loc.compute().execute( + new TestComputeTask(remote, key, val), 0 + ); + + return null; + } + }, loc.cluster().node(transition) + ); + + return res; + } + } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java index 299ad50d586c1..d09868cc2fd86 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java @@ -19,10 +19,14 @@ import java.util.Arrays; import java.util.Collection; +import java.util.UUID; +import java.util.function.Consumer; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.lang.IgniteCallable; import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.testframework.GridTestUtils; @@ -36,105 +40,315 @@ public class DistributedClosureSecurityTest extends AbstractComputeTaskSecurityTest { /** {@inheritDoc} */ @Override protected void checkSuccess(IgniteEx initiator, IgniteEx remote) { - for(TriConsumer c : consumers()) - successClosure(initiator, remote, c); + for (TransitionClosure tr : transitions()) { + successCall( + remote, + (val) -> tr.remouteC3().accept( + initiator.compute(initiator.cluster().forNode(remote.localNode())), "key", val + ) + ); + + successCall(remote, + (val) -> tr.accept( + initiator.compute(initiator.cluster().forNode(srvTransitionAllPerms.localNode())), + remote.localNode().id(), "key", val + ) + ); + } } /** {@inheritDoc} */ @Override protected void checkFail(IgniteEx initiator, IgniteEx remote) { - for(TriConsumer c : consumers()) - failClosure(initiator, remote, c); + for (TransitionClosure tr : transitions()) { + failCall( + remote, + () -> + tr.remouteC3().accept( + initiator.compute(initiator.cluster().forNode(remote.localNode())), "fail_key", -1 + ) + ); + + failCall(remote, + () -> + tr.accept( + initiator.compute(initiator.cluster().forNode(srvTransitionAllPerms.localNode())), + remote.localNode().id(), "fail_key", -1 + ) + ); + } } /** - * @return Collection of TriConsumers that invoke IgniteCompute methods. + * @param remote Remote node. */ - private Collection> consumers() { + private void successCall(IgniteEx remote, Consumer c) { + int val = values.getAndIncrement(); + + c.accept(val); + + assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + } + + /** + * @param remote Remote node. + */ + private void failCall(IgniteEx remote, Runnable r) { + assertCauseSecurityException( + GridTestUtils.assertThrowsWithCause(r, SecurityException.class) + ); + + assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + } + + /** */ + private Collection transitions() { return Arrays.asList( - (cmp, k, v) -> cmp.broadcast( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ), + //IgniteCompute.broadcast (broadcastAsync) + new TransitionClosure() { + @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { + compute.broadcast( + new IgniteRunnable() { + @Override public void run() { + remouteC3().accept(compute(uuid), k, v); + } + } + ); + } - (cmp, k, v) -> cmp.broadcastAsync( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ).get(), + @Override protected C3 remouteC3() { + return new C3() { + @Override public void accept(IgniteCompute compute, String k, Integer v) { + compute.broadcast( + new IgniteRunnable() { + @Override public void run() { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + } + } + ); + } + }; + } + }, + new TransitionClosure() { + @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { + compute.broadcastAsync( + new IgniteRunnable() { + @Override public void run() { + remouteC3().accept(compute(uuid), k, v); + } + } + ).get(); + } - (cmp, k, v) -> cmp.call( - () -> { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + @Override protected C3 remouteC3() { + return new C3() { + @Override public void accept(IgniteCompute compute, String k, Integer v) { + compute.broadcastAsync( + new IgniteRunnable() { + @Override public void run() { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + } + } + ).get(); + } + }; + } + }, + //IgniteCompute.call (callAsync) + new TransitionClosure() { + @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { + compute.call( + new IgniteCallable() { + @Override public Object call() { + remouteC3().accept(compute(uuid), k, v); - return null; + return null; + } + } + ); } - ), - (cmp, k, v) -> cmp.callAsync( - () -> { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + @Override protected C3 remouteC3() { + return new C3() { + @Override public void accept(IgniteCompute compute, String k, Integer v) { + compute.call( + new IgniteCallable() { + @Override public Object call() { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - return null; + return null; + } + } + ); + } + }; } - ).get(), + }, + new TransitionClosure() { + @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { + compute.callAsync( + new IgniteCallable() { + @Override public Object call() { + remouteC3().accept(compute(uuid), k, v); - (cmp, k, v) -> cmp.run( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ), + return null; + } + } + ).get(); + } - (cmp, k, v) -> cmp.runAsync( - () -> Ignition.localIgnite().cache(CACHE_NAME).put(k, v) - ).get(), + @Override protected C3 remouteC3() { + return new C3() { + @Override public void accept(IgniteCompute compute, String k, Integer v) { + compute.callAsync( + new IgniteCallable() { + @Override public Object call() { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - (cmp, k, v) -> cmp.apply( - new IgniteClosure() { - @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + return null; + } + } + ).get(); + } + }; + } + }, + //IgniteCompute.run (runAsync) + new TransitionClosure() { + @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { + compute.run( + new IgniteRunnable() { + @Override public void run() { + remouteC3().accept(compute(uuid), k, v); + } + } + ); + } - return null; - } - }, new Object() - ), + @Override protected C3 remouteC3() { + return new C3() { + @Override public void accept(IgniteCompute compute, String k, Integer v) { + compute.broadcast( + new IgniteRunnable() { + @Override public void run() { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + } + } + ); + } + }; + } + }, + new TransitionClosure() { + @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { + compute.runAsync( + new IgniteRunnable() { + @Override public void run() { + remouteC3().accept(compute(uuid), k, v); + } + } + ).get(); + } - (cmp, k, v) -> cmp.applyAsync( - new IgniteClosure() { - @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + @Override protected C3 remouteC3() { + return new C3() { + @Override public void accept(IgniteCompute compute, String k, Integer v) { + compute.broadcastAsync( + new IgniteRunnable() { + @Override public void run() { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + } + } + ).get(); + } + }; + } + }, + //IgniteCompute.apply (applyAsync) + new TransitionClosure() { + @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { + compute.apply( + new IgniteClosure() { + @Override public Object apply(Object o) { + remouteC3().accept(compute(uuid), k, v); - return null; - } - }, new Object() - ).get() - ); - } + return null; + } + }, new Object() + ); + } - /** - * @param initiator Initiator node. - * @param remote Remote node. - * @param consumer Consumer. - */ - private void successClosure(IgniteEx initiator, IgniteEx remote, - TriConsumer consumer) { - int val = values.getAndIncrement(); + @Override protected C3 remouteC3() { + return new C3() { + @Override public void accept(IgniteCompute compute, String k, Integer v) { + compute.apply( + new IgniteClosure() { + @Override public Object apply(Object o) { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - consumer.accept(initiator.compute(initiator.cluster().forNode(remote.localNode())), "key", val); + return null; + } + }, new Object() + ); + } + }; + } + }, + new TransitionClosure() { + @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { + compute.applyAsync( + new IgniteClosure() { + @Override public Object apply(Object o) { + remouteC3().accept(compute(uuid), k, v); - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + return null; + } + }, new Object() + ).get(); + } + + @Override protected C3 remouteC3() { + return new C3() { + @Override public void accept(IgniteCompute compute, String k, Integer v) { + compute.applyAsync( + new IgniteClosure() { + @Override public Object apply(Object o) { + Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + + return null; + } + }, new Object() + ).get(); + } + }; + } + } + ); } /** - * @param initiator Initiator node. - * @param remote Remote node. - * @param consumer Consumer. + * Closure for transition tests. */ - private void failClosure(IgniteEx initiator, IgniteEx remote, - TriConsumer consumer) { - assertCauseSecurityException( - GridTestUtils.assertThrowsWithCause( - () -> - consumer.accept( - initiator.compute(initiator.cluster().forNode(remote.localNode())), "fail_key", -1 - ), SecurityException.class - ) - ); + private abstract static class TransitionClosure { + /** + * @return IgniteCompute for group that contains only remoteId node. + */ + protected IgniteCompute compute(UUID remoteId) { + IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + return loc.compute(loc.cluster().forNode( + loc.cluster().node(remoteId) + )); + } + + /** + * Performs this operation on the given arguments. + */ + public abstract void accept(IgniteCompute cmpt, UUID id, String k, Integer v); + + /** + * @return TriConsumer. + */ + protected abstract C3 remouteC3(); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java index e2aec6024d370..8f2cd71de8a57 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java @@ -17,6 +17,8 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.UUID; +import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; @@ -31,9 +33,7 @@ */ @RunWith(JUnit4.class) public class ExecutorServiceTaskSecurityTest extends AbstractResolveSecurityContextTest { - /** - * - */ + /** */ @Test public void testExecute() { assertAllowed((t) -> execute(clntAllPerms, clntReadOnlyPerm, t)); @@ -43,12 +43,26 @@ public void testExecute() { assertAllowed((t) -> execute(srvAllPerms, srvAllPerms, t)); assertAllowed((t) -> execute(clntAllPerms, clntAllPerms, t)); + assertAllowed((t) -> transitionExecute(clntAllPerms, clntReadOnlyPerm, t)); + assertAllowed((t) -> transitionExecute(clntAllPerms, srvReadOnlyPerm, t)); + assertAllowed((t) -> transitionExecute(srvAllPerms, clntReadOnlyPerm, t)); + assertAllowed((t) -> transitionExecute(srvAllPerms, srvReadOnlyPerm, t)); + assertAllowed((t) -> transitionExecute(srvAllPerms, srvAllPerms, t)); + assertAllowed((t) -> transitionExecute(clntAllPerms, clntAllPerms, t)); + assertForbidden((t) -> execute(clntReadOnlyPerm, srvAllPerms, t)); assertForbidden((t) -> execute(clntReadOnlyPerm, clntAllPerms, t)); assertForbidden((t) -> execute(srvReadOnlyPerm, srvAllPerms, t)); assertForbidden((t) -> execute(srvReadOnlyPerm, clntAllPerms, t)); assertForbidden((t) -> execute(srvReadOnlyPerm, srvReadOnlyPerm, t)); assertForbidden((t) -> execute(clntReadOnlyPerm, clntReadOnlyPerm, t)); + + assertForbidden((t) -> transitionExecute(clntReadOnlyPerm, srvAllPerms, t)); + assertForbidden((t) -> transitionExecute(clntReadOnlyPerm, clntAllPerms, t)); + assertForbidden((t) -> transitionExecute(srvReadOnlyPerm, srvAllPerms, t)); + assertForbidden((t) -> transitionExecute(srvReadOnlyPerm, clntAllPerms, t)); + assertForbidden((t) -> transitionExecute(srvReadOnlyPerm, srvReadOnlyPerm, t)); + assertForbidden((t) -> transitionExecute(clntReadOnlyPerm, clntReadOnlyPerm, t)); } /** @@ -71,4 +85,38 @@ private void execute(IgniteEx initiator, IgniteEx remote, T2 en throw new RuntimeException(e); } } + + /** + * @param initiator Initiator node. + * @param remote Remoute node. + */ + private void transitionExecute(IgniteEx initiator, IgniteEx remote, T2 entry) { + try { + final UUID remoteId = remote.localNode().id(); + + initiator.executorService(initiator.cluster().forNode(srvTransitionAllPerms.localNode())) + .submit( + new IgniteRunnable() { + @Override public void run() { + Ignite ignite = Ignition.localIgnite(); + + try { + ignite.executorService(ignite.cluster().forNode(ignite.cluster().node(remoteId))) + .submit(new IgniteRunnable() { + @Override public void run() { + Ignition.localIgnite().cache(CACHE_NAME) + .put(entry.getKey(), entry.getValue()); + } + }).get(); + }catch (Exception e){ + throw new RuntimeException(e); + } + } + } + ).get(); + } + catch (Exception e) { + throw new RuntimeException(e); + } + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java index 8d748f856c14b..1de72ae3def45 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java @@ -37,59 +37,74 @@ */ @RunWith(JUnit4.class) public class IgniteDataStreamerSecurityTest extends AbstractCacheSecurityTest { - /** - * - */ + /** */ @Test public void testDataStreamer() { - assertAllowed((t) -> load(clntAllPerms, srvAllPerms, t)); - assertAllowed((t) -> load(clntAllPerms, srvReadOnlyPerm, t)); - assertAllowed((t) -> load(srvAllPerms, srvAllPerms, t)); - assertAllowed((t) -> load(srvAllPerms, srvReadOnlyPerm, t)); - - assertForbidden((t) -> load(clntReadOnlyPerm, srvAllPerms, t)); - assertForbidden((t) -> load(srvReadOnlyPerm, srvAllPerms, t)); - assertForbidden((t) -> load(srvReadOnlyPerm, srvReadOnlyPerm, t)); + checkDataStreamer(false); + checkDataStreamer(true); + } + + /** + * @param isTransition True if transition test. + */ + private void checkDataStreamer(boolean isTransition){ + assertAllowed((t) -> load(clntAllPerms, srvAllPerms, t, isTransition)); + assertAllowed((t) -> load(clntAllPerms, srvReadOnlyPerm, t, isTransition)); + assertAllowed((t) -> load(srvAllPerms, srvAllPerms, t, isTransition)); + assertAllowed((t) -> load(srvAllPerms, srvReadOnlyPerm, t, isTransition)); + + assertForbidden((t) -> load(clntReadOnlyPerm, srvAllPerms, t, isTransition)); + assertForbidden((t) -> load(srvReadOnlyPerm, srvAllPerms, t, isTransition)); + assertForbidden((t) -> load(srvReadOnlyPerm, srvReadOnlyPerm, t, isTransition)); } /** * @param initiator Initiator node. * @param remote Remoute node. */ - private void load(IgniteEx initiator, IgniteEx remote, T2 entry) { + private void load(IgniteEx initiator, IgniteEx remote, T2 entry, boolean isTransition) { try (IgniteDataStreamer strm = initiator.dataStreamer(COMMON_USE_CACHE)) { - strm.receiver( - StreamVisitor.from( - new TestClosure(remote.localNode().id(), entry.getKey(), entry.getValue()) - )); + strm.receiver(StreamVisitor.from(closure(remote, entry, isTransition))); - strm.addData(primaryKey(remote), 100); + strm.addData(primaryKey(isTransition ? srvTransitionAllPerms : remote), 100); } } + /** + * @param remote Remote node. + * @param entry Data to put into test cache. + * @param isTransition True if transition test. + * @return Receiver's closure. + */ + private TestClosure closure(IgniteEx remote, T2 entry, boolean isTransition) { + if (isTransition) + return new TransitionTestClosure( + srvTransitionAllPerms.localNode().id(), + remote.localNode().id(), + entry + ); + + return new TestClosure(remote.localNode().id(), entry); + } + /** * Closure for tests. */ static class TestClosure implements IgniteBiInClosure, Map.Entry> { /** Remote node id. */ - private final UUID remoteId; + protected final UUID remoteId; - /** Key. */ - private final String key; - - /** Value. */ - private final Integer val; + /** Data to put into test cache. */ + protected final T2 t2; /** * @param remoteId Remote node id. - * @param key Key. - * @param val Value. + * @param t2 Data to put into test cache. */ - public TestClosure(UUID remoteId, String key, Integer val) { + public TestClosure(UUID remoteId, T2 t2) { this.remoteId = remoteId; - this.key = key; - this.val = val; + this.t2 = t2; } /** {@inheritDoc} */ @@ -98,7 +113,37 @@ public TestClosure(UUID remoteId, String key, Integer val) { Ignite loc = Ignition.localIgnite(); if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_NAME).put(key, val); + loc.cache(CACHE_NAME).put(t2.getKey(), t2.getValue()); + } + } + + /** + * Closure for transition tests. + */ + static class TransitionTestClosure extends TestClosure { + /** Transition node id. */ + private final UUID transitionId; + + /** + * @param transitionId Transition node id. + * @param remoteId Remote node id. + * @param t2 Data to put into test cache. + */ + public TransitionTestClosure(UUID transitionId, UUID remoteId, T2 t2) { + super(remoteId, t2); + + this.transitionId = transitionId; + } + + /** {@inheritDoc} */ + @Override public void apply(IgniteCache entries, + Map.Entry entry) { + Ignite loc = Ignition.localIgnite(); + + if (transitionId.equals(loc.cluster().localNode().id())){ + loc.compute(loc.cluster().forNode(loc.cluster().node(remoteId))) + .broadcast(()->Ignition.localIgnite().cache(CACHE_NAME).put(t2.getKey(), t2.getValue())); + } } } } From a5804836fc83528f94662ffbb7eda82d0febbe03 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 30 Jan 2019 12:06:45 +0300 Subject: [PATCH 39/98] IGNITE-9560 Modified the logic of IgniteSecurityProcessorImpl with taking into account disabled mode. Refactoring of tests. --- .../managers/communication/GridIoManager.java | 13 +- .../managers/communication/GridIoMessage.java | 23 +- .../security/IgniteSecurityProcessorImpl.java | 61 ++- .../security/AbstractCachePermissionTest.java | 2 + .../security/AbstractCacheSecurityTest.java | 39 +- .../security/AbstractPermissionTest.java | 53 +++ .../AbstractResolveSecurityContextTest.java | 166 +++++-- .../security/AbstractSecurityTest.java | 51 -- .../closure/EntryProcessorSecurityTest.java | 123 ++--- .../cache/closure/LoadCacheSecurityTest.java | 109 ++--- .../cache/closure/ScanQuerySecurityTest.java | 290 +++--------- .../AbstractComputeTaskSecurityTest.java | 83 ++-- .../closure/ComputeTaskSecurityTest.java | 219 +++------ .../DistributedClosureSecurityTest.java | 441 ++++++------------ .../ExecutorServiceTaskSecurityTest.java | 135 +++--- .../IgniteDataStreamerSecurityTest.java | 106 +---- .../messaging/IgniteMessagingTest.java | 110 ++--- .../AuthorizeOperationsTestSuite.java | 52 +-- 18 files changed, 794 insertions(+), 1282 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index b399818d18b03..60b0f3c22674c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -1559,7 +1559,9 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - try(IgniteSecuritySession s = ctx.security().startSession(secSubjId)) { + UUID curSecSubjId = secSubjId != null ? secSubjId : nodeId; + + try(IgniteSecuritySession s = ctx.security().startSession(curSecSubjId)) { lsnr.onMessage(nodeId, msg, plc); } finally { @@ -1621,7 +1623,14 @@ private void send( assert !async || msg instanceof GridIoUserMessage : msg; // Async execution was added only for IgniteMessaging. assert topicOrd >= 0 || !(topic instanceof GridTopic) : msg; - UUID secSubjId = ctx.security().securityContext().subject().id(); + UUID secSubjId = null; + + if(ctx.security().enabled()) { + UUID curSecSubjId = ctx.security().securityContext().subject().id(); + + if (!locNodeId.equals(curSecSubjId)) + secSubjId = curSecSubjId; + } GridIoMessage ioMsg = new GridIoMessage(secSubjId, plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java index 78e08736d4870..a93f45d5481ac 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java @@ -99,7 +99,6 @@ public GridIoMessage( long timeout, boolean skipOnTimeout ) { - assert secSubjId != null; assert topic != null; assert topicOrd <= Byte.MAX_VALUE; assert msg != null; @@ -237,34 +236,35 @@ boolean isOrdered() { writer.incrementState(); case 3: - if (!writer.writeBoolean("skipOnTimeout", skipOnTimeout)) + if (!writer.writeUuid("secSubjId", secSubjId)) return false; writer.incrementState(); case 4: - if (!writer.writeLong("timeout", timeout)) + if (!writer.writeBoolean("skipOnTimeout", skipOnTimeout)) return false; writer.incrementState(); case 5: - if (!writer.writeByteArray("topicBytes", topicBytes)) + if (!writer.writeLong("timeout", timeout)) return false; writer.incrementState(); case 6: - if (!writer.writeInt("topicOrd", topicOrd)) + if (!writer.writeByteArray("topicBytes", topicBytes)) return false; writer.incrementState(); case 7: - if (!writer.writeUuid("secSubjId", secSubjId)) + if (!writer.writeInt("topicOrd", topicOrd)) return false; writer.incrementState(); + } return true; @@ -303,7 +303,7 @@ boolean isOrdered() { reader.incrementState(); case 3: - skipOnTimeout = reader.readBoolean("skipOnTimeout"); + secSubjId = reader.readUuid("secSubjId"); if (!reader.isLastRead()) return false; @@ -311,7 +311,7 @@ boolean isOrdered() { reader.incrementState(); case 4: - timeout = reader.readLong("timeout"); + skipOnTimeout = reader.readBoolean("skipOnTimeout"); if (!reader.isLastRead()) return false; @@ -319,7 +319,7 @@ boolean isOrdered() { reader.incrementState(); case 5: - topicBytes = reader.readByteArray("topicBytes"); + timeout = reader.readLong("timeout"); if (!reader.isLastRead()) return false; @@ -327,7 +327,7 @@ boolean isOrdered() { reader.incrementState(); case 6: - topicOrd = reader.readInt("topicOrd"); + topicBytes = reader.readByteArray("topicBytes"); if (!reader.isLastRead()) return false; @@ -335,12 +335,13 @@ boolean isOrdered() { reader.incrementState(); case 7: - secSubjId = reader.readUuid("secSubjId"); + topicOrd = reader.readInt("topicOrd"); if (!reader.isLastRead()) return false; reader.incrementState(); + } return reader.afterMessageRead(GridIoMessage.class); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index 259273a9341c1..808d82ba03253 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -30,6 +30,13 @@ * Default Grid security Manager implementation. */ public class IgniteSecurityProcessorImpl implements IgniteSecurityProcessor, GridProcessor { + /** Security session that is used if GridSecurityProcessor is not enabled. */ + private static final IgniteSecuritySession SECURITY_SESSION_DISABLED_MODE = new IgniteSecuritySession() { + @Override public void close() { + //no-op + } + }; + /** Current security context. */ private final ThreadLocal curSecCtx = ThreadLocal.withInitial(this::localSecurityContext); @@ -58,29 +65,45 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public IgniteSecuritySession startSession(SecurityContext secCtx) { - assert secCtx != null; + if (enabled()) { + assert secCtx != null; + + SecurityContext old = curSecCtx.get(); - SecurityContext old = curSecCtx.get(); + curSecCtx.set(secCtx); - curSecCtx.set(secCtx); + return new IgniteSecuritySessionImpl(this, old); + } - return new IgniteSecuritySessionImpl(this, old); + return SECURITY_SESSION_DISABLED_MODE; } /** {@inheritDoc} */ @Override public IgniteSecuritySession startSession(UUID nodeId) { - return startSession( - secCtxs.computeIfAbsent(nodeId, - uuid -> nodeSecurityContext( - marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().node(uuid) + if (enabled()) { + return startSession( + secCtxs.computeIfAbsent(nodeId, + uuid -> nodeSecurityContext( + marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().node(uuid) + ) ) - ) - ); + ); + } + + return SECURITY_SESSION_DISABLED_MODE; } /** {@inheritDoc} */ @Override public SecurityContext securityContext() { - return curSecCtx.get(); + SecurityContext res = null; + + if (enabled()) { + res = curSecCtx.get(); + + assert res != null; + } + + return res; } /** {@inheritDoc} */ @@ -116,9 +139,13 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public void authorize(String name, SecurityPermission perm) throws SecurityException { - SecurityContext secCtx = curSecCtx.get(); + SecurityContext secCtx = null; + + if (enabled()) { + secCtx = curSecCtx.get(); - assert secCtx != null; + assert secCtx != null; + } secPrc.authorize(name, perm, secCtx); } @@ -140,9 +167,11 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public void onKernalStart(boolean active) throws IgniteCheckedException { - ctx.event().addDiscoveryEventListener( - (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()), EVT_NODE_FAILED, EVT_NODE_LEFT - ); + if (enabled()) { + ctx.event().addDiscoveryEventListener( + (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()), EVT_NODE_FAILED, EVT_NODE_LEFT + ); + } secPrc.onKernalStart(active); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java index 18d24b3ec434a..ad29456294802 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java @@ -24,6 +24,8 @@ * */ public abstract class AbstractCachePermissionTest extends AbstractPermissionTest { + /** Cache name for tests. */ + protected static final String CACHE_NAME = "TEST_CACHE"; /** Forbidden cache. */ protected static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java index cea885927db05..81e6028510f68 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java @@ -22,13 +22,14 @@ import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.util.typedef.G; /** * */ public abstract class AbstractCacheSecurityTest extends AbstractResolveSecurityContextTest { /** Cache name for tests. */ - protected static final String COMMON_USE_CACHE = "COMMON_USE_CACHE"; + protected static final String CACHE_NAME = "TEST_CACHE"; /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { @@ -44,22 +45,34 @@ protected CacheConfiguration[] getCacheConfigurations() { new CacheConfiguration<>() .setName(CACHE_NAME) .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false), - new CacheConfiguration<>() - .setName(COMMON_USE_CACHE) - .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false) }; } /** - * Getting the key that is contained on primary partition on passed node for given cache. + * Sets up VERIFIER, performs the runnable and checks the result. + * + * @param node Node. + * @param r Runnable. + */ + protected void perform(IgniteEx node, Runnable r){ + VERIFIER.start(secSubjectId(node)) + .add(srvTransition.name(), 1) + .add(srvEndpoint.name(), 1); + + r.run(); + + VERIFIER.checkResult(); + } + + /** + * Getting the key that is contained on primary partition on passed node for {@link #CACHE_NAME} cache. * * @param ignite Node. * @return Key. */ - protected Integer primaryKey(IgniteEx ignite) { - Affinity affinity = ignite.affinity(COMMON_USE_CACHE); + protected static Integer prmKey(IgniteEx ignite) { + Affinity affinity = ignite.affinity(CACHE_NAME); int i = 0; do { @@ -71,4 +84,14 @@ protected Integer primaryKey(IgniteEx ignite) { throw new IllegalStateException(ignite.name() + " isn't primary node for any key."); } + + /** + * Getting the key that is contained on primary partition on passed node for {@link #CACHE_NAME} cache. + * + * @param nodeName Node name. + * @return Key. + */ + protected static Integer prmKey(String nodeName) { + return prmKey((IgniteEx)G.ignite(nodeName)); + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java index 780739571b201..e4c1c5723f332 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java @@ -17,10 +17,25 @@ package org.apache.ignite.internal.processor.security; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.function.Consumer; +import org.apache.ignite.Ignite; +import org.apache.ignite.internal.util.typedef.T2; +import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.plugin.security.SecurityException; + +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.core.Is.is; +import static org.hamcrest.core.IsNull.nullValue; +import static org.junit.Assert.assertThat; + /** * */ public abstract class AbstractPermissionTest extends AbstractSecurityTest { + /** Values. */ + protected AtomicInteger values = new AtomicInteger(0); + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -37,4 +52,42 @@ public abstract class AbstractPermissionTest extends AbstractSecurityTest { protected String loginPrefix(boolean isClient) { return isClient ? "client" : "server"; } + + /** + * @return Cache entry for test. + */ + protected T2 entry() { + int val = values.incrementAndGet(); + + return new T2<>("key_" + val, -1 * val); + } + + /** + * @param c Consumer. + */ + protected void assertAllowed(Ignite validator, String cacheName, Consumer> c) { + T2 entry = entry(); + + c.accept(entry); + + assertThat(validator.cache(cacheName).get(entry.getKey()), is(entry.getValue())); + } + + /** + * @param c Consumer. + */ + protected void assertForbidden(Ignite validator, String cacheName, Consumer> c) { + T2 entry = entry(); + + try { + c.accept(entry); + + fail("Should not happen."); + } + catch (Throwable e) { + assertThat(X.cause(e, SecurityException.class), notNullValue()); + } + + assertThat(validator.cache(cacheName).get(entry.getKey()), nullValue()); + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java index 233f5e37b619f..6224ec76d6011 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java @@ -17,80 +17,67 @@ package org.apache.ignite.internal.processor.security; -import java.util.function.Consumer; -import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.configuration.IgniteConfiguration; +import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; +import java.util.function.BiFunction; +import org.apache.ignite.Ignite; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.core.Is.is; import static org.junit.Assert.assertThat; /** * */ public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { - /** Sever node that has all permissions for TEST_CACHE. */ - protected IgniteEx srvAllPerms; + /** Verifier to check results of tests. */ + protected static final Verifier VERIFIER = new Verifier(); - /** Sever node that has all permissions for TEST_CACHE. */ - protected IgniteEx srvTransitionAllPerms; + /** Sever node. */ + protected IgniteEx srvInitiator; - /** Client node that has all permissions for TEST_CACHE. */ - protected IgniteEx clntAllPerms; + /** Client node. */ + protected IgniteEx clntInitiator; - /** Sever node that has read only permission for TEST_CACHE. */ - protected IgniteEx srvReadOnlyPerm; + /** Sever node. */ + protected IgniteEx srvTransition; - /** Client node that has read only permission for TEST_CACHE. */ - protected IgniteEx clntReadOnlyPerm; + /** Sever node. */ + protected IgniteEx srvEndpoint; /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - srvAllPerms = startGrid("srv_all_perms", allowAllPermissionSet()); - - srvTransitionAllPerms = startGrid("srv_trns_all_perms", allowAllPermissionSet()); - - clntAllPerms = startGrid("clnt_all_perms", allowAllPermissionSet(), true); - - srvReadOnlyPerm = startGrid("srv_read_only_perm", - builder().defaultAllowAll(true) - .appendCachePermissions(CACHE_NAME, CACHE_READ).build()); - - clntReadOnlyPerm = startGrid("clnt_read_only_perm", - builder().defaultAllowAll(true) - .appendCachePermissions(CACHE_NAME, CACHE_READ).build(), true); + startNodes(); grid(0).cluster().active(true); } - /** {@inheritDoc} */ - @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { - return super.getConfiguration(igniteInstanceName) - .setCacheConfiguration(new CacheConfiguration<>() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false)); - } - /** - * @param c Consumer. + * Starts nodes. */ - protected void assertAllowed(Consumer> c) { - assertAllowed(srvAllPerms, CACHE_NAME, c); + protected void startNodes() throws Exception { + srvInitiator = startGrid("srv_initiator", allowAllPermissionSet()); + + clntInitiator = startGrid("clnt_initiator", allowAllPermissionSet(), true); + + srvTransition = startGrid("srv_transition", allowAllPermissionSet()); + + srvEndpoint = startGrid("srv_endpoint", allowAllPermissionSet()); } /** - * @param c Consumer. + * @param ign Node. + * + * @return Security subject id of passed node. */ - protected void assertForbidden(Consumer> c) { - assertForbidden(srvAllPerms, CACHE_NAME, c); + protected UUID secSubjectId(IgniteEx ign) { + return ign.context().security().securityContext().subject().id(); } /** @@ -101,4 +88,97 @@ protected void assertForbidden(Consumer> c) { protected void assertCauseSecurityException(Throwable throwable) { assertThat(X.cause(throwable, SecurityException.class), notNullValue()); } + + /** + * Responsible for verifying of tests results. + */ + public static class Verifier { + /** + * Map that contains an expected behaviour. + */ + private final ConcurrentHashMap> map = new ConcurrentHashMap<>(); + + /** + * Expected security subject id. + */ + private UUID expSecSubjId; + + /** + * Prepare for test. + * + * @param expSecSubjId Expected security subject id. + */ + public Verifier start(UUID expSecSubjId) { + this.expSecSubjId = expSecSubjId; + + map.clear(); + + return this; + } + + /** + * Adds expected behaivior the method {@link #verify(IgniteEx)} will be invoke exp times on the node with passed + * name. + * + * @param nodeName Node name. + * @param exp Expected number of invokes. + */ + public Verifier add(String nodeName, int exp) { + map.put(nodeName, new T2<>(exp, 0)); + + return this; + } + + /** + * Checks that current security context is valid and + * incriments invoke's counter. + * + * @param ignite Local node. + */ + public void verify(Ignite ignite) { + verify((IgniteEx)ignite); + } + + /** + * Checks that current security context is valid and + * incriments invoke's counter. + * + * @param ignite Local node. + */ + public void verify(IgniteEx ignite) { + assert expSecSubjId != null; + assert ignite != null; + + assertThat( + ignite.context().security().securityContext().subject().id(), + is(expSecSubjId) + ); + + map.computeIfPresent(ignite.name(), + new BiFunction, T2>() { + @Override public T2 apply(String name, T2 t2) { + Integer val = t2.getValue(); + + t2.setValue(++val); + + return t2; + } + }); + } + + /** + * Checks result of test and clears expected behavior. + */ + public void checkResult() { + assert !map.isEmpty(); + + map.forEach((key, value) -> + assertThat("Node " + key + ". Execution of verify: ", + value.get2(), is(value.get1()))); + + map.clear(); + + expSecSubjId = null; + } + } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index a13feabdd8928..c94301194f6fb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -17,16 +17,11 @@ package org.apache.ignite.internal.processor.security; -import java.util.concurrent.atomic.AtomicInteger; -import java.util.function.Consumer; -import org.apache.ignite.Ignite; import org.apache.ignite.configuration.DataRegionConfiguration; import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.internal.util.typedef.T2; -import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; @@ -34,8 +29,6 @@ import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.core.Is.is; -import static org.hamcrest.core.IsNull.nullValue; import static org.junit.Assert.assertThat; /** @@ -48,12 +41,6 @@ public class AbstractSecurityTest extends GridCommonAbstractTest { /** Empty array of permissions. */ protected static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; - /** Cache name for tests. */ - protected static final String CACHE_NAME = "TEST_CACHE"; - - /** Values. */ - protected AtomicInteger values = new AtomicInteger(0); - /** {@inheritDoc} */ @Override protected void afterTestsStopped() throws Exception { super.afterTestsStopped(); @@ -179,44 +166,6 @@ protected SecurityPermissionSet allowAllPermissionSet() { return builder().defaultAllowAll(true).build(); } - /** - * @return Cache entry for test. - */ - protected T2 entry() { - int val = values.incrementAndGet(); - - return new T2<>("key_" + val, -1 * val); - } - - /** - * @param c Consumer. - */ - protected void assertAllowed(Ignite validator, String cacheName, Consumer> c) { - T2 entry = entry(); - - c.accept(entry); - - assertThat(validator.cache(cacheName).get(entry.getKey()), is(entry.getValue())); - } - - /** - * @param c Consumer. - */ - protected void assertForbidden(Ignite validator, String cacheName, Consumer> c) { - T2 entry = entry(); - - try { - c.accept(entry); - - fail("Should not happen."); - } - catch (Throwable e) { - assertThat(X.cause(e, SecurityException.class), notNullValue()); - } - - assertThat(validator.cache(cacheName).get(entry.getKey()), nullValue()); - } - /** * Method {@link TestRunnable#run()} should throw {@link SecurityException}. * diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java index c94003f72485a..0574fd94b239c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java @@ -26,7 +26,6 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; -import org.apache.ignite.plugin.security.SecurityPermission; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -36,55 +35,30 @@ */ @RunWith(JUnit4.class) public class EntryProcessorSecurityTest extends AbstractCacheSecurityTest { - /** */ + /** + * + */ @Test - public void testEntryProcessor() { - checkInvoke(clntAllPerms, srvAllPerms, true); - checkInvoke(clntAllPerms, srvReadOnlyPerm, true); - checkInvoke(srvAllPerms, srvReadOnlyPerm, true); - - checkInvoke(clntReadOnlyPerm, srvAllPerms, false); - checkInvoke(srvReadOnlyPerm, srvAllPerms, false); + public void test() { + execute(srvInitiator); + execute(clntInitiator); } /** - * @param initiator Initiator node. - * @param remote Remote node. + * @param initiator Node that initiates an execution. */ - private void checkInvoke(IgniteEx initiator, IgniteEx remote, boolean isSuccess) { - assert !remote.localNode().isClient(); - - final UUID remoteId = remote.localNode().id(); - - final Integer key = primaryKey(remote); + private void execute(IgniteEx initiator) { + UUID secSubjectId = secSubjectId(initiator); for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { - if (isSuccess) - invoke(ime, initiator, new TestEntryProcessor(remoteId), key); - else { - forbiddenRun( - () -> invoke(ime, initiator, new TestEntryProcessor(remoteId), key) - ); - } - } - - final UUID transitionId = srvTransitionAllPerms.localNode().id(); + VERIFIER.start(secSubjectId) + .add(srvTransition.name(), 1) + .add(srvEndpoint.name(), 1); - final Integer transitionKey = primaryKey(srvTransitionAllPerms); + invoke(ime, initiator, + new TestEntryProcessor(ime, srvEndpoint.name()), prmKey(srvTransition)); - for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { - if (isSuccess) { - invoke(ime, initiator, - new TestTransitionEntryProcessor(ime, transitionId, remoteId, key), - transitionKey); - } - else { - forbiddenRun( - () -> invoke(ime, initiator, - new TestTransitionEntryProcessor(ime, transitionId, remoteId, key), - transitionKey) - ); - } + VERIFIER.checkResult(); } } @@ -94,27 +68,27 @@ private void checkInvoke(IgniteEx initiator, IgniteEx remote, boolean isSuccess) * @param ep Entry Processor. * @param key Key. */ - static void invoke(InvokeMethodEnum ime, IgniteEx initiator, + private static void invoke(InvokeMethodEnum ime, IgniteEx initiator, EntryProcessor ep, Integer key) { switch (ime) { case INVOKE: - initiator.cache(COMMON_USE_CACHE) + initiator.cache(CACHE_NAME) .invoke(key, ep); break; case INVOKE_ALL: - initiator.cache(COMMON_USE_CACHE) + initiator.cache(CACHE_NAME) .invokeAll(Collections.singleton(key), ep) .values().stream().findFirst().ifPresent(EntryProcessorResult::get); break; case INVOKE_ASYNC: - initiator.cache(COMMON_USE_CACHE) + initiator.cache(CACHE_NAME) .invokeAsync(key, ep).get(); break; case INVOKE_ALL_ASYNC: - initiator.cache(COMMON_USE_CACHE) + initiator.cache(CACHE_NAME) .invokeAllAsync(Collections.singleton(key), ep) .get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); @@ -125,7 +99,7 @@ static void invoke(InvokeMethodEnum ime, IgniteEx initiator, } /** Enum for ways to invoke EntryProcessor. */ - enum InvokeMethodEnum { + private enum InvokeMethodEnum { /** Invoke. */ INVOKE, /** Invoke all. */ @@ -136,54 +110,23 @@ enum InvokeMethodEnum { INVOKE_ALL_ASYNC } - /** - * Entry processor for tests. - */ - static class TestEntryProcessor implements EntryProcessor { - /** Remote node id. */ - protected final UUID remoteId; - - /** - * @param remoteId Remote id. - */ - public TestEntryProcessor(UUID remoteId) { - this.remoteId = remoteId; - } - - /** {@inheritDoc} */ - @Override public Object process(MutableEntry entry, - Object... objects) throws EntryProcessorException { - IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - - assertEquals(remoteId, loc.localNode().id()); - - loc.context().security().authorize(CACHE_NAME, SecurityPermission.CACHE_PUT); - - return null; - } - } - /** * Entry processor for tests with transition invoke call. */ - static class TestTransitionEntryProcessor extends TestEntryProcessor { - /** */ + static class TestEntryProcessor implements EntryProcessor { + /** Invoke method. */ private final InvokeMethodEnum ime; - /** Transition node id */ - private final UUID transitionId; - /** The key that is contained on primary partition on remote node for given cache. */ - private final Integer remoteKey; + /** Endpoint node name. */ + private final String endpoint; /** - * @param remoteId Remote id. + * @param ime Invoke method. + * @param endpoint Endpoint node name. */ - public TestTransitionEntryProcessor(InvokeMethodEnum ime, UUID transitionId, UUID remoteId, Integer remoteKey) { - super(remoteId); - + public TestEntryProcessor(InvokeMethodEnum ime, String endpoint) { this.ime = ime; - this.transitionId = transitionId; - this.remoteKey = remoteKey; + this.endpoint = endpoint; } /** {@inheritDoc} */ @@ -191,9 +134,13 @@ public TestTransitionEntryProcessor(InvokeMethodEnum ime, UUID transitionId, UUI Object... objects) throws EntryProcessorException { IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - assertEquals(transitionId, loc.localNode().id()); + VERIFIER.verify(loc); - invoke(ime, loc, new TestEntryProcessor(remoteId), remoteKey); + if (endpoint != null) { + invoke( + ime, loc, new TestEntryProcessor(ime, null), prmKey(endpoint) + ); + } return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java index 5944ba9d09a86..d9e3368f0f8b4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java @@ -17,7 +17,6 @@ package org.apache.ignite.internal.processor.security.cache.closure; -import java.util.UUID; import javax.cache.Cache; import javax.cache.configuration.Factory; import javax.cache.integration.CacheLoaderException; @@ -27,7 +26,6 @@ import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; -import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.resources.IgniteInstanceResource; @@ -46,12 +44,8 @@ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { /** {@inheritDoc} */ @Override protected CacheConfiguration[] getCacheConfigurations() { return new CacheConfiguration[] { - new CacheConfiguration() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false), new CacheConfiguration() - .setName(COMMON_USE_CACHE) + .setName(CACHE_NAME) .setCacheMode(CacheMode.PARTITIONED) .setReadFromBackup(false) .setCacheStoreFactory(new TestStoreFactory()), @@ -67,104 +61,53 @@ public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { * */ @Test - public void testLoadCache() { - testLoadCache(false); - testLoadCache(true); - } - - /** - * @param isTransition True for transition case. - */ - private void testLoadCache(boolean isTransition) { - assertAllowed((t) -> load(clntAllPerms, closure(srvAllPerms, t, isTransition))); - assertAllowed((t) -> load(clntAllPerms, closure(srvReadOnlyPerm, t, isTransition))); - assertAllowed((t) -> load(srvAllPerms, closure(srvAllPerms, t, isTransition))); - assertAllowed((t) -> load(srvAllPerms, closure(srvReadOnlyPerm, t, isTransition))); - - assertForbidden((t) -> load(clntReadOnlyPerm, closure(srvAllPerms, t, isTransition))); - assertForbidden((t) -> load(srvReadOnlyPerm, closure(srvAllPerms, t, isTransition))); - assertForbidden((t) -> load(srvReadOnlyPerm, closure(srvReadOnlyPerm, t, isTransition))); - } - - /** - * @param remote Remote. - * @param entry Entry to put into test cache. - * @param isTransition True if predicate to test transition case. - */ - private IgniteBiPredicate closure(IgniteEx remote, - T2 entry, boolean isTransition) { - assert !remote.localNode().isClient(); - - if (isTransition) - return new TransitionTestClosure(srvTransitionAllPerms.localNode().id(), - remote.localNode().id(), entry); - return new TestClosure(remote.localNode().id(), entry); + public void test() { + perform(srvInitiator, ()->loadCache(srvInitiator)); + perform(clntInitiator, ()->loadCache(clntInitiator)); } /** * @param initiator Initiator node. - * @param p Predicate. */ - private void load(IgniteEx initiator, IgniteBiPredicate p) { - initiator.cache(COMMON_USE_CACHE).loadCache(p); + private void loadCache(IgniteEx initiator) { + initiator.cache(CACHE_NAME).loadCache( + new TestClosure(srvTransition.name(), srvEndpoint.name()) + ); } /** * Closure for tests. */ static class TestClosure implements IgniteBiPredicate { - /** Remote node id. */ - protected final UUID remoteId; - - /** Data to put into test cache. */ - protected final T2 t2; - /** Locale ignite. */ @IgniteInstanceResource - protected Ignite loc; + private Ignite loc; - /** - * @param remoteId Remote node id. - * @param t2 Data to put into test cache. - */ - public TestClosure(UUID remoteId, T2 t2) { - this.remoteId = remoteId; - this.t2 = t2; - } + /** Expected local node name. */ + private final String node; - /** {@inheritDoc} */ - @Override public boolean apply(Integer k, Integer v) { - if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_NAME).put(t2.getKey(), t2.getValue()); - - return false; - } - } - - /** - * Closure for transition tests. - */ - static class TransitionTestClosure extends TestClosure { - /** Transition node id. */ - private final UUID transitionId; + /** Endpoint node name. */ + private final String endpoint; /** - * @param transitionId Transition node id. - * @param remoteId Remote node id. - * @param t2 Data to put into test cache. + * @param node Expected local node name. + * @param endpoint Endpoint node name. */ - public TransitionTestClosure(UUID transitionId, UUID remoteId, T2 t2) { - super(remoteId, t2); - - this.transitionId = transitionId; + public TestClosure(String node, String endpoint) { + this.node = node; + this.endpoint = endpoint; } /** {@inheritDoc} */ @Override public boolean apply(Integer k, Integer v) { - if (transitionId.equals(loc.cluster().localNode().id())) { - loc.cache(TRANSITION_LOAD_CACHE).loadCache( - new TestClosure(remoteId, t2) - ); + if (node.equals(loc.name())) { + VERIFIER.verify(loc); + + if (endpoint != null) { + loc.cache(TRANSITION_LOAD_CACHE).loadCache( + new TestClosure(endpoint, null) + ); + } } return false; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java index c62cd50e79ac1..ffb7c64108f92 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java @@ -17,15 +17,11 @@ package org.apache.ignite.internal.processor.security.cache.closure; -import java.util.UUID; -import java.util.concurrent.atomic.AtomicBoolean; import javax.cache.Cache; import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; -import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.resources.IgniteInstanceResource; @@ -38,203 +34,77 @@ */ @RunWith(JUnit4.class) public class ScanQuerySecurityTest extends AbstractCacheSecurityTest { - /** */ + /** + * + */ @Test - public void testScanQuery() throws Exception { - putTestData(srvAllPerms, CACHE_NAME); - putTestData(srvAllPerms, COMMON_USE_CACHE); + public void test() throws Exception { + srvInitiator.cache(CACHE_NAME).put(prmKey(srvTransition), 1); + srvInitiator.cache(CACHE_NAME).put(prmKey(srvEndpoint), 2); awaitPartitionMapExchange(); - assertAllowed((t) -> query(clntAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> query(srvAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> query(clntAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); - assertAllowed((t) -> query(srvAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); - - assertAllowed((t) -> transform(clntAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> transform(srvAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> transform(clntAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); - assertAllowed((t) -> transform(srvAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); - - assertAllowed((t) -> query(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> query(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> query(clntAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); - assertAllowed((t) -> query(srvAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); - - assertAllowed((t) -> transform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> transform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> transform(clntAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); - assertAllowed((t) -> transform(srvAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); - - assertAllowed((t) -> transitionQuery(clntAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> transitionQuery(srvAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> transitionQuery(clntAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); - assertAllowed((t) -> transitionQuery(srvAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); - - assertAllowed((t) -> transitionTransform(clntAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> transitionTransform(srvAllPerms, srvAllPerms, CACHE_NAME, t)); - assertAllowed((t) -> transitionTransform(clntAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); - assertAllowed((t) -> transitionTransform(srvAllPerms, srvAllPerms, COMMON_USE_CACHE, t)); - - assertAllowed((t) -> transitionQuery(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> transitionQuery(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> transitionQuery(clntAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); - assertAllowed((t) -> transitionQuery(srvAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); - - assertAllowed((t) -> transitionTransform(clntAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> transitionTransform(srvAllPerms, srvReadOnlyPerm, CACHE_NAME, t)); - assertAllowed((t) -> transitionTransform(clntAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); - assertAllowed((t) -> transitionTransform(srvAllPerms, srvReadOnlyPerm, COMMON_USE_CACHE, t)); - - assertForbidden((t) -> query(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> query(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> query(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); - assertForbidden((t) -> query(srvReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); + perform(srvInitiator, () -> query(srvInitiator)); + perform(clntInitiator, () -> query(clntInitiator)); - assertForbidden((t) -> transform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> transform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> transform(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); - assertForbidden((t) -> transform(srvReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); - - assertForbidden((t) -> transitionQuery(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> transitionQuery(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> transitionQuery(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); - assertForbidden((t) -> transitionQuery(srvReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); - - assertForbidden((t) -> transitionTransform(clntReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> transitionTransform(srvReadOnlyPerm, srvAllPerms, CACHE_NAME, t)); - assertForbidden((t) -> transitionTransform(clntReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); - assertForbidden((t) -> transitionTransform(srvReadOnlyPerm, srvAllPerms, COMMON_USE_CACHE, t)); + perform(srvInitiator, () -> transform(srvInitiator)); + perform(clntInitiator, () -> transform(clntInitiator)); } /** * @param initiator Initiator node. - * @param remote Remoute node. */ - private void query(IgniteEx initiator, IgniteEx remote, String cacheName, T2 entry) { - assert !remote.localNode().isClient(); - - initiator.cache(cacheName).query( + private void query(IgniteEx initiator) { + initiator.cache(CACHE_NAME).query( new ScanQuery<>( - new QueryFilter(remote.localNode().id(), entry) + new QueryFilter(srvTransition.name(), srvEndpoint.name()) ) ).getAll(); } /** * @param initiator Initiator node. - * @param remote Remoute node. */ - private void transitionQuery(IgniteEx initiator, IgniteEx remote, String cacheName, T2 entry) { - assert !remote.localNode().isClient(); - - initiator.cache(cacheName).query( - new ScanQuery<>( - new TransitionQueryFilter(srvTransitionAllPerms.localNode().id(), - remote.localNode().id(), cacheName, entry) - ) + private void transform(IgniteEx initiator) { + initiator.cache(CACHE_NAME).query( + new ScanQuery<>((k, v) -> true), + new Transformer(srvTransition.name(), srvEndpoint.name()) ).getAll(); } - /** - * @param initiator Initiator node. - * @param remote Remoute node. - */ - private void transform(IgniteEx initiator, IgniteEx remote, String cacheName, T2 entry) { - assert !remote.localNode().isClient(); - - initiator.cache(cacheName).query( - new ScanQuery<>(new TransformerFilter(remote.localNode().id())), - new Transformer(entry) - ).getAll(); - } - - /** - * @param initiator Initiator node. - * @param remote Remoute node. - */ - private void transitionTransform(IgniteEx initiator, IgniteEx remote, String cacheName, T2 entry) { - assert !remote.localNode().isClient(); - - initiator.cache(cacheName).query( - new ScanQuery<>(new TransformerFilter(srvTransitionAllPerms.localNode().id())), - new TransitionTransformer(remote.localNode().id(), cacheName, entry) - ).getAll(); - } - - /** - * @param ignite Ignite. - * @param cacheName Cache name. - */ - private void putTestData(IgniteEx ignite, String cacheName) { - try (IgniteDataStreamer streamer = ignite.dataStreamer(cacheName)) { - for (int i = 1; i <= 100; i++) - streamer.addData(Integer.toString(i), i); - } - } - /** * Test query filter. */ - static class QueryFilter implements IgniteBiPredicate { + static class QueryFilter implements IgniteBiPredicate { /** Locale ignite. */ @IgniteInstanceResource - protected Ignite loc; - - /** Remote node id. */ - protected UUID remoteId; - - /** Data to put into test cache. */ - protected T2 t2; + private Ignite loc; - /** - * @param remoteId Remote node id. - * @param t2 Data to put into test cache. - */ - public QueryFilter(UUID remoteId, T2 t2) { - this.remoteId = remoteId; - this.t2 = t2; - } - - /** {@inheritDoc} */ - @Override public boolean apply(String s, Integer i) { - if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_NAME).put(t2.getKey(), t2.getValue()); - - return false; - } - } - - /** */ - static class TransitionQueryFilter extends QueryFilter { - /** Transition id. */ - private final UUID transitionId; + /** Expected local node name. */ + private final String node; - /** Cache name. */ - private final String cacheName; + /** Endpoint node name. */ + private final String endpoint; /** - * @param transitionId Transition id. - * @param remoteId Remote id. - * @param cacheName Cache name. - * @param t2 Data to put into test cache. + * @param node Expected local node name. + * @param endpoint Endpoint node name. */ - public TransitionQueryFilter(UUID transitionId, UUID remoteId, - String cacheName, T2 t2) { - super(remoteId, t2); - - this.transitionId = transitionId; - this.cacheName = cacheName; + public QueryFilter(String node, String endpoint) { + this.node = node; + this.endpoint = endpoint; } /** {@inheritDoc} */ - @Override public boolean apply(String s, Integer i) { - if (transitionId.equals(loc.cluster().localNode().id())) { - loc.cache(cacheName).query( - new ScanQuery<>( - new QueryFilter(remoteId, t2) - ) - ).getAll(); + @Override public boolean apply(Integer s, Integer i) { + if (node.equals(loc.name())) { + VERIFIER.verify(loc); + + if (endpoint != null) { + loc.cache(CACHE_NAME).query( + new ScanQuery<>(new QueryFilter(endpoint, null)) + ).getAll(); + } } return false; @@ -244,82 +114,40 @@ public TransitionQueryFilter(UUID transitionId, UUID remoteId, /** * Test transformer. */ - static class Transformer implements IgniteClosure, Integer> { + static class Transformer implements IgniteClosure, Integer> { /** Locale ignite. */ @IgniteInstanceResource - protected Ignite loc; + private Ignite loc; - /** Data to put into test cache. */ - protected final T2 t2; + /** Expected local node name. */ + private final String node; - /** - * @param t2 Data to put into test cache. - */ - public Transformer(T2 t2) { - this.t2 = t2; - } - - /** {@inheritDoc} */ - @Override public Integer apply(Cache.Entry entry) { - loc.cache(CACHE_NAME).put(t2.getKey(), t2.getValue()); - - return entry.getValue(); - } - } - - /** */ - static class TransitionTransformer extends Transformer { - /** Remote node id. */ - private final UUID remoteId; - - /** Cache name. */ - private final String cacheName; + /** Endpoint node name. */ + private final String endpoint; /** - * @param remoteId Remote id. - * @param cacheName Cache name. - * @param t2 Data to put into test cache. + * @param node Expected local node name. + * @param endpoint Endpoint node name. */ - public TransitionTransformer(UUID remoteId, String cacheName, T2 t2) { - super(t2); - - this.remoteId = remoteId; - this.cacheName = cacheName; + public Transformer(String node, String endpoint) { + this.node = node; + this.endpoint = endpoint; } /** {@inheritDoc} */ - @Override public Integer apply(Cache.Entry entry) { - loc.cache(cacheName).query( - new ScanQuery<>(new TransformerFilter(remoteId)), - new Transformer(t2) - ).getAll(); + @Override public Integer apply(Cache.Entry entry) { + if (node.equals(loc.name())) { + VERIFIER.verify(loc); + + if (endpoint != null) { + loc.cache(CACHE_NAME).query( + new ScanQuery<>((k, v) -> true), + new Transformer(endpoint, null) + ).getAll(); + } + } return entry.getValue(); } } - - /** */ - static class TransformerFilter implements IgniteBiPredicate { - /** Node id. */ - private final UUID nodeId; - - /** Filter must return true only one time. */ - private AtomicBoolean b = new AtomicBoolean(true); - - /** Locale ignite. */ - @IgniteInstanceResource - protected Ignite loc; - - /** - * @param nodeId Node id. - */ - public TransformerFilter(UUID nodeId) { - this.nodeId = nodeId; - } - - /** {@inheritDoc} */ - @Override public boolean apply(String s, Integer integer) { - return nodeId.equals(loc.cluster().localNode().id()) && b.getAndSet(false); - } - } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java index d5841b27084f6..e7bc0f7915c24 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java @@ -17,63 +17,66 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Arrays; +import java.util.Collection; +import java.util.UUID; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; /** * Abstract compute security test. */ -@RunWith(JUnit4.class) public abstract class AbstractComputeTaskSecurityTest extends AbstractResolveSecurityContextTest { - /** */ - @Test - public void test() { - checkSuccess(srvAllPerms, clntAllPerms); - checkSuccess(srvAllPerms, srvReadOnlyPerm); - checkSuccess(srvAllPerms, clntReadOnlyPerm); - checkSuccess(clntAllPerms, srvAllPerms); - checkSuccess(clntAllPerms, srvReadOnlyPerm); - checkSuccess(clntAllPerms, clntReadOnlyPerm); + /** Client node. */ + protected IgniteEx clntTransition; - checkFail(srvReadOnlyPerm, srvAllPerms); - checkFail(srvReadOnlyPerm, clntAllPerms); - checkFail(srvReadOnlyPerm, clntReadOnlyPerm); - checkFail(clntReadOnlyPerm, srvAllPerms); - checkFail(clntReadOnlyPerm, srvReadOnlyPerm); - checkFail(clntReadOnlyPerm, clntAllPerms); + /** Client node. */ + protected IgniteEx clntEndpoint; + + /** {@inheritDoc} */ + @Override protected void startNodes() throws Exception{ + super.startNodes(); + + clntTransition = startGrid("clnt_transition", allowAllPermissionSet(), true); + + clntEndpoint = startGrid("clnt_endpoint", allowAllPermissionSet()); } /** - * @param initiator Initiator node. - * @param remote Remote node. + * Sets up VERIFIER, performs the runnable and checks the result. + * + * @param node Node. + * @param r Runnable. */ - protected abstract void checkSuccess(IgniteEx initiator, IgniteEx remote); + protected void perform(IgniteEx node, Runnable r) { + VERIFIER.start(secSubjectId(node)) + .add(srvTransition.name(), 1) + .add(clntTransition.name(), 1) + .add(srvEndpoint.name(), 2) + .add(clntEndpoint.name(), 2); + + r.run(); + + VERIFIER.checkResult(); + } /** - * @param initiator Initiator node. - * @param remote Remote node. + * @return Collection of transition node ids. */ - protected abstract void checkFail(IgniteEx initiator, IgniteEx remote); + protected Collection transitions() { + return Arrays.asList( + srvTransition.localNode().id(), + clntTransition.localNode().id() + ); + } /** - * Tri-consumer. - * - * @param First parameter type. - * @param Second parameter type. - * @param Third parameter type. + * @return Collection of endpont nodes ids. */ - @FunctionalInterface - protected interface C3 { - /** - * Performs this operation on the given arguments. - * - * @param a First parameter. - * @param b Second parameter. - * @param c Third parameter. - */ - void accept(A a, B b, C c); + protected Collection endpoints() { + return Arrays.asList( + srvEndpoint.localNode().id(), + clntEndpoint.localNode().id() + ); } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java index 0c9d30743ce0b..2d8b579e38ebf 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java @@ -17,12 +17,13 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.UUID; import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteCompute; import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.compute.ComputeJob; @@ -30,132 +31,72 @@ import org.apache.ignite.compute.ComputeJobResultPolicy; import org.apache.ignite.compute.ComputeTask; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.resources.IgniteInstanceResource; -import org.apache.ignite.testframework.GridTestUtils; import org.jetbrains.annotations.Nullable; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; +import org.junit.Test; /** * Testing permissions when the compute task is executed cache operations on remote node. */ public class ComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { - /** {@inheritDoc} */ - @Override protected void checkSuccess(IgniteEx initiator, IgniteEx remote) { - final UUID remoteId = remote.localNode().id(); - - successCompute( - initiator, remote, - (cmp, k, v) -> - cmp.execute(new TestComputeTask(remoteId, k, v), 0) - ); - successCompute( - initiator, remote, - (cmp, k, v) -> - cmp.executeAsync(new TestComputeTask(remoteId, k, v), 0).get() - ); - - final UUID transitionId = srvTransitionAllPerms.localNode().id(); - - successCompute( - initiator, remote, - (cmp, k, v) -> - cmp.execute(new TestTransitionComputeTask(transitionId, remoteId, k, v), 0) - ); - successCompute( - initiator, remote, - (cmp, k, v) -> - cmp.executeAsync(new TestTransitionComputeTask(transitionId, remoteId, k, v), 0).get() - ); - } - - /** {@inheritDoc} */ - @Override protected void checkFail(IgniteEx initiator, IgniteEx remote) { - final UUID remoteId = remote.localNode().id(); - - failCompute( - initiator, remote, - (cmp, k, v) -> - cmp.execute(new TestComputeTask(remoteId, k, v), 0) - ); - failCompute( - initiator, remote, - (cmp, k, v) -> - cmp.executeAsync(new TestComputeTask(remoteId, k, v), 0).get() - ); - - final UUID transitionId = srvTransitionAllPerms.localNode().id(); - - failCompute( - initiator, remote, - (cmp, k, v) -> - cmp.execute(new TestTransitionComputeTask(transitionId, remoteId, k, v), 0) - ); - failCompute( - initiator, remote, - (cmp, k, v) -> - cmp.executeAsync(new TestTransitionComputeTask(transitionId, remoteId, k, v), 0).get() - ); - } - /** - * @param initiator Initiator node. - * @param remote Remote node. + * */ - private void successCompute(IgniteEx initiator, IgniteEx remote, - C3 consumer) { - int val = values.getAndIncrement(); - - consumer.accept(initiator.compute(), "key", val); - - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + @Test + public void test() { + execute(srvInitiator); + execute(clntInitiator); } /** - * @param initiator Initiator node. - * @param remote Remote node. + * @param initiator Node that initiates an execution. */ - private void failCompute(IgniteEx initiator, IgniteEx remote, - C3 consumer) { - assertCauseSecurityException( - GridTestUtils.assertThrowsWithCause( - () -> consumer.accept(initiator.compute(), "fail_key", -1) - , SecurityException.class + private void execute(IgniteEx initiator) { + perform(initiator, + () -> initiator.compute().execute( + new TestComputeTask(transitions(), endpoints(), false), 0 ) ); - - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); + perform(initiator, + () -> initiator.compute().executeAsync( + new TestComputeTask(transitions(), endpoints(), true), 0 + ).get() + ); } /** * Compute task for tests. */ static class TestComputeTask implements ComputeTask { - /** Remote cluster node. */ - protected final UUID remote; + /** Collection of transition node ids. */ + private final Collection remotes; - /** Key. */ - protected final String key; + /** Collection of endpoint node ids. */ + private final Collection endpoints; - /** Value. */ - protected final Integer val; + /** If true then run async. */ + private final boolean isAsync; /** Locale ignite. */ @IgniteInstanceResource protected Ignite loc; /** - * @param remote Remote. - * @param key Key. - * @param val Value. + * @param remotes Collection of transition node ids. + * @param endpoints Collection of endpoint node ids. + * @param isAsync If true then run async. + */ + public TestComputeTask(Collection remotes, Collection endpoints, boolean isAsync) { + this.remotes = remotes; + this.endpoints = endpoints; + this.isAsync = isAsync; + } + + /** + * @param remotes Collection of transition node ids. */ - public TestComputeTask(UUID remote, String key, Integer val) { - this.remote = remote; - this.key = key; - this.val = val; + public TestComputeTask(Collection remotes) { + this(remotes, Collections.emptyList(), false); } /** {@inheritDoc} */ @@ -163,22 +104,31 @@ public TestComputeTask(UUID remote, String key, Integer val) { @Nullable Integer arg) throws IgniteException { Map res = new HashMap<>(); - res.put( - new ComputeJob() { - @IgniteInstanceResource - private Ignite loc; + for (UUID id : remotes) { + res.put( + new ComputeJob() { + @IgniteInstanceResource + private Ignite loc; + + @Override public void cancel() { + // no-op + } - @Override public void cancel() { - // no-op - } + @Override public Object execute() throws IgniteException { + VERIFIER.verify(loc); - @Override public Object execute() throws IgniteException { - loc.cache(CACHE_NAME).put(key, val); + if (!endpoints.isEmpty()) { + if (isAsync) + loc.compute().executeAsync(new TestComputeTask(endpoints), 0).get(); + else + loc.compute().execute(new TestComputeTask(endpoints), 0); + } - return null; - } - }, loc.cluster().node(remote) - ); + return null; + } + }, loc.cluster().node(id) + ); + } return res; } @@ -189,7 +139,7 @@ public TestComputeTask(UUID remote, String key, Integer val) { if (res.getException() != null) throw res.getException(); - return ComputeJobResultPolicy.REDUCE; + return ComputeJobResultPolicy.WAIT; } /** {@inheritDoc} */ @@ -197,51 +147,4 @@ public TestComputeTask(UUID remote, String key, Integer val) { return null; } } - - /** - * Transition compute task for tests. - */ - static class TestTransitionComputeTask extends TestComputeTask { - /** Transition cluster node. */ - private final UUID transition; - - /** - * @param transition Transition. - * @param remote Remote. - * @param key Key. - * @param val Value. - */ - public TestTransitionComputeTask(UUID transition, UUID remote, String key, Integer val) { - super(remote, key, val); - - this.transition = transition; - } - - /** {@inheritDoc} */ - @Override public @Nullable Map map(List subgrid, - @Nullable Integer arg) throws IgniteException { - Map res = new HashMap<>(); - - res.put( - new ComputeJob() { - @IgniteInstanceResource - private Ignite loc; - - @Override public void cancel() { - // no-op - } - - @Override public Object execute() throws IgniteException { - loc.compute().execute( - new TestComputeTask(remote, key, val), 0 - ); - - return null; - } - }, loc.cluster().node(transition) - ); - - return res; - } - } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java index d09868cc2fd86..3067dff0783b2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java @@ -17,338 +17,201 @@ package org.apache.ignite.internal.processor.security.compute.closure; -import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.UUID; import java.util.function.Consumer; +import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.lang.IgniteCallable; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.testframework.GridTestUtils; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; +import org.junit.Test; /** * Testing permissions when the compute closure is executed cache operations on remote node. */ public class DistributedClosureSecurityTest extends AbstractComputeTaskSecurityTest { - /** {@inheritDoc} */ - @Override protected void checkSuccess(IgniteEx initiator, IgniteEx remote) { - for (TransitionClosure tr : transitions()) { - successCall( - remote, - (val) -> tr.remouteC3().accept( - initiator.compute(initiator.cluster().forNode(remote.localNode())), "key", val - ) - ); - - successCall(remote, - (val) -> tr.accept( - initiator.compute(initiator.cluster().forNode(srvTransitionAllPerms.localNode())), - remote.localNode().id(), "key", val - ) - ); - } + /** + * + */ + @Test + public void test() { + execute(srvInitiator); + execute(clntInitiator); } - /** {@inheritDoc} */ - @Override protected void checkFail(IgniteEx initiator, IgniteEx remote) { - for (TransitionClosure tr : transitions()) { - failCall( - remote, - () -> - tr.remouteC3().accept( - initiator.compute(initiator.cluster().forNode(remote.localNode())), "fail_key", -1 - ) - ); - - failCall(remote, - () -> - tr.accept( - initiator.compute(initiator.cluster().forNode(srvTransitionAllPerms.localNode())), - remote.localNode().id(), "fail_key", -1 - ) - ); - } + /** + * @param initiator Node that initiates an execution. + */ + private void execute(IgniteEx initiator) { + perform(initiator, + () -> compute(initiator, transitions()) + .broadcast((IgniteRunnable)new CommonClosure(endpoints(), true) { + @Override protected void transit(IgniteCompute cmp) { + cmp.broadcast((IgniteRunnable)endpointClosure()); + } + })); + + perform(initiator, + () -> compute(initiator, transitions()) + .broadcastAsync((IgniteRunnable)new CommonClosure(endpoints(), true) { + @Override protected void transit(IgniteCompute cmp) { + cmp.broadcastAsync((IgniteRunnable)endpointClosure()).get(); + } + }).get()); + + perform(initiator, + (cmp) -> cmp.call(new CommonClosure(endpoints()) { + @Override protected void transit(IgniteCompute cmp) { + cmp.call(endpointClosure()); + } + })); + + perform(initiator, + (cmp) -> cmp.callAsync(new CommonClosure(endpoints()) { + @Override protected void transit(IgniteCompute cmp) { + cmp.callAsync(endpointClosure()).get(); + } + }).get()); + + perform(initiator, + (cmp) -> cmp.run(new CommonClosure(endpoints()) { + @Override protected void transit(IgniteCompute cmp) { + cmp.run(endpointClosure()); + } + })); + + perform(initiator, + (cmp) -> cmp.runAsync(new CommonClosure(endpoints()) { + @Override protected void transit(IgniteCompute cmp) { + cmp.runAsync(endpointClosure()).get(); + } + }).get()); + + perform(initiator, + (cmp) -> cmp.apply(new CommonClosure(endpoints()) { + @Override protected void transit(IgniteCompute cmp) { + cmp.apply(endpointClosure(), new Object()); + } + }, new Object())); + + perform(initiator, + (cmp) -> cmp.applyAsync(new CommonClosure(endpoints()) { + @Override protected void transit(IgniteCompute cmp) { + cmp.applyAsync(endpointClosure(), new Object()).get(); + } + }, new Object()).get()); } /** - * @param remote Remote node. + * @return IgniteCompute is produced by passed node for cluster group + * that contains nodes with ids from collection. */ - private void successCall(IgniteEx remote, Consumer c) { - int val = values.getAndIncrement(); - - c.accept(val); + private static IgniteCompute compute(Ignite ignite, Collection ids) { + return ignite.compute(ignite.cluster().forNodeIds(ids)); + } - assertThat(remote.cache(CACHE_NAME).get("key"), is(val)); + /** + * @return IgniteCompute is produced by passed node for cluster group that contains node with id. + */ + private static IgniteCompute compute(Ignite ignite, UUID id) { + return ignite.compute(ignite.cluster().forNodeId(id)); } /** - * @param remote Remote node. + * Performs test. */ - private void failCall(IgniteEx remote, Runnable r) { - assertCauseSecurityException( - GridTestUtils.assertThrowsWithCause(r, SecurityException.class) + private void perform(IgniteEx initiator, Consumer c) { + perform( + initiator, + () -> { + for (UUID nodeId : transitions()) + c.accept(compute(initiator, nodeId)); + } ); - - assertThat(remote.cache(CACHE_NAME).get("fail_key"), nullValue()); } - /** */ - private Collection transitions() { - return Arrays.asList( - //IgniteCompute.broadcast (broadcastAsync) - new TransitionClosure() { - @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { - compute.broadcast( - new IgniteRunnable() { - @Override public void run() { - remouteC3().accept(compute(uuid), k, v); - } - } - ); - } - - @Override protected C3 remouteC3() { - return new C3() { - @Override public void accept(IgniteCompute compute, String k, Integer v) { - compute.broadcast( - new IgniteRunnable() { - @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - } - } - ); - } - }; - } - }, - new TransitionClosure() { - @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { - compute.broadcastAsync( - new IgniteRunnable() { - @Override public void run() { - remouteC3().accept(compute(uuid), k, v); - } - } - ).get(); - } - - @Override protected C3 remouteC3() { - return new C3() { - @Override public void accept(IgniteCompute compute, String k, Integer v) { - compute.broadcastAsync( - new IgniteRunnable() { - @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - } - } - ).get(); - } - }; - } - }, - //IgniteCompute.call (callAsync) - new TransitionClosure() { - @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { - compute.call( - new IgniteCallable() { - @Override public Object call() { - remouteC3().accept(compute(uuid), k, v); - - return null; - } - } - ); - } - - @Override protected C3 remouteC3() { - return new C3() { - @Override public void accept(IgniteCompute compute, String k, Integer v) { - compute.call( - new IgniteCallable() { - @Override public Object call() { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - - return null; - } - } - ); - } - }; - } - }, - new TransitionClosure() { - @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { - compute.callAsync( - new IgniteCallable() { - @Override public Object call() { - remouteC3().accept(compute(uuid), k, v); - - return null; - } - } - ).get(); - } - - @Override protected C3 remouteC3() { - return new C3() { - @Override public void accept(IgniteCompute compute, String k, Integer v) { - compute.callAsync( - new IgniteCallable() { - @Override public Object call() { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - - return null; - } - } - ).get(); - } - }; - } - }, - //IgniteCompute.run (runAsync) - new TransitionClosure() { - @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { - compute.run( - new IgniteRunnable() { - @Override public void run() { - remouteC3().accept(compute(uuid), k, v); - } - } - ); - } - - @Override protected C3 remouteC3() { - return new C3() { - @Override public void accept(IgniteCompute compute, String k, Integer v) { - compute.broadcast( - new IgniteRunnable() { - @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - } - } - ); - } - }; - } - }, - new TransitionClosure() { - @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { - compute.runAsync( - new IgniteRunnable() { - @Override public void run() { - remouteC3().accept(compute(uuid), k, v); - } - } - ).get(); - } - - @Override protected C3 remouteC3() { - return new C3() { - @Override public void accept(IgniteCompute compute, String k, Integer v) { - compute.broadcastAsync( - new IgniteRunnable() { - @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); - } - } - ).get(); - } - }; - } - }, - //IgniteCompute.apply (applyAsync) - new TransitionClosure() { - @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { - compute.apply( - new IgniteClosure() { - @Override public Object apply(Object o) { - remouteC3().accept(compute(uuid), k, v); + /** + * Common closure for tests. + */ + static class CommonClosure implements IgniteRunnable, IgniteCallable, + IgniteClosure { + /** Collection of endpoint node ids. */ + private final Collection endpoints; - return null; - } - }, new Object() - ); - } + /** If true then execution is broadcast. */ + private final boolean isBroadcast; - @Override protected C3 remouteC3() { - return new C3() { - @Override public void accept(IgniteCompute compute, String k, Integer v) { - compute.apply( - new IgniteClosure() { - @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + /** + * @param endpoints Collection of endpoint node ids. + * @param isBroadcast If true then execution is broadcast. + */ + public CommonClosure(Collection endpoints, boolean isBroadcast) { + this.endpoints = endpoints; + this.isBroadcast = isBroadcast; + } - return null; - } - }, new Object() - ); - } - }; - } - }, - new TransitionClosure() { - @Override public void accept(IgniteCompute compute, UUID uuid, String k, Integer v) { - compute.applyAsync( - new IgniteClosure() { - @Override public Object apply(Object o) { - remouteC3().accept(compute(uuid), k, v); + /** + * @param endpoints Collection of endpoint node ids. + */ + public CommonClosure(Collection endpoints) { + this(endpoints, false); + } - return null; - } - }, new Object() - ).get(); - } + /** + * Main logic of CommonClosure. + */ + private void body() { + Ignite ignite = Ignition.localIgnite(); - @Override protected C3 remouteC3() { - return new C3() { - @Override public void accept(IgniteCompute compute, String k, Integer v) { - compute.applyAsync( - new IgniteClosure() { - @Override public Object apply(Object o) { - Ignition.localIgnite().cache(CACHE_NAME).put(k, v); + VERIFIER.verify(ignite); - return null; - } - }, new Object() - ).get(); - } - }; + if (!endpoints.isEmpty()) { + if (isBroadcast) + transit(compute(ignite, endpoints)); + else { + for (UUID id : endpoints) + transit(compute(ignite, id)); } } - ); - } + } - /** - * Closure for transition tests. - */ - private abstract static class TransitionClosure { /** - * @return IgniteCompute for group that contains only remoteId node. + * @return CommonClosure to execute on an endpoint node. */ - protected IgniteCompute compute(UUID remoteId) { - IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - - return loc.compute(loc.cluster().forNode( - loc.cluster().node(remoteId) - )); + protected CommonClosure endpointClosure() { + return new CommonClosure(Collections.emptyList()); } /** - * Performs this operation on the given arguments. + * Executes transition invoke. + * + * @param cmp IgniteCompute. */ - public abstract void accept(IgniteCompute cmpt, UUID id, String k, Integer v); + protected void transit(IgniteCompute cmp) { + //no-op by default + } - /** - * @return TriConsumer. - */ - protected abstract C3 remouteC3(); + /** {@inheritDoc} */ + @Override public void run() { + body(); + } + + /** {@inheritDoc} */ + @Override public Object call() { + body(); + + return null; + } + + /** {@inheritDoc} */ + @Override public Object apply(Object o) { + body(); + + return null; + } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java index 8f2cd71de8a57..a42f0a8778f33 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java @@ -17,12 +17,14 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Collection; +import java.util.Collections; import java.util.UUID; +import java.util.concurrent.ExecutorService; +import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; -import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; import org.junit.runner.RunWith; @@ -32,91 +34,76 @@ * Testing permissions when the service task is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class ExecutorServiceTaskSecurityTest extends AbstractResolveSecurityContextTest { - /** */ +public class ExecutorServiceTaskSecurityTest extends AbstractComputeTaskSecurityTest { + /** + * + */ @Test - public void testExecute() { - assertAllowed((t) -> execute(clntAllPerms, clntReadOnlyPerm, t)); - assertAllowed((t) -> execute(clntAllPerms, srvReadOnlyPerm, t)); - assertAllowed((t) -> execute(srvAllPerms, clntReadOnlyPerm, t)); - assertAllowed((t) -> execute(srvAllPerms, srvReadOnlyPerm, t)); - assertAllowed((t) -> execute(srvAllPerms, srvAllPerms, t)); - assertAllowed((t) -> execute(clntAllPerms, clntAllPerms, t)); - - assertAllowed((t) -> transitionExecute(clntAllPerms, clntReadOnlyPerm, t)); - assertAllowed((t) -> transitionExecute(clntAllPerms, srvReadOnlyPerm, t)); - assertAllowed((t) -> transitionExecute(srvAllPerms, clntReadOnlyPerm, t)); - assertAllowed((t) -> transitionExecute(srvAllPerms, srvReadOnlyPerm, t)); - assertAllowed((t) -> transitionExecute(srvAllPerms, srvAllPerms, t)); - assertAllowed((t) -> transitionExecute(clntAllPerms, clntAllPerms, t)); - - assertForbidden((t) -> execute(clntReadOnlyPerm, srvAllPerms, t)); - assertForbidden((t) -> execute(clntReadOnlyPerm, clntAllPerms, t)); - assertForbidden((t) -> execute(srvReadOnlyPerm, srvAllPerms, t)); - assertForbidden((t) -> execute(srvReadOnlyPerm, clntAllPerms, t)); - assertForbidden((t) -> execute(srvReadOnlyPerm, srvReadOnlyPerm, t)); - assertForbidden((t) -> execute(clntReadOnlyPerm, clntReadOnlyPerm, t)); + public void test() { + execute(srvInitiator); + execute(clntInitiator); + } - assertForbidden((t) -> transitionExecute(clntReadOnlyPerm, srvAllPerms, t)); - assertForbidden((t) -> transitionExecute(clntReadOnlyPerm, clntAllPerms, t)); - assertForbidden((t) -> transitionExecute(srvReadOnlyPerm, srvAllPerms, t)); - assertForbidden((t) -> transitionExecute(srvReadOnlyPerm, clntAllPerms, t)); - assertForbidden((t) -> transitionExecute(srvReadOnlyPerm, srvReadOnlyPerm, t)); - assertForbidden((t) -> transitionExecute(clntReadOnlyPerm, clntReadOnlyPerm, t)); + /** + * @param initiator Node that initiates an execution. + */ + private void execute(IgniteEx initiator) { + perform(initiator, (s) -> { + try { + s.submit(new TestIgniteRunnable(endpoints())).get(); + } + catch (Exception e) { + throw new RuntimeException(e); + } + }); } /** - * @param initiator Initiator node. - * @param remote Remoute node. + * Performs test. */ - private void execute(IgniteEx initiator, IgniteEx remote, T2 entry) { - try { - initiator.executorService(initiator.cluster().forNode(remote.localNode())) - .submit( - new IgniteRunnable() { - @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME) - .put(entry.getKey(), entry.getValue()); - } - } - ).get(); - } - catch (Exception e) { - throw new RuntimeException(e); - } + private void perform(IgniteEx initiator, Consumer c) { + perform(initiator, + () -> { + for (UUID nodeId : transitions()) { + c.accept( + initiator.executorService(initiator.cluster().forNodeId(nodeId)) + ); + } + }); } /** - * @param initiator Initiator node. - * @param remote Remoute node. + * Runnable for tests. */ - private void transitionExecute(IgniteEx initiator, IgniteEx remote, T2 entry) { - try { - final UUID remoteId = remote.localNode().id(); + static class TestIgniteRunnable implements IgniteRunnable { + /** Collection of endpoint node ids. */ + private final Collection endpoints; - initiator.executorService(initiator.cluster().forNode(srvTransitionAllPerms.localNode())) - .submit( - new IgniteRunnable() { - @Override public void run() { - Ignite ignite = Ignition.localIgnite(); + /** + * @param endpoints Collection of endpoint node ids. + */ + public TestIgniteRunnable(Collection endpoints) { + this.endpoints = endpoints; + } - try { - ignite.executorService(ignite.cluster().forNode(ignite.cluster().node(remoteId))) - .submit(new IgniteRunnable() { - @Override public void run() { - Ignition.localIgnite().cache(CACHE_NAME) - .put(entry.getKey(), entry.getValue()); - } - }).get(); - }catch (Exception e){ - throw new RuntimeException(e); - } - } + /** {@inheritDoc} */ + @Override public void run() { + Ignite ignite = Ignition.localIgnite(); + + VERIFIER.verify(ignite); + + if (!endpoints.isEmpty()) { + try { + for (UUID nodeId : endpoints) { + ignite.executorService(ignite.cluster().forNodeId(nodeId)) + .submit(new TestIgniteRunnable(Collections.emptyList())) + .get(); } - ).get(); - } - catch (Exception e) { - throw new RuntimeException(e); + } + catch (Exception e) { + throw new RuntimeException(e); + } + } } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java index 1de72ae3def45..bf99432eaa844 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java @@ -25,8 +25,8 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; -import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.stream.StreamVisitor; import org.junit.Test; import org.junit.runner.RunWith; @@ -37,113 +37,55 @@ */ @RunWith(JUnit4.class) public class IgniteDataStreamerSecurityTest extends AbstractCacheSecurityTest { - /** */ - @Test - public void testDataStreamer() { - checkDataStreamer(false); - checkDataStreamer(true); - } - /** - * @param isTransition True if transition test. + * */ - private void checkDataStreamer(boolean isTransition){ - assertAllowed((t) -> load(clntAllPerms, srvAllPerms, t, isTransition)); - assertAllowed((t) -> load(clntAllPerms, srvReadOnlyPerm, t, isTransition)); - assertAllowed((t) -> load(srvAllPerms, srvAllPerms, t, isTransition)); - assertAllowed((t) -> load(srvAllPerms, srvReadOnlyPerm, t, isTransition)); - - assertForbidden((t) -> load(clntReadOnlyPerm, srvAllPerms, t, isTransition)); - assertForbidden((t) -> load(srvReadOnlyPerm, srvAllPerms, t, isTransition)); - assertForbidden((t) -> load(srvReadOnlyPerm, srvReadOnlyPerm, t, isTransition)); + @Test + public void testDataStreamer() { + perform(srvInitiator, () -> dataStreamer(srvInitiator)); + perform(clntInitiator, () -> dataStreamer(clntInitiator)); } /** * @param initiator Initiator node. - * @param remote Remoute node. */ - private void load(IgniteEx initiator, IgniteEx remote, T2 entry, boolean isTransition) { - try (IgniteDataStreamer strm = initiator.dataStreamer(COMMON_USE_CACHE)) { - strm.receiver(StreamVisitor.from(closure(remote, entry, isTransition))); + private void dataStreamer(Ignite initiator) { + try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_NAME)) { + strm.receiver(StreamVisitor.from(new TestClosure(srvEndpoint.localNode().id()))); - strm.addData(primaryKey(isTransition ? srvTransitionAllPerms : remote), 100); + strm.addData(prmKey(srvTransition), 100); } } - /** - * @param remote Remote node. - * @param entry Data to put into test cache. - * @param isTransition True if transition test. - * @return Receiver's closure. - */ - private TestClosure closure(IgniteEx remote, T2 entry, boolean isTransition) { - if (isTransition) - return new TransitionTestClosure( - srvTransitionAllPerms.localNode().id(), - remote.localNode().id(), - entry - ); - - return new TestClosure(remote.localNode().id(), entry); - } - /** * Closure for tests. */ static class TestClosure implements IgniteBiInClosure, Map.Entry> { - /** Remote node id. */ - protected final UUID remoteId; - - /** Data to put into test cache. */ - protected final T2 t2; + /** Endpoint node id. */ + private final UUID endpoint; /** - * @param remoteId Remote node id. - * @param t2 Data to put into test cache. + * @param endpoint Endpoint node id. */ - public TestClosure(UUID remoteId, T2 t2) { - this.remoteId = remoteId; - this.t2 = t2; + public TestClosure(UUID endpoint) { + this.endpoint = endpoint; } /** {@inheritDoc} */ @Override public void apply(IgniteCache entries, Map.Entry entry) { - Ignite loc = Ignition.localIgnite(); + IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - if (remoteId.equals(loc.cluster().localNode().id())) - loc.cache(CACHE_NAME).put(t2.getKey(), t2.getValue()); - } - } - - /** - * Closure for transition tests. - */ - static class TransitionTestClosure extends TestClosure { - /** Transition node id. */ - private final UUID transitionId; - - /** - * @param transitionId Transition node id. - * @param remoteId Remote node id. - * @param t2 Data to put into test cache. - */ - public TransitionTestClosure(UUID transitionId, UUID remoteId, T2 t2) { - super(remoteId, t2); - - this.transitionId = transitionId; - } - - /** {@inheritDoc} */ - @Override public void apply(IgniteCache entries, - Map.Entry entry) { - Ignite loc = Ignition.localIgnite(); + VERIFIER.verify(loc); - if (transitionId.equals(loc.cluster().localNode().id())){ - loc.compute(loc.cluster().forNode(loc.cluster().node(remoteId))) - .broadcast(()->Ignition.localIgnite().cache(CACHE_NAME).put(t2.getKey(), t2.getValue())); - } + //Should check a security context on the endpoint node through compute service + //because using streamer from receiver may be cause of system worker dead + loc.compute(loc.cluster().forNodeId(endpoint)).broadcast(new IgniteRunnable() { + @Override public void run() { + VERIFIER.verify(loc); + } + }); } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java index 2256257dca335..8239ea53c49b6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java @@ -22,93 +22,75 @@ import java.util.concurrent.CyclicBarrier; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; -import java.util.function.Consumer; import org.apache.ignite.IgniteMessaging; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; -import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.testframework.junits.GridAbstractTest; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -import static org.hamcrest.core.Is.is; -import static org.hamcrest.core.IsNull.nullValue; -import static org.junit.Assert.assertThat; - /** * Testing permissions when the message listener is executed cache operations on remote node. */ @RunWith(JUnit4.class) public class IgniteMessagingTest extends AbstractResolveSecurityContextTest { - /** Sever node that has all permissions for TEST_CACHE. */ - private IgniteEx evntAllPerms; + /** Barrier. */ + private static final CyclicBarrier BARRIER = new CyclicBarrier(3); + + /** Client node. */ + protected IgniteEx clntTransition; - /** Sever node that hasn't permissions for TEST_CACHE. */ - private IgniteEx evntNotPerms; + /** Client node. */ + protected IgniteEx clntEndpoint; /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - evntAllPerms = startGrid("evnt_all_perms", allowAllPermissionSet()); + @Override protected void startNodes() throws Exception { + super.startNodes(); - evntNotPerms = startGrid("evnt_not_perms", - builder().defaultAllowAll(true) - .appendCachePermissions(CACHE_NAME, EMPTY_PERMS).build()); + clntTransition = startGrid("clnt_transition", allowAllPermissionSet(), true); - super.beforeTestsStarted(); + clntEndpoint = startGrid("clnt_endpoint", allowAllPermissionSet()); } - /** Barrier. */ - private static final CyclicBarrier BARRIER = new CyclicBarrier(2); - /** * */ @Test - public void testMessaging() throws Exception { - awaitPartitionMapExchange(); - - assertAllowedResult(t -> messaging(clntAllPerms, clntReadOnlyPerm, evntAllPerms, t)); - assertAllowedResult(t -> messaging(clntAllPerms, srvReadOnlyPerm, evntAllPerms, t)); - assertAllowedResult(t -> messaging(srvAllPerms, clntReadOnlyPerm, evntAllPerms, t)); - assertAllowedResult(t -> messaging(srvAllPerms, srvReadOnlyPerm, evntAllPerms, t)); - - assertAllowedResult(t -> messaging(clntAllPerms, srvReadOnlyPerm, evntNotPerms, t)); - assertAllowedResult(t -> messaging(clntAllPerms, clntReadOnlyPerm, evntNotPerms, t)); - assertAllowedResult(t -> messaging(srvAllPerms, srvReadOnlyPerm, evntNotPerms, t)); - assertAllowedResult(t -> messaging(srvAllPerms, clntReadOnlyPerm, evntNotPerms, t)); - - assertForbiddenResult(t -> messaging(clntReadOnlyPerm, srvAllPerms, evntAllPerms, t)); - assertForbiddenResult(t -> messaging(clntReadOnlyPerm, clntAllPerms, evntAllPerms, t)); - assertForbiddenResult(t -> messaging(srvReadOnlyPerm, srvAllPerms, evntAllPerms, t)); - assertForbiddenResult(t -> messaging(srvReadOnlyPerm, clntAllPerms, evntAllPerms, t)); - - assertForbiddenResult(t -> messaging(clntReadOnlyPerm, srvAllPerms, evntNotPerms, t)); - assertForbiddenResult(t -> messaging(clntReadOnlyPerm, clntAllPerms, evntNotPerms, t)); - assertForbiddenResult(t -> messaging(srvReadOnlyPerm, srvAllPerms, evntNotPerms, t)); - assertForbiddenResult(t -> messaging(srvReadOnlyPerm, clntAllPerms, evntNotPerms, t)); + public void test() { + messaging(srvInitiator, srvTransition); + messaging(srvInitiator, clntTransition); + + messaging(clntInitiator, srvTransition); + messaging(clntInitiator, clntTransition); } /** - * @param lsnr Listener node. - * @param remote Remote node. - * @param evt Event node. - * @param t Entry to put into test cache. + * Performs the test. + * + * @param lsnrNode Node that registers a listener on a remote node. + * @param evtNode Node that generates an event. */ - private void messaging(IgniteEx lsnr, IgniteEx remote, IgniteEx evt, T2 t) { + private void messaging(IgniteEx lsnrNode, IgniteEx evtNode) { + VERIFIER.start(secSubjectId(lsnrNode)) + .add(srvEndpoint.name(), 1) + .add(clntEndpoint.name(), 1); + BARRIER.reset(); - IgniteMessaging messaging = lsnr.message(lsnr.cluster().forNode(remote.localNode())); + IgniteMessaging messaging = lsnrNode.message( + lsnrNode.cluster().forNode(srvEndpoint.localNode(), clntEndpoint.localNode()) + ); - String topic = "HOT_TOPIC " + t.getKey(); + String topic = "HOT_TOPIC"; UUID lsnrId = messaging.remoteListen(topic, new IgniteBiPredicate() { @Override public boolean apply(UUID uuid, Object o) { try { - Ignition.localIgnite().cache(CACHE_NAME).put(t.getKey(), t.getValue()); + VERIFIER.verify(Ignition.localIgnite()); return true; } @@ -120,13 +102,15 @@ private void messaging(IgniteEx lsnr, IgniteEx remote, IgniteEx evt, T2> c) { - assertResult(c, false); - } - - /** - * @param c Consumer. - */ - private void assertForbiddenResult(Consumer> c) { - assertResult(c, true); - } - - /** - * @param c Consumer. - * @param failExp True if expectaed fail behavior. - */ - private void assertResult(Consumer> c, boolean failExp) { - T2 t = entry(); - - c.accept(t); - - assertThat(srvAllPerms.cache(CACHE_NAME).get(t.getKey()), failExp ? nullValue() : is(t.getValue())); - } } diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index fde5b31981b12..c95d9383d03f7 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -17,8 +17,6 @@ package org.apache.ignite.testsuites; -import junit.framework.JUnit4TestAdapter; -import junit.framework.TestSuite; import org.apache.ignite.internal.processor.security.cache.CachePermissionsTest; import org.apache.ignite.internal.processor.security.cache.EntryProcessorCachePermissionTest; import org.apache.ignite.internal.processor.security.cache.LoadCachePermissionTest; @@ -37,37 +35,31 @@ import org.apache.ignite.internal.processor.security.datastreamer.closure.IgniteDataStreamerSecurityTest; import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingTest; import org.junit.runner.RunWith; -import org.junit.runners.AllTests; +import org.junit.runners.Suite; /** * Security test suite. */ -@RunWith(AllTests.class) -public class AuthorizeOperationsTestSuite { - /** */ - public static TestSuite suite() { - TestSuite suite = new TestSuite(AuthorizeOperationsTestSuite.class.getName()); - - suite.addTest(new JUnit4TestAdapter(CachePermissionsTest.class)); - suite.addTest(new JUnit4TestAdapter(DataStreamerCachePermissionTest.class)); - suite.addTest(new JUnit4TestAdapter(ScanQueryCachePermissionTest.class)); - suite.addTest(new JUnit4TestAdapter(LoadCachePermissionTest.class)); - suite.addTest(new JUnit4TestAdapter(EntryProcessorCachePermissionTest.class)); - suite.addTest(new JUnit4TestAdapter(TaskExecutePermissionForExecutorServiceTest.class)); - suite.addTest(new JUnit4TestAdapter(TaskExecutePermissionForDistributedClosureTest.class)); - suite.addTest(new JUnit4TestAdapter(TaskExecutePermissionForComputeTaskTest.class)); - - suite.addTest(new JUnit4TestAdapter(DistributedClosureSecurityTest.class)); - suite.addTest(new JUnit4TestAdapter(ComputeTaskSecurityTest.class)); - suite.addTest(new JUnit4TestAdapter(ExecutorServiceTaskSecurityTest.class)); - suite.addTest(new JUnit4TestAdapter(ScanQuerySecurityTest.class)); - suite.addTest(new JUnit4TestAdapter(EntryProcessorSecurityTest.class)); - suite.addTest(new JUnit4TestAdapter(IgniteDataStreamerSecurityTest.class)); - suite.addTest(new JUnit4TestAdapter(LoadCacheSecurityTest.class)); - suite.addTest(new JUnit4TestAdapter(ThinClientSecurityTest.class)); - suite.addTest(new JUnit4TestAdapter(IgniteMessagingTest.class)); - - return suite; - } +@RunWith(Suite.class) +@Suite.SuiteClasses({ + CachePermissionsTest.class, + DataStreamerCachePermissionTest.class, + ScanQueryCachePermissionTest.class, + LoadCachePermissionTest.class, + EntryProcessorCachePermissionTest.class, + TaskExecutePermissionForExecutorServiceTest.class, + TaskExecutePermissionForDistributedClosureTest.class, + TaskExecutePermissionForComputeTaskTest.class, + DistributedClosureSecurityTest.class, + ComputeTaskSecurityTest.class, + ExecutorServiceTaskSecurityTest.class, + ScanQuerySecurityTest.class, + EntryProcessorSecurityTest.class, + IgniteDataStreamerSecurityTest.class, + LoadCacheSecurityTest.class, + ThinClientSecurityTest.class, + IgniteMessagingTest.class, +}) +public class AuthorizeOperationsTestSuite { } From 2962f70ceeb67c9ec85b96b0c3571f4e87888827 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 4 Feb 2019 10:26:55 +0300 Subject: [PATCH 40/98] IGNITE-9560 NoOpIgniteSecurityProcessor. Delete old version of attribute SecurityContext. --- .../apache/ignite/internal/IgniteKernal.java | 14 +- .../ignite/internal/IgniteNodeAttributes.java | 3 - .../top/GridTopologyCommandHandler.java | 2 - .../security/GridSecurityProcessor.java | 1 + .../security/IgniteSecurityProcessor.java | 19 +- .../security/IgniteSecurityProcessorImpl.java | 78 ++++---- .../security/NoOpIgniteSecurityProcessor.java | 172 ++++++++++++++++++ .../processors/security/SecurityUtils.java | 18 +- .../security/os/GridOsSecurityProcessor.java | 88 --------- .../ignite/spi/discovery/tcp/ServerImpl.java | 81 ++------- 10 files changed, 255 insertions(+), 221 deletions(-) create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index 21f2c923c576f..a15a931f72368 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -167,6 +167,7 @@ import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.security.IgniteSecurityProcessorImpl; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.NoOpIgniteSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.service.IgniteServiceProcessor; @@ -987,7 +988,7 @@ public void start( startProcessor(new GridTimeoutProcessor(ctx)); // Start security processors. - startProcessor(new IgniteSecurityProcessorImpl(ctx, createComponent(GridSecurityProcessor.class, ctx))); + startProcessor(igniteSecurityProcessor(createComponent(GridSecurityProcessor.class, ctx))); // Start SPI managers. // NOTE: that order matters as there are dependencies between managers. @@ -1298,6 +1299,14 @@ private long checkPoolStarvation( EventType.EVT_NODE_JOINED, localNode()); } + /** + * @param prc GridSecurityProcessor from plugin context or null. + * @return IgniteSecurityProcessor. + */ + private GridProcessor igniteSecurityProcessor(GridSecurityProcessor prc) { + return prc != null ? new IgniteSecurityProcessorImpl(ctx, prc) : new NoOpIgniteSecurityProcessor(); + } + /** * Create description of an executor service for logging. * @@ -4150,6 +4159,9 @@ private static T createComponent(Class cls, GridKer if (cls.equals(IGridClusterStateProcessor.class)) return (T)new GridClusterStateProcessor(ctx); + if(cls.equals(GridSecurityProcessor.class)) + return null; + Class implCls = null; try { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java index 1740072d386aa..1bd0dc8b9ff41 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java @@ -147,9 +147,6 @@ public final class IgniteNodeAttributes { /** Security credentials attribute name. Attribute is not available via public API. */ public static final String ATTR_SECURITY_CREDENTIALS = ATTR_PREFIX + ".security.cred"; - /** Security subject for authenticated node. */ - public static final String ATTR_SECURITY_SUBJECT = ATTR_PREFIX + ".security.subject"; - /** V2 security subject for authenticated node. */ public static final String ATTR_SECURITY_SUBJECT_V2 = ATTR_PREFIX + ".security.subject.v2"; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java index edcb3741bc331..52a5f375e310c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java @@ -57,7 +57,6 @@ import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_REST_TCP_HOST_NAMES; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_REST_TCP_PORT; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS; -import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_SECURITY_SUBJECT; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_TX_CONFIG; import static org.apache.ignite.internal.processors.rest.GridRestCommand.NODE; @@ -293,7 +292,6 @@ private GridClientNodeBean createNodeBean(ClusterNode node, boolean mtr, boolean attrs.remove(ATTR_CACHE); attrs.remove(ATTR_TX_CONFIG); - attrs.remove(ATTR_SECURITY_SUBJECT); attrs.remove(ATTR_SECURITY_SUBJECT_V2); attrs.remove(ATTR_SECURITY_CREDENTIALS); attrs.remove(ATTR_BINARY_CONFIGURATION); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java index 3eb1497206e7a..fa94aecb3559a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java @@ -96,5 +96,6 @@ public void authorize(String name, SecurityPermission perm, SecurityContext secu /** * @return GridSecurityProcessor is enable. */ + @Deprecated public boolean enabled(); } \ No newline at end of file diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index 75371efd46890..bf5b7a1baf138 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processors.security; import java.util.Collection; @@ -90,7 +107,7 @@ public default void authorize(SecurityPermission perm) throws SecurityException } /** - * Delegates call to {@link GridSecurityProcessor#enabled()} + * @return True if IgniteSecurityProcessor is not no operation else false. */ public boolean enabled(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index 808d82ba03253..17bd0f37d0dd2 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.internal.processors.security; import java.util.Collection; @@ -30,13 +47,6 @@ * Default Grid security Manager implementation. */ public class IgniteSecurityProcessorImpl implements IgniteSecurityProcessor, GridProcessor { - /** Security session that is used if GridSecurityProcessor is not enabled. */ - private static final IgniteSecuritySession SECURITY_SESSION_DISABLED_MODE = new IgniteSecuritySession() { - @Override public void close() { - //no-op - } - }; - /** Current security context. */ private final ThreadLocal curSecCtx = ThreadLocal.withInitial(this::localSecurityContext); @@ -65,43 +75,31 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public IgniteSecuritySession startSession(SecurityContext secCtx) { - if (enabled()) { - assert secCtx != null; - - SecurityContext old = curSecCtx.get(); + assert secCtx != null; - curSecCtx.set(secCtx); + SecurityContext old = curSecCtx.get(); - return new IgniteSecuritySessionImpl(this, old); - } + curSecCtx.set(secCtx); - return SECURITY_SESSION_DISABLED_MODE; + return new IgniteSecuritySessionImpl(this, old); } /** {@inheritDoc} */ @Override public IgniteSecuritySession startSession(UUID nodeId) { - if (enabled()) { - return startSession( - secCtxs.computeIfAbsent(nodeId, - uuid -> nodeSecurityContext( - marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().node(uuid) - ) + return startSession( + secCtxs.computeIfAbsent(nodeId, + uuid -> nodeSecurityContext( + marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().node(uuid) ) - ); - } - - return SECURITY_SESSION_DISABLED_MODE; + ) + ); } /** {@inheritDoc} */ @Override public SecurityContext securityContext() { - SecurityContext res = null; - - if (enabled()) { - res = curSecCtx.get(); + SecurityContext res = curSecCtx.get(); - assert res != null; - } + assert res != null; return res; } @@ -139,20 +137,16 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public void authorize(String name, SecurityPermission perm) throws SecurityException { - SecurityContext secCtx = null; - - if (enabled()) { - secCtx = curSecCtx.get(); + SecurityContext secCtx = curSecCtx.get(); - assert secCtx != null; - } + assert secCtx != null; secPrc.authorize(name, perm, secCtx); } /** {@inheritDoc} */ @Override public boolean enabled() { - return secPrc.enabled(); + return true; } /** {@inheritDoc} */ @@ -167,11 +161,9 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public void onKernalStart(boolean active) throws IgniteCheckedException { - if (enabled()) { - ctx.event().addDiscoveryEventListener( - (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()), EVT_NODE_FAILED, EVT_NODE_LEFT - ); - } + ctx.event().addDiscoveryEventListener( + (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()), EVT_NODE_FAILED, EVT_NODE_LEFT + ); secPrc.onKernalStart(active); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java new file mode 100644 index 0000000000000..4e91158849def --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -0,0 +1,172 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.Collection; +import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.IgniteInternalFuture; +import org.apache.ignite.internal.processors.GridProcessor; +import org.apache.ignite.lang.IgniteFuture; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.spi.IgniteNodeValidationResult; +import org.apache.ignite.spi.discovery.DiscoveryDataBag; +import org.jetbrains.annotations.Nullable; + +/** + * No operation Ignite Security Processor. + */ +public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, GridProcessor { + /** No operation Security session. */ + private static final IgniteSecuritySession NO_OP_SECURITY_SESSION = new IgniteSecuritySession() { + @Override public void close() { + //no-op + } + }; + + /** {@inheritDoc} */ + @Override public IgniteSecuritySession startSession(SecurityContext secCtx) { + return NO_OP_SECURITY_SESSION; + } + + /** {@inheritDoc} */ + @Override public IgniteSecuritySession startSession(UUID nodeId) { + return NO_OP_SECURITY_SESSION; + } + + /** {@inheritDoc} */ + @Override public SecurityContext securityContext() { + return null; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) { + return null; + } + + /** {@inheritDoc} */ + @Override public boolean isGlobalNodeAuthentication() { + return false; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticate(AuthenticationContext ctx) { + return null; + } + + /** {@inheritDoc} */ + @Override public Collection authenticatedSubjects() { + return null; + } + + /** {@inheritDoc} */ + @Override public SecuritySubject authenticatedSubject(UUID subjId) { + return null; + } + + /** {@inheritDoc} */ + @Override public void onSessionExpired(UUID subjId) { + + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm) throws SecurityException { + // No-op. + } + + /** {@inheritDoc} */ + @Override public boolean enabled() { + return false; + } + + /** {@inheritDoc} */ + @Override public void start() throws IgniteCheckedException { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void stop(boolean cancel) throws IgniteCheckedException { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void onKernalStart(boolean active) throws IgniteCheckedException { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void onKernalStop(boolean cancel) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void collectGridNodeData(DiscoveryDataBag dataBag) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void printMemoryStats() { + // No-op. + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node) { + return null; + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node, + DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { + return null; + } + + /** {@inheritDoc} */ + @Override public @Nullable DiscoveryDataExchangeType discoveryDataType() { + return null; + } + + /** {@inheritDoc} */ + @Override public void onDisconnected(IgniteFuture reconnectFut) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteInternalFuture onReconnected(boolean clusterRestarted) { + return null; + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java index 191919d26992f..51e5cd5b48c51 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java @@ -105,25 +105,13 @@ public static Map> compatibleServicePermi * @return Node's security context. */ public static SecurityContext nodeSecurityContext(Marshaller marsh, ClassLoader ldr, ClusterNode node) { - byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); + byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - byte[] subjBytesV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - - if (subjBytes == null && subjBytesV2 == null) + if (subjBytes == null) throw new SecurityException("Security context isn't certain."); try { - if (subjBytesV2 != null) - return U.unmarshal(marsh, subjBytesV2, ldr); - - try { - serializeVersion(1); - - return U.unmarshal(marsh, subjBytes, ldr); - } - finally { - restoreDefaultSerializeVersion(); - } + return U.unmarshal(marsh, subjBytes, ldr); } catch (IgniteCheckedException e) { throw new SecurityException("Failed to get security context.", e); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java deleted file mode 100644 index 42f9661cc005d..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.os; - -import java.util.Collection; -import java.util.Collections; -import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.processors.GridProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; -import org.apache.ignite.internal.processors.security.SecurityContext; -import org.apache.ignite.plugin.security.AuthenticationContext; -import org.apache.ignite.plugin.security.SecurityCredentials; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecuritySubject; -import org.jetbrains.annotations.Nullable; - -/** - * No-op implementation for {@link GridSecurityProcessor}. - */ -public class GridOsSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { - /** - * @param ctx Kernal context. - */ - public GridOsSecurityProcessor(GridKernalContext ctx) { - super(ctx); - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) - throws IgniteCheckedException { - return null; - } - - /** {@inheritDoc} */ - @Override public boolean isGlobalNodeAuthentication() { - return false; - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException { - return null; - } - - /** {@inheritDoc} */ - @Override public Collection authenticatedSubjects() { - return Collections.emptyList(); - } - - /** {@inheritDoc} */ - @Override public SecuritySubject authenticatedSubject(UUID nodeId) { - return null; - } - - /** {@inheritDoc} */ - @Override public void authorize(String name, SecurityPermission perm, @Nullable SecurityContext securityCtx) - throws SecurityException { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onSessionExpired(UUID subjId) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public boolean enabled() { - return false; - } -} \ No newline at end of file diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java index 49a4f55126738..d94df0692ae2b 100644 --- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java @@ -165,6 +165,7 @@ import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_MARSHALLER_USE_BINARY_STRING_SER_VER_2; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_MARSHALLER_USE_DFLT_SUID; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_EVENT_DRIVEN_SERVICE_PROCESSOR_ENABLED; +import static org.apache.ignite.internal.processors.security.SecurityUtils.nodeSecurityContext; import static org.apache.ignite.spi.IgnitePortProtocol.TCP; import static org.apache.ignite.spi.discovery.tcp.internal.TcpDiscoverySpiState.AUTH_FAILED; import static org.apache.ignite.spi.discovery.tcp.internal.TcpDiscoverySpiState.CHECK_FAILED; @@ -1030,7 +1031,6 @@ private void localAuthentication(SecurityCredentials locCred){ Map attrs = new HashMap<>(locNode.attributes()); attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2, U.marshal(spi.marshaller(), subj)); - attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT, marshalWithSecurityVersion(subj, 1)); locNode.setAttributes(attrs); @@ -2130,39 +2130,6 @@ private void processMessageFailedNodes(TcpDiscoveryAbstractMessage msg) { } } - /** - * @param obj Object. - * @param ver Security serialize version. - * @return Marshaled object. - */ - private byte[] marshalWithSecurityVersion(Object obj, int ver) throws IgniteCheckedException { - try { - SecurityUtils.serializeVersion(ver); - - return U.marshal(spi.marshaller(), obj); - } - finally { - SecurityUtils.restoreDefaultSerializeVersion(); - } - } - - /** - * @param bytes Marshaled object. - * @param ver Security serialize version. - * @return Unmarshaled object. - */ - private T unmarshalWithSecurityVersion(byte[] bytes, int ver) throws IgniteCheckedException { - try { - if (ver > 0) - SecurityUtils.serializeVersion(ver); - - return spi.marshaller().unmarshal(bytes, U.resolveClassLoader(spi.ignite().configuration())); - } - finally { - SecurityUtils.restoreDefaultSerializeVersion(); - } - } - /** */ private static WorkersRegistry getWorkerRegistry(TcpDiscoverySpi spi) { return spi.ignite() instanceof IgniteEx ? ((IgniteEx)spi.ignite()).context().workersRegistry() : null; @@ -3787,7 +3754,6 @@ else if (node.clientRouterNodeId() == null && Map attrs = new HashMap<>(node.getAttributes()); attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2, U.marshal(spi.marshaller(), subj)); - attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT, marshalWithSecurityVersion(subj, 1)); node.setAttributes(attrs); } @@ -4343,22 +4309,9 @@ else if (!locNodeId.equals(node.id()) && ring.node(node.id()) != null) { else { SecurityContext subj = spi.nodeAuth.authenticateNode(node, cred); - byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); - byte[] subjBytesV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - - SecurityContext coordSubj; - - try { - if (subjBytesV2 == null) - SecurityUtils.serializeVersion(1); - - coordSubj = U.unmarshal(spi.marshaller(), - subjBytesV2 != null ? subjBytesV2 : subjBytes, - U.resolveClassLoader(spi.ignite().configuration())); - } - finally { - SecurityUtils.restoreDefaultSerializeVersion(); - } + SecurityContext coordSubj = nodeSecurityContext( + spi.marshaller(), U.resolveClassLoader(spi.ignite().configuration()), node + ); if (!permissionsEqual(coordSubj.subject().permissions(), subj.subject().permissions())) { // Node has not pass authentication. @@ -4375,7 +4328,7 @@ else if (!locNodeId.equals(node.id()) && ring.node(node.id()) != null) { authFailed = false; } } - catch (IgniteException | IgniteCheckedException e) { + catch (IgniteException e) { U.error(log, "Failed to verify node permissions consistency (will drop the node): " + node, e); } finally { @@ -4443,23 +4396,15 @@ else if (!locNodeId.equals(node.id()) && ring.node(node.id()) != null) { new TcpDiscoveryAuthFailedMessage(locNodeId, spi.locHost); try { - byte[] rmSubj = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); - byte[] locSubj = locNode.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT); - - byte[] rmSubjV2 = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - byte[] locSubjV2 = locNode.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + ClassLoader ldr = U.resolveClassLoader(spi.ignite().configuration()); - int ver = 1; // Compatible version. - - if (rmSubjV2 != null && locSubjV2 != null) { - rmSubj = rmSubjV2; - locSubj = locSubjV2; - - ver = 0; // Default version. - } + SecurityContext rmCrd = nodeSecurityContext( + spi.marshaller(), ldr, node + ); - SecurityContext rmCrd = unmarshalWithSecurityVersion(rmSubj, ver); - SecurityContext locCrd = unmarshalWithSecurityVersion(locSubj, ver); + SecurityContext locCrd = nodeSecurityContext( + spi.marshaller(), ldr, locNode + ); if (!permissionsEqual(locCrd.subject().permissions(), rmCrd.subject().permissions())) { @@ -4478,7 +4423,7 @@ else if (!locNodeId.equals(node.id()) && ring.node(node.id()) != null) { return; } } - catch (IgniteCheckedException e) { + catch (IgniteException e) { U.error(log, "Failed to verify node permissions consistency (will drop the node): " + node, e); joinRes.set(authFail); From 587af156777863ec0ca79b34335de4e1ae6f2a61 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 5 Feb 2019 16:11:11 +0300 Subject: [PATCH 41/98] IGNITE-9560 Renaming. --- ...a => EntryProcessorCacheSecurityTest.java} | 2 +- ...t.java => ScanQueryCacheSecurityTest.java} | 2 +- .../AbstractTaskExecutePermissionTest.java | 4 +-- ... => ComputeTaskExecutePermissionTest.java} | 2 +- ...tributedClosureExecutePermissionTest.java} | 2 +- ...ExecutorServiceExecutePermissionTest.java} | 2 +- ...ibutedClosureComputeTaskSecurityTest.java} | 2 +- ...ecutorServiceComputeTaskSecurityTest.java} | 2 +- ... IgniteDataStreamerCacheSecurityTest.java} | 2 +- ...eMessagingResolveSecurityContextTest.java} | 2 +- .../AuthorizeOperationsTestSuite.java | 36 +++++++++---------- 11 files changed, 29 insertions(+), 29 deletions(-) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/{EntryProcessorSecurityTest.java => EntryProcessorCacheSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/{ScanQuerySecurityTest.java => ScanQueryCacheSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{TaskExecutePermissionForComputeTaskTest.java => ComputeTaskExecutePermissionTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{TaskExecutePermissionForDistributedClosureTest.java => DistributedClosureExecutePermissionTest.java} (96%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{TaskExecutePermissionForExecutorServiceTest.java => ExecutorServiceExecutePermissionTest.java} (95%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{DistributedClosureSecurityTest.java => DistributedClosureComputeTaskSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{ExecutorServiceTaskSecurityTest.java => ExecutorServiceComputeTaskSecurityTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/{IgniteDataStreamerSecurityTest.java => IgniteDataStreamerCacheSecurityTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/{IgniteMessagingTest.java => IgniteMessagingResolveSecurityContextTest.java} (97%) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheSecurityTest.java index 0574fd94b239c..9e711bc81e8d1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheSecurityTest.java @@ -34,7 +34,7 @@ * Testing permissions when EntryProcessor closure is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class EntryProcessorSecurityTest extends AbstractCacheSecurityTest { +public class EntryProcessorCacheSecurityTest extends AbstractCacheSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheSecurityTest.java index ffb7c64108f92..b74f533260d1e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQuerySecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheSecurityTest.java @@ -33,7 +33,7 @@ * Testing permissions when the filter of ScanQuery is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class ScanQuerySecurityTest extends AbstractCacheSecurityTest { +public class ScanQueryCacheSecurityTest extends AbstractCacheSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java index 5474e5501b011..7d5e039588f63 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java @@ -90,7 +90,7 @@ public abstract class AbstractTaskExecutePermissionTest extends AbstractSecurity @Test public void test() { for (TestRunnable r : runnablesForNodes(srvAllowed, clntAllowed)) - allowRun(r); + allowedRun(r); for (TestRunnable r : runnablesForNodes(srvForbidden, clntForbidden)) forbiddenRun(r); @@ -133,7 +133,7 @@ private Collection runnablesForNodes(Ignite... nodes) { /** * @param r TestRunnable. */ - private void allowRun(TestRunnable r) { + private void allowedRun(TestRunnable r) { IS_EXECUTED.set(false); try { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskExecutePermissionTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskExecutePermissionTest.java index 38759ef775f88..5025a5ead3bd4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForComputeTaskTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskExecutePermissionTest.java @@ -35,7 +35,7 @@ /** * Test task execute permission for compute task. */ -public class TaskExecutePermissionForComputeTaskTest extends AbstractTaskExecutePermissionTest { +public class ComputeTaskExecutePermissionTest extends AbstractTaskExecutePermissionTest { /** Allowed task. */ private static final AllowedTask TEST_TASK = new AllowedTask(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureExecutePermissionTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureExecutePermissionTest.java index 18e9190bd198e..3c15e67d18909 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForDistributedClosureTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureExecutePermissionTest.java @@ -28,7 +28,7 @@ /** * Test task execute permission for compute broadcast. */ -public class TaskExecutePermissionForDistributedClosureTest extends AbstractTaskExecutePermissionTest { +public class DistributedClosureExecutePermissionTest extends AbstractTaskExecutePermissionTest { /** Test callable. */ protected static final IgniteCallable TEST_CALLABLE = () -> { IS_EXECUTED.set(true); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecutorServiceExecutePermissionTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecutorServiceExecutePermissionTest.java index a3395ac794ff1..4fea1139e6bed 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionForExecutorServiceTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecutorServiceExecutePermissionTest.java @@ -28,7 +28,7 @@ /** * Test task execute permission for Executor Service. */ -public class TaskExecutePermissionForExecutorServiceTest extends AbstractTaskExecutePermissionTest { +public class ExecutorServiceExecutePermissionTest extends AbstractTaskExecutePermissionTest { /** Test callable. */ protected static final IgniteCallable TEST_CALLABLE = () -> { IS_EXECUTED.set(true); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeTaskSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeTaskSecurityTest.java index 3067dff0783b2..9c35cc41ace18 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeTaskSecurityTest.java @@ -33,7 +33,7 @@ /** * Testing permissions when the compute closure is executed cache operations on remote node. */ -public class DistributedClosureSecurityTest extends AbstractComputeTaskSecurityTest { +public class DistributedClosureComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeTaskSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeTaskSecurityTest.java index a42f0a8778f33..770ebc5bd09bb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeTaskSecurityTest.java @@ -34,7 +34,7 @@ * Testing permissions when the service task is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class ExecutorServiceTaskSecurityTest extends AbstractComputeTaskSecurityTest { +public class ExecutorServiceComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerCacheSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerCacheSecurityTest.java index bf99432eaa844..7778422384757 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerCacheSecurityTest.java @@ -36,7 +36,7 @@ * Testing permissions when the closure od DataStreamer is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class IgniteDataStreamerSecurityTest extends AbstractCacheSecurityTest { +public class IgniteDataStreamerCacheSecurityTest extends AbstractCacheSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityContextTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityContextTest.java index 8239ea53c49b6..87059a6149ba4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityContextTest.java @@ -36,7 +36,7 @@ * Testing permissions when the message listener is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class IgniteMessagingTest extends AbstractResolveSecurityContextTest { +public class IgniteMessagingResolveSecurityContextTest extends AbstractResolveSecurityContextTest { /** Barrier. */ private static final CyclicBarrier BARRIER = new CyclicBarrier(3); diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index c95d9383d03f7..9a55a976b4c98 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -21,19 +21,19 @@ import org.apache.ignite.internal.processor.security.cache.EntryProcessorCachePermissionTest; import org.apache.ignite.internal.processor.security.cache.LoadCachePermissionTest; import org.apache.ignite.internal.processor.security.cache.ScanQueryCachePermissionTest; -import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorSecurityTest; +import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorCacheSecurityTest; import org.apache.ignite.internal.processor.security.cache.closure.LoadCacheSecurityTest; -import org.apache.ignite.internal.processor.security.cache.closure.ScanQuerySecurityTest; +import org.apache.ignite.internal.processor.security.cache.closure.ScanQueryCacheSecurityTest; import org.apache.ignite.internal.processor.security.client.ThinClientSecurityTest; -import org.apache.ignite.internal.processor.security.compute.TaskExecutePermissionForComputeTaskTest; -import org.apache.ignite.internal.processor.security.compute.TaskExecutePermissionForDistributedClosureTest; -import org.apache.ignite.internal.processor.security.compute.TaskExecutePermissionForExecutorServiceTest; +import org.apache.ignite.internal.processor.security.compute.ComputeTaskExecutePermissionTest; +import org.apache.ignite.internal.processor.security.compute.DistributedClosureExecutePermissionTest; +import org.apache.ignite.internal.processor.security.compute.ExecutorServiceExecutePermissionTest; import org.apache.ignite.internal.processor.security.compute.closure.ComputeTaskSecurityTest; -import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureSecurityTest; -import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceTaskSecurityTest; +import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureComputeTaskSecurityTest; +import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceComputeTaskSecurityTest; import org.apache.ignite.internal.processor.security.datastreamer.DataStreamerCachePermissionTest; -import org.apache.ignite.internal.processor.security.datastreamer.closure.IgniteDataStreamerSecurityTest; -import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingTest; +import org.apache.ignite.internal.processor.security.datastreamer.closure.IgniteDataStreamerCacheSecurityTest; +import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingResolveSecurityContextTest; import org.junit.runner.RunWith; import org.junit.runners.Suite; @@ -47,19 +47,19 @@ ScanQueryCachePermissionTest.class, LoadCachePermissionTest.class, EntryProcessorCachePermissionTest.class, - TaskExecutePermissionForExecutorServiceTest.class, - TaskExecutePermissionForDistributedClosureTest.class, - TaskExecutePermissionForComputeTaskTest.class, + ExecutorServiceExecutePermissionTest.class, + DistributedClosureExecutePermissionTest.class, + ComputeTaskExecutePermissionTest.class, - DistributedClosureSecurityTest.class, + DistributedClosureComputeTaskSecurityTest.class, ComputeTaskSecurityTest.class, - ExecutorServiceTaskSecurityTest.class, - ScanQuerySecurityTest.class, - EntryProcessorSecurityTest.class, - IgniteDataStreamerSecurityTest.class, + ExecutorServiceComputeTaskSecurityTest.class, + ScanQueryCacheSecurityTest.class, + EntryProcessorCacheSecurityTest.class, + IgniteDataStreamerCacheSecurityTest.class, LoadCacheSecurityTest.class, ThinClientSecurityTest.class, - IgniteMessagingTest.class, + IgniteMessagingResolveSecurityContextTest.class, }) public class AuthorizeOperationsTestSuite { } From 13aa42dcf03321fade39de628253abd05f2d4103 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 6 Feb 2019 13:05:09 +0300 Subject: [PATCH 42/98] IGNITE-9560 Renaming. --- .../security/AbstractCachePermissionTest.java | 47 --- ... => AbstractCacheResolveSecurityTest.java} | 2 +- ...va => AbstractPermissionSecurityTest.java} | 26 +- ....java => AbstractResolveSecurityTest.java} | 2 +- ...java => CachePermissionsSecurityTest.java} | 4 +- ...EntryProcessorPermissionSecurityTest.java} | 4 +- ...a => LoadCachePermissionSecurityTest.java} | 4 +- ...a => ScanQueryPermissionSecurityTest.java} | 4 +- ...tryProcessorCacheResolveSecurityTest.java} | 4 +- ...java => LoadCacheResolveSecurityTest.java} | 4 +- ...=> ScanQueryCacheResolveSecurityTest.java} | 4 +- .../AbstractTaskExecutePermissionTest.java | 217 ------------ .../ComputeTaskExecutePermissionTest.java | 98 ------ ...stributedClosureExecutePermissionTest.java | 76 ---- .../ExecutorServiceExecutePermissionTest.java | 59 ---- .../compute/TaskExecutePermissionTest.java | 325 ++++++++++++++++++ ...> AbstractComputeResolveSecurityTest.java} | 4 +- ...omputeTaskComputeResolveSecurityTest.java} | 2 +- ...tedClosureComputeResolveSecurityTest.java} | 2 +- ...torServiceComputeResolveSecurityTest.java} | 2 +- ...=> DataStreamePermissionSecurityTest.java} | 4 +- ...DataStreamerCacheResolveSecurityTest.java} | 4 +- ...> IgniteMessagingResolveSecurityTest.java} | 4 +- .../AuthorizeOperationsTestSuite.java | 60 ++-- 24 files changed, 405 insertions(+), 557 deletions(-) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{AbstractCacheSecurityTest.java => AbstractCacheResolveSecurityTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{AbstractPermissionTest.java => AbstractPermissionSecurityTest.java} (74%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{AbstractResolveSecurityContextTest.java => AbstractResolveSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{CachePermissionsTest.java => CachePermissionsSecurityTest.java} (95%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{EntryProcessorCachePermissionTest.java => EntryProcessorPermissionSecurityTest.java} (96%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{LoadCachePermissionTest.java => LoadCachePermissionSecurityTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{ScanQueryCachePermissionTest.java => ScanQueryPermissionSecurityTest.java} (94%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/{EntryProcessorCacheSecurityTest.java => EntryProcessorCacheResolveSecurityTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/{LoadCacheSecurityTest.java => LoadCacheResolveSecurityTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/{ScanQueryCacheSecurityTest.java => ScanQueryCacheResolveSecurityTest.java} (97%) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskExecutePermissionTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureExecutePermissionTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecutorServiceExecutePermissionTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{AbstractComputeTaskSecurityTest.java => AbstractComputeResolveSecurityTest.java} (95%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{ComputeTaskSecurityTest.java => ComputeTaskComputeResolveSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{DistributedClosureComputeTaskSecurityTest.java => DistributedClosureComputeResolveSecurityTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{ExecutorServiceComputeTaskSecurityTest.java => ExecutorServiceComputeResolveSecurityTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/{DataStreamerCachePermissionTest.java => DataStreamePermissionSecurityTest.java} (95%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/{IgniteDataStreamerCacheSecurityTest.java => DataStreamerCacheResolveSecurityTest.java} (96%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/{IgniteMessagingResolveSecurityContextTest.java => IgniteMessagingResolveSecurityTest.java} (96%) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java deleted file mode 100644 index ad29456294802..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCachePermissionTest.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security; - -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.configuration.IgniteConfiguration; - -/** - * - */ -public abstract class AbstractCachePermissionTest extends AbstractPermissionTest { - /** Cache name for tests. */ - protected static final String CACHE_NAME = "TEST_CACHE"; - /** Forbidden cache. */ - protected static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; - - /** {@inheritDoc} */ - @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { - return super.getConfiguration(igniteInstanceName) - .setCacheConfiguration(getCacheConfigurations()); - } - - /** - * @return Array of cache configurations. - */ - protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration().setName(CACHE_NAME), - new CacheConfiguration().setName(FORBIDDEN_CACHE) - }; - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java index 81e6028510f68..da9e2ee79a966 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java @@ -27,7 +27,7 @@ /** * */ -public abstract class AbstractCacheSecurityTest extends AbstractResolveSecurityContextTest { +public abstract class AbstractCacheResolveSecurityTest extends AbstractResolveSecurityTest { /** Cache name for tests. */ protected static final String CACHE_NAME = "TEST_CACHE"; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionSecurityTest.java similarity index 74% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionSecurityTest.java index e4c1c5723f332..912f628b2b27b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionSecurityTest.java @@ -20,6 +20,8 @@ import java.util.concurrent.atomic.AtomicInteger; import java.util.function.Consumer; import org.apache.ignite.Ignite; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; @@ -32,7 +34,13 @@ /** * */ -public abstract class AbstractPermissionTest extends AbstractSecurityTest { +public abstract class AbstractPermissionSecurityTest extends AbstractSecurityTest { + /** Cache name for tests. */ + protected static final String CACHE_NAME = "TEST_CACHE"; + + /** Forbidden cache. */ + protected static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; + /** Values. */ protected AtomicInteger values = new AtomicInteger(0); @@ -43,6 +51,22 @@ public abstract class AbstractPermissionTest extends AbstractSecurityTest { startGrid("server", allowAllPermissionSet()).cluster().active(true); } + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + return super.getConfiguration(igniteInstanceName) + .setCacheConfiguration(getCacheConfigurations()); + } + + /** + * @return Array of cache configurations. + */ + protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration().setName(CACHE_NAME), + new CacheConfiguration().setName(FORBIDDEN_CACHE) + }; + } + /** * Getting login prefix. * diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java index 6224ec76d6011..e9a41ea200204 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityContextTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java @@ -33,7 +33,7 @@ /** * */ -public class AbstractResolveSecurityContextTest extends AbstractSecurityTest { +public class AbstractResolveSecurityTest extends AbstractSecurityTest { /** Verifier to check results of tests. */ protected static final Verifier VERIFIER = new Verifier(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsSecurityTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsSecurityTest.java index 2a09357f1c8e9..112bc4e20eaf4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsSecurityTest.java @@ -19,7 +19,7 @@ import java.util.Collections; import org.apache.ignite.Ignite; -import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; +import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -33,7 +33,7 @@ * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CachePermissionsTest extends AbstractCachePermissionTest { +public class CachePermissionsSecurityTest extends AbstractPermissionSecurityTest { /** * @throws Exception If fail. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java index 4341e7eaf9d6c..fae8159660543 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java @@ -19,7 +19,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.cache.CacheEntryProcessor; -import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; +import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; import org.apache.ignite.internal.util.typedef.T2; import org.junit.Test; import org.junit.runner.RunWith; @@ -33,7 +33,7 @@ * Test cache permission for Entry processor. */ @RunWith(JUnit4.class) -public class EntryProcessorCachePermissionTest extends AbstractCachePermissionTest { +public class EntryProcessorPermissionSecurityTest extends AbstractPermissionSecurityTest { /** Server node. */ private Ignite srvNode; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java index 50a2da19e293f..d004e1971232d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java @@ -29,7 +29,7 @@ import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.store.CacheStore; import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; +import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; import org.apache.ignite.internal.util.lang.gridfunc.ContainsPredicate; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.internal.util.typedef.T2; @@ -46,7 +46,7 @@ * Test cache permission for Load cache. */ @RunWith(JUnit4.class) -public class LoadCachePermissionTest extends AbstractCachePermissionTest { +public class LoadCachePermissionSecurityTest extends AbstractPermissionSecurityTest { /** Entry. */ private static T2 entry; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionSecurityTest.java similarity index 94% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionSecurityTest.java index 3ee05449bd1d8..ac5c3be392196 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionSecurityTest.java @@ -20,7 +20,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.cache.query.ScanQuery; -import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; +import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; import org.apache.ignite.internal.util.typedef.G; import org.junit.Test; import org.junit.runner.RunWith; @@ -32,7 +32,7 @@ * Test cache permission for invoking of Scan Query. */ @RunWith(JUnit4.class) -public class ScanQueryCachePermissionTest extends AbstractCachePermissionTest { +public class ScanQueryPermissionSecurityTest extends AbstractPermissionSecurityTest { /** * @throws Exception If fail. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java index 9e711bc81e8d1..36fa038f47f20 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java @@ -25,7 +25,7 @@ import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheResolveSecurityTest; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -34,7 +34,7 @@ * Testing permissions when EntryProcessor closure is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class EntryProcessorCacheSecurityTest extends AbstractCacheSecurityTest { +public class EntryProcessorCacheResolveSecurityTest extends AbstractCacheResolveSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java index d9e3368f0f8b4..2b543d23f83c2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java @@ -25,7 +25,7 @@ import org.apache.ignite.cache.store.CacheStoreAdapter; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheResolveSecurityTest; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.resources.IgniteInstanceResource; @@ -37,7 +37,7 @@ * Testing permissions when the filter of Load cache is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class LoadCacheSecurityTest extends AbstractCacheSecurityTest { +public class LoadCacheResolveSecurityTest extends AbstractCacheResolveSecurityTest { /** Transition load cache. */ private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java index b74f533260d1e..eff1e725075cf 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java @@ -21,7 +21,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheResolveSecurityTest; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.resources.IgniteInstanceResource; @@ -33,7 +33,7 @@ * Testing permissions when the filter of ScanQuery is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class ScanQueryCacheSecurityTest extends AbstractCacheSecurityTest { +public class ScanQueryCacheResolveSecurityTest extends AbstractCacheResolveSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java deleted file mode 100644 index 7d5e039588f63..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/AbstractTaskExecutePermissionTest.java +++ /dev/null @@ -1,217 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.List; -import java.util.concurrent.CancellationException; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.Future; -import java.util.concurrent.atomic.AtomicBoolean; -import java.util.function.Supplier; -import org.apache.ignite.Ignite; -import org.apache.ignite.internal.processor.security.AbstractSecurityTest; -import org.apache.ignite.lang.IgniteFuture; -import org.apache.ignite.lang.IgniteFutureCancelledException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSet; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; - -/** - * Abstract class for task execute permission tests. - */ -@RunWith(JUnit4.class) -public abstract class AbstractTaskExecutePermissionTest extends AbstractSecurityTest { - /** Flag that shows task was executed. */ - protected static final AtomicBoolean IS_EXECUTED = new AtomicBoolean(false); - - /** Server allowed all task permissions. */ - protected Ignite srvAllowed; - - /** Server forbidden all task permissions. */ - protected Ignite srvForbidden; - - /** Server forbidden cancel task permission. */ - protected Ignite srvForbiddenCancel; - - /** Client allowed all task permissions. */ - protected Ignite clntAllowed; - - /** Client forbidden all task permissions. */ - protected Ignite clntForbidden; - - /** Client forbidden cancel task permission. */ - protected Ignite clntForbiddenCancel; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); - - srvForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS)); - - srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); - - clntAllowed = startGrid("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), true); - - clntForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS), true); - - clntForbiddenCancel = startGrid("clnt_forbidden_cnl", permissions(TASK_EXECUTE), true); - - srvAllowed.cluster().active(true); - } - - /** - * - */ - @Test - public void test() { - for (TestRunnable r : runnablesForNodes(srvAllowed, clntAllowed)) - allowedRun(r); - - for (TestRunnable r : runnablesForNodes(srvForbidden, clntForbidden)) - forbiddenRun(r); - - allowedCancel(cancelSupplier(srvAllowed)); - allowedCancel(cancelSupplier(clntAllowed)); - - forbiddenCancel(cancelSupplier(srvForbiddenCancel)); - forbiddenCancel(cancelSupplier(clntForbiddenCancel)); - } - - /** - * @param perms Permissions. - */ - protected abstract SecurityPermissionSet permissions(SecurityPermission... perms); - - /** - * @param node Node. - */ - protected abstract Supplier cancelSupplier(Ignite node); - - /** - * @param node Node. - * @return Array of runnable that invoke set of compute methods on passed node. - */ - protected abstract TestRunnable[] runnables(Ignite node); - - /** - * @param nodes Array of nodes. - */ - private Collection runnablesForNodes(Ignite... nodes) { - List res = new ArrayList<>(); - - for (Ignite node : nodes) - res.addAll(Arrays.asList(runnables(node))); - - return res; - } - - /** - * @param r TestRunnable. - */ - private void allowedRun(TestRunnable r) { - IS_EXECUTED.set(false); - - try { - r.run(); - } - catch (Exception e) { - throw new RuntimeException(e); - } - - assertTrue(IS_EXECUTED.get()); - } - - /** - * @param s Supplier. - */ - private void forbiddenCancel(Supplier s) { - FutureAdapter f = s.get(); - - forbiddenRun(f::cancel); - } - - /** - * @param s Supplier. - */ - private void allowedCancel(Supplier s) { - FutureAdapter f = s.get(); - - f.cancel(); - - forbiddenRun(f::get, CancellationException.class, IgniteFutureCancelledException.class); - } - - /** - * - */ - static class FutureAdapter { - /** Ignite future. */ - private final IgniteFuture igniteFut; - - /** Future. */ - private final Future fut; - - /** - * @param igniteFut Ignite future. - */ - public FutureAdapter(IgniteFuture igniteFut) { - this.igniteFut = igniteFut; - fut = null; - } - - /** - * @param fut Future. - */ - public FutureAdapter(Future fut) { - this.fut = fut; - igniteFut = null; - } - - - /** - * - */ - public void cancel() { - assert igniteFut != null || fut != null; - - if (igniteFut != null) - igniteFut.cancel(); - else - fut.cancel(true); - } - - /** - * - */ - public Object get() throws ExecutionException, InterruptedException { - assert igniteFut != null || fut != null; - - return igniteFut != null ? igniteFut.get() : fut.get(); - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskExecutePermissionTest.java deleted file mode 100644 index 5025a5ead3bd4..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputeTaskExecutePermissionTest.java +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute; - -import java.util.Collections; -import java.util.List; -import java.util.Map; -import java.util.function.Supplier; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.compute.ComputeJob; -import org.apache.ignite.compute.ComputeJobResult; -import org.apache.ignite.compute.ComputeJobResultPolicy; -import org.apache.ignite.compute.ComputeTask; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSet; -import org.jetbrains.annotations.Nullable; - -/** - * Test task execute permission for compute task. - */ -public class ComputeTaskExecutePermissionTest extends AbstractTaskExecutePermissionTest { - /** Allowed task. */ - private static final AllowedTask TEST_TASK = new AllowedTask(); - - /** {@inheritDoc} */ - @Override protected SecurityPermissionSet permissions(SecurityPermission... perms) { - return builder().defaultAllowAll(true) - .appendTaskPermissions(TEST_TASK.getClass().getName(), perms) - .build(); - } - - /** {@inheritDoc} */ - @Override protected TestRunnable[] runnables(Ignite node){ - return new TestRunnable[]{ - () -> node.compute().execute(TEST_TASK, 0), - () -> node.compute().executeAsync(TEST_TASK, 0).get() - }; - } - - /** {@inheritDoc} */ - @Override protected Supplier cancelSupplier(Ignite node) { - return () -> new FutureAdapter(node.compute().executeAsync(TEST_TASK, 0)); - } - - /** - * Abstract test compute task. - */ - static class AllowedTask implements ComputeTask { - /** {@inheritDoc} */ - @Override public @Nullable Map map(List subgrid, - @Nullable Object arg) throws IgniteException { - IS_EXECUTED.set(true); - - return Collections.singletonMap( - new ComputeJob() { - @Override public void cancel() { - // no-op - } - - @Override public Object execute() throws IgniteException { - return null; - } - }, subgrid.stream().findFirst().get() - ); - } - - /** {@inheritDoc} */ - @Override public ComputeJobResultPolicy result(ComputeJobResult res, - List rcvd) throws IgniteException { - if (res.getException() != null) - throw res.getException(); - - return ComputeJobResultPolicy.REDUCE; - } - - /** {@inheritDoc} */ - @Override public @Nullable Integer reduce(List results) throws IgniteException { - return null; - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureExecutePermissionTest.java deleted file mode 100644 index 3c15e67d18909..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/DistributedClosureExecutePermissionTest.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute; - -import java.util.function.Supplier; -import org.apache.ignite.Ignite; -import org.apache.ignite.lang.IgniteCallable; -import org.apache.ignite.lang.IgniteClosure; -import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSet; - -/** - * Test task execute permission for compute broadcast. - */ -public class DistributedClosureExecutePermissionTest extends AbstractTaskExecutePermissionTest { - /** Test callable. */ - protected static final IgniteCallable TEST_CALLABLE = () -> { - IS_EXECUTED.set(true); - - return null; - }; - - /** Test runnable. */ - private static final IgniteRunnable TEST_RUNNABLE = () -> IS_EXECUTED.set(true); - - /** Test closure. */ - private static final IgniteClosure TEST_CLOSURE = a -> { - IS_EXECUTED.set(true); - - return null; - }; - - /** {@inheritDoc} */ - @Override protected Supplier cancelSupplier(Ignite node) { - return () -> new FutureAdapter(node.compute().broadcastAsync(TEST_CALLABLE)); - } - - /** {@inheritDoc} */ - @Override protected TestRunnable[] runnables(Ignite node) { - return new TestRunnable[]{ - () -> node.compute().broadcast(TEST_CALLABLE), - () -> node.compute().broadcastAsync(TEST_CALLABLE).get(), - () -> node.compute().call(TEST_CALLABLE), - () -> node.compute().callAsync(TEST_CALLABLE).get(), - () -> node.compute().run(TEST_RUNNABLE), - () -> node.compute().runAsync(TEST_RUNNABLE).get(), - () -> node.compute().apply(TEST_CLOSURE, new Object()), - () -> node.compute().applyAsync(TEST_CLOSURE, new Object()).get() - }; - } - - /** {@inheritDoc} */ - @Override protected SecurityPermissionSet permissions(SecurityPermission... perms) { - return builder().defaultAllowAll(true) - .appendTaskPermissions(TEST_CALLABLE.getClass().getName(), perms) - .appendTaskPermissions(TEST_RUNNABLE.getClass().getName(), perms) - .appendTaskPermissions(TEST_CLOSURE.getClass().getName(), perms) - .build(); - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecutorServiceExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecutorServiceExecutePermissionTest.java deleted file mode 100644 index 4fea1139e6bed..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ExecutorServiceExecutePermissionTest.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute; - -import java.util.function.Supplier; -import org.apache.ignite.Ignite; -import org.apache.ignite.lang.IgniteCallable; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSet; - -import static java.util.Collections.singletonList; - -/** - * Test task execute permission for Executor Service. - */ -public class ExecutorServiceExecutePermissionTest extends AbstractTaskExecutePermissionTest { - /** Test callable. */ - protected static final IgniteCallable TEST_CALLABLE = () -> { - IS_EXECUTED.set(true); - - return null; - }; - - /** {@inheritDoc} */ - @Override protected SecurityPermissionSet permissions(SecurityPermission... perms) { - return builder().defaultAllowAll(true) - .appendTaskPermissions(TEST_CALLABLE.getClass().getName(), perms) - .build(); - } - - /** {@inheritDoc} */ - @Override protected Supplier cancelSupplier(Ignite node) { - return () -> new FutureAdapter(node.executorService().submit(TEST_CALLABLE)); - } - - /** {@inheritDoc} */ - @Override protected TestRunnable[] runnables(Ignite node) { - return new TestRunnable[]{ - () -> node.executorService().submit(TEST_CALLABLE).get(), - () -> node.executorService().invokeAll(singletonList(TEST_CALLABLE)), - () -> node.executorService().invokeAny(singletonList(TEST_CALLABLE)) - }; - } -} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java new file mode 100644 index 0000000000000..04dd986238bc8 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java @@ -0,0 +1,325 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Future; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.function.Function; +import java.util.function.Supplier; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.compute.ComputeJob; +import org.apache.ignite.compute.ComputeJobResult; +import org.apache.ignite.compute.ComputeJobResultPolicy; +import org.apache.ignite.compute.ComputeTask; +import org.apache.ignite.internal.processor.security.AbstractSecurityTest; +import org.apache.ignite.lang.IgniteCallable; +import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.lang.IgniteFuture; +import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.jetbrains.annotations.Nullable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import static java.util.Collections.singletonList; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; + +/** + * Task execute permission tests. + */ +@RunWith(JUnit4.class) +public class TaskExecutePermissionTest extends AbstractSecurityTest { + /** Flag that shows task was executed. */ + private static final AtomicBoolean IS_EXECUTED = new AtomicBoolean(false); + + /** Allowed task. */ + private static final AllowedTask TEST_TASK = new AllowedTask(); + + /** Test callable. */ + private static final IgniteCallable TEST_CALLABLE = () -> { + IS_EXECUTED.set(true); + + return null; + }; + + /** Test runnable. */ + private static final IgniteRunnable TEST_RUNNABLE = () -> IS_EXECUTED.set(true); + + /** Test closure. */ + private static final IgniteClosure TEST_CLOSURE = a -> { + IS_EXECUTED.set(true); + + return null; + }; + + /** Server allowed all task permissions. */ + private Ignite srvAllowed; + + /** Server forbidden all task permissions. */ + private Ignite srvForbidden; + + /** Server forbidden cancel task permission. */ + private Ignite srvForbiddenCancel; + + /** Client allowed all task permissions. */ + private Ignite clntAllowed; + + /** Client forbidden all task permissions. */ + private Ignite clntForbidden; + + /** Client forbidden cancel task permission. */ + private Ignite clntForbiddenCancel; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); + + srvForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS)); + + srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); + + clntAllowed = startGrid("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), true); + + clntForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS), true); + + clntForbiddenCancel = startGrid("clnt_forbidden_cnl", permissions(TASK_EXECUTE), true); + + srvAllowed.cluster().active(true); + } + + /** + * + */ + @Test + public void test() { + for (TestRunnable r : runnables(srvAllowed, clntAllowed)) + allowedRun(r); + + for (TestRunnable r : runnables(srvForbidden, clntForbidden)) + forbiddenRun(r); + + for (Supplier s : suppliers(srvAllowed, clntAllowed)) + allowedCancel(s); + + for (Supplier s : suppliers(srvForbiddenCancel, clntForbiddenCancel)) + forbiddenCancel(s); + } + + /** + * @param nodes Array of nodes. + */ + private Collection runnables(Ignite... nodes) { + Function f = (node) -> new TestRunnable[]{ + () -> node.compute().execute(TEST_TASK, 0), + () -> node.compute().executeAsync(TEST_TASK, 0).get(), + () -> node.compute().broadcast(TEST_CALLABLE), + () -> node.compute().broadcastAsync(TEST_CALLABLE).get(), + () -> node.compute().call(TEST_CALLABLE), + () -> node.compute().callAsync(TEST_CALLABLE).get(), + () -> node.compute().run(TEST_RUNNABLE), + () -> node.compute().runAsync(TEST_RUNNABLE).get(), + () -> node.compute().apply(TEST_CLOSURE, new Object()), + () -> node.compute().applyAsync(TEST_CLOSURE, new Object()).get(), + () -> node.executorService().submit(TEST_CALLABLE).get(), + () -> node.executorService().invokeAll(singletonList(TEST_CALLABLE)), + () -> node.executorService().invokeAny(singletonList(TEST_CALLABLE)) + }; + + List res = new ArrayList<>(); + + for (Ignite node : nodes) + res.addAll(Arrays.asList(f.apply(node))); + + return res; + } + + /** + * + */ + private List> suppliers(Ignite... nodes) { + List> res = new ArrayList<>(); + + for(Ignite node : nodes) { + res.add(() -> new FutureAdapter(node.compute().broadcastAsync(TEST_CALLABLE))); + res.add(() -> new FutureAdapter(node.compute().callAsync(TEST_CALLABLE))); + res.add(() -> new FutureAdapter(node.compute().runAsync(TEST_RUNNABLE))); + res.add(() -> new FutureAdapter(node.compute().applyAsync(TEST_CLOSURE, new Object()))); + res.add(() -> new FutureAdapter(node.compute().executeAsync(TEST_TASK, 0))); + res.add(() -> new FutureAdapter(node.executorService().submit(TEST_CALLABLE))); + } + + return res; + } + + /** + * @param perms Permissions. + */ + private SecurityPermissionSet permissions(SecurityPermission... perms) { + return builder().defaultAllowAll(true) + .appendTaskPermissions(TEST_TASK.getClass().getName(), perms) + .appendTaskPermissions(TEST_CALLABLE.getClass().getName(), perms) + .appendTaskPermissions(TEST_RUNNABLE.getClass().getName(), perms) + .appendTaskPermissions(TEST_CLOSURE.getClass().getName(), perms) + .build(); + } + + /** + * @param r TestRunnable. + */ + private void allowedRun(TestRunnable r) { + IS_EXECUTED.set(false); + + try { + r.run(); + } + catch (Exception e) { + throw new RuntimeException(e); + } + + assertTrue(IS_EXECUTED.get()); + } + + /** + * @param s Supplier. + */ + private void forbiddenCancel(Supplier s) { + FutureAdapter f = s.get(); + + forbiddenRun(f::cancel); + } + + /** + * @param s Supplier. + */ + private void allowedCancel(Supplier s) { + FutureAdapter f = s.get(); + + f.cancel(); + + assertThat(f.isCancelled(), is(true)); + } + + /** + * + */ + private static class FutureAdapter { + /** Ignite future. */ + private final IgniteFuture igniteFut; + + /** Future. */ + private final Future fut; + + /** + * @param igniteFut Ignite future. + */ + public FutureAdapter(IgniteFuture igniteFut) { + assert igniteFut != null; + + this.igniteFut = igniteFut; + fut = null; + } + + /** + * @param fut Future. + */ + public FutureAdapter(Future fut) { + assert fut != null; + + this.fut = fut; + igniteFut = null; + } + + + /** + * + */ + public void cancel() { + if (igniteFut != null) + igniteFut.cancel(); + else + fut.cancel(true); + } + + /** + * + */ + public Object get() throws ExecutionException, InterruptedException { + return igniteFut != null ? igniteFut.get() : fut.get(); + } + + /** + * + */ + public boolean isCancelled(){ + return igniteFut != null ? igniteFut.isCancelled() : fut.isCancelled(); + } + } + + /** + * Abstract test compute task. + */ + private static class AllowedTask implements ComputeTask { + /** {@inheritDoc} */ + @Override public @Nullable Map map(List subgrid, + @Nullable Object arg) throws IgniteException { + IS_EXECUTED.set(true); + + return Collections.singletonMap( + new ComputeJob() { + @Override public void cancel() { + // no-op + } + + @Override public Object execute() throws IgniteException { + return null; + } + }, subgrid.stream().findFirst().get() + ); + } + + /** {@inheritDoc} */ + @Override public ComputeJobResultPolicy result(ComputeJobResult res, + List rcvd) throws IgniteException { + if (res.getException() != null) + throw res.getException(); + + return ComputeJobResultPolicy.REDUCE; + } + + /** {@inheritDoc} */ + @Override public @Nullable Integer reduce(List results) throws IgniteException { + return null; + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java index e7bc0f7915c24..0ccbd56597c69 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java @@ -21,12 +21,12 @@ import java.util.Collection; import java.util.UUID; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; +import org.apache.ignite.internal.processor.security.AbstractResolveSecurityTest; /** * Abstract compute security test. */ -public abstract class AbstractComputeTaskSecurityTest extends AbstractResolveSecurityContextTest { +public abstract class AbstractComputeResolveSecurityTest extends AbstractResolveSecurityTest { /** Client node. */ protected IgniteEx clntTransition; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java index 2d8b579e38ebf..c69e491d054b6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java @@ -38,7 +38,7 @@ /** * Testing permissions when the compute task is executed cache operations on remote node. */ -public class ComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { +public class ComputeTaskComputeResolveSecurityTest extends AbstractComputeResolveSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeTaskSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java index 9c35cc41ace18..e8ca4b3faba62 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java @@ -33,7 +33,7 @@ /** * Testing permissions when the compute closure is executed cache operations on remote node. */ -public class DistributedClosureComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { +public class DistributedClosureComputeResolveSecurityTest extends AbstractComputeResolveSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeTaskSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeTaskSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java index 770ebc5bd09bb..5b7752b14e256 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeTaskSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java @@ -34,7 +34,7 @@ * Testing permissions when the service task is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class ExecutorServiceComputeTaskSecurityTest extends AbstractComputeTaskSecurityTest { +public class ExecutorServiceComputeResolveSecurityTest extends AbstractComputeResolveSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamePermissionSecurityTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamePermissionSecurityTest.java index 88cbf4d323398..d8c476c671a25 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerCachePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamePermissionSecurityTest.java @@ -21,7 +21,7 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; -import org.apache.ignite.internal.processor.security.AbstractCachePermissionTest; +import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; @@ -38,7 +38,7 @@ * Test cache permissions for Data Streamer. */ @RunWith(JUnit4.class) -public class DataStreamerCachePermissionTest extends AbstractCachePermissionTest { +public class DataStreamePermissionSecurityTest extends AbstractPermissionSecurityTest { /** * @throws Exception If fail. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerCacheSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerCacheSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java index 7778422384757..27d65aa77f0b0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/IgniteDataStreamerCacheSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java @@ -24,7 +24,7 @@ import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheResolveSecurityTest; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.stream.StreamVisitor; @@ -36,7 +36,7 @@ * Testing permissions when the closure od DataStreamer is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class IgniteDataStreamerCacheSecurityTest extends AbstractCacheSecurityTest { +public class DataStreamerCacheResolveSecurityTest extends AbstractCacheResolveSecurityTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityContextTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityContextTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java index 87059a6149ba4..8eb9532fbe40b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityContextTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java @@ -25,7 +25,7 @@ import org.apache.ignite.IgniteMessaging; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractResolveSecurityContextTest; +import org.apache.ignite.internal.processor.security.AbstractResolveSecurityTest; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.testframework.junits.GridAbstractTest; import org.junit.Test; @@ -36,7 +36,7 @@ * Testing permissions when the message listener is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class IgniteMessagingResolveSecurityContextTest extends AbstractResolveSecurityContextTest { +public class IgniteMessagingResolveSecurityTest extends AbstractResolveSecurityTest { /** Barrier. */ private static final CyclicBarrier BARRIER = new CyclicBarrier(3); diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index 9a55a976b4c98..3cf46f384304b 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -17,23 +17,21 @@ package org.apache.ignite.testsuites; -import org.apache.ignite.internal.processor.security.cache.CachePermissionsTest; -import org.apache.ignite.internal.processor.security.cache.EntryProcessorCachePermissionTest; -import org.apache.ignite.internal.processor.security.cache.LoadCachePermissionTest; -import org.apache.ignite.internal.processor.security.cache.ScanQueryCachePermissionTest; -import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorCacheSecurityTest; -import org.apache.ignite.internal.processor.security.cache.closure.LoadCacheSecurityTest; -import org.apache.ignite.internal.processor.security.cache.closure.ScanQueryCacheSecurityTest; +import org.apache.ignite.internal.processor.security.cache.CachePermissionsSecurityTest; +import org.apache.ignite.internal.processor.security.cache.EntryProcessorPermissionSecurityTest; +import org.apache.ignite.internal.processor.security.cache.LoadCachePermissionSecurityTest; +import org.apache.ignite.internal.processor.security.cache.ScanQueryPermissionSecurityTest; +import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorCacheResolveSecurityTest; +import org.apache.ignite.internal.processor.security.cache.closure.LoadCacheResolveSecurityTest; +import org.apache.ignite.internal.processor.security.cache.closure.ScanQueryCacheResolveSecurityTest; import org.apache.ignite.internal.processor.security.client.ThinClientSecurityTest; -import org.apache.ignite.internal.processor.security.compute.ComputeTaskExecutePermissionTest; -import org.apache.ignite.internal.processor.security.compute.DistributedClosureExecutePermissionTest; -import org.apache.ignite.internal.processor.security.compute.ExecutorServiceExecutePermissionTest; -import org.apache.ignite.internal.processor.security.compute.closure.ComputeTaskSecurityTest; -import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureComputeTaskSecurityTest; -import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceComputeTaskSecurityTest; -import org.apache.ignite.internal.processor.security.datastreamer.DataStreamerCachePermissionTest; -import org.apache.ignite.internal.processor.security.datastreamer.closure.IgniteDataStreamerCacheSecurityTest; -import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingResolveSecurityContextTest; +import org.apache.ignite.internal.processor.security.compute.TaskExecutePermissionTest; +import org.apache.ignite.internal.processor.security.compute.closure.ComputeTaskComputeResolveSecurityTest; +import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureComputeResolveSecurityTest; +import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceComputeResolveSecurityTest; +import org.apache.ignite.internal.processor.security.datastreamer.DataStreamePermissionSecurityTest; +import org.apache.ignite.internal.processor.security.datastreamer.closure.DataStreamerCacheResolveSecurityTest; +import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingResolveSecurityTest; import org.junit.runner.RunWith; import org.junit.runners.Suite; @@ -42,24 +40,22 @@ */ @RunWith(Suite.class) @Suite.SuiteClasses({ - CachePermissionsTest.class, - DataStreamerCachePermissionTest.class, - ScanQueryCachePermissionTest.class, - LoadCachePermissionTest.class, - EntryProcessorCachePermissionTest.class, - ExecutorServiceExecutePermissionTest.class, - DistributedClosureExecutePermissionTest.class, - ComputeTaskExecutePermissionTest.class, + CachePermissionsSecurityTest.class, + DataStreamePermissionSecurityTest.class, + ScanQueryPermissionSecurityTest.class, + LoadCachePermissionSecurityTest.class, + EntryProcessorPermissionSecurityTest.class, + TaskExecutePermissionTest.class, - DistributedClosureComputeTaskSecurityTest.class, - ComputeTaskSecurityTest.class, - ExecutorServiceComputeTaskSecurityTest.class, - ScanQueryCacheSecurityTest.class, - EntryProcessorCacheSecurityTest.class, - IgniteDataStreamerCacheSecurityTest.class, - LoadCacheSecurityTest.class, + DistributedClosureComputeResolveSecurityTest.class, + ComputeTaskComputeResolveSecurityTest.class, + ExecutorServiceComputeResolveSecurityTest.class, + ScanQueryCacheResolveSecurityTest.class, + EntryProcessorCacheResolveSecurityTest.class, + DataStreamerCacheResolveSecurityTest.class, + LoadCacheResolveSecurityTest.class, ThinClientSecurityTest.class, - IgniteMessagingResolveSecurityContextTest.class, + IgniteMessagingResolveSecurityTest.class, }) public class AuthorizeOperationsTestSuite { } From 4401fcd634d24c39faea0467e427af42f4ed3558 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 6 Feb 2019 17:18:17 +0300 Subject: [PATCH 43/98] IGNITE-9560 JUnit4 --- .../AbstractCacheResolveSecurityTest.java | 4 +- .../security/AbstractResolveSecurityTest.java | 32 +++++--------- .../security/AbstractSecurityTest.java | 5 +-- .../EntryProcessorPermissionSecurityTest.java | 15 +++---- .../LoadCachePermissionSecurityTest.java | 24 ++++------ ...ntryProcessorCacheResolveSecurityTest.java | 10 ++--- .../closure/LoadCacheResolveSecurityTest.java | 6 ++- .../ScanQueryCacheResolveSecurityTest.java | 12 ++++- .../compute/TaskExecutePermissionTest.java | 44 ++++++++----------- .../AbstractComputeResolveSecurityTest.java | 27 +++++------- ...ComputeTaskComputeResolveSecurityTest.java | 4 +- ...utedClosureComputeResolveSecurityTest.java | 4 +- ...utorServiceComputeResolveSecurityTest.java | 4 +- .../DataStreamerCacheResolveSecurityTest.java | 8 +++- .../IgniteMessagingResolveSecurityTest.java | 24 ++++------ 15 files changed, 100 insertions(+), 123 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java index da9e2ee79a966..77718bff62f68 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java @@ -57,8 +57,8 @@ protected CacheConfiguration[] getCacheConfigurations() { */ protected void perform(IgniteEx node, Runnable r){ VERIFIER.start(secSubjectId(node)) - .add(srvTransition.name(), 1) - .add(srvEndpoint.name(), 1); + .add("srv_transition", 1) + .add("srv_endpoint", 1); r.run(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java index e9a41ea200204..0c33bce0fd447 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java @@ -22,6 +22,7 @@ import java.util.function.BiFunction; import org.apache.ignite.Ignite; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; @@ -37,43 +38,32 @@ public class AbstractResolveSecurityTest extends AbstractSecurityTest { /** Verifier to check results of tests. */ protected static final Verifier VERIFIER = new Verifier(); - /** Sever node. */ - protected IgniteEx srvInitiator; - - /** Client node. */ - protected IgniteEx clntInitiator; - - /** Sever node. */ - protected IgniteEx srvTransition; - - /** Sever node. */ - protected IgniteEx srvEndpoint; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); startNodes(); - grid(0).cluster().active(true); + assert !G.allGrids().isEmpty(); + + G.allGrids().get(0).cluster().active(true); } /** * Starts nodes. */ protected void startNodes() throws Exception { - srvInitiator = startGrid("srv_initiator", allowAllPermissionSet()); + startGrid("srv_initiator", allowAllPermissionSet()); - clntInitiator = startGrid("clnt_initiator", allowAllPermissionSet(), true); + startGrid("clnt_initiator", allowAllPermissionSet(), true); - srvTransition = startGrid("srv_transition", allowAllPermissionSet()); + startGrid("srv_transition", allowAllPermissionSet()); - srvEndpoint = startGrid("srv_endpoint", allowAllPermissionSet()); + startGrid("srv_endpoint", allowAllPermissionSet()); } /** * @param ign Node. - * * @return Security subject id of passed node. */ protected UUID secSubjectId(IgniteEx ign) { @@ -130,8 +120,7 @@ public Verifier add(String nodeName, int exp) { } /** - * Checks that current security context is valid and - * incriments invoke's counter. + * Checks that current security context is valid and incriments invoke's counter. * * @param ignite Local node. */ @@ -140,8 +129,7 @@ public void verify(Ignite ignite) { } /** - * Checks that current security context is valid and - * incriments invoke's counter. + * Checks that current security context is valid and incriments invoke's counter. * * @param ignite Local node. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index c94301194f6fb..07d843fc2ce9f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -21,7 +21,6 @@ import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; @@ -112,7 +111,7 @@ protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prm protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, boolean isClient) throws Exception { return startGrid( - getConfiguration(G.allGrids().size(), login, "", prmSet).setClientMode(isClient) + getConfiguration(login, login, "", prmSet).setClientMode(isClient) ); } @@ -125,7 +124,7 @@ protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet, boolean isClient) throws Exception { return startGrid( - getConfiguration(G.allGrids().size(), login, pwd, prmSet).setClientMode(isClient) + getConfiguration(login, login, pwd, prmSet).setClientMode(isClient) ); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java index fae8159660543..9b0a151c6ac86 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java @@ -19,6 +19,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.cache.CacheEntryProcessor; +import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; import org.apache.ignite.internal.util.typedef.T2; import org.junit.Test; @@ -34,20 +35,14 @@ */ @RunWith(JUnit4.class) public class EntryProcessorPermissionSecurityTest extends AbstractPermissionSecurityTest { - /** Server node. */ - private Ignite srvNode; - - /** Client node. */ - private Ignite clientNode; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - srvNode = startGrid("server_node", + startGrid("server_node", builder().defaultAllowAll(true) .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); - clientNode = startGrid("client_node", + startGrid("client_node", builder().defaultAllowAll(true) .appendCachePermissions(CACHE_NAME, CACHE_PUT, CACHE_READ) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); @@ -60,6 +55,10 @@ public class EntryProcessorPermissionSecurityTest extends AbstractPermissionSecu */ @Test public void test() { + IgniteEx srvNode = grid("server_node"); + + IgniteEx clientNode = grid("client_node"); + invoke(srvNode); invoke(clientNode); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java index d004e1971232d..bd419b6f9273a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java @@ -50,12 +50,6 @@ public class LoadCachePermissionSecurityTest extends AbstractPermissionSecurityT /** Entry. */ private static T2 entry; - /** Server node. */ - private Ignite srvNode; - - /** Client node. */ - private Ignite clientNode; - /** {@inheritDoc} */ @Override protected CacheConfiguration[] getCacheConfigurations() { return new CacheConfiguration[] { @@ -73,12 +67,12 @@ public class LoadCachePermissionSecurityTest extends AbstractPermissionSecurityT /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - srvNode = startGrid("server_node", + startGrid("server_node", builder().defaultAllowAll(true) .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); - clientNode = startGrid("client_node", + startGrid("client_node", builder().defaultAllowAll(true) .appendCachePermissions(CACHE_NAME, CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); @@ -91,22 +85,22 @@ public class LoadCachePermissionSecurityTest extends AbstractPermissionSecurityT */ @Test public void test() { - load(srvNode); - load(clientNode); + load(grid("server_node")); + load(grid("client_node")); - loadAsync(srvNode); - loadAsync(clientNode); + loadAsync(grid("server_node")); + loadAsync(grid("client_node")); - localLoad(srvNode); + localLoad(grid("server_node")); - localLoadAsync(srvNode); + localLoadAsync(grid("server_node")); } /** * @param r Runnable. */ private void allowed(Runnable r) { - assertAllowed(srvNode, CACHE_NAME, + assertAllowed(grid("server_node"), CACHE_NAME, (t) -> { entry = t; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java index 36fa038f47f20..66cd89deb72b6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java @@ -40,8 +40,8 @@ public class EntryProcessorCacheResolveSecurityTest extends AbstractCacheResolve */ @Test public void test() { - execute(srvInitiator); - execute(clntInitiator); + execute(grid("srv_initiator")); + execute(grid("clnt_initiator")); } /** @@ -52,11 +52,11 @@ private void execute(IgniteEx initiator) { for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { VERIFIER.start(secSubjectId) - .add(srvTransition.name(), 1) - .add(srvEndpoint.name(), 1); + .add("srv_transition", 1) + .add("srv_endpoint", 1); invoke(ime, initiator, - new TestEntryProcessor(ime, srvEndpoint.name()), prmKey(srvTransition)); + new TestEntryProcessor(ime, "srv_endpoint"), prmKey(grid("srv_transition"))); VERIFIER.checkResult(); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java index 2b543d23f83c2..654ec8f53da9d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java @@ -62,6 +62,10 @@ public class LoadCacheResolveSecurityTest extends AbstractCacheResolveSecurityTe */ @Test public void test() { + IgniteEx srvInitiator = grid("srv_initiator"); + + IgniteEx clntInitiator = grid("clnt_initiator"); + perform(srvInitiator, ()->loadCache(srvInitiator)); perform(clntInitiator, ()->loadCache(clntInitiator)); } @@ -71,7 +75,7 @@ public void test() { */ private void loadCache(IgniteEx initiator) { initiator.cache(CACHE_NAME).loadCache( - new TestClosure(srvTransition.name(), srvEndpoint.name()) + new TestClosure("srv_transition", "srv_endpoint") ); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java index eff1e725075cf..c0919e06d1ccd 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java @@ -39,6 +39,14 @@ public class ScanQueryCacheResolveSecurityTest extends AbstractCacheResolveSecur */ @Test public void test() throws Exception { + IgniteEx srvInitiator = grid("srv_initiator"); + + IgniteEx clntInitiator = grid("clnt_initiator"); + + IgniteEx srvTransition = grid("srv_transition"); + + IgniteEx srvEndpoint = grid("srv_endpoint"); + srvInitiator.cache(CACHE_NAME).put(prmKey(srvTransition), 1); srvInitiator.cache(CACHE_NAME).put(prmKey(srvEndpoint), 2); @@ -57,7 +65,7 @@ public void test() throws Exception { private void query(IgniteEx initiator) { initiator.cache(CACHE_NAME).query( new ScanQuery<>( - new QueryFilter(srvTransition.name(), srvEndpoint.name()) + new QueryFilter("srv_transition", "srv_endpoint") ) ).getAll(); } @@ -68,7 +76,7 @@ private void query(IgniteEx initiator) { private void transform(IgniteEx initiator) { initiator.cache(CACHE_NAME).query( new ScanQuery<>((k, v) -> true), - new Transformer(srvTransition.name(), srvEndpoint.name()) + new Transformer("srv_transition", "srv_endpoint") ).getAll(); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java index 04dd986238bc8..27741c49a7cf7 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java @@ -81,41 +81,23 @@ public class TaskExecutePermissionTest extends AbstractSecurityTest { return null; }; - /** Server allowed all task permissions. */ - private Ignite srvAllowed; - - /** Server forbidden all task permissions. */ - private Ignite srvForbidden; - - /** Server forbidden cancel task permission. */ - private Ignite srvForbiddenCancel; - - /** Client allowed all task permissions. */ - private Ignite clntAllowed; - - /** Client forbidden all task permissions. */ - private Ignite clntForbidden; - - /** Client forbidden cancel task permission. */ - private Ignite clntForbiddenCancel; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); + Ignite ign = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); - srvForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS)); + startGrid("srv_forbidden", permissions(EMPTY_PERMS)); - srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); + startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); - clntAllowed = startGrid("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), true); + startGrid("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), true); - clntForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS), true); + startGrid("clnt_forbidden", permissions(EMPTY_PERMS), true); - clntForbiddenCancel = startGrid("clnt_forbidden_cnl", permissions(TASK_EXECUTE), true); + startGrid("clnt_forbidden_cnl", permissions(TASK_EXECUTE), true); - srvAllowed.cluster().active(true); + ign.cluster().active(true); } /** @@ -123,6 +105,18 @@ public class TaskExecutePermissionTest extends AbstractSecurityTest { */ @Test public void test() { + Ignite srvAllowed = grid("srv_allowed"); + + Ignite srvForbidden = grid("srv_forbidden"); + + Ignite srvForbiddenCancel = grid("srv_forbidden_cnl"); + + Ignite clntAllowed = grid("clnt_allowed"); + + Ignite clntForbidden = grid("clnt_forbidden"); + + Ignite clntForbiddenCancel = grid("clnt_forbidden_cnl"); + for (TestRunnable r : runnables(srvAllowed, clntAllowed)) allowedRun(r); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java index 0ccbd56597c69..496f2f61fece6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java @@ -27,19 +27,13 @@ * Abstract compute security test. */ public abstract class AbstractComputeResolveSecurityTest extends AbstractResolveSecurityTest { - /** Client node. */ - protected IgniteEx clntTransition; - - /** Client node. */ - protected IgniteEx clntEndpoint; - /** {@inheritDoc} */ @Override protected void startNodes() throws Exception{ super.startNodes(); - clntTransition = startGrid("clnt_transition", allowAllPermissionSet(), true); + startGrid("clnt_transition", allowAllPermissionSet(), true); - clntEndpoint = startGrid("clnt_endpoint", allowAllPermissionSet()); + startGrid("clnt_endpoint", allowAllPermissionSet()); } /** @@ -50,11 +44,10 @@ public abstract class AbstractComputeResolveSecurityTest extends AbstractResolve */ protected void perform(IgniteEx node, Runnable r) { VERIFIER.start(secSubjectId(node)) - .add(srvTransition.name(), 1) - .add(clntTransition.name(), 1) - .add(srvEndpoint.name(), 2) - .add(clntEndpoint.name(), 2); - + .add("srv_transition", 1) + .add("clnt_transition", 1) + .add("srv_endpoint", 2) + .add("clnt_endpoint", 2); r.run(); VERIFIER.checkResult(); @@ -65,8 +58,8 @@ protected void perform(IgniteEx node, Runnable r) { */ protected Collection transitions() { return Arrays.asList( - srvTransition.localNode().id(), - clntTransition.localNode().id() + grid("srv_transition").localNode().id(), + grid("clnt_transition").localNode().id() ); } @@ -75,8 +68,8 @@ protected Collection transitions() { */ protected Collection endpoints() { return Arrays.asList( - srvEndpoint.localNode().id(), - clntEndpoint.localNode().id() + grid("srv_endpoint").localNode().id(), + grid("clnt_endpoint").localNode().id() ); } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java index c69e491d054b6..f94feef2ab627 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java @@ -44,8 +44,8 @@ public class ComputeTaskComputeResolveSecurityTest extends AbstractComputeResolv */ @Test public void test() { - execute(srvInitiator); - execute(clntInitiator); + execute(grid("srv_initiator")); + execute(grid("clnt_initiator")); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java index e8ca4b3faba62..3b967720c4ef1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java @@ -39,8 +39,8 @@ public class DistributedClosureComputeResolveSecurityTest extends AbstractComput */ @Test public void test() { - execute(srvInitiator); - execute(clntInitiator); + execute(grid("srv_initiator")); + execute(grid("clnt_initiator")); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java index 5b7752b14e256..880103cf78c91 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java @@ -40,8 +40,8 @@ public class ExecutorServiceComputeResolveSecurityTest extends AbstractComputeRe */ @Test public void test() { - execute(srvInitiator); - execute(clntInitiator); + execute(grid("srv_initiator")); + execute(grid("clnt_initiator")); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java index 27d65aa77f0b0..2c69f8a43314b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java @@ -42,6 +42,10 @@ public class DataStreamerCacheResolveSecurityTest extends AbstractCacheResolveSe */ @Test public void testDataStreamer() { + IgniteEx srvInitiator = grid("srv_initiator"); + + IgniteEx clntInitiator = grid("clnt_initiator"); + perform(srvInitiator, () -> dataStreamer(srvInitiator)); perform(clntInitiator, () -> dataStreamer(clntInitiator)); } @@ -51,9 +55,9 @@ public void testDataStreamer() { */ private void dataStreamer(Ignite initiator) { try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor.from(new TestClosure(srvEndpoint.localNode().id()))); + strm.receiver(StreamVisitor.from(new TestClosure(grid("srv_endpoint").localNode().id()))); - strm.addData(prmKey(srvTransition), 100); + strm.addData(prmKey(grid("srv_transition")), 100); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java index 8eb9532fbe40b..ec420173e1901 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java @@ -40,19 +40,13 @@ public class IgniteMessagingResolveSecurityTest extends AbstractResolveSecurityT /** Barrier. */ private static final CyclicBarrier BARRIER = new CyclicBarrier(3); - /** Client node. */ - protected IgniteEx clntTransition; - - /** Client node. */ - protected IgniteEx clntEndpoint; - /** {@inheritDoc} */ @Override protected void startNodes() throws Exception { super.startNodes(); - clntTransition = startGrid("clnt_transition", allowAllPermissionSet(), true); + startGrid("clnt_transition", allowAllPermissionSet(), true); - clntEndpoint = startGrid("clnt_endpoint", allowAllPermissionSet()); + startGrid("clnt_endpoint", allowAllPermissionSet()); } /** @@ -60,11 +54,11 @@ public class IgniteMessagingResolveSecurityTest extends AbstractResolveSecurityT */ @Test public void test() { - messaging(srvInitiator, srvTransition); - messaging(srvInitiator, clntTransition); + messaging(grid("srv_initiator"), grid("srv_transition")); + messaging(grid("srv_initiator"), grid("clnt_transition")); - messaging(clntInitiator, srvTransition); - messaging(clntInitiator, clntTransition); + messaging(grid("clnt_initiator"), grid("srv_transition")); + messaging(grid("clnt_initiator"), grid("clnt_transition")); } /** @@ -75,13 +69,13 @@ public void test() { */ private void messaging(IgniteEx lsnrNode, IgniteEx evtNode) { VERIFIER.start(secSubjectId(lsnrNode)) - .add(srvEndpoint.name(), 1) - .add(clntEndpoint.name(), 1); + .add("srv_endpoint", 1) + .add("clnt_endpoint", 1); BARRIER.reset(); IgniteMessaging messaging = lsnrNode.message( - lsnrNode.cluster().forNode(srvEndpoint.localNode(), clntEndpoint.localNode()) + lsnrNode.cluster().forNode(grid("srv_endpoint").localNode(), grid("clnt_endpoint").localNode()) ); String topic = "HOT_TOPIC"; From 96c086ffe2ab638f4e5063869073e6365b5548f1 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 6 Feb 2019 17:31:04 +0300 Subject: [PATCH 44/98] IGNITE-9560 Test class renaming --- ...actCacheOperationPermissionCheckTest.java} | 2 +- ...rationRemoteSecurityContextCheckTest.java} | 2 +- ...stractRemoteSecurityContextCheckTest.java} | 2 +- ...=> CacheOperationPermissionCheckTest.java} | 4 +- ...=> EntryProcessorPermissionCheckTest.java} | 4 +- ...java => LoadCachePermissionCheckTest.java} | 4 +- ...java => ScanQueryPermissionCheckTest.java} | 4 +- ...cessorRemoteSecurityContextCheckTest.java} | 4 +- ...dCacheRemoteSecurityContextCheckTest.java} | 4 +- ...nQueryRemoteSecurityContextCheckTest.java} | 4 +- ...ava => ThinClientPermissionCheckTest.java} | 2 +- ...t.java => ComputePermissionCheckTest.java} | 2 +- ...omputeRemoteSecurityContextCheckTest.java} | 4 +- ...teTaskRemoteSecurityContextCheckTest.java} | 2 +- ...losureRemoteSecurityContextCheckTest.java} | 2 +- ...erviceRemoteSecurityContextCheckTest.java} | 2 +- ...ava => DataStreamPermissionCheckTest.java} | 4 +- ...reamerRemoteSecurityContextCheckTest.java} | 4 +- ...sagingRemoteSecurityContextCheckTest.java} | 4 +- .../AuthorizeOperationsTestSuite.java | 60 +++++++++---------- 20 files changed, 60 insertions(+), 60 deletions(-) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{AbstractPermissionSecurityTest.java => AbstractCacheOperationPermissionCheckTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{AbstractCacheResolveSecurityTest.java => AbstractCacheOperationRemoteSecurityContextCheckTest.java} (96%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/{AbstractResolveSecurityTest.java => AbstractRemoteSecurityContextCheckTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{CachePermissionsSecurityTest.java => CacheOperationPermissionCheckTest.java} (95%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{EntryProcessorPermissionSecurityTest.java => EntryProcessorPermissionCheckTest.java} (95%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{LoadCachePermissionSecurityTest.java => LoadCachePermissionCheckTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/{ScanQueryPermissionSecurityTest.java => ScanQueryPermissionCheckTest.java} (93%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/{EntryProcessorCacheResolveSecurityTest.java => EntryProcessorRemoteSecurityContextCheckTest.java} (96%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/{LoadCacheResolveSecurityTest.java => LoadCacheRemoteSecurityContextCheckTest.java} (96%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/{ScanQueryCacheResolveSecurityTest.java => ScanQueryRemoteSecurityContextCheckTest.java} (96%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/{ThinClientSecurityTest.java => ThinClientPermissionCheckTest.java} (99%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/{TaskExecutePermissionTest.java => ComputePermissionCheckTest.java} (99%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{AbstractComputeResolveSecurityTest.java => AbstractComputeRemoteSecurityContextCheckTest.java} (91%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{ComputeTaskComputeResolveSecurityTest.java => ComputeTaskRemoteSecurityContextCheckTest.java} (97%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{DistributedClosureComputeResolveSecurityTest.java => DistributedClosureRemoteSecurityContextCheckTest.java} (98%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/{ExecutorServiceComputeResolveSecurityTest.java => ExecutorServiceRemoteSecurityContextCheckTest.java} (96%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/{DataStreamePermissionSecurityTest.java => DataStreamPermissionCheckTest.java} (94%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/{DataStreamerCacheResolveSecurityTest.java => DataStreamerRemoteSecurityContextCheckTest.java} (95%) rename modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/{IgniteMessagingResolveSecurityTest.java => MessagingRemoteSecurityContextCheckTest.java} (95%) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java index 912f628b2b27b..37cc7b3a4a214 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractPermissionSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java @@ -34,7 +34,7 @@ /** * */ -public abstract class AbstractPermissionSecurityTest extends AbstractSecurityTest { +public abstract class AbstractCacheOperationPermissionCheckTest extends AbstractSecurityTest { /** Cache name for tests. */ protected static final String CACHE_NAME = "TEST_CACHE"; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java index 77718bff62f68..7b3f29db8e5cb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java @@ -27,7 +27,7 @@ /** * */ -public abstract class AbstractCacheResolveSecurityTest extends AbstractResolveSecurityTest { +public abstract class AbstractCacheOperationRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { /** Cache name for tests. */ protected static final String CACHE_NAME = "TEST_CACHE"; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 0c33bce0fd447..1c92c6e76adc4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -34,7 +34,7 @@ /** * */ -public class AbstractResolveSecurityTest extends AbstractSecurityTest { +public class AbstractRemoteSecurityContextCheckTest extends AbstractSecurityTest { /** Verifier to check results of tests. */ protected static final Verifier VERIFIER = new Verifier(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java index 112bc4e20eaf4..227adaf248346 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CachePermissionsSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java @@ -19,7 +19,7 @@ import java.util.Collections; import org.apache.ignite.Ignite; -import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -33,7 +33,7 @@ * Test CRUD cache permissions. */ @RunWith(JUnit4.class) -public class CachePermissionsSecurityTest extends AbstractPermissionSecurityTest { +public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { /** * @throws Exception If fail. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java index 9b0a151c6ac86..555bfa8ed0404 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java @@ -20,7 +20,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.cache.CacheEntryProcessor; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.T2; import org.junit.Test; import org.junit.runner.RunWith; @@ -34,7 +34,7 @@ * Test cache permission for Entry processor. */ @RunWith(JUnit4.class) -public class EntryProcessorPermissionSecurityTest extends AbstractPermissionSecurityTest { +public class EntryProcessorPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { startGrid("server_node", diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionCheckTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionCheckTest.java index bd419b6f9273a..a18b6c4201e98 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionCheckTest.java @@ -29,7 +29,7 @@ import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.store.CacheStore; import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.lang.gridfunc.ContainsPredicate; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.internal.util.typedef.T2; @@ -46,7 +46,7 @@ * Test cache permission for Load cache. */ @RunWith(JUnit4.class) -public class LoadCachePermissionSecurityTest extends AbstractPermissionSecurityTest { +public class LoadCachePermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { /** Entry. */ private static T2 entry; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java similarity index 93% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java index ac5c3be392196..57d00532c799c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java @@ -20,7 +20,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.cache.query.ScanQuery; -import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.junit.Test; import org.junit.runner.RunWith; @@ -32,7 +32,7 @@ * Test cache permission for invoking of Scan Query. */ @RunWith(JUnit4.class) -public class ScanQueryPermissionSecurityTest extends AbstractPermissionSecurityTest { +public class ScanQueryPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { /** * @throws Exception If fail. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 66cd89deb72b6..6201fad2db37c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -25,7 +25,7 @@ import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheResolveSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -34,7 +34,7 @@ * Testing permissions when EntryProcessor closure is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class EntryProcessorCacheResolveSecurityTest extends AbstractCacheResolveSecurityTest { +public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheRemoteSecurityContextCheckTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheRemoteSecurityContextCheckTest.java index 654ec8f53da9d..bcbaff50f873e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheRemoteSecurityContextCheckTest.java @@ -25,7 +25,7 @@ import org.apache.ignite.cache.store.CacheStoreAdapter; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheResolveSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.resources.IgniteInstanceResource; @@ -37,7 +37,7 @@ * Testing permissions when the filter of Load cache is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class LoadCacheResolveSecurityTest extends AbstractCacheResolveSecurityTest { +public class LoadCacheRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { /** Transition load cache. */ private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index c0919e06d1ccd..a4ebd981a67e2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -21,7 +21,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheResolveSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.resources.IgniteInstanceResource; @@ -33,7 +33,7 @@ * Testing permissions when the filter of ScanQuery is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class ScanQueryCacheResolveSecurityTest extends AbstractCacheResolveSecurityTest { +public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java similarity index 99% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java index f7533be830d5a..b5dbd67cb14aa 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java @@ -55,7 +55,7 @@ * Security tests for thin client. */ @RunWith(JUnit4.class) -public class ThinClientSecurityTest extends AbstractSecurityTest { +public class ThinClientPermissionCheckTest extends AbstractSecurityTest { /** Client. */ private static final String CLIENT = "client"; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java similarity index 99% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java index 27741c49a7cf7..b3af88fb0516f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/TaskExecutePermissionTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java @@ -57,7 +57,7 @@ * Task execute permission tests. */ @RunWith(JUnit4.class) -public class TaskExecutePermissionTest extends AbstractSecurityTest { +public class ComputePermissionCheckTest extends AbstractSecurityTest { /** Flag that shows task was executed. */ private static final AtomicBoolean IS_EXECUTED = new AtomicBoolean(false); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java similarity index 91% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java index 496f2f61fece6..266cae1a6eb16 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java @@ -21,12 +21,12 @@ import java.util.Collection; import java.util.UUID; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractResolveSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; /** * Abstract compute security test. */ -public abstract class AbstractComputeResolveSecurityTest extends AbstractResolveSecurityTest { +public abstract class AbstractComputeRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { /** {@inheritDoc} */ @Override protected void startNodes() throws Exception{ super.startNodes(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index f94feef2ab627..9d1aac87d8fcf 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskComputeResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -38,7 +38,7 @@ /** * Testing permissions when the compute task is executed cache operations on remote node. */ -public class ComputeTaskComputeResolveSecurityTest extends AbstractComputeResolveSecurityTest { +public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractComputeRemoteSecurityContextCheckTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 3b967720c4ef1..4006c5e5a6c20 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureComputeResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -33,7 +33,7 @@ /** * Testing permissions when the compute closure is executed cache operations on remote node. */ -public class DistributedClosureComputeResolveSecurityTest extends AbstractComputeResolveSecurityTest { +public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractComputeRemoteSecurityContextCheckTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index 880103cf78c91..b5b25c0dd325b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceComputeResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -34,7 +34,7 @@ * Testing permissions when the service task is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class ExecutorServiceComputeResolveSecurityTest extends AbstractComputeResolveSecurityTest { +public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractComputeRemoteSecurityContextCheckTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamePermissionSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamPermissionCheckTest.java similarity index 94% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamePermissionSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamPermissionCheckTest.java index d8c476c671a25..38f18a5b38244 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamePermissionSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamPermissionCheckTest.java @@ -21,7 +21,7 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; -import org.apache.ignite.internal.processor.security.AbstractPermissionSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; @@ -38,7 +38,7 @@ * Test cache permissions for Data Streamer. */ @RunWith(JUnit4.class) -public class DataStreamePermissionSecurityTest extends AbstractPermissionSecurityTest { +public class DataStreamPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { /** * @throws Exception If fail. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 2c69f8a43314b..72fa8bcc52461 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerCacheResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -24,7 +24,7 @@ import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheResolveSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.stream.StreamVisitor; @@ -36,7 +36,7 @@ * Testing permissions when the closure od DataStreamer is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class DataStreamerCacheResolveSecurityTest extends AbstractCacheResolveSecurityTest { +public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { /** * */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java rename to modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java index ec420173e1901..98f43e33e2f63 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/IgniteMessagingResolveSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java @@ -25,7 +25,7 @@ import org.apache.ignite.IgniteMessaging; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractResolveSecurityTest; +import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.testframework.junits.GridAbstractTest; import org.junit.Test; @@ -36,7 +36,7 @@ * Testing permissions when the message listener is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class IgniteMessagingResolveSecurityTest extends AbstractResolveSecurityTest { +public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { /** Barrier. */ private static final CyclicBarrier BARRIER = new CyclicBarrier(3); diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index 3cf46f384304b..84cc1ad895c94 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -17,21 +17,21 @@ package org.apache.ignite.testsuites; -import org.apache.ignite.internal.processor.security.cache.CachePermissionsSecurityTest; -import org.apache.ignite.internal.processor.security.cache.EntryProcessorPermissionSecurityTest; -import org.apache.ignite.internal.processor.security.cache.LoadCachePermissionSecurityTest; -import org.apache.ignite.internal.processor.security.cache.ScanQueryPermissionSecurityTest; -import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorCacheResolveSecurityTest; -import org.apache.ignite.internal.processor.security.cache.closure.LoadCacheResolveSecurityTest; -import org.apache.ignite.internal.processor.security.cache.closure.ScanQueryCacheResolveSecurityTest; -import org.apache.ignite.internal.processor.security.client.ThinClientSecurityTest; -import org.apache.ignite.internal.processor.security.compute.TaskExecutePermissionTest; -import org.apache.ignite.internal.processor.security.compute.closure.ComputeTaskComputeResolveSecurityTest; -import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureComputeResolveSecurityTest; -import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceComputeResolveSecurityTest; -import org.apache.ignite.internal.processor.security.datastreamer.DataStreamePermissionSecurityTest; -import org.apache.ignite.internal.processor.security.datastreamer.closure.DataStreamerCacheResolveSecurityTest; -import org.apache.ignite.internal.processor.security.messaging.IgniteMessagingResolveSecurityTest; +import org.apache.ignite.internal.processor.security.cache.CacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processor.security.cache.EntryProcessorPermissionCheckTest; +import org.apache.ignite.internal.processor.security.cache.LoadCachePermissionCheckTest; +import org.apache.ignite.internal.processor.security.cache.ScanQueryPermissionCheckTest; +import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.cache.closure.LoadCacheRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.cache.closure.ScanQueryRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.client.ThinClientPermissionCheckTest; +import org.apache.ignite.internal.processor.security.compute.ComputePermissionCheckTest; +import org.apache.ignite.internal.processor.security.compute.closure.ComputeTaskRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.datastreamer.DataStreamPermissionCheckTest; +import org.apache.ignite.internal.processor.security.datastreamer.closure.DataStreamerRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.messaging.MessagingRemoteSecurityContextCheckTest; import org.junit.runner.RunWith; import org.junit.runners.Suite; @@ -40,22 +40,22 @@ */ @RunWith(Suite.class) @Suite.SuiteClasses({ - CachePermissionsSecurityTest.class, - DataStreamePermissionSecurityTest.class, - ScanQueryPermissionSecurityTest.class, - LoadCachePermissionSecurityTest.class, - EntryProcessorPermissionSecurityTest.class, - TaskExecutePermissionTest.class, + CacheOperationPermissionCheckTest.class, + DataStreamPermissionCheckTest.class, + ScanQueryPermissionCheckTest.class, + LoadCachePermissionCheckTest.class, + EntryProcessorPermissionCheckTest.class, + ComputePermissionCheckTest.class, - DistributedClosureComputeResolveSecurityTest.class, - ComputeTaskComputeResolveSecurityTest.class, - ExecutorServiceComputeResolveSecurityTest.class, - ScanQueryCacheResolveSecurityTest.class, - EntryProcessorCacheResolveSecurityTest.class, - DataStreamerCacheResolveSecurityTest.class, - LoadCacheResolveSecurityTest.class, - ThinClientSecurityTest.class, - IgniteMessagingResolveSecurityTest.class, + DistributedClosureRemoteSecurityContextCheckTest.class, + ComputeTaskRemoteSecurityContextCheckTest.class, + ExecutorServiceRemoteSecurityContextCheckTest.class, + ScanQueryRemoteSecurityContextCheckTest.class, + EntryProcessorRemoteSecurityContextCheckTest.class, + DataStreamerRemoteSecurityContextCheckTest.class, + LoadCacheRemoteSecurityContextCheckTest.class, + ThinClientPermissionCheckTest.class, + MessagingRemoteSecurityContextCheckTest.class, }) public class AuthorizeOperationsTestSuite { } From 98644068d1e44c9fee6e1bae242052a60f58c1bd Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 6 Feb 2019 21:03:15 +0300 Subject: [PATCH 45/98] IGNITE-9560 Test class renaming --- .../cache/LoadCachePermissionCheckTest.java | 200 ------------------ ...adCacheRemoteSecurityContextCheckTest.java | 155 -------------- .../DataStreamPermissionCheckTest.java | 109 ---------- .../AuthorizeOperationsTestSuite.java | 12 +- 4 files changed, 6 insertions(+), 470 deletions(-) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionCheckTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheRemoteSecurityContextCheckTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamPermissionCheckTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionCheckTest.java deleted file mode 100644 index a18b6c4201e98..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/LoadCachePermissionCheckTest.java +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.cache; - -import com.google.common.collect.Sets; -import java.io.Serializable; -import java.util.Collection; -import java.util.Map; -import javax.cache.Cache; -import javax.cache.configuration.FactoryBuilder; -import javax.cache.integration.CacheLoaderException; -import javax.cache.integration.CacheWriterException; -import org.apache.ignite.Ignite; -import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.cache.store.CacheStore; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; -import org.apache.ignite.internal.util.lang.gridfunc.ContainsPredicate; -import org.apache.ignite.internal.util.typedef.F; -import org.apache.ignite.internal.util.typedef.T2; -import org.apache.ignite.lang.IgniteBiInClosure; -import org.jetbrains.annotations.Nullable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; - -/** - * Test cache permission for Load cache. - */ -@RunWith(JUnit4.class) -public class LoadCachePermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** Entry. */ - private static T2 entry; - - /** {@inheritDoc} */ - @Override protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.REPLICATED) - .setCacheStoreFactory(FactoryBuilder.factoryOf(new T2BasedStore())), - - new CacheConfiguration() - .setName(FORBIDDEN_CACHE) - .setCacheMode(CacheMode.REPLICATED) - .setCacheStoreFactory(FactoryBuilder.factoryOf(new T2BasedStore())) - }; - } - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - startGrid("server_node", - builder().defaultAllowAll(true) - .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); - - startGrid("client_node", - builder().defaultAllowAll(true) - .appendCachePermissions(CACHE_NAME, CACHE_PUT) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); - - super.beforeTestsStarted(); - } - - /** - * - */ - @Test - public void test() { - load(grid("server_node")); - load(grid("client_node")); - - loadAsync(grid("server_node")); - loadAsync(grid("client_node")); - - localLoad(grid("server_node")); - - localLoadAsync(grid("server_node")); - } - - /** - * @param r Runnable. - */ - private void allowed(Runnable r) { - assertAllowed(grid("server_node"), CACHE_NAME, - (t) -> { - entry = t; - - r.run(); - } - ); - } - - /** - * @param node Node. - */ - private void load(Ignite node) { - allowed(() -> node.cache(CACHE_NAME).loadCache(null)); - - //todo Security Improvement Phase-2. - // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).loadCache(null)); - } - - /** - * @param node Node. - */ - private void loadAsync(Ignite node) { - allowed(() -> node.cache(CACHE_NAME).loadCache(null)); - - //todo Security Improvement Phase-2. - // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).loadCacheAsync(null).get()); - } - - /** - * @param node Node. - */ - private void localLoad(Ignite node) { - allowed(() -> node.cache(CACHE_NAME).localLoadCache(null)); - - //todo Security Improvement Phase-2. - // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).localLoadCache(null)); - } - - /** - * @param node Node. - */ - private void localLoadAsync(Ignite node) { - allowed(() -> node.cache(CACHE_NAME).localLoadCacheAsync(null).get()); - - //todo Security Improvement Phase-2. - // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).localLoadCacheAsync(null).get()); - } - - /** - * - */ - static class T2BasedStore implements CacheStore, Serializable { - /** {@inheritDoc} */ - @Override public void loadCache(IgniteBiInClosure clo, - @Nullable Object... args) throws CacheLoaderException { - assert entry != null; - - clo.apply(entry.getKey(), entry.getValue()); - } - - /** {@inheritDoc} */ - @Override public void sessionEnd(boolean commit) throws CacheWriterException { - // No-op - } - - /** {@inheritDoc} */ - @Override public Integer load(String key) throws CacheLoaderException { - return entry.get(key); - } - - /** {@inheritDoc} */ - @Override public Map loadAll(Iterable keys) throws CacheLoaderException { - return F.view(entry, new ContainsPredicate<>(Sets.newHashSet(keys))); - } - - /** {@inheritDoc} */ - @Override public void write( - Cache.Entry entry) throws CacheWriterException { - throw new UnsupportedOperationException(); - } - - /** {@inheritDoc} */ - @Override public void writeAll(Collection> entries) { - throw new UnsupportedOperationException(); - } - - /** {@inheritDoc} */ - @Override public void delete(Object key) throws CacheWriterException { - throw new UnsupportedOperationException(); - } - - /** {@inheritDoc} */ - @Override public void deleteAll(Collection keys) throws CacheWriterException { - throw new UnsupportedOperationException(); - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheRemoteSecurityContextCheckTest.java deleted file mode 100644 index bcbaff50f873e..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/LoadCacheRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.cache.closure; - -import javax.cache.Cache; -import javax.cache.configuration.Factory; -import javax.cache.integration.CacheLoaderException; -import org.apache.ignite.Ignite; -import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.cache.store.CacheStoreAdapter; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.lang.IgniteBiInClosure; -import org.apache.ignite.lang.IgniteBiPredicate; -import org.apache.ignite.resources.IgniteInstanceResource; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing permissions when the filter of Load cache is executed cache operations on remote node. - */ -@RunWith(JUnit4.class) -public class LoadCacheRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** Transition load cache. */ - private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; - - /** {@inheritDoc} */ - @Override protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false) - .setCacheStoreFactory(new TestStoreFactory()), - new CacheConfiguration() - .setName(TRANSITION_LOAD_CACHE) - .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false) - .setCacheStoreFactory(new TestStoreFactory()) - }; - } - - /** - * - */ - @Test - public void test() { - IgniteEx srvInitiator = grid("srv_initiator"); - - IgniteEx clntInitiator = grid("clnt_initiator"); - - perform(srvInitiator, ()->loadCache(srvInitiator)); - perform(clntInitiator, ()->loadCache(clntInitiator)); - } - - /** - * @param initiator Initiator node. - */ - private void loadCache(IgniteEx initiator) { - initiator.cache(CACHE_NAME).loadCache( - new TestClosure("srv_transition", "srv_endpoint") - ); - } - - /** - * Closure for tests. - */ - static class TestClosure implements IgniteBiPredicate { - /** Locale ignite. */ - @IgniteInstanceResource - private Ignite loc; - - /** Expected local node name. */ - private final String node; - - /** Endpoint node name. */ - private final String endpoint; - - /** - * @param node Expected local node name. - * @param endpoint Endpoint node name. - */ - public TestClosure(String node, String endpoint) { - this.node = node; - this.endpoint = endpoint; - } - - /** {@inheritDoc} */ - @Override public boolean apply(Integer k, Integer v) { - if (node.equals(loc.name())) { - VERIFIER.verify(loc); - - if (endpoint != null) { - loc.cache(TRANSITION_LOAD_CACHE).loadCache( - new TestClosure(endpoint, null) - ); - } - } - - return false; - } - } - - /** - * Test store factory. - */ - private static class TestStoreFactory implements Factory { - /** {@inheritDoc} */ - @Override public TestCacheStore create() { - return new TestCacheStore(); - } - } - - /** - * Test cache store. - */ - private static class TestCacheStore extends CacheStoreAdapter { - /** {@inheritDoc} */ - @Override public void loadCache(IgniteBiInClosure clo, Object... args) { - clo.apply(1, 1); - } - - /** {@inheritDoc} */ - @Override public Integer load(Integer key) throws CacheLoaderException { - return key; - } - - /** {@inheritDoc} */ - @Override public void write(Cache.Entry entry) { - throw new UnsupportedOperationException(); - } - - /** {@inheritDoc} */ - @Override public void delete(Object key) { - // No-op. - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamPermissionCheckTest.java deleted file mode 100644 index 38f18a5b38244..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamPermissionCheckTest.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.datastreamer; - -import java.util.Map; -import java.util.function.Consumer; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteDataStreamer; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; -import org.apache.ignite.internal.util.typedef.X; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static java.util.Collections.singletonList; -import static java.util.Collections.singletonMap; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.junit.Assert.assertThat; - -/** - * Test cache permissions for Data Streamer. - */ -@RunWith(JUnit4.class) -public class DataStreamPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** - * @throws Exception If fail. - */ - @Test - public void testServerNode() throws Exception { - testDataStreamer(false); - } - - /** - * @throws Exception If fail. - */ - @Test - public void testClientNode() throws Exception { - testDataStreamer(true); - } - - /** - * @param isClient True if is client mode. - * @throws Exception If fail. - */ - private void testDataStreamer(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder().defaultAllowAll(true) - .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_PUT) - .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) - .build(), isClient); - - allowed(node, s -> s.addData("k", 1)); - forbidden(node, s -> s.addData("k", 1)); - - allowed(node, s -> s.addData(singletonMap("key", 2))); - forbidden(node, s -> s.addData(singletonMap("key", 2))); - - Map.Entry entry = entry(); - - allowed(node, s -> s.addData(entry)); - forbidden(node, s -> s.addData(entry)); - - allowed(node, s -> s.addData(singletonList(entry()))); - forbidden(node, s -> s.addData(singletonList(entry()))); - - } - - /** - * @param node Node. - * @param c Consumer. - */ - private void allowed(Ignite node, Consumer> c) { - try (IgniteDataStreamer s = node.dataStreamer(CACHE_NAME)) { - c.accept(s); - } - } - - /** - * @param node Node. - * @param c Consumer. - */ - private void forbidden(Ignite node, Consumer> c) { - try (IgniteDataStreamer s = node.dataStreamer(FORBIDDEN_CACHE)) { - c.accept(s); - - fail("Should not happen"); - } - catch (Throwable e) { - assertThat(X.cause(e, SecurityException.class), notNullValue()); - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index 84cc1ad895c94..b7a52871a5253 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -19,17 +19,17 @@ import org.apache.ignite.internal.processor.security.cache.CacheOperationPermissionCheckTest; import org.apache.ignite.internal.processor.security.cache.EntryProcessorPermissionCheckTest; -import org.apache.ignite.internal.processor.security.cache.LoadCachePermissionCheckTest; +import org.apache.ignite.internal.processor.security.cache.CacheLoadPermissionCheckTest; import org.apache.ignite.internal.processor.security.cache.ScanQueryPermissionCheckTest; import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.cache.closure.LoadCacheRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.cache.closure.CacheLoadRemoteSecurityContextCheckTest; import org.apache.ignite.internal.processor.security.cache.closure.ScanQueryRemoteSecurityContextCheckTest; import org.apache.ignite.internal.processor.security.client.ThinClientPermissionCheckTest; import org.apache.ignite.internal.processor.security.compute.ComputePermissionCheckTest; import org.apache.ignite.internal.processor.security.compute.closure.ComputeTaskRemoteSecurityContextCheckTest; import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureRemoteSecurityContextCheckTest; import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.datastreamer.DataStreamPermissionCheckTest; +import org.apache.ignite.internal.processor.security.datastreamer.DataStreamerPermissionCheckTest; import org.apache.ignite.internal.processor.security.datastreamer.closure.DataStreamerRemoteSecurityContextCheckTest; import org.apache.ignite.internal.processor.security.messaging.MessagingRemoteSecurityContextCheckTest; import org.junit.runner.RunWith; @@ -41,9 +41,9 @@ @RunWith(Suite.class) @Suite.SuiteClasses({ CacheOperationPermissionCheckTest.class, - DataStreamPermissionCheckTest.class, + DataStreamerPermissionCheckTest.class, ScanQueryPermissionCheckTest.class, - LoadCachePermissionCheckTest.class, + CacheLoadPermissionCheckTest.class, EntryProcessorPermissionCheckTest.class, ComputePermissionCheckTest.class, @@ -53,7 +53,7 @@ ScanQueryRemoteSecurityContextCheckTest.class, EntryProcessorRemoteSecurityContextCheckTest.class, DataStreamerRemoteSecurityContextCheckTest.class, - LoadCacheRemoteSecurityContextCheckTest.class, + CacheLoadRemoteSecurityContextCheckTest.class, ThinClientPermissionCheckTest.class, MessagingRemoteSecurityContextCheckTest.class, }) From f2264a9f63532d4780ba0debd9eb4f57c7994d48 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 6 Feb 2019 21:04:41 +0300 Subject: [PATCH 46/98] IGNITE-9560 Test class renaming --- .../cache/CacheLoadPermissionCheckTest.java | 200 ++++++++++++++++++ ...cheLoadRemoteSecurityContextCheckTest.java | 155 ++++++++++++++ .../DataStreamerPermissionCheckTest.java | 109 ++++++++++ 3 files changed, 464 insertions(+) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java new file mode 100644 index 0000000000000..2fd326025024e --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java @@ -0,0 +1,200 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache; + +import com.google.common.collect.Sets; +import java.io.Serializable; +import java.util.Collection; +import java.util.Map; +import javax.cache.Cache; +import javax.cache.configuration.FactoryBuilder; +import javax.cache.integration.CacheLoaderException; +import javax.cache.integration.CacheWriterException; +import org.apache.ignite.Ignite; +import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.cache.store.CacheStore; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.util.lang.gridfunc.ContainsPredicate; +import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.internal.util.typedef.T2; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.jetbrains.annotations.Nullable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; + +/** + * Test cache permission for Load cache. + */ +@RunWith(JUnit4.class) +public class CacheLoadPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { + /** Entry. */ + private static T2 entry; + + /** {@inheritDoc} */ + @Override protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.REPLICATED) + .setCacheStoreFactory(FactoryBuilder.factoryOf(new T2BasedStore())), + + new CacheConfiguration() + .setName(FORBIDDEN_CACHE) + .setCacheMode(CacheMode.REPLICATED) + .setCacheStoreFactory(FactoryBuilder.factoryOf(new T2BasedStore())) + }; + } + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + startGrid("server_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); + + startGrid("client_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, CACHE_PUT) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); + + super.beforeTestsStarted(); + } + + /** + * + */ + @Test + public void test() { + load(grid("server_node")); + load(grid("client_node")); + + loadAsync(grid("server_node")); + loadAsync(grid("client_node")); + + localLoad(grid("server_node")); + + localLoadAsync(grid("server_node")); + } + + /** + * @param r Runnable. + */ + private void allowed(Runnable r) { + assertAllowed(grid("server_node"), CACHE_NAME, + (t) -> { + entry = t; + + r.run(); + } + ); + } + + /** + * @param node Node. + */ + private void load(Ignite node) { + allowed(() -> node.cache(CACHE_NAME).loadCache(null)); + + //todo Security Improvement Phase-2. + // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).loadCache(null)); + } + + /** + * @param node Node. + */ + private void loadAsync(Ignite node) { + allowed(() -> node.cache(CACHE_NAME).loadCache(null)); + + //todo Security Improvement Phase-2. + // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).loadCacheAsync(null).get()); + } + + /** + * @param node Node. + */ + private void localLoad(Ignite node) { + allowed(() -> node.cache(CACHE_NAME).localLoadCache(null)); + + //todo Security Improvement Phase-2. + // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).localLoadCache(null)); + } + + /** + * @param node Node. + */ + private void localLoadAsync(Ignite node) { + allowed(() -> node.cache(CACHE_NAME).localLoadCacheAsync(null).get()); + + //todo Security Improvement Phase-2. + // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).localLoadCacheAsync(null).get()); + } + + /** + * + */ + static class T2BasedStore implements CacheStore, Serializable { + /** {@inheritDoc} */ + @Override public void loadCache(IgniteBiInClosure clo, + @Nullable Object... args) throws CacheLoaderException { + assert entry != null; + + clo.apply(entry.getKey(), entry.getValue()); + } + + /** {@inheritDoc} */ + @Override public void sessionEnd(boolean commit) throws CacheWriterException { + // No-op + } + + /** {@inheritDoc} */ + @Override public Integer load(String key) throws CacheLoaderException { + return entry.get(key); + } + + /** {@inheritDoc} */ + @Override public Map loadAll(Iterable keys) throws CacheLoaderException { + return F.view(entry, new ContainsPredicate<>(Sets.newHashSet(keys))); + } + + /** {@inheritDoc} */ + @Override public void write( + Cache.Entry entry) throws CacheWriterException { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void writeAll(Collection> entries) { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void delete(Object key) throws CacheWriterException { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void deleteAll(Collection keys) throws CacheWriterException { + throw new UnsupportedOperationException(); + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..b0899b164edc7 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -0,0 +1,155 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache.closure; + +import javax.cache.Cache; +import javax.cache.configuration.Factory; +import javax.cache.integration.CacheLoaderException; +import org.apache.ignite.Ignite; +import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.cache.store.CacheStoreAdapter; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.resources.IgniteInstanceResource; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing permissions when the filter of Load cache is executed cache operations on remote node. + */ +@RunWith(JUnit4.class) +public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Transition load cache. */ + private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; + + /** {@inheritDoc} */ + @Override protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false) + .setCacheStoreFactory(new TestStoreFactory()), + new CacheConfiguration() + .setName(TRANSITION_LOAD_CACHE) + .setCacheMode(CacheMode.PARTITIONED) + .setReadFromBackup(false) + .setCacheStoreFactory(new TestStoreFactory()) + }; + } + + /** + * + */ + @Test + public void test() { + IgniteEx srvInitiator = grid("srv_initiator"); + + IgniteEx clntInitiator = grid("clnt_initiator"); + + perform(srvInitiator, ()->loadCache(srvInitiator)); + perform(clntInitiator, ()->loadCache(clntInitiator)); + } + + /** + * @param initiator Initiator node. + */ + private void loadCache(IgniteEx initiator) { + initiator.cache(CACHE_NAME).loadCache( + new TestClosure("srv_transition", "srv_endpoint") + ); + } + + /** + * Closure for tests. + */ + static class TestClosure implements IgniteBiPredicate { + /** Locale ignite. */ + @IgniteInstanceResource + private Ignite loc; + + /** Expected local node name. */ + private final String node; + + /** Endpoint node name. */ + private final String endpoint; + + /** + * @param node Expected local node name. + * @param endpoint Endpoint node name. + */ + public TestClosure(String node, String endpoint) { + this.node = node; + this.endpoint = endpoint; + } + + /** {@inheritDoc} */ + @Override public boolean apply(Integer k, Integer v) { + if (node.equals(loc.name())) { + VERIFIER.verify(loc); + + if (endpoint != null) { + loc.cache(TRANSITION_LOAD_CACHE).loadCache( + new TestClosure(endpoint, null) + ); + } + } + + return false; + } + } + + /** + * Test store factory. + */ + private static class TestStoreFactory implements Factory { + /** {@inheritDoc} */ + @Override public TestCacheStore create() { + return new TestCacheStore(); + } + } + + /** + * Test cache store. + */ + private static class TestCacheStore extends CacheStoreAdapter { + /** {@inheritDoc} */ + @Override public void loadCache(IgniteBiInClosure clo, Object... args) { + clo.apply(1, 1); + } + + /** {@inheritDoc} */ + @Override public Integer load(Integer key) throws CacheLoaderException { + return key; + } + + /** {@inheritDoc} */ + @Override public void write(Cache.Entry entry) { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void delete(Object key) { + // No-op. + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java new file mode 100644 index 0000000000000..cab65b8c46cbb --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -0,0 +1,109 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.datastreamer; + +import java.util.Map; +import java.util.function.Consumer; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteDataStreamer; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import static java.util.Collections.singletonList; +import static java.util.Collections.singletonMap; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.junit.Assert.assertThat; + +/** + * Test cache permissions for Data Streamer. + */ +@RunWith(JUnit4.class) +public class DataStreamerPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { + /** + * @throws Exception If fail. + */ + @Test + public void testServerNode() throws Exception { + testDataStreamer(false); + } + + /** + * @throws Exception If fail. + */ + @Test + public void testClientNode() throws Exception { + testDataStreamer(true); + } + + /** + * @param isClient True if is client mode. + * @throws Exception If fail. + */ + private void testDataStreamer(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_test_node", + builder().defaultAllowAll(true) + .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_PUT) + .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) + .build(), isClient); + + allowed(node, s -> s.addData("k", 1)); + forbidden(node, s -> s.addData("k", 1)); + + allowed(node, s -> s.addData(singletonMap("key", 2))); + forbidden(node, s -> s.addData(singletonMap("key", 2))); + + Map.Entry entry = entry(); + + allowed(node, s -> s.addData(entry)); + forbidden(node, s -> s.addData(entry)); + + allowed(node, s -> s.addData(singletonList(entry()))); + forbidden(node, s -> s.addData(singletonList(entry()))); + + } + + /** + * @param node Node. + * @param c Consumer. + */ + private void allowed(Ignite node, Consumer> c) { + try (IgniteDataStreamer s = node.dataStreamer(CACHE_NAME)) { + c.accept(s); + } + } + + /** + * @param node Node. + * @param c Consumer. + */ + private void forbidden(Ignite node, Consumer> c) { + try (IgniteDataStreamer s = node.dataStreamer(FORBIDDEN_CACHE)) { + c.accept(s); + + fail("Should not happen"); + } + catch (Throwable e) { + assertThat(X.cause(e, SecurityException.class), notNullValue()); + } + } +} From 50f70d910773510aa9c4cb1c7a70503c651d617a Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 8 Feb 2019 10:33:31 +0300 Subject: [PATCH 47/98] IGNITE-9560 Fix comments. --- ...ractCacheOperationPermissionCheckTest.java | 16 ---- .../security/AbstractSecurityTest.java | 4 +- .../cache/CacheLoadPermissionCheckTest.java | 4 +- .../CacheOperationPermissionCheckTest.java | 2 +- .../EntryProcessorPermissionCheckTest.java | 28 ++++++- .../cache/ScanQueryPermissionCheckTest.java | 2 +- .../client/ThinClientPermissionCheckTest.java | 6 ++ .../compute/ComputePermissionCheckTest.java | 80 ++++++++++++++----- .../DataStreamerPermissionCheckTest.java | 2 +- 9 files changed, 101 insertions(+), 43 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java index 37cc7b3a4a214..25d5c77c856f2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java @@ -97,21 +97,5 @@ protected void assertAllowed(Ignite validator, String cacheName, Consumer> c) { - T2 entry = entry(); - try { - c.accept(entry); - - fail("Should not happen."); - } - catch (Throwable e) { - assertThat(X.cause(e, SecurityException.class), notNullValue()); - } - - assertThat(validator.cache(cacheName).get(entry.getKey()), nullValue()); - } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index 07d843fc2ce9f..6bd0cdcbe804d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -155,14 +155,14 @@ protected IgniteEx startGrid(String instanceName, String login, String pwd, * Getting security permission set builder. */ protected SecurityPermissionSetBuilder builder() { - return SecurityPermissionSetBuilder.create().defaultAllowAll(false); + return SecurityPermissionSetBuilder.create().defaultAllowAll(true); } /** * Getting allow all security permission set. */ protected SecurityPermissionSet allowAllPermissionSet() { - return builder().defaultAllowAll(true).build(); + return builder().build(); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java index 2fd326025024e..5e8d337720899 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java @@ -68,12 +68,12 @@ public class CacheLoadPermissionCheckTest extends AbstractCacheOperationPermissi /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { startGrid("server_node", - builder().defaultAllowAll(true) + builder() .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); startGrid("client_node", - builder().defaultAllowAll(true) + builder() .appendCachePermissions(CACHE_NAME, CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java index 227adaf248346..4d4e7657930ca 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java @@ -56,7 +56,7 @@ public void testClientNode() throws Exception { */ private void testCrudCachePermissions(boolean isClient) throws Exception { Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder().defaultAllowAll(true) + builder() .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java index 555bfa8ed0404..5fe1448532d4e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java @@ -17,11 +17,14 @@ package org.apache.ignite.internal.processor.security.cache; +import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.cache.CacheEntryProcessor; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.T2; +import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.plugin.security.SecurityException; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -29,6 +32,9 @@ import static java.util.Collections.singleton; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.core.IsNull.nullValue; +import static org.junit.Assert.assertThat; /** * Test cache permission for Entry processor. @@ -38,12 +44,12 @@ public class EntryProcessorPermissionCheckTest extends AbstractCacheOperationPer /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { startGrid("server_node", - builder().defaultAllowAll(true) + builder() .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); startGrid("client_node", - builder().defaultAllowAll(true) + builder() .appendCachePermissions(CACHE_NAME, CACHE_PUT, CACHE_READ) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); @@ -150,4 +156,22 @@ private static CacheEntryProcessor processor(T2> c) { + T2 entry = entry(); + + try { + c.accept(entry); + + fail("Should not happen."); + } + catch (Throwable e) { + assertThat(X.cause(e, SecurityException.class), notNullValue()); + } + + assertThat(validator.cache(cacheName).get(entry.getKey()), nullValue()); + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java index 57d00532c799c..e33ba15e946a5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java @@ -57,7 +57,7 @@ private void testScanQuery(boolean isClient) throws Exception { putTestData(); Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder().defaultAllowAll(true) + builder() .appendCachePermissions(CACHE_NAME, CACHE_READ) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java index b5dbd67cb14aa..9d9d06d9b7c2f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java @@ -35,6 +35,7 @@ import org.apache.ignite.internal.processor.security.TestSecurityData; import org.apache.ignite.internal.processor.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -152,6 +153,11 @@ protected IgniteConfiguration getConfiguration(int idx, ignite.cluster().active(true); } + /** {@inheritDoc} */ + @Override protected SecurityPermissionSetBuilder builder() { + return super.builder().defaultAllowAll(false); + } + /** * @throws Exception If error occurs. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java index b3af88fb0516f..87a656871468b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java @@ -25,7 +25,9 @@ import java.util.Map; import java.util.concurrent.ExecutionException; import java.util.concurrent.Future; +import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.locks.ReentrantLock; import java.util.function.Function; import java.util.function.Supplier; import org.apache.ignite.Ignite; @@ -61,26 +63,55 @@ public class ComputePermissionCheckTest extends AbstractSecurityTest { /** Flag that shows task was executed. */ private static final AtomicBoolean IS_EXECUTED = new AtomicBoolean(false); - /** Allowed task. */ - private static final AllowedTask TEST_TASK = new AllowedTask(); + /** Reentrant lock. */ + private static final ReentrantLock RNT_LOCK = new ReentrantLock(); + + /** Reentrant lock timeout. */ + public static final int RNT_LOCK_TIMEOUT = 20_000; + + /** Test compute task. */ + private static final TestComputeTask TEST_COMPUTE_TASK = new TestComputeTask(); /** Test callable. */ private static final IgniteCallable TEST_CALLABLE = () -> { IS_EXECUTED.set(true); + syncForCancel(); + return null; }; /** Test runnable. */ - private static final IgniteRunnable TEST_RUNNABLE = () -> IS_EXECUTED.set(true); + private static final IgniteRunnable TEST_RUNNABLE = () -> { + IS_EXECUTED.set(true); + + syncForCancel(); + }; /** Test closure. */ private static final IgniteClosure TEST_CLOSURE = a -> { IS_EXECUTED.set(true); + syncForCancel(); + return null; }; + /** Synchronization for tests TASK_CANCEL. */ + private static void syncForCancel() throws IgniteException { + boolean isLocked = false; + try { + isLocked = RNT_LOCK.tryLock(RNT_LOCK_TIMEOUT, TimeUnit.MILLISECONDS); + } + catch (InterruptedException e) { + throw new IgniteException(e); + } + finally { + if (isLocked) + RNT_LOCK.unlock(); + } + } + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -134,9 +165,9 @@ public void test() { * @param nodes Array of nodes. */ private Collection runnables(Ignite... nodes) { - Function f = (node) -> new TestRunnable[]{ - () -> node.compute().execute(TEST_TASK, 0), - () -> node.compute().executeAsync(TEST_TASK, 0).get(), + Function f = (node) -> new TestRunnable[] { + () -> node.compute().execute(TEST_COMPUTE_TASK, 0), + () -> node.compute().executeAsync(TEST_COMPUTE_TASK, 0).get(), () -> node.compute().broadcast(TEST_CALLABLE), () -> node.compute().broadcastAsync(TEST_CALLABLE).get(), () -> node.compute().call(TEST_CALLABLE), @@ -164,12 +195,12 @@ private Collection runnables(Ignite... nodes) { private List> suppliers(Ignite... nodes) { List> res = new ArrayList<>(); - for(Ignite node : nodes) { + for (Ignite node : nodes) { res.add(() -> new FutureAdapter(node.compute().broadcastAsync(TEST_CALLABLE))); res.add(() -> new FutureAdapter(node.compute().callAsync(TEST_CALLABLE))); res.add(() -> new FutureAdapter(node.compute().runAsync(TEST_RUNNABLE))); res.add(() -> new FutureAdapter(node.compute().applyAsync(TEST_CLOSURE, new Object()))); - res.add(() -> new FutureAdapter(node.compute().executeAsync(TEST_TASK, 0))); + res.add(() -> new FutureAdapter(node.compute().executeAsync(TEST_COMPUTE_TASK, 0))); res.add(() -> new FutureAdapter(node.executorService().submit(TEST_CALLABLE))); } @@ -180,8 +211,8 @@ private List> suppliers(Ignite... nodes) { * @param perms Permissions. */ private SecurityPermissionSet permissions(SecurityPermission... perms) { - return builder().defaultAllowAll(true) - .appendTaskPermissions(TEST_TASK.getClass().getName(), perms) + return builder() + .appendTaskPermissions(TEST_COMPUTE_TASK.getClass().getName(), perms) .appendTaskPermissions(TEST_CALLABLE.getClass().getName(), perms) .appendTaskPermissions(TEST_RUNNABLE.getClass().getName(), perms) .appendTaskPermissions(TEST_CLOSURE.getClass().getName(), perms) @@ -208,20 +239,32 @@ private void allowedRun(TestRunnable r) { * @param s Supplier. */ private void forbiddenCancel(Supplier s) { - FutureAdapter f = s.get(); + RNT_LOCK.lock(); + try { + FutureAdapter f = s.get(); - forbiddenRun(f::cancel); + forbiddenRun(f::cancel); + } + finally { + RNT_LOCK.unlock(); + } } /** * @param s Supplier. */ private void allowedCancel(Supplier s) { - FutureAdapter f = s.get(); + RNT_LOCK.lock(); + try { + FutureAdapter f = s.get(); - f.cancel(); + f.cancel(); - assertThat(f.isCancelled(), is(true)); + assertThat(f.isCancelled(), is(true)); + } + finally { + RNT_LOCK.unlock(); + } } /** @@ -254,7 +297,6 @@ public FutureAdapter(Future fut) { igniteFut = null; } - /** * */ @@ -275,7 +317,7 @@ public Object get() throws ExecutionException, InterruptedException { /** * */ - public boolean isCancelled(){ + public boolean isCancelled() { return igniteFut != null ? igniteFut.isCancelled() : fut.isCancelled(); } } @@ -283,7 +325,7 @@ public boolean isCancelled(){ /** * Abstract test compute task. */ - private static class AllowedTask implements ComputeTask { + private static class TestComputeTask implements ComputeTask { /** {@inheritDoc} */ @Override public @Nullable Map map(List subgrid, @Nullable Object arg) throws IgniteException { @@ -296,6 +338,8 @@ private static class AllowedTask implements ComputeTask { } @Override public Object execute() throws IgniteException { + syncForCancel(); + return null; } }, subgrid.stream().findFirst().get() diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java index cab65b8c46cbb..bd5c733d350d1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -61,7 +61,7 @@ public void testClientNode() throws Exception { */ private void testDataStreamer(boolean isClient) throws Exception { Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder().defaultAllowAll(true) + builder() .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) .build(), isClient); From 39bd243bc55044947729f0ecd9b4466fd520f279 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 8 Feb 2019 14:18:14 +0300 Subject: [PATCH 48/98] IGNITE-9560 Fix comments. --- ...ractCacheOperationPermissionCheckTest.java | 13 -- .../cache/CacheLoadPermissionCheckTest.java | 200 ------------------ .../EntryProcessorPermissionCheckTest.java | 12 ++ .../AuthorizeOperationsTestSuite.java | 4 +- 4 files changed, 13 insertions(+), 216 deletions(-) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java index 25d5c77c856f2..2bd8be44b1d51 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java @@ -85,17 +85,4 @@ protected T2 entry() { return new T2<>("key_" + val, -1 * val); } - - /** - * @param c Consumer. - */ - protected void assertAllowed(Ignite validator, String cacheName, Consumer> c) { - T2 entry = entry(); - - c.accept(entry); - - assertThat(validator.cache(cacheName).get(entry.getKey()), is(entry.getValue())); - } - - } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java deleted file mode 100644 index 5e8d337720899..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheLoadPermissionCheckTest.java +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.cache; - -import com.google.common.collect.Sets; -import java.io.Serializable; -import java.util.Collection; -import java.util.Map; -import javax.cache.Cache; -import javax.cache.configuration.FactoryBuilder; -import javax.cache.integration.CacheLoaderException; -import javax.cache.integration.CacheWriterException; -import org.apache.ignite.Ignite; -import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.cache.store.CacheStore; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; -import org.apache.ignite.internal.util.lang.gridfunc.ContainsPredicate; -import org.apache.ignite.internal.util.typedef.F; -import org.apache.ignite.internal.util.typedef.T2; -import org.apache.ignite.lang.IgniteBiInClosure; -import org.jetbrains.annotations.Nullable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; - -/** - * Test cache permission for Load cache. - */ -@RunWith(JUnit4.class) -public class CacheLoadPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** Entry. */ - private static T2 entry; - - /** {@inheritDoc} */ - @Override protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.REPLICATED) - .setCacheStoreFactory(FactoryBuilder.factoryOf(new T2BasedStore())), - - new CacheConfiguration() - .setName(FORBIDDEN_CACHE) - .setCacheMode(CacheMode.REPLICATED) - .setCacheStoreFactory(FactoryBuilder.factoryOf(new T2BasedStore())) - }; - } - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - startGrid("server_node", - builder() - .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); - - startGrid("client_node", - builder() - .appendCachePermissions(CACHE_NAME, CACHE_PUT) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); - - super.beforeTestsStarted(); - } - - /** - * - */ - @Test - public void test() { - load(grid("server_node")); - load(grid("client_node")); - - loadAsync(grid("server_node")); - loadAsync(grid("client_node")); - - localLoad(grid("server_node")); - - localLoadAsync(grid("server_node")); - } - - /** - * @param r Runnable. - */ - private void allowed(Runnable r) { - assertAllowed(grid("server_node"), CACHE_NAME, - (t) -> { - entry = t; - - r.run(); - } - ); - } - - /** - * @param node Node. - */ - private void load(Ignite node) { - allowed(() -> node.cache(CACHE_NAME).loadCache(null)); - - //todo Security Improvement Phase-2. - // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).loadCache(null)); - } - - /** - * @param node Node. - */ - private void loadAsync(Ignite node) { - allowed(() -> node.cache(CACHE_NAME).loadCache(null)); - - //todo Security Improvement Phase-2. - // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).loadCacheAsync(null).get()); - } - - /** - * @param node Node. - */ - private void localLoad(Ignite node) { - allowed(() -> node.cache(CACHE_NAME).localLoadCache(null)); - - //todo Security Improvement Phase-2. - // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).localLoadCache(null)); - } - - /** - * @param node Node. - */ - private void localLoadAsync(Ignite node) { - allowed(() -> node.cache(CACHE_NAME).localLoadCacheAsync(null).get()); - - //todo Security Improvement Phase-2. - // forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).localLoadCacheAsync(null).get()); - } - - /** - * - */ - static class T2BasedStore implements CacheStore, Serializable { - /** {@inheritDoc} */ - @Override public void loadCache(IgniteBiInClosure clo, - @Nullable Object... args) throws CacheLoaderException { - assert entry != null; - - clo.apply(entry.getKey(), entry.getValue()); - } - - /** {@inheritDoc} */ - @Override public void sessionEnd(boolean commit) throws CacheWriterException { - // No-op - } - - /** {@inheritDoc} */ - @Override public Integer load(String key) throws CacheLoaderException { - return entry.get(key); - } - - /** {@inheritDoc} */ - @Override public Map loadAll(Iterable keys) throws CacheLoaderException { - return F.view(entry, new ContainsPredicate<>(Sets.newHashSet(keys))); - } - - /** {@inheritDoc} */ - @Override public void write( - Cache.Entry entry) throws CacheWriterException { - throw new UnsupportedOperationException(); - } - - /** {@inheritDoc} */ - @Override public void writeAll(Collection> entries) { - throw new UnsupportedOperationException(); - } - - /** {@inheritDoc} */ - @Override public void delete(Object key) throws CacheWriterException { - throw new UnsupportedOperationException(); - } - - /** {@inheritDoc} */ - @Override public void deleteAll(Collection keys) throws CacheWriterException { - throw new UnsupportedOperationException(); - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java index 5fe1448532d4e..491dfc955cb2b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java @@ -33,6 +33,7 @@ import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.core.Is.is; import static org.hamcrest.core.IsNull.nullValue; import static org.junit.Assert.assertThat; @@ -157,6 +158,17 @@ private static CacheEntryProcessor processor(T2> c) { + T2 entry = entry(); + + c.accept(entry); + + assertThat(validator.cache(cacheName).get(entry.getKey()), is(entry.getValue())); + } + /** * @param c Consumer. */ diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java index b7a52871a5253..039f8b54d14f3 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java @@ -19,10 +19,9 @@ import org.apache.ignite.internal.processor.security.cache.CacheOperationPermissionCheckTest; import org.apache.ignite.internal.processor.security.cache.EntryProcessorPermissionCheckTest; -import org.apache.ignite.internal.processor.security.cache.CacheLoadPermissionCheckTest; import org.apache.ignite.internal.processor.security.cache.ScanQueryPermissionCheckTest; -import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorRemoteSecurityContextCheckTest; import org.apache.ignite.internal.processor.security.cache.closure.CacheLoadRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorRemoteSecurityContextCheckTest; import org.apache.ignite.internal.processor.security.cache.closure.ScanQueryRemoteSecurityContextCheckTest; import org.apache.ignite.internal.processor.security.client.ThinClientPermissionCheckTest; import org.apache.ignite.internal.processor.security.compute.ComputePermissionCheckTest; @@ -43,7 +42,6 @@ CacheOperationPermissionCheckTest.class, DataStreamerPermissionCheckTest.class, ScanQueryPermissionCheckTest.class, - CacheLoadPermissionCheckTest.class, EntryProcessorPermissionCheckTest.class, ComputePermissionCheckTest.class, From eec3f3a2fca5c7e24a877c0d1c3f1727ca3b96bf Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 11 Feb 2019 10:32:39 +0300 Subject: [PATCH 49/98] IGNITE-9560 Fix comments. --- .../EntryProcessorPermissionCheckTest.java | 23 ++++------- .../cache/ScanQueryPermissionCheckTest.java | 1 + .../client/ThinClientPermissionCheckTest.java | 5 ++- .../compute/ComputePermissionCheckTest.java | 40 ++++++------------- 4 files changed, 25 insertions(+), 44 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java index 491dfc955cb2b..d61ecc00b711a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java @@ -42,29 +42,22 @@ */ @RunWith(JUnit4.class) public class EntryProcessorPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - startGrid("server_node", + /** + * + */ + @Test + public void test() throws Exception { + IgniteEx srvNode = startGrid("server_node", builder() .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); - startGrid("client_node", + IgniteEx clientNode = startGrid("client_node", builder() .appendCachePermissions(CACHE_NAME, CACHE_PUT, CACHE_READ) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); - super.beforeTestsStarted(); - } - - /** - * - */ - @Test - public void test() { - IgniteEx srvNode = grid("server_node"); - - IgniteEx clientNode = grid("client_node"); + srvNode.cluster().active(true); invoke(srvNode); invoke(clientNode); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java index e33ba15e946a5..b06ae70898e16 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java @@ -62,6 +62,7 @@ private void testScanQuery(boolean isClient) throws Exception { .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); assertFalse(node.cache(CACHE_NAME).query(new ScanQuery()).getAll().isEmpty()); + forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).query(new ScanQuery()).getAll()); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java index 9d9d06d9b7c2f..85fd013a41ac8 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java @@ -171,8 +171,9 @@ public void testCacheSinglePermOperations() throws Exception { } /** - * That test shows wrong case when client has permission for a remove operation but a removeAll operation is - * forbidden for it. + * That test shows the wrong case when a client has permission for a remove operation + * but a removeAll operation is forbidden for it. To have permission for the removeAll (clear) operation + * a client need to have the permission to execute {@link #REMOVE_ALL_TASK} ({@link #CLEAR_TASK}) task. * * @throws Exception If error occurs. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java index 87a656871468b..55208c3316d8b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java @@ -67,7 +67,7 @@ public class ComputePermissionCheckTest extends AbstractSecurityTest { private static final ReentrantLock RNT_LOCK = new ReentrantLock(); /** Reentrant lock timeout. */ - public static final int RNT_LOCK_TIMEOUT = 20_000; + private static final int RNT_LOCK_TIMEOUT = 20_000; /** Test compute task. */ private static final TestComputeTask TEST_COMPUTE_TASK = new TestComputeTask(); @@ -100,6 +100,7 @@ public class ComputePermissionCheckTest extends AbstractSecurityTest { /** Synchronization for tests TASK_CANCEL. */ private static void syncForCancel() throws IgniteException { boolean isLocked = false; + try { isLocked = RNT_LOCK.tryLock(RNT_LOCK_TIMEOUT, TimeUnit.MILLISECONDS); } @@ -112,41 +113,24 @@ private static void syncForCancel() throws IgniteException { } } - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - Ignite ign = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); - - startGrid("srv_forbidden", permissions(EMPTY_PERMS)); - - startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); - - startGrid("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), true); - - startGrid("clnt_forbidden", permissions(EMPTY_PERMS), true); - - startGrid("clnt_forbidden_cnl", permissions(TASK_EXECUTE), true); - - ign.cluster().active(true); - } - /** * */ @Test - public void test() { - Ignite srvAllowed = grid("srv_allowed"); + public void test() throws Exception { + Ignite srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); - Ignite srvForbidden = grid("srv_forbidden"); + Ignite srvForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS)); - Ignite srvForbiddenCancel = grid("srv_forbidden_cnl"); + Ignite srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); - Ignite clntAllowed = grid("clnt_allowed"); + Ignite clntAllowed = startGrid("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), true); - Ignite clntForbidden = grid("clnt_forbidden"); + Ignite clntForbidden = startGrid("clnt_forbidden", permissions(EMPTY_PERMS), true); - Ignite clntForbiddenCancel = grid("clnt_forbidden_cnl"); + Ignite clntForbiddenCancel = startGrid("clnt_forbidden_cnl", permissions(TASK_EXECUTE), true); + + srvAllowed.cluster().active(true); for (TestRunnable r : runnables(srvAllowed, clntAllowed)) allowedRun(r); @@ -240,6 +224,7 @@ private void allowedRun(TestRunnable r) { */ private void forbiddenCancel(Supplier s) { RNT_LOCK.lock(); + try { FutureAdapter f = s.get(); @@ -255,6 +240,7 @@ private void forbiddenCancel(Supplier s) { */ private void allowedCancel(Supplier s) { RNT_LOCK.lock(); + try { FutureAdapter f = s.get(); From f9472d1848982a2f177c90a224cd9fae7dcf08f7 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 11 Feb 2019 12:50:35 +0300 Subject: [PATCH 50/98] IGNITE-9560 Fix comments. --- .../client/ThinClientPermissionCheckTest.java | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java index 85fd013a41ac8..13e4b1ee8a162 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java @@ -48,8 +48,6 @@ import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; import static org.hamcrest.core.Is.is; -import static org.hamcrest.core.IsNull.notNullValue; -import static org.hamcrest.core.StringContains.containsString; import static org.junit.Assert.assertThat; /** @@ -192,18 +190,13 @@ public void testCacheTaskPermOperations() throws Exception { @Test public void testSysOperation() throws Exception { try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { - assertThat(sysPrmClnt.createCache(DYNAMIC_CACHE), notNullValue()); + sysPrmClnt.createCache(DYNAMIC_CACHE); - sysPrmClnt.destroyCache(DYNAMIC_CACHE); + assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(true)); - try { - sysPrmClnt.cache(DYNAMIC_CACHE).put("key", "any value"); + sysPrmClnt.destroyCache(DYNAMIC_CACHE); - fail(); - } - catch (Exception e) { - assertThat(e.getMessage(), containsString("Cache does not exist")); - } + assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(false)); } executeForbiddenOperation(c -> c.createCache(DYNAMIC_CACHE)); From da5c2f542ce0ed9e3c958604d7b0d4e1707afc78 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 13 Feb 2019 10:12:38 +0300 Subject: [PATCH 51/98] IGNITE-9560 fix comments --- ...erationRemoteSecurityContextCheckTest.java | 6 +-- ...bstractRemoteSecurityContextCheckTest.java | 20 ++++++-- ...cheLoadRemoteSecurityContextCheckTest.java | 10 ++-- ...ocessorRemoteSecurityContextCheckTest.java | 12 ++--- ...anQueryRemoteSecurityContextCheckTest.java | 20 ++++---- ...ComputeRemoteSecurityContextCheckTest.java | 29 ++++++----- ...uteTaskRemoteSecurityContextCheckTest.java | 10 ++-- ...ClosureRemoteSecurityContextCheckTest.java | 48 +++++++++---------- ...ServiceRemoteSecurityContextCheckTest.java | 36 +++++--------- ...treamerRemoteSecurityContextCheckTest.java | 12 ++--- ...ssagingRemoteSecurityContextCheckTest.java | 24 ++++++---- 11 files changed, 121 insertions(+), 106 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java index 7b3f29db8e5cb..fa44e78ae377d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java @@ -55,10 +55,10 @@ protected CacheConfiguration[] getCacheConfigurations() { * @param node Node. * @param r Runnable. */ - protected void perform(IgniteEx node, Runnable r){ + protected final void runAndCheck(IgniteEx node, Runnable r){ VERIFIER.start(secSubjectId(node)) - .add("srv_transition", 1) - .add("srv_endpoint", 1); + .add(SRV_TRANSITION, 1) + .add(SRV_ENDPOINT, 1); r.run(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 1c92c6e76adc4..232673b9f800a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -38,6 +38,18 @@ public class AbstractRemoteSecurityContextCheckTest extends AbstractSecurityTest /** Verifier to check results of tests. */ protected static final Verifier VERIFIER = new Verifier(); + /** Name of server initiator node. */ + protected static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + protected static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server transition node. */ + protected static final String SRV_TRANSITION = "srv_transition"; + + /** Name of server endpoint node. */ + protected static final String SRV_ENDPOINT = "srv_endpoint"; + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -53,13 +65,13 @@ public class AbstractRemoteSecurityContextCheckTest extends AbstractSecurityTest * Starts nodes. */ protected void startNodes() throws Exception { - startGrid("srv_initiator", allowAllPermissionSet()); + startGrid(SRV_INITIATOR, allowAllPermissionSet()); - startGrid("clnt_initiator", allowAllPermissionSet(), true); + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - startGrid("srv_transition", allowAllPermissionSet()); + startGrid(SRV_TRANSITION, allowAllPermissionSet()); - startGrid("srv_endpoint", allowAllPermissionSet()); + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index b0899b164edc7..92310b9f748bf 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -62,12 +62,12 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat */ @Test public void test() { - IgniteEx srvInitiator = grid("srv_initiator"); + IgniteEx srvInitiator = grid(SRV_INITIATOR); - IgniteEx clntInitiator = grid("clnt_initiator"); + IgniteEx clntInitiator = grid(CLNT_INITIATOR); - perform(srvInitiator, ()->loadCache(srvInitiator)); - perform(clntInitiator, ()->loadCache(clntInitiator)); + runAndCheck(srvInitiator, ()->loadCache(srvInitiator)); + runAndCheck(clntInitiator, ()->loadCache(clntInitiator)); } /** @@ -75,7 +75,7 @@ public void test() { */ private void loadCache(IgniteEx initiator) { initiator.cache(CACHE_NAME).loadCache( - new TestClosure("srv_transition", "srv_endpoint") + new TestClosure(SRV_TRANSITION, SRV_ENDPOINT) ); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 6201fad2db37c..1c9449d71a5ba 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -40,23 +40,23 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO */ @Test public void test() { - execute(grid("srv_initiator")); - execute(grid("clnt_initiator")); + runAndCheck(grid(SRV_INITIATOR)); + runAndCheck(grid(CLNT_INITIATOR)); } /** * @param initiator Node that initiates an execution. */ - private void execute(IgniteEx initiator) { + private void runAndCheck(IgniteEx initiator) { UUID secSubjectId = secSubjectId(initiator); for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { VERIFIER.start(secSubjectId) - .add("srv_transition", 1) - .add("srv_endpoint", 1); + .add(SRV_TRANSITION, 1) + .add(SRV_ENDPOINT, 1); invoke(ime, initiator, - new TestEntryProcessor(ime, "srv_endpoint"), prmKey(grid("srv_transition"))); + new TestEntryProcessor(ime, SRV_ENDPOINT), prmKey(grid(SRV_TRANSITION))); VERIFIER.checkResult(); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index a4ebd981a67e2..fc45e731ea5d2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -39,24 +39,24 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat */ @Test public void test() throws Exception { - IgniteEx srvInitiator = grid("srv_initiator"); + IgniteEx srvInitiator = grid(SRV_INITIATOR); - IgniteEx clntInitiator = grid("clnt_initiator"); + IgniteEx clntInitiator = grid(CLNT_INITIATOR); - IgniteEx srvTransition = grid("srv_transition"); + IgniteEx srvTransition = grid(SRV_TRANSITION); - IgniteEx srvEndpoint = grid("srv_endpoint"); + IgniteEx srvEndpoint = grid(SRV_ENDPOINT); srvInitiator.cache(CACHE_NAME).put(prmKey(srvTransition), 1); srvInitiator.cache(CACHE_NAME).put(prmKey(srvEndpoint), 2); awaitPartitionMapExchange(); - perform(srvInitiator, () -> query(srvInitiator)); - perform(clntInitiator, () -> query(clntInitiator)); + runAndCheck(srvInitiator, () -> query(srvInitiator)); + runAndCheck(clntInitiator, () -> query(clntInitiator)); - perform(srvInitiator, () -> transform(srvInitiator)); - perform(clntInitiator, () -> transform(clntInitiator)); + runAndCheck(srvInitiator, () -> transform(srvInitiator)); + runAndCheck(clntInitiator, () -> transform(clntInitiator)); } /** @@ -65,7 +65,7 @@ public void test() throws Exception { private void query(IgniteEx initiator) { initiator.cache(CACHE_NAME).query( new ScanQuery<>( - new QueryFilter("srv_transition", "srv_endpoint") + new QueryFilter(SRV_TRANSITION, SRV_ENDPOINT) ) ).getAll(); } @@ -76,7 +76,7 @@ private void query(IgniteEx initiator) { private void transform(IgniteEx initiator) { initiator.cache(CACHE_NAME).query( new ScanQuery<>((k, v) -> true), - new Transformer("srv_transition", "srv_endpoint") + new Transformer(SRV_TRANSITION, SRV_ENDPOINT) ).getAll(); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java index 266cae1a6eb16..8e636e405554c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java @@ -27,13 +27,19 @@ * Abstract compute security test. */ public abstract class AbstractComputeRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** Name of client transition node. */ + public static final String CLNT_TRANSITION = "clnt_transition"; + + /** Name of client endpoint node. */ + public static final String CLNT_ENDPOINT = "clnt_endpoint"; + /** {@inheritDoc} */ @Override protected void startNodes() throws Exception{ super.startNodes(); - startGrid("clnt_transition", allowAllPermissionSet(), true); + startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); - startGrid("clnt_endpoint", allowAllPermissionSet()); + startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); } /** @@ -42,12 +48,13 @@ public abstract class AbstractComputeRemoteSecurityContextCheckTest extends Abst * @param node Node. * @param r Runnable. */ - protected void perform(IgniteEx node, Runnable r) { + protected final void runAndCheck(IgniteEx node, Runnable r) { VERIFIER.start(secSubjectId(node)) - .add("srv_transition", 1) - .add("clnt_transition", 1) - .add("srv_endpoint", 2) - .add("clnt_endpoint", 2); + .add(SRV_TRANSITION, 1) + .add(CLNT_TRANSITION, 1) + .add(SRV_ENDPOINT, 2) + .add(CLNT_ENDPOINT, 2); + r.run(); VERIFIER.checkResult(); @@ -58,8 +65,8 @@ protected void perform(IgniteEx node, Runnable r) { */ protected Collection transitions() { return Arrays.asList( - grid("srv_transition").localNode().id(), - grid("clnt_transition").localNode().id() + grid(SRV_TRANSITION).localNode().id(), + grid(CLNT_TRANSITION).localNode().id() ); } @@ -68,8 +75,8 @@ protected Collection transitions() { */ protected Collection endpoints() { return Arrays.asList( - grid("srv_endpoint").localNode().id(), - grid("clnt_endpoint").localNode().id() + grid(SRV_ENDPOINT).localNode().id(), + grid(CLNT_ENDPOINT).localNode().id() ); } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 9d1aac87d8fcf..2bb4a2fbea582 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -44,20 +44,20 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractComputeRe */ @Test public void test() { - execute(grid("srv_initiator")); - execute(grid("clnt_initiator")); + runAndCheck(grid(SRV_INITIATOR)); + runAndCheck(grid(CLNT_INITIATOR)); } /** * @param initiator Node that initiates an execution. */ - private void execute(IgniteEx initiator) { - perform(initiator, + private void runAndCheck(IgniteEx initiator) { + runAndCheck(initiator, () -> initiator.compute().execute( new TestComputeTask(transitions(), endpoints(), false), 0 ) ); - perform(initiator, + runAndCheck(initiator, () -> initiator.compute().executeAsync( new TestComputeTask(transitions(), endpoints(), true), 0 ).get() diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 4006c5e5a6c20..9fb932b2de6fd 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -39,15 +39,15 @@ public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractCo */ @Test public void test() { - execute(grid("srv_initiator")); - execute(grid("clnt_initiator")); + runAndCheck(grid(SRV_INITIATOR)); + runAndCheck(grid(CLNT_INITIATOR)); } /** * @param initiator Node that initiates an execution. */ - private void execute(IgniteEx initiator) { - perform(initiator, + private void runAndCheck(IgniteEx initiator) { + runAndCheck(initiator, () -> compute(initiator, transitions()) .broadcast((IgniteRunnable)new CommonClosure(endpoints(), true) { @Override protected void transit(IgniteCompute cmp) { @@ -55,7 +55,7 @@ private void execute(IgniteEx initiator) { } })); - perform(initiator, + runAndCheck(initiator, () -> compute(initiator, transitions()) .broadcastAsync((IgniteRunnable)new CommonClosure(endpoints(), true) { @Override protected void transit(IgniteCompute cmp) { @@ -63,42 +63,42 @@ private void execute(IgniteEx initiator) { } }).get()); - perform(initiator, + runAndCheck(initiator, (cmp) -> cmp.call(new CommonClosure(endpoints()) { @Override protected void transit(IgniteCompute cmp) { cmp.call(endpointClosure()); } })); - perform(initiator, + runAndCheck(initiator, (cmp) -> cmp.callAsync(new CommonClosure(endpoints()) { @Override protected void transit(IgniteCompute cmp) { cmp.callAsync(endpointClosure()).get(); } }).get()); - perform(initiator, + runAndCheck(initiator, (cmp) -> cmp.run(new CommonClosure(endpoints()) { @Override protected void transit(IgniteCompute cmp) { cmp.run(endpointClosure()); } })); - perform(initiator, + runAndCheck(initiator, (cmp) -> cmp.runAsync(new CommonClosure(endpoints()) { @Override protected void transit(IgniteCompute cmp) { cmp.runAsync(endpointClosure()).get(); } }).get()); - perform(initiator, + runAndCheck(initiator, (cmp) -> cmp.apply(new CommonClosure(endpoints()) { @Override protected void transit(IgniteCompute cmp) { cmp.apply(endpointClosure(), new Object()); } }, new Object())); - perform(initiator, + runAndCheck(initiator, (cmp) -> cmp.applyAsync(new CommonClosure(endpoints()) { @Override protected void transit(IgniteCompute cmp) { cmp.applyAsync(endpointClosure(), new Object()).get(); @@ -106,6 +106,19 @@ private void execute(IgniteEx initiator) { }, new Object()).get()); } + /** + * Performs test case. + */ + private void runAndCheck(IgniteEx initiator, Consumer c) { + runAndCheck( + initiator, + () -> { + for (UUID nodeId : transitions()) + c.accept(compute(initiator, nodeId)); + } + ); + } + /** * @return IgniteCompute is produced by passed node for cluster group * that contains nodes with ids from collection. @@ -121,19 +134,6 @@ private static IgniteCompute compute(Ignite ignite, UUID id) { return ignite.compute(ignite.cluster().forNodeId(id)); } - /** - * Performs test. - */ - private void perform(IgniteEx initiator, Consumer c) { - perform( - initiator, - () -> { - for (UUID nodeId : transitions()) - c.accept(compute(initiator, nodeId)); - } - ); - } - /** * Common closure for tests. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index b5b25c0dd325b..01f9d971b496d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -21,7 +21,6 @@ import java.util.Collections; import java.util.UUID; import java.util.concurrent.ExecutorService; -import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; @@ -40,34 +39,25 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractCompu */ @Test public void test() { - execute(grid("srv_initiator")); - execute(grid("clnt_initiator")); + runAndCheck(grid(SRV_INITIATOR)); + runAndCheck(grid(CLNT_INITIATOR)); } /** - * @param initiator Node that initiates an execution. + * Performs test case. */ - private void execute(IgniteEx initiator) { - perform(initiator, (s) -> { - try { - s.submit(new TestIgniteRunnable(endpoints())).get(); - } - catch (Exception e) { - throw new RuntimeException(e); - } - }); - } - - /** - * Performs test. - */ - private void perform(IgniteEx initiator, Consumer c) { - perform(initiator, + private void runAndCheck(IgniteEx initiator) { + runAndCheck(initiator, () -> { for (UUID nodeId : transitions()) { - c.accept( - initiator.executorService(initiator.cluster().forNodeId(nodeId)) - ); + ExecutorService svc = initiator.executorService(initiator.cluster().forNodeId(nodeId)); + + try { + svc.submit(new TestIgniteRunnable(endpoints())).get(); + } + catch (Exception e) { + throw new RuntimeException(e); + } } }); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 72fa8bcc52461..20dfa65b21378 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -42,12 +42,12 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe */ @Test public void testDataStreamer() { - IgniteEx srvInitiator = grid("srv_initiator"); + IgniteEx srvInitiator = grid(SRV_INITIATOR); - IgniteEx clntInitiator = grid("clnt_initiator"); + IgniteEx clntInitiator = grid(CLNT_INITIATOR); - perform(srvInitiator, () -> dataStreamer(srvInitiator)); - perform(clntInitiator, () -> dataStreamer(clntInitiator)); + runAndCheck(srvInitiator, () -> dataStreamer(srvInitiator)); + runAndCheck(clntInitiator, () -> dataStreamer(clntInitiator)); } /** @@ -55,9 +55,9 @@ public void testDataStreamer() { */ private void dataStreamer(Ignite initiator) { try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor.from(new TestClosure(grid("srv_endpoint").localNode().id()))); + strm.receiver(StreamVisitor.from(new TestClosure(grid(SRV_ENDPOINT).localNode().id()))); - strm.addData(prmKey(grid("srv_transition")), 100); + strm.addData(prmKey(grid(SRV_TRANSITION)), 100); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java index 98f43e33e2f63..c733e0512ce89 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java @@ -37,6 +37,12 @@ */ @RunWith(JUnit4.class) public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** Name of client transition node. */ + public static final String CLNT_TRANSITION = "clnt_transition"; + + /** Name of client endpoint node. */ + public static final String CLNT_ENDPOINT = "clnt_endpoint"; + /** Barrier. */ private static final CyclicBarrier BARRIER = new CyclicBarrier(3); @@ -44,9 +50,9 @@ public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecur @Override protected void startNodes() throws Exception { super.startNodes(); - startGrid("clnt_transition", allowAllPermissionSet(), true); + startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); - startGrid("clnt_endpoint", allowAllPermissionSet()); + startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); } /** @@ -54,11 +60,11 @@ public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecur */ @Test public void test() { - messaging(grid("srv_initiator"), grid("srv_transition")); - messaging(grid("srv_initiator"), grid("clnt_transition")); + messaging(grid(SRV_INITIATOR), grid(SRV_TRANSITION)); + messaging(grid(SRV_INITIATOR), grid(CLNT_TRANSITION)); - messaging(grid("clnt_initiator"), grid("srv_transition")); - messaging(grid("clnt_initiator"), grid("clnt_transition")); + messaging(grid(CLNT_INITIATOR), grid(SRV_TRANSITION)); + messaging(grid(CLNT_INITIATOR), grid(CLNT_TRANSITION)); } /** @@ -69,13 +75,13 @@ public void test() { */ private void messaging(IgniteEx lsnrNode, IgniteEx evtNode) { VERIFIER.start(secSubjectId(lsnrNode)) - .add("srv_endpoint", 1) - .add("clnt_endpoint", 1); + .add(SRV_ENDPOINT, 1) + .add(CLNT_ENDPOINT, 1); BARRIER.reset(); IgniteMessaging messaging = lsnrNode.message( - lsnrNode.cluster().forNode(grid("srv_endpoint").localNode(), grid("clnt_endpoint").localNode()) + lsnrNode.cluster().forNode(grid(SRV_ENDPOINT).localNode(), grid(CLNT_ENDPOINT).localNode()) ); String topic = "HOT_TOPIC"; From 251b62e0acabcdfb5955068e189bcb1d45ec4d37 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 13 Feb 2019 12:51:47 +0300 Subject: [PATCH 52/98] IGNITE-9560 fix comments --- ...erationRemoteSecurityContextCheckTest.java | 1 - ...cheLoadRemoteSecurityContextCheckTest.java | 3 -- ...ocessorRemoteSecurityContextCheckTest.java | 35 ++++++++----------- ...anQueryRemoteSecurityContextCheckTest.java | 3 -- ...uteTaskRemoteSecurityContextCheckTest.java | 1 + ...treamerRemoteSecurityContextCheckTest.java | 1 - 6 files changed, 15 insertions(+), 29 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java index fa44e78ae377d..c763d4d559ec1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java @@ -45,7 +45,6 @@ protected CacheConfiguration[] getCacheConfigurations() { new CacheConfiguration<>() .setName(CACHE_NAME) .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false) }; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 92310b9f748bf..a4e9f10175fe6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -47,12 +47,10 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat new CacheConfiguration() .setName(CACHE_NAME) .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false) .setCacheStoreFactory(new TestStoreFactory()), new CacheConfiguration() .setName(TRANSITION_LOAD_CACHE) .setCacheMode(CacheMode.PARTITIONED) - .setReadFromBackup(false) .setCacheStoreFactory(new TestStoreFactory()) }; } @@ -63,7 +61,6 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat @Test public void test() { IgniteEx srvInitiator = grid(SRV_INITIATOR); - IgniteEx clntInitiator = grid(CLNT_INITIATOR); runAndCheck(srvInitiator, ()->loadCache(srvInitiator)); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 1c9449d71a5ba..dc8eeb938bfd2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -21,7 +21,6 @@ import java.util.UUID; import javax.cache.processor.EntryProcessor; import javax.cache.processor.EntryProcessorException; -import javax.cache.processor.EntryProcessorResult; import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; @@ -56,7 +55,7 @@ private void runAndCheck(IgniteEx initiator) { .add(SRV_ENDPOINT, 1); invoke(ime, initiator, - new TestEntryProcessor(ime, SRV_ENDPOINT), prmKey(grid(SRV_TRANSITION))); + new TestEntryProcessor(grid(SRV_ENDPOINT).localNode().id()), prmKey(grid(SRV_TRANSITION))); VERIFIER.checkResult(); } @@ -68,7 +67,7 @@ private void runAndCheck(IgniteEx initiator) { * @param ep Entry Processor. * @param key Key. */ - private static void invoke(InvokeMethodEnum ime, IgniteEx initiator, + private void invoke(InvokeMethodEnum ime, IgniteEx initiator, EntryProcessor ep, Integer key) { switch (ime) { case INVOKE: @@ -78,8 +77,7 @@ private static void invoke(InvokeMethodEnum ime, IgniteEx initiator, break; case INVOKE_ALL: initiator.cache(CACHE_NAME) - .invokeAll(Collections.singleton(key), ep) - .values().stream().findFirst().ifPresent(EntryProcessorResult::get); + .invokeAll(Collections.singleton(key), ep); break; case INVOKE_ASYNC: @@ -89,8 +87,7 @@ private static void invoke(InvokeMethodEnum ime, IgniteEx initiator, break; case INVOKE_ALL_ASYNC: initiator.cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), ep) - .get().values().stream().findFirst().ifPresent(EntryProcessorResult::get); + .invokeAllAsync(Collections.singleton(key), ep).get(); break; default: @@ -114,19 +111,14 @@ private enum InvokeMethodEnum { * Entry processor for tests with transition invoke call. */ static class TestEntryProcessor implements EntryProcessor { - /** Invoke method. */ - private final InvokeMethodEnum ime; - - /** Endpoint node name. */ - private final String endpoint; + /** Endpoint node id. */ + private final UUID endpointId; /** - * @param ime Invoke method. - * @param endpoint Endpoint node name. + * @param endpointId Endpoint node id. */ - public TestEntryProcessor(InvokeMethodEnum ime, String endpoint) { - this.ime = ime; - this.endpoint = endpoint; + public TestEntryProcessor(UUID endpointId) { + this.endpointId = endpointId; } /** {@inheritDoc} */ @@ -136,10 +128,11 @@ public TestEntryProcessor(InvokeMethodEnum ime, String endpoint) { VERIFIER.verify(loc); - if (endpoint != null) { - invoke( - ime, loc, new TestEntryProcessor(ime, null), prmKey(endpoint) - ); + if (endpointId != null) { + loc.compute(loc.cluster().forNodeId(endpointId)) + .broadcast( + ()-> VERIFIER.verify(Ignition.localIgnite()) + ); } return null; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index fc45e731ea5d2..6ba038101e4dd 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -40,11 +40,8 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat @Test public void test() throws Exception { IgniteEx srvInitiator = grid(SRV_INITIATOR); - IgniteEx clntInitiator = grid(CLNT_INITIATOR); - IgniteEx srvTransition = grid(SRV_TRANSITION); - IgniteEx srvEndpoint = grid(SRV_ENDPOINT); srvInitiator.cache(CACHE_NAME).put(prmKey(srvTransition), 1); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 2bb4a2fbea582..48f174752b5dc 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -57,6 +57,7 @@ private void runAndCheck(IgniteEx initiator) { new TestComputeTask(transitions(), endpoints(), false), 0 ) ); + runAndCheck(initiator, () -> initiator.compute().executeAsync( new TestComputeTask(transitions(), endpoints(), true), 0 diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 20dfa65b21378..43051aea2e23c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -43,7 +43,6 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe @Test public void testDataStreamer() { IgniteEx srvInitiator = grid(SRV_INITIATOR); - IgniteEx clntInitiator = grid(CLNT_INITIATOR); runAndCheck(srvInitiator, () -> dataStreamer(srvInitiator)); From 27af04e31e77beedbc8b6236dd8e26f24d275932 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 14 Feb 2019 16:30:01 +0300 Subject: [PATCH 53/98] IGNITE-9560 fix comments --- ...erationRemoteSecurityContextCheckTest.java | 16 --- ...bstractRemoteSecurityContextCheckTest.java | 76 +++++------- ...cheLoadRemoteSecurityContextCheckTest.java | 41 ++++++- ...ocessorRemoteSecurityContextCheckTest.java | 52 ++++++-- ...anQueryRemoteSecurityContextCheckTest.java | 47 +++++++- ...ComputeRemoteSecurityContextCheckTest.java | 82 ------------- ...uteTaskRemoteSecurityContextCheckTest.java | 77 +++++++++++- ...ClosureRemoteSecurityContextCheckTest.java | 82 +++++++++++-- ...ServiceRemoteSecurityContextCheckTest.java | 75 +++++++++++- ...treamerRemoteSecurityContextCheckTest.java | 43 ++++++- ...ssagingRemoteSecurityContextCheckTest.java | 112 +++++++++++------- 11 files changed, 479 insertions(+), 224 deletions(-) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java index c763d4d559ec1..5e0c9ddc5a78f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java @@ -48,22 +48,6 @@ protected CacheConfiguration[] getCacheConfigurations() { }; } - /** - * Sets up VERIFIER, performs the runnable and checks the result. - * - * @param node Node. - * @param r Runnable. - */ - protected final void runAndCheck(IgniteEx node, Runnable r){ - VERIFIER.start(secSubjectId(node)) - .add(SRV_TRANSITION, 1) - .add(SRV_ENDPOINT, 1); - - r.run(); - - VERIFIER.checkResult(); - } - /** * Getting the key that is contained on primary partition on passed node for {@link #CACHE_NAME} cache. * diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 232673b9f800a..93734cdd5429e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -22,7 +22,6 @@ import java.util.function.BiFunction; import org.apache.ignite.Ignite; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.plugin.security.SecurityException; @@ -34,44 +33,17 @@ /** * */ -public class AbstractRemoteSecurityContextCheckTest extends AbstractSecurityTest { +public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSecurityTest { /** Verifier to check results of tests. */ - protected static final Verifier VERIFIER = new Verifier(); - - /** Name of server initiator node. */ - protected static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - protected static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server transition node. */ - protected static final String SRV_TRANSITION = "srv_transition"; - - /** Name of server endpoint node. */ - protected static final String SRV_ENDPOINT = "srv_endpoint"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startNodes(); - - assert !G.allGrids().isEmpty(); - - G.allGrids().get(0).cluster().active(true); - } + private static final Verifier VERIFIER = new Verifier(); /** - * Starts nodes. + * Checks that current security context is valid and incriments invoke's counter. + * + * @param ignite Local node. */ - protected void startNodes() throws Exception { - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - - startGrid(SRV_TRANSITION, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + public static void verify(Ignite ignite){ + VERIFIER.verify((IgniteEx)ignite); } /** @@ -91,6 +63,25 @@ protected void assertCauseSecurityException(Throwable throwable) { assertThat(X.cause(throwable, SecurityException.class), notNullValue()); } + /** + * Setups expected behavior to passed verifier. + */ + protected abstract void setupVerifier(Verifier verifier); + + /** + * Sets up VERIFIER, performs the runnable and checks the result. + * + * @param secSubjId Expected security subject id. + * @param r Runnable. + */ + protected final void runAndCheck(UUID secSubjId, Runnable r) { + setupVerifier(VERIFIER.start(secSubjId)); + + r.run(); + + VERIFIER.checkResult(); + } + /** * Responsible for verifying of tests results. */ @@ -110,7 +101,7 @@ public static class Verifier { * * @param expSecSubjId Expected security subject id. */ - public Verifier start(UUID expSecSubjId) { + private Verifier start(UUID expSecSubjId) { this.expSecSubjId = expSecSubjId; map.clear(); @@ -136,16 +127,7 @@ public Verifier add(String nodeName, int exp) { * * @param ignite Local node. */ - public void verify(Ignite ignite) { - verify((IgniteEx)ignite); - } - - /** - * Checks that current security context is valid and incriments invoke's counter. - * - * @param ignite Local node. - */ - public void verify(IgniteEx ignite) { + private void verify(IgniteEx ignite) { assert expSecSubjId != null; assert ignite != null; @@ -169,7 +151,7 @@ public void verify(IgniteEx ignite) { /** * Checks result of test and clears expected behavior. */ - public void checkResult() { + private void checkResult() { assert !map.isEmpty(); map.forEach((key, value) -> diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index a4e9f10175fe6..6254f6ad2fcf1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -26,6 +26,7 @@ import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.resources.IgniteInstanceResource; @@ -38,6 +39,40 @@ */ @RunWith(JUnit4.class) public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server transition node. */ + private static final String SRV_TRANSITION = "srv_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_TRANSITION, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_TRANSITION, 1) + .add(SRV_ENDPOINT, 1); + } + /** Transition load cache. */ private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; @@ -63,8 +98,8 @@ public void test() { IgniteEx srvInitiator = grid(SRV_INITIATOR); IgniteEx clntInitiator = grid(CLNT_INITIATOR); - runAndCheck(srvInitiator, ()->loadCache(srvInitiator)); - runAndCheck(clntInitiator, ()->loadCache(clntInitiator)); + runAndCheck(secSubjectId(srvInitiator), ()->loadCache(srvInitiator)); + runAndCheck(secSubjectId(clntInitiator), ()->loadCache(clntInitiator)); } /** @@ -102,7 +137,7 @@ public TestClosure(String node, String endpoint) { /** {@inheritDoc} */ @Override public boolean apply(Integer k, Integer v) { if (node.equals(loc.name())) { - VERIFIER.verify(loc); + verify(loc); if (endpoint != null) { loc.cache(TRANSITION_LOAD_CACHE).loadCache( diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index dc8eeb938bfd2..85f0203fbde84 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -25,6 +25,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -34,6 +35,40 @@ */ @RunWith(JUnit4.class) public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server transition node. */ + private static final String SRV_TRANSITION = "srv_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_TRANSITION, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_TRANSITION, 1) + .add(SRV_ENDPOINT, 1); + } + /** * */ @@ -50,14 +85,11 @@ private void runAndCheck(IgniteEx initiator) { UUID secSubjectId = secSubjectId(initiator); for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { - VERIFIER.start(secSubjectId) - .add(SRV_TRANSITION, 1) - .add(SRV_ENDPOINT, 1); - - invoke(ime, initiator, - new TestEntryProcessor(grid(SRV_ENDPOINT).localNode().id()), prmKey(grid(SRV_TRANSITION))); - - VERIFIER.checkResult(); + runAndCheck( + secSubjectId, + () -> invoke(ime, initiator, + new TestEntryProcessor(grid(SRV_ENDPOINT).localNode().id()), prmKey(grid(SRV_TRANSITION))) + ); } } @@ -126,12 +158,12 @@ public TestEntryProcessor(UUID endpointId) { Object... objects) throws EntryProcessorException { IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - VERIFIER.verify(loc); + verify(loc); if (endpointId != null) { loc.compute(loc.cluster().forNodeId(endpointId)) .broadcast( - ()-> VERIFIER.verify(Ignition.localIgnite()) + () -> verify(Ignition.localIgnite()) ); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 6ba038101e4dd..aaf648b057e89 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -22,6 +22,7 @@ import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.resources.IgniteInstanceResource; @@ -34,6 +35,40 @@ */ @RunWith(JUnit4.class) public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server transition node. */ + private static final String SRV_TRANSITION = "srv_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_TRANSITION, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_TRANSITION, 1) + .add(SRV_ENDPOINT, 1); + } + /** * */ @@ -49,11 +84,11 @@ public void test() throws Exception { awaitPartitionMapExchange(); - runAndCheck(srvInitiator, () -> query(srvInitiator)); - runAndCheck(clntInitiator, () -> query(clntInitiator)); + runAndCheck(secSubjectId(srvInitiator), () -> query(srvInitiator)); + runAndCheck(secSubjectId(clntInitiator), () -> query(clntInitiator)); - runAndCheck(srvInitiator, () -> transform(srvInitiator)); - runAndCheck(clntInitiator, () -> transform(clntInitiator)); + runAndCheck(secSubjectId(srvInitiator), () -> transform(srvInitiator)); + runAndCheck(secSubjectId(clntInitiator), () -> transform(clntInitiator)); } /** @@ -103,7 +138,7 @@ public QueryFilter(String node, String endpoint) { /** {@inheritDoc} */ @Override public boolean apply(Integer s, Integer i) { if (node.equals(loc.name())) { - VERIFIER.verify(loc); + verify(loc); if (endpoint != null) { loc.cache(CACHE_NAME).query( @@ -142,7 +177,7 @@ public Transformer(String node, String endpoint) { /** {@inheritDoc} */ @Override public Integer apply(Cache.Entry entry) { if (node.equals(loc.name())) { - VERIFIER.verify(loc); + verify(loc); if (endpoint != null) { loc.cache(CACHE_NAME).query( diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java deleted file mode 100644 index 8e636e405554c..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/AbstractComputeRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute.closure; - -import java.util.Arrays; -import java.util.Collection; -import java.util.UUID; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; - -/** - * Abstract compute security test. - */ -public abstract class AbstractComputeRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** Name of client transition node. */ - public static final String CLNT_TRANSITION = "clnt_transition"; - - /** Name of client endpoint node. */ - public static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** {@inheritDoc} */ - @Override protected void startNodes() throws Exception{ - super.startNodes(); - - startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); - - startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); - } - - /** - * Sets up VERIFIER, performs the runnable and checks the result. - * - * @param node Node. - * @param r Runnable. - */ - protected final void runAndCheck(IgniteEx node, Runnable r) { - VERIFIER.start(secSubjectId(node)) - .add(SRV_TRANSITION, 1) - .add(CLNT_TRANSITION, 1) - .add(SRV_ENDPOINT, 2) - .add(CLNT_ENDPOINT, 2); - - r.run(); - - VERIFIER.checkResult(); - } - - /** - * @return Collection of transition node ids. - */ - protected Collection transitions() { - return Arrays.asList( - grid(SRV_TRANSITION).localNode().id(), - grid(CLNT_TRANSITION).localNode().id() - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - protected Collection endpoints() { - return Arrays.asList( - grid(SRV_ENDPOINT).localNode().id(), - grid(CLNT_ENDPOINT).localNode().id() - ); - } -} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 48f174752b5dc..e37e025e9249a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -17,6 +17,7 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashMap; @@ -31,6 +32,8 @@ import org.apache.ignite.compute.ComputeJobResultPolicy; import org.apache.ignite.compute.ComputeTask; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.resources.IgniteInstanceResource; import org.jetbrains.annotations.Nullable; import org.junit.Test; @@ -38,7 +41,53 @@ /** * Testing permissions when the compute task is executed cache operations on remote node. */ -public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractComputeRemoteSecurityContextCheckTest { +public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server transition node. */ + private static final String SRV_TRANSITION = "srv_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client transition node. */ + private static final String CLNT_TRANSITION = "clnt_transition"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_TRANSITION, allowAllPermissionSet()); + + startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_TRANSITION, 1) + .add(CLNT_TRANSITION, 1) + .add(SRV_ENDPOINT, 2) + .add(CLNT_ENDPOINT, 2); + } + /** * */ @@ -52,19 +101,39 @@ public void test() { * @param initiator Node that initiates an execution. */ private void runAndCheck(IgniteEx initiator) { - runAndCheck(initiator, + runAndCheck(secSubjectId(initiator), () -> initiator.compute().execute( new TestComputeTask(transitions(), endpoints(), false), 0 ) ); - runAndCheck(initiator, + runAndCheck(secSubjectId(initiator), () -> initiator.compute().executeAsync( new TestComputeTask(transitions(), endpoints(), true), 0 ).get() ); } + /** + * @return Collection of transition node ids. + */ + private Collection transitions() { + return Arrays.asList( + grid(SRV_TRANSITION).localNode().id(), + grid(CLNT_TRANSITION).localNode().id() + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + grid(SRV_ENDPOINT).localNode().id(), + grid(CLNT_ENDPOINT).localNode().id() + ); + } + /** * Compute task for tests. */ @@ -116,7 +185,7 @@ public TestComputeTask(Collection remotes) { } @Override public Object execute() throws IgniteException { - VERIFIER.verify(loc); + verify(loc); if (!endpoints.isEmpty()) { if (isAsync) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 9fb932b2de6fd..f13d1fd5c3839 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -17,6 +17,7 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.UUID; @@ -25,6 +26,8 @@ import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteCallable; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; @@ -33,7 +36,53 @@ /** * Testing permissions when the compute closure is executed cache operations on remote node. */ -public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractComputeRemoteSecurityContextCheckTest { +public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server transition node. */ + private static final String SRV_TRANSITION = "srv_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client transition node. */ + private static final String CLNT_TRANSITION = "clnt_transition"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_TRANSITION, allowAllPermissionSet()); + + startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(AbstractRemoteSecurityContextCheckTest.Verifier verifier) { + verifier + .add(SRV_TRANSITION, 1) + .add(CLNT_TRANSITION, 1) + .add(SRV_ENDPOINT, 2) + .add(CLNT_ENDPOINT, 2); + } + /** * */ @@ -47,7 +96,7 @@ public void test() { * @param initiator Node that initiates an execution. */ private void runAndCheck(IgniteEx initiator) { - runAndCheck(initiator, + runAndCheck(secSubjectId(initiator), () -> compute(initiator, transitions()) .broadcast((IgniteRunnable)new CommonClosure(endpoints(), true) { @Override protected void transit(IgniteCompute cmp) { @@ -55,7 +104,7 @@ private void runAndCheck(IgniteEx initiator) { } })); - runAndCheck(initiator, + runAndCheck(secSubjectId(initiator), () -> compute(initiator, transitions()) .broadcastAsync((IgniteRunnable)new CommonClosure(endpoints(), true) { @Override protected void transit(IgniteCompute cmp) { @@ -111,7 +160,7 @@ private void runAndCheck(IgniteEx initiator) { */ private void runAndCheck(IgniteEx initiator, Consumer c) { runAndCheck( - initiator, + secSubjectId(initiator), () -> { for (UUID nodeId : transitions()) c.accept(compute(initiator, nodeId)); @@ -120,8 +169,27 @@ private void runAndCheck(IgniteEx initiator, Consumer c) { } /** - * @return IgniteCompute is produced by passed node for cluster group - * that contains nodes with ids from collection. + * @return Collection of transition node ids. + */ + private Collection transitions() { + return Arrays.asList( + grid(SRV_TRANSITION).localNode().id(), + grid(CLNT_TRANSITION).localNode().id() + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + grid(SRV_ENDPOINT).localNode().id(), + grid(CLNT_ENDPOINT).localNode().id() + ); + } + + /** + * @return IgniteCompute is produced by passed node for cluster group that contains nodes with ids from collection. */ private static IgniteCompute compute(Ignite ignite, Collection ids) { return ignite.compute(ignite.cluster().forNodeIds(ids)); @@ -167,7 +235,7 @@ public CommonClosure(Collection endpoints) { private void body() { Ignite ignite = Ignition.localIgnite(); - VERIFIER.verify(ignite); + verify(ignite); if (!endpoints.isEmpty()) { if (isBroadcast) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index 01f9d971b496d..35f5c79a1342f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -17,6 +17,7 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.UUID; @@ -24,6 +25,8 @@ import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; import org.junit.runner.RunWith; @@ -33,7 +36,53 @@ * Testing permissions when the service task is executed cache operations on remote node. */ @RunWith(JUnit4.class) -public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractComputeRemoteSecurityContextCheckTest { +public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server transition node. */ + private static final String SRV_TRANSITION = "srv_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client transition node. */ + private static final String CLNT_TRANSITION = "clnt_transition"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_TRANSITION, allowAllPermissionSet()); + + startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_TRANSITION, 1) + .add(CLNT_TRANSITION, 1) + .add(SRV_ENDPOINT, 2) + .add(CLNT_ENDPOINT, 2); + } + /** * */ @@ -47,7 +96,7 @@ public void test() { * Performs test case. */ private void runAndCheck(IgniteEx initiator) { - runAndCheck(initiator, + runAndCheck(secSubjectId(initiator), () -> { for (UUID nodeId : transitions()) { ExecutorService svc = initiator.executorService(initiator.cluster().forNodeId(nodeId)); @@ -62,6 +111,26 @@ private void runAndCheck(IgniteEx initiator) { }); } + /** + * @return Collection of transition node ids. + */ + private Collection transitions() { + return Arrays.asList( + grid(SRV_TRANSITION).localNode().id(), + grid(CLNT_TRANSITION).localNode().id() + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + grid(SRV_ENDPOINT).localNode().id(), + grid(CLNT_ENDPOINT).localNode().id() + ); + } + /** * Runnable for tests. */ @@ -80,7 +149,7 @@ public TestIgniteRunnable(Collection endpoints) { @Override public void run() { Ignite ignite = Ignition.localIgnite(); - VERIFIER.verify(ignite); + verify(ignite); if (!endpoints.isEmpty()) { try { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 43051aea2e23c..7e48489421260 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -25,6 +25,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.stream.StreamVisitor; @@ -37,6 +38,40 @@ */ @RunWith(JUnit4.class) public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server transition node. */ + private static final String SRV_TRANSITION = "srv_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_TRANSITION, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_TRANSITION, 1) + .add(SRV_ENDPOINT, 1); + } + /** * */ @@ -45,8 +80,8 @@ public void testDataStreamer() { IgniteEx srvInitiator = grid(SRV_INITIATOR); IgniteEx clntInitiator = grid(CLNT_INITIATOR); - runAndCheck(srvInitiator, () -> dataStreamer(srvInitiator)); - runAndCheck(clntInitiator, () -> dataStreamer(clntInitiator)); + runAndCheck(secSubjectId(srvInitiator), () -> dataStreamer(srvInitiator)); + runAndCheck(secSubjectId(clntInitiator), () -> dataStreamer(clntInitiator)); } /** @@ -80,13 +115,13 @@ public TestClosure(UUID endpoint) { Map.Entry entry) { IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - VERIFIER.verify(loc); + verify(loc); //Should check a security context on the endpoint node through compute service //because using streamer from receiver may be cause of system worker dead loc.compute(loc.cluster().forNodeId(endpoint)).broadcast(new IgniteRunnable() { @Override public void run() { - VERIFIER.verify(loc); + verify(loc); } }); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java index c733e0512ce89..7912b6a107219 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java @@ -26,6 +26,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.testframework.junits.GridAbstractTest; import org.junit.Test; @@ -37,22 +38,51 @@ */ @RunWith(JUnit4.class) public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** Barrier. */ + private static final CyclicBarrier BARRIER = new CyclicBarrier(3); + + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server transition node. */ + private static final String SRV_TRANSITION = "srv_transition"; + /** Name of client transition node. */ public static final String CLNT_TRANSITION = "clnt_transition"; + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + /** Name of client endpoint node. */ public static final String CLNT_ENDPOINT = "clnt_endpoint"; - /** Barrier. */ - private static final CyclicBarrier BARRIER = new CyclicBarrier(3); - /** {@inheritDoc} */ - @Override protected void startNodes() throws Exception { - super.startNodes(); + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_TRANSITION, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_ENDPOINT, 1) + .add(CLNT_ENDPOINT, 1); } /** @@ -60,11 +90,11 @@ public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecur */ @Test public void test() { - messaging(grid(SRV_INITIATOR), grid(SRV_TRANSITION)); - messaging(grid(SRV_INITIATOR), grid(CLNT_TRANSITION)); + runAndCheck(grid(SRV_INITIATOR), grid(SRV_TRANSITION)); + runAndCheck(grid(SRV_INITIATOR), grid(CLNT_TRANSITION)); - messaging(grid(CLNT_INITIATOR), grid(SRV_TRANSITION)); - messaging(grid(CLNT_INITIATOR), grid(CLNT_TRANSITION)); + runAndCheck(grid(CLNT_INITIATOR), grid(SRV_TRANSITION)); + runAndCheck(grid(CLNT_INITIATOR), grid(CLNT_TRANSITION)); } /** @@ -73,44 +103,42 @@ public void test() { * @param lsnrNode Node that registers a listener on a remote node. * @param evtNode Node that generates an event. */ - private void messaging(IgniteEx lsnrNode, IgniteEx evtNode) { - VERIFIER.start(secSubjectId(lsnrNode)) - .add(SRV_ENDPOINT, 1) - .add(CLNT_ENDPOINT, 1); - - BARRIER.reset(); - - IgniteMessaging messaging = lsnrNode.message( - lsnrNode.cluster().forNode(grid(SRV_ENDPOINT).localNode(), grid(CLNT_ENDPOINT).localNode()) - ); - - String topic = "HOT_TOPIC"; + private void runAndCheck(IgniteEx lsnrNode, IgniteEx evtNode) { + runAndCheck(secSubjectId(lsnrNode), + () -> { + BARRIER.reset(); + + IgniteMessaging messaging = lsnrNode.message( + lsnrNode.cluster().forNode(grid(SRV_ENDPOINT).localNode(), grid(CLNT_ENDPOINT).localNode()) + ); + + String topic = "HOT_TOPIC"; + + UUID lsnrId = messaging.remoteListen(topic, + new IgniteBiPredicate() { + @Override public boolean apply(UUID uuid, Object o) { + try { + verify(Ignition.localIgnite()); + + return true; + } + finally { + barrierAwait(); + } + } + } + ); - UUID lsnrId = messaging.remoteListen(topic, - new IgniteBiPredicate() { - @Override public boolean apply(UUID uuid, Object o) { - try { - VERIFIER.verify(Ignition.localIgnite()); + try { + evtNode.message().send(topic, "Fire!"); + } + finally { + barrierAwait(); - return true; - } - finally { - barrierAwait(); - } + messaging.stopRemoteListen(lsnrId); } } ); - - try { - evtNode.message().send(topic, "Fire!"); - } - finally { - barrierAwait(); - - messaging.stopRemoteListen(lsnrId); - } - - VERIFIER.checkResult(); } /** From de736d06879f44045a051229ad6beee40a7bd635 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 14 Feb 2019 18:31:19 +0300 Subject: [PATCH 54/98] IGNITE-9560 fix comments --- .../processor/security/TestSecurityProcessorProvider.java | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java index ddfa786ddcec1..c8ade748ec8d0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java @@ -40,10 +40,6 @@ * Security processor provider for tests. */ public class TestSecurityProcessorProvider implements PluginProvider { - /** Default test security processor class name. */ - public static final String DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME = - "org.apache.ignite.internal.processors.security.os.GridOsSecurityProcessor"; - /** {@inheritDoc} */ @Override public String name() { return "TestSecurityProcessorProvider"; @@ -126,7 +122,7 @@ private String securityProcessorClass(PluginContext ctx) { } } - return DFLT_TEST_SECURITY_PROCESSOR_CLS_NAME; + return null; } /** {@inheritDoc} */ From d2f66f53d310d4556e015b84ddee031ccd1b61b2 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 15 Feb 2019 11:09:09 +0300 Subject: [PATCH 55/98] IGNITE-9560 fix comments --- .../managers/communication/GridIoManager.java | 2 +- .../security/GridSecurityProcessor.java | 1 + .../security/IgniteSecurityProcessor.java | 3 +- .../security/SecurityContextHolder.java | 60 ------------------- ...ractCacheOperationPermissionCheckTest.java | 9 --- ...cheLoadRemoteSecurityContextCheckTest.java | 2 +- ...anQueryRemoteSecurityContextCheckTest.java | 4 +- ...uteTaskRemoteSecurityContextCheckTest.java | 2 +- ...treamerRemoteSecurityContextCheckTest.java | 2 - 9 files changed, 8 insertions(+), 77 deletions(-) delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 60b0f3c22674c..0c30b962650e3 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -1549,7 +1549,7 @@ private void unwindMessageSet(GridCommunicationMessageSet msgSet, GridMessageLis * @param lsnr Listener. * @param nodeId Node ID. * @param msg Message. - * @param secSubjId Security subject taht will be used to open a security session. + * @param secSubjId Security subject that will be used to open a security session. */ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Object msg, UUID secSubjId) { Byte oldPlc = CUR_PLC.get(); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java index fa94aecb3559a..b44dab1462fcb 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java @@ -95,6 +95,7 @@ public void authorize(String name, SecurityPermission perm, SecurityContext secu /** * @return GridSecurityProcessor is enable. + * @deprecated To determine the security mode use {@link IgniteSecurityProcessor#enabled()}. */ @Deprecated public boolean enabled(); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index bf5b7a1baf138..d76888bfa6d9a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -107,7 +107,8 @@ public default void authorize(SecurityPermission perm) throws SecurityException } /** - * @return True if IgniteSecurityProcessor is not no operation else false. + * @return True if IgniteSecurityProcessor is a plugin implementation, + * false if it's used a default NoOp implementation. */ public boolean enabled(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java deleted file mode 100644 index d01071166ea73..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import org.jetbrains.annotations.Nullable; - -/** - * Thread-local security context. - */ -public class SecurityContextHolder { - /** Context. */ - private static final ThreadLocal CTX = new ThreadLocal<>(); - - /** - * Get security context. - * - * @return Security context. - */ - @Nullable public static SecurityContext get() { - return CTX.get(); - } - - /** - * Set security context. - * - * @param ctx Context. - * @return Old context. - */ - public static SecurityContext push(@Nullable SecurityContext ctx) { - SecurityContext oldCtx = CTX.get(); - - CTX.set(ctx); - - return oldCtx; - } - - /** - * Pop security context. - * - * @param oldCtx Old context. - */ - public static void pop(@Nullable SecurityContext oldCtx) { - CTX.set(oldCtx); - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java index 2bd8be44b1d51..6a59046eb82d9 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java @@ -18,18 +18,9 @@ package org.apache.ignite.internal.processor.security; import java.util.concurrent.atomic.AtomicInteger; -import java.util.function.Consumer; -import org.apache.ignite.Ignite; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.util.typedef.T2; -import org.apache.ignite.internal.util.typedef.X; -import org.apache.ignite.plugin.security.SecurityException; - -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.core.Is.is; -import static org.hamcrest.core.IsNull.nullValue; -import static org.junit.Assert.assertThat; /** * diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 6254f6ad2fcf1..82dc284d775d6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -115,7 +115,7 @@ private void loadCache(IgniteEx initiator) { * Closure for tests. */ static class TestClosure implements IgniteBiPredicate { - /** Locale ignite. */ + /** Local ignite. */ @IgniteInstanceResource private Ignite loc; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index aaf648b057e89..49c289e2b4d56 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -116,7 +116,7 @@ private void transform(IgniteEx initiator) { * Test query filter. */ static class QueryFilter implements IgniteBiPredicate { - /** Locale ignite. */ + /** Local ignite. */ @IgniteInstanceResource private Ignite loc; @@ -155,7 +155,7 @@ public QueryFilter(String node, String endpoint) { * Test transformer. */ static class Transformer implements IgniteClosure, Integer> { - /** Locale ignite. */ + /** Local ignite. */ @IgniteInstanceResource private Ignite loc; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index e37e025e9249a..0c1314c705aba 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -147,7 +147,7 @@ static class TestComputeTask implements ComputeTask { /** If true then run async. */ private final boolean isAsync; - /** Locale ignite. */ + /** Local ignite. */ @IgniteInstanceResource protected Ignite loc; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 7e48489421260..775cf312e614e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -117,8 +117,6 @@ public TestClosure(UUID endpoint) { verify(loc); - //Should check a security context on the endpoint node through compute service - //because using streamer from receiver may be cause of system worker dead loc.compute(loc.cluster().forNodeId(endpoint)).broadcast(new IgniteRunnable() { @Override public void run() { verify(loc); From 45679cbd45d1d845a7401d64892d3b862fc7b1bf Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 15 Feb 2019 13:37:13 +0300 Subject: [PATCH 56/98] IGNITE-9560 fix comments --- .../internal/processors/cache/GridCacheProcessor.java | 10 ++++++---- .../AbstractRemoteSecurityContextCheckTest.java | 8 +++----- .../CacheLoadRemoteSecurityContextCheckTest.java | 2 +- .../EntryProcessorRemoteSecurityContextCheckTest.java | 9 +++++---- .../ScanQueryRemoteSecurityContextCheckTest.java | 4 ++-- .../ComputeTaskRemoteSecurityContextCheckTest.java | 2 +- ...stributedClosureRemoteSecurityContextCheckTest.java | 6 +++--- .../ExecutorServiceRemoteSecurityContextCheckTest.java | 6 +++--- .../DataStreamerRemoteSecurityContextCheckTest.java | 6 +++--- .../MessagingRemoteSecurityContextCheckTest.java | 2 +- 10 files changed, 28 insertions(+), 27 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index 3b50dae3ede84..7cb60c7ec152f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -4306,11 +4306,13 @@ private Collection initiateCacheChanges( * @param cfg Cache configuration. */ private void authorizeCacheCreate(CacheConfiguration cfg) { - ctx.security().authorize(cfg.getName(), SecurityPermission.CACHE_CREATE); + if(cfg != null) { + ctx.security().authorize(cfg.getName(), SecurityPermission.CACHE_CREATE); - if (cfg != null && cfg.isOnheapCacheEnabled() && - IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DISABLE_ONHEAP_CACHE)) - throw new SecurityException("Authorization failed for enabling on-heap cache."); + if (cfg.isOnheapCacheEnabled() && + IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DISABLE_ONHEAP_CACHE)) + throw new SecurityException("Authorization failed for enabling on-heap cache."); + } } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 93734cdd5429e..46c71d2a97f4a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -20,7 +20,7 @@ import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import java.util.function.BiFunction; -import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.internal.util.typedef.X; @@ -39,11 +39,9 @@ public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSec /** * Checks that current security context is valid and incriments invoke's counter. - * - * @param ignite Local node. */ - public static void verify(Ignite ignite){ - VERIFIER.verify((IgniteEx)ignite); + public static void verify(){ + VERIFIER.verify((IgniteEx)Ignition.localIgnite()); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 82dc284d775d6..38633f880b7b0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -137,7 +137,7 @@ public TestClosure(String node, String endpoint) { /** {@inheritDoc} */ @Override public boolean apply(Integer k, Integer v) { if (node.equals(loc.name())) { - verify(loc); + verify(); if (endpoint != null) { loc.cache(TRANSITION_LOAD_CACHE).loadCache( diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 85f0203fbde84..a777d06636827 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -25,6 +25,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.junit.Test; import org.junit.runner.RunWith; @@ -156,14 +157,14 @@ public TestEntryProcessor(UUID endpointId) { /** {@inheritDoc} */ @Override public Object process(MutableEntry entry, Object... objects) throws EntryProcessorException { - IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - - verify(loc); + verify(); if (endpointId != null) { + IgniteEx loc = (IgniteEx)Ignition.localIgnite(); + loc.compute(loc.cluster().forNodeId(endpointId)) .broadcast( - () -> verify(Ignition.localIgnite()) + AbstractRemoteSecurityContextCheckTest::verify ); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 49c289e2b4d56..798565a9a6dbe 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -138,7 +138,7 @@ public QueryFilter(String node, String endpoint) { /** {@inheritDoc} */ @Override public boolean apply(Integer s, Integer i) { if (node.equals(loc.name())) { - verify(loc); + verify(); if (endpoint != null) { loc.cache(CACHE_NAME).query( @@ -177,7 +177,7 @@ public Transformer(String node, String endpoint) { /** {@inheritDoc} */ @Override public Integer apply(Cache.Entry entry) { if (node.equals(loc.name())) { - verify(loc); + verify(); if (endpoint != null) { loc.cache(CACHE_NAME).query( diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 0c1314c705aba..b40d48f830937 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -185,7 +185,7 @@ public TestComputeTask(Collection remotes) { } @Override public Object execute() throws IgniteException { - verify(loc); + verify(); if (!endpoints.isEmpty()) { if (isAsync) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index f13d1fd5c3839..dc9dd7bbd9d8c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -233,11 +233,11 @@ public CommonClosure(Collection endpoints) { * Main logic of CommonClosure. */ private void body() { - Ignite ignite = Ignition.localIgnite(); - - verify(ignite); + verify(); if (!endpoints.isEmpty()) { + Ignite ignite = Ignition.localIgnite(); + if (isBroadcast) transit(compute(ignite, endpoints)); else { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index 35f5c79a1342f..ae913543af939 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -147,11 +147,11 @@ public TestIgniteRunnable(Collection endpoints) { /** {@inheritDoc} */ @Override public void run() { - Ignite ignite = Ignition.localIgnite(); - - verify(ignite); + verify(); if (!endpoints.isEmpty()) { + Ignite ignite = Ignition.localIgnite(); + try { for (UUID nodeId : endpoints) { ignite.executorService(ignite.cluster().forNodeId(nodeId)) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 775cf312e614e..e62d65310ee50 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -113,13 +113,13 @@ public TestClosure(UUID endpoint) { /** {@inheritDoc} */ @Override public void apply(IgniteCache entries, Map.Entry entry) { - IgniteEx loc = (IgniteEx)Ignition.localIgnite(); + verify(); - verify(loc); + IgniteEx loc = (IgniteEx)Ignition.localIgnite(); loc.compute(loc.cluster().forNodeId(endpoint)).broadcast(new IgniteRunnable() { @Override public void run() { - verify(loc); + verify(); } }); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java index 7912b6a107219..24ced2ac266b3 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java @@ -118,7 +118,7 @@ private void runAndCheck(IgniteEx lsnrNode, IgniteEx evtNode) { new IgniteBiPredicate() { @Override public boolean apply(UUID uuid, Object o) { try { - verify(Ignition.localIgnite()); + verify(); return true; } From 5c082334c459d26edf94c195be70b580e8285ade Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 15 Feb 2019 17:04:02 +0300 Subject: [PATCH 57/98] IGNITE-9560 fix tests --- .../discovery/tcp/TestReconnectProcessor.java | 58 ++++++++++++++++++- .../TestSecurityProcessorProvider.java | 3 + 2 files changed, 59 insertions(+), 2 deletions(-) diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java index 2476bd3d787bf..15008edae9194 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java @@ -18,6 +18,7 @@ package org.apache.ignite.spi.discovery.tcp; import java.io.Serializable; +import java.net.InetSocketAddress; import java.util.Collection; import java.util.UUID; import org.apache.ignite.IgniteCheckedException; @@ -32,7 +33,9 @@ import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.plugin.security.SecuritySubjectType; import org.jetbrains.annotations.Nullable; /** @@ -57,7 +60,7 @@ protected TestReconnectProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException { - return new TestSecurityContext(); + return new TestSecurityContext(new TestSecuritySubject(ctx.localNodeId())); } /** {@inheritDoc} */ @@ -101,6 +104,47 @@ protected TestReconnectProcessor(GridKernalContext ctx) { ctx.addNodeAttribute("test", "2"); } + /** + * + */ + private static class TestSecuritySubject implements SecuritySubject { + + /** Id. */ + private final UUID id; + + /** + * @param id Id. + */ + public TestSecuritySubject(UUID id) { + this.id = id; + } + + /** {@inheritDoc} */ + @Override public UUID id() { + return id; + } + + /** {@inheritDoc} */ + @Override public SecuritySubjectType type() { + return SecuritySubjectType.REMOTE_NODE; + } + + /** {@inheritDoc} */ + @Override public Object login() { + return null; + } + + /** {@inheritDoc} */ + @Override public InetSocketAddress address() { + return null; + } + + /** {@inheritDoc} */ + @Override public SecurityPermissionSet permissions() { + return null; + } + } + /** * */ @@ -108,9 +152,19 @@ private static class TestSecurityContext implements SecurityContext, Serializabl /** Serial version uid. */ private static final long serialVersionUID = 0L; + /** Subj. */ + final SecuritySubject subj; + + /** + * @param subj Subj. + */ + public TestSecurityContext(SecuritySubject subj) { + this.subj = subj; + } + /** {@inheritDoc} */ @Override public SecuritySubject subject() { - return null; + return subj; } /** {@inheritDoc} */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java index c8ade748ec8d0..27c42db832f8e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java @@ -72,6 +72,9 @@ public class TestSecurityProcessorProvider implements PluginProvider { if (cls.isAssignableFrom(GridSecurityProcessor.class)) { String secProcCls = securityProcessorClass(ctx); + if(secProcCls == null) + return null; + try { Class implCls = Class.forName(secProcCls); From 24be1425e09937109a2955e77f96001e489cb7a8 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 20 Feb 2019 17:07:29 +0300 Subject: [PATCH 58/98] IGNITE-9560 support EntProc --- .../processors/security/IgniteSecurityProcessorImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index 17bd0f37d0dd2..a59ba551052be 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -146,7 +146,7 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public boolean enabled() { - return true; + return secPrc.enabled(); } /** {@inheritDoc} */ From d9549a2f44835bff57ebac86d73424a573f79154 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 21 Feb 2019 12:34:01 +0300 Subject: [PATCH 59/98] IGNITE-9560 support EntProc --- .../main/java/org/apache/ignite/internal/IgniteKernal.java | 4 +++- .../processors/security/IgniteSecurityProcessorImpl.java | 2 +- .../processors/security/NoOpIgniteSecurityProcessor.java | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index a15a931f72368..5a6bb0bc7d744 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -1304,7 +1304,9 @@ private long checkPoolStarvation( * @return IgniteSecurityProcessor. */ private GridProcessor igniteSecurityProcessor(GridSecurityProcessor prc) { - return prc != null ? new IgniteSecurityProcessorImpl(ctx, prc) : new NoOpIgniteSecurityProcessor(); + return prc != null && prc.enabled() + ? new IgniteSecurityProcessorImpl(ctx, prc) + : new NoOpIgniteSecurityProcessor(); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index a59ba551052be..17bd0f37d0dd2 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -146,7 +146,7 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public boolean enabled() { - return secPrc.enabled(); + return true; } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java index 4e91158849def..e8128fee0859d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -86,7 +86,7 @@ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, Gri /** {@inheritDoc} */ @Override public void onSessionExpired(UUID subjId) { - + // No-op. } /** {@inheritDoc} */ From e9b6a363459236b8d8b51fefd00460bfe283acfc Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 22 Feb 2019 13:38:12 +0300 Subject: [PATCH 60/98] IGNITE-9560 support EntProc --- .../apache/ignite/internal/IgniteKernal.java | 2 +- .../security/IgniteSecurityProcessorImpl.java | 8 ++++ .../security/NoOpIgniteSecurityProcessor.java | 44 ++++++++++++++++++- 3 files changed, 51 insertions(+), 3 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index 5a6bb0bc7d744..24219310be46e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -1306,7 +1306,7 @@ private long checkPoolStarvation( private GridProcessor igniteSecurityProcessor(GridSecurityProcessor prc) { return prc != null && prc.enabled() ? new IgniteSecurityProcessorImpl(ctx, prc) - : new NoOpIgniteSecurityProcessor(); + : new NoOpIgniteSecurityProcessor(ctx); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index 17bd0f37d0dd2..9c4b340504f5d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -47,6 +47,9 @@ * Default Grid security Manager implementation. */ public class IgniteSecurityProcessorImpl implements IgniteSecurityProcessor, GridProcessor { + /** Internal attribute name constant. */ + public static final String ATTR_GRID_SEC_PROC_CLASS = "grid.security.processor.class"; + /** Current security context. */ private final ThreadLocal curSecCtx = ThreadLocal.withInitial(this::localSecurityContext); @@ -67,6 +70,9 @@ public class IgniteSecurityProcessorImpl implements IgniteSecurityProcessor, Gri * @param secPrc Security processor. */ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor secPrc) { + assert ctx != null; + assert secPrc != null; + this.ctx = ctx; this.secPrc = secPrc; @@ -151,6 +157,8 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public void start() throws IgniteCheckedException { + ctx.addNodeAttribute(ATTR_GRID_SEC_PROC_CLASS, secPrc.getClass().getName()); + secPrc.start(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java index e8128fee0859d..3fa7f19492d27 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -21,6 +21,7 @@ import java.util.UUID; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteInternalFuture; import org.apache.ignite.internal.processors.GridProcessor; import org.apache.ignite.lang.IgniteFuture; @@ -33,10 +34,17 @@ import org.apache.ignite.spi.discovery.DiscoveryDataBag; import org.jetbrains.annotations.Nullable; +import static org.apache.ignite.internal.processors.security.IgniteSecurityProcessorImpl.ATTR_GRID_SEC_PROC_CLASS; + /** * No operation Ignite Security Processor. */ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, GridProcessor { + /** */ + private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's grid security processor class " + + "is not equal to remote node's grid security processor class " + + "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; + /** No operation Security session. */ private static final IgniteSecuritySession NO_OP_SECURITY_SESSION = new IgniteSecuritySession() { @Override public void close() { @@ -44,6 +52,16 @@ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, Gri } }; + /** Grid kernal context. */ + private final GridKernalContext ctx; + + /** + * @param ctx Grid kernal context. + */ + public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { + this.ctx = ctx; + } + /** {@inheritDoc} */ @Override public IgniteSecuritySession startSession(SecurityContext secCtx) { return NO_OP_SECURITY_SESSION; @@ -146,13 +164,13 @@ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, Gri /** {@inheritDoc} */ @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node) { - return null; + return validateSecProcClass(node); } /** {@inheritDoc} */ @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node, DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { - return null; + return validateSecProcClass(node); } /** {@inheritDoc} */ @@ -169,4 +187,26 @@ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, Gri @Override public @Nullable IgniteInternalFuture onReconnected(boolean clusterRestarted) { return null; } + + /** + * Validates that remote node's grid security processor class is undefined. + * + * @param node Joining node. + * @return Validation result or {@code null} in case of success. + */ + private IgniteNodeValidationResult validateSecProcClass(ClusterNode node){ + String rmtCls = node.attribute(ATTR_GRID_SEC_PROC_CLASS); + + if (rmtCls != null) { + ClusterNode locNode = ctx.discovery().localNode(); + + return new IgniteNodeValidationResult( + node.id(), + String.format(MSG_SEC_PROC_CLS_IS_INVALID, locNode.id(), node.id(), "undefined", rmtCls), + String.format(MSG_SEC_PROC_CLS_IS_INVALID, node.id(), locNode.id(), rmtCls, "undefined") + ); + } + + return null; + } } From ba1a591c04541daa06ddd75e1fc38d43b422f2cc Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 28 Feb 2019 09:27:05 +0300 Subject: [PATCH 61/98] IGNITE-9560 fix test --- .../apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java index 15008edae9194..93316fc651256 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java @@ -96,7 +96,7 @@ protected TestReconnectProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public boolean enabled() { - return enabled; + return true; } /** {@inheritDoc} */ From 4f857b775623f91b6809a9aff3b836357633c94a Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 28 Feb 2019 17:26:37 +0300 Subject: [PATCH 62/98] IMDBGG-1522 Advanced tests for compute, cache, datastreamer --- ...bstractRemoteSecurityContextCheckTest.java | 35 +- .../TestSecurityPluginConfiguration.java | 6 +- ...dvancedRemoteSecurityContextCheckTest.java | 233 +++++++++++++ ...dvancedRemoteSecurityContextCheckTest.java | 206 ++++++++++++ ...dvancedRemoteSecurityContextCheckTest.java | 219 ++++++++++++ ...dvancedRemoteSecurityContextCheckTest.java | 251 ++++++++++++++ ...dvancedRemoteSecurityContextCheckTest.java | 313 ++++++++++++++++++ ...ClosureRemoteSecurityContextCheckTest.java | 14 - ...dvancedRemoteSecurityContextCheckTest.java | 191 +++++++++++ ...dvancedRemoteSecurityContextCheckTest.java | 165 +++++++++ 10 files changed, 1615 insertions(+), 18 deletions(-) create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadAdvancedRemoteSecurityContextCheckTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorAdvancedRemoteSecurityContextCheckTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryAdvancedRemoteSecurityContextCheckTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskAdvancedRemoteSecurityContextCheckTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureAdvancedRemoteSecurityContextCheckTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceAdvancedRemoteSecurityContextCheckTest.java create mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerAdvancedRemoteSecurityContextCheckTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 46c71d2a97f4a..7e3e3b5dc1fad 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -17,9 +17,12 @@ package org.apache.ignite.internal.processor.security; +import java.util.Collection; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import java.util.function.BiFunction; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.T2; @@ -40,10 +43,24 @@ public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSec /** * Checks that current security context is valid and incriments invoke's counter. */ - public static void verify(){ + protected static void verify(){ VERIFIER.verify((IgniteEx)Ignition.localIgnite()); } + /** + * @return IgniteCompute is produced by passed node for cluster group that contains nodes with ids from collection. + */ + protected static IgniteCompute compute(Ignite ignite, Collection ids) { + return ignite.compute(ignite.cluster().forNodeIds(ids)); + } + + /** + * @return IgniteCompute is produced by passed node for cluster group that contains node with id. + */ + protected static IgniteCompute compute(Ignite ignite, UUID id) { + return ignite.compute(ignite.cluster().forNodeId(id)); + } + /** * @param ign Node. * @return Security subject id of passed node. @@ -52,6 +69,22 @@ protected UUID secSubjectId(IgniteEx ign) { return ign.context().security().securityContext().subject().id(); } + /** + * @param name Security subject id of passed node. + * @return Security subject id of passed node. + */ + protected UUID secSubjectId(String name) { + return secSubjectId(grid(name)); + } + + /** + * @param name Node name. + * @return Node id. + */ + protected UUID nodeId(String name) { + return grid(name).context().discovery().localNode().id(); + } + /** * Assert that the passed throwable contains a cause exception with given type. * diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java index 2879518d0fa91..0a0279bc96ba9 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java @@ -31,7 +31,7 @@ public class TestSecurityPluginConfiguration implements PluginConfiguration { private TestSecurityData nodeSecData = new TestSecurityData(); /** Thin clients security data. */ - private Collection thinClientsSecData = Collections.emptyList(); + private Collection predefinedAuthData = Collections.emptyList(); /** Security processor class name. */ private String secProcCls; @@ -104,7 +104,7 @@ public TestSecurityData nodeSecData() { * @param data Array of thin client security data. */ public TestSecurityPluginConfiguration thinClientSecData(TestSecurityData... data) { - thinClientsSecData = Collections.unmodifiableCollection(Arrays.asList(data)); + predefinedAuthData = Collections.unmodifiableCollection(Arrays.asList(data)); return this; } @@ -113,7 +113,7 @@ public TestSecurityPluginConfiguration thinClientSecData(TestSecurityData... dat * @return Collection of thin client security data. */ public Collection thinClientsSecData() { - return thinClientsSecData; + return predefinedAuthData; } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadAdvancedRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..c35302f37a95e --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadAdvancedRemoteSecurityContextCheckTest.java @@ -0,0 +1,233 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache.closure; + +import java.util.Arrays; +import java.util.Collection; +import java.util.UUID; +import javax.cache.Cache; +import javax.cache.configuration.Factory; +import javax.cache.integration.CacheLoaderException; +import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; +import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.cache.store.CacheStoreAdapter; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.resources.IgniteInstanceResource; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing permissions when the filter of Load cache is executed cache operations on remote node. + */ +@RunWith(JUnit4.class) +public class CacheLoadAdvancedRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Transition load cache. */ + private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; + + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 1) + .add(SRV_ENDPOINT, 1) + .add(CLNT_ENDPOINT, 1); + } + + /** {@inheritDoc} */ + @Override protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setCacheStoreFactory(new TestStoreFactory()), + new CacheConfiguration() + .setName(TRANSITION_LOAD_CACHE) + .setCacheMode(CacheMode.PARTITIONED) + .setCacheStoreFactory(new TestStoreFactory()) + }; + } + + /** + * + */ + @Test + public void test() { + runAndCheck(SRV_INITIATOR); + runAndCheck(CLNT_INITIATOR); + } + + /** + * @param name Initiator node name. + */ + private void runAndCheck(String name) { + runAndCheck( + secSubjectId(name), + () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( + new IgniteRunnable() { + @Override public void run() { + verify(); + + loadCache(Ignition.localIgnite()); + } + } + ) + ); + } + + /** + * @param node Node. + */ + private void loadCache(Ignite node) { + node.cache(CACHE_NAME).loadCache( + new TestClosure(SRV_FEATURE_TRANSITION, endpoints()) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + + /** + * Closure for tests. + */ + static class TestClosure implements IgniteBiPredicate { + /** Local ignite. */ + @IgniteInstanceResource + private Ignite loc; + + /** Expected local node name. */ + private final String node; + + /** Endpoint node id. */ + private final Collection endpoints; + + /** + * @param node Expected local node name. + * @param endpoints Collection of endpont nodes ids. + */ + public TestClosure(String node, Collection endpoints) { + assert node != null; + assert !endpoints.isEmpty(); + + this.node = node; + this.endpoints = endpoints; + } + + /** {@inheritDoc} */ + @Override public boolean apply(Integer k, Integer v) { + if (node.equals(loc.name())) { + verify(); + + compute(loc, endpoints).broadcast( + new IgniteRunnable() { + @Override public void run() { + verify(); + } + } + ); + } + + return false; + } + } + + /** + * Test store factory. + */ + private static class TestStoreFactory implements Factory { + /** {@inheritDoc} */ + @Override public TestCacheStore create() { + return new TestCacheStore(); + } + } + + /** + * Test cache store. + */ + private static class TestCacheStore extends CacheStoreAdapter { + /** {@inheritDoc} */ + @Override public void loadCache(IgniteBiInClosure clo, Object... args) { + clo.apply(1, 1); + } + + /** {@inheritDoc} */ + @Override public Integer load(Integer key) throws CacheLoaderException { + return key; + } + + /** {@inheritDoc} */ + @Override public void write(Cache.Entry entry) { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void delete(Object key) { + // No-op. + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorAdvancedRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..d5bb2a29c1669 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorAdvancedRemoteSecurityContextCheckTest.java @@ -0,0 +1,206 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache.closure; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.UUID; +import javax.cache.processor.EntryProcessor; +import javax.cache.processor.EntryProcessorException; +import javax.cache.processor.MutableEntry; +import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing permissions when EntryProcessor closure is executed cache operations on remote node. + */ +@RunWith(JUnit4.class) +public class EntryProcessorAdvancedRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 1) + .add(SRV_ENDPOINT, 1) + .add(CLNT_ENDPOINT, 1); + } + + /** + * + */ + @Test + public void test() { + runAndCheck(grid(SRV_INITIATOR)); + runAndCheck(grid(CLNT_INITIATOR)); + } + + /** + * @param initiator Node that initiates an execution. + */ + private void runAndCheck(IgniteEx initiator) { + UUID secSubjectId = secSubjectId(initiator); + + for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { + runAndCheck( + secSubjectId, + () -> compute(initiator, nodeId(SRV_FEATURE_CALL)).broadcast( + new IgniteRunnable() { + @Override public void run() { + verify(); + + invoke(ime, Ignition.localIgnite(), + new TestEntryProcessor(endpoints()), prmKey(grid(SRV_FEATURE_TRANSITION))); + } + } + ) + ); + } + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + + /** + * @param ime Invoke Method. + * @param node Node. + * @param ep Entry Processor. + * @param key Key. + */ + private void invoke(InvokeMethodEnum ime, Ignite node, + EntryProcessor ep, Integer key) { + switch (ime) { + case INVOKE: + node.cache(CACHE_NAME) + .invoke(key, ep); + + break; + case INVOKE_ALL: + node.cache(CACHE_NAME) + .invokeAll(Collections.singleton(key), ep); + + break; + case INVOKE_ASYNC: + node.cache(CACHE_NAME) + .invokeAsync(key, ep).get(); + + break; + case INVOKE_ALL_ASYNC: + node.cache(CACHE_NAME) + .invokeAllAsync(Collections.singleton(key), ep).get(); + + break; + default: + throw new IllegalArgumentException("Unknown invoke method " + ime); + } + } + + /** Enum for ways to invoke EntryProcessor. */ + private enum InvokeMethodEnum { + /** Invoke. */ + INVOKE, + /** Invoke all. */ + INVOKE_ALL, + /** Invoke async. */ + INVOKE_ASYNC, + /** Invoke all async. */ + INVOKE_ALL_ASYNC + } + + /** + * Entry processor for tests with transition invoke call. + */ + static class TestEntryProcessor implements EntryProcessor { + /** Collection of endpont nodes ids. */ + private final Collection endpoints; + + /** + * @param endpoints Collection of endpont nodes ids. + */ + public TestEntryProcessor(Collection endpoints) { + assert !endpoints.isEmpty(); + + this.endpoints = endpoints; + } + + /** {@inheritDoc} */ + @Override public Object process(MutableEntry entry, Object... objects) + throws EntryProcessorException { + verify(); + + compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { + @Override public void run() { + verify(); + } + }); + + return null; + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryAdvancedRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..372f467e54d95 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryAdvancedRemoteSecurityContextCheckTest.java @@ -0,0 +1,219 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.cache.closure; + +import java.util.Arrays; +import java.util.Collection; +import java.util.UUID; +import javax.cache.Cache; +import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; +import org.apache.ignite.cache.query.ScanQuery; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing permissions when the filter of ScanQuery is executed cache operations on remote node. + */ +@RunWith(JUnit4.class) +public class ScanQueryAdvancedRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature call node. */ + private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_FEATURE_CALL, 1) + .add(CLNT_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 2) + .add(SRV_ENDPOINT, 2) + .add(CLNT_ENDPOINT, 2); + } + + /** + * + */ + @Test + public void test() throws Exception { + grid(SRV_INITIATOR).cache(CACHE_NAME) + .put(prmKey(grid(SRV_FEATURE_TRANSITION)), 1); + + awaitPartitionMapExchange(); + + runAndCheck(SRV_INITIATOR); + runAndCheck(CLNT_INITIATOR); + } + + /** + * @param name Inintiator node name. + */ + private void runAndCheck(String name) { + for (IgniteRunnable r : runnables()) { + runAndCheck(secSubjectId(name), + () -> compute(grid(name), featureCalls()).broadcast(r)); + } + } + + /** + * + */ + private IgniteRunnable[] runnables() { + return new IgniteRunnable[] { + new IgniteRunnable() { + @Override public void run() { + verify(); + + Ignition.localIgnite().cache(CACHE_NAME).query( + new ScanQuery<>( + new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) + ) + ).getAll(); + } + }, + new IgniteRunnable() { + @Override public void run() { + verify(); + + Ignition.localIgnite().cache(CACHE_NAME).query( + new ScanQuery<>((k, v) -> true), + new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) + ).getAll(); + } + } + }; + } + + /** + * @return Collection of feature call nodes ids. + */ + private Collection featureCalls() { + return Arrays.asList( + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + + /** + * Common closure for tests. + */ + static class CommonClosure implements IgniteClosure, Integer>, + IgniteBiPredicate { + /** Expected local node name. */ + private final String node; + + /** Collection of endpont nodes ids. */ + private final Collection endpoints; + + /** + * @param node Expected local node name. + * @param endpoints Collection of endpont nodes ids. + */ + public CommonClosure(String node, Collection endpoints) { + assert !endpoints.isEmpty(); + + this.node = node; + this.endpoints = endpoints; + } + + /** {@inheritDoc} */ + @Override public Integer apply(Cache.Entry entry) { + verifyAndBroadcast(); + + return entry.getValue(); + } + + /** {@inheritDoc} */ + @Override public boolean apply(Integer s, Integer i) { + verifyAndBroadcast(); + + return false; + } + + /** + * + */ + private void verifyAndBroadcast() { + Ignite loc = Ignition.localIgnite(); + + if (node.equals(loc.name())) { + verify(); + + compute(loc, endpoints).broadcast(new IgniteRunnable() { + @Override public void run() { + verify(); + } + }); + } + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskAdvancedRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..b259d080d21de --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskAdvancedRemoteSecurityContextCheckTest.java @@ -0,0 +1,251 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute.closure; + +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteException; +import org.apache.ignite.Ignition; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.compute.ComputeJob; +import org.apache.ignite.compute.ComputeJobResult; +import org.apache.ignite.compute.ComputeJobResultPolicy; +import org.apache.ignite.compute.ComputeTask; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.resources.IgniteInstanceResource; +import org.jetbrains.annotations.Nullable; +import org.junit.Test; + +/** + * Testing permissions when the compute task is executed cache operations on remote node. + */ +public class ComputeTaskAdvancedRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of client feature call node. */ + private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature transit node. */ + private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_FEATURE_CALL, 1) + .add(CLNT_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 2) + .add(CLNT_FEATURE_TRANSITION, 2) + .add(SRV_ENDPOINT, 4) + .add(CLNT_ENDPOINT, 4); + } + + /** + * + */ + @Test + public void test() { + runAndCheck(grid(SRV_INITIATOR)); + runAndCheck(grid(CLNT_INITIATOR)); + } + + /** + * @param initiator Node that initiates an execution. + */ + private void runAndCheck(IgniteEx initiator) { + runAndCheck(secSubjectId(initiator), + () -> compute(initiator, featureCalls()).broadcast( + new IgniteRunnable() { + @Override public void run() { + verify(); + + Ignition.localIgnite().compute().execute( + new TestComputeTask(featureTransitions(), endpoints()), 0 + ); + } + } + ) + ); + + runAndCheck(secSubjectId(initiator), + () -> compute(initiator, featureCalls()).broadcast( + new IgniteRunnable() { + @Override public void run() { + verify(); + + Ignition.localIgnite().compute().executeAsync( + new TestComputeTask(featureTransitions(), endpoints()), 0 + ).get(); + } + } + ) + ); + } + + /** + * @return Collection of feature call nodes ids. + */ + private Collection featureCalls() { + return Arrays.asList( + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) + ); + } + + /** + * @return Collection of feature transit nodes ids. + */ + private Collection featureTransitions() { + return Arrays.asList( + nodeId(SRV_FEATURE_TRANSITION), + nodeId(CLNT_FEATURE_TRANSITION) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + + /** + * Compute task for tests. + */ + static class TestComputeTask implements ComputeTask { + /** Collection of transition node ids. */ + private final Collection remotes; + + /** Collection of endpoint node ids. */ + private final Collection endpoints; + + /** Local ignite. */ + @IgniteInstanceResource + protected Ignite loc; + + /** + * @param remotes Collection of transition node ids. + * @param endpoints Collection of endpoint node ids. + */ + public TestComputeTask(Collection remotes, Collection endpoints) { + assert !remotes.isEmpty(); + assert !endpoints.isEmpty(); + + this.remotes = remotes; + this.endpoints = endpoints; + } + + /** {@inheritDoc} */ + @Override public @Nullable Map map(List subgrid, + @Nullable Integer arg) throws IgniteException { + Map res = new HashMap<>(); + + for (UUID id : remotes) { + res.put( + new ComputeJob() { + @IgniteInstanceResource + private Ignite loc; + + @Override public void cancel() { + // no-op + } + + @Override public Object execute() throws IgniteException { + verify(); + + compute(loc, endpoints).broadcast( + new IgniteRunnable() { + @Override public void run() { + verify(); + } + } + ); + + return null; + } + }, loc.cluster().node(id) + ); + } + + return res; + } + + /** {@inheritDoc} */ + @Override public ComputeJobResultPolicy result(ComputeJobResult res, + List rcvd) throws IgniteException { + if (res.getException() != null) + throw res.getException(); + + return ComputeJobResultPolicy.WAIT; + } + + /** {@inheritDoc} */ + @Override public @Nullable Integer reduce(List results) throws IgniteException { + return null; + } + } +} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureAdvancedRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..be16dba85c03a --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureAdvancedRemoteSecurityContextCheckTest.java @@ -0,0 +1,313 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute.closure; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.UUID; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCompute; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteCallable; +import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; + +import static org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureAdvancedRemoteSecurityContextCheckTest.ComputeInvoke.BROADCAST; + +/** + * Testing permissions when the compute closure is executed cache operations on remote node. + */ +public class DistributedClosureAdvancedRemoteSecurityContextCheckTest + extends AbstractRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of client feature call node. */ + private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature transit node. */ + private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_FEATURE_CALL, 1) + .add(CLNT_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 2) + .add(CLNT_FEATURE_TRANSITION, 2) + .add(SRV_ENDPOINT, 4) + .add(CLNT_ENDPOINT, 4); + } + + /** + * + */ + @Test + public void test() { + runAndCheck(grid(SRV_INITIATOR)); + runAndCheck(grid(CLNT_INITIATOR)); + } + + /** + * @param initiator Initiator node. + */ + private void runAndCheck(IgniteEx initiator) { + for (ComputeInvoke ci : ComputeInvoke.values()) { + runAndCheck(secSubjectId(initiator), + () -> compute(initiator, featureCalls()).broadcast((IgniteRunnable) + new CommonClosure(ci, featureTransitions(), endpoints()) + ) + ); + } + } + + /** + * @return Collection of feature call nodes ids. + */ + private Collection featureCalls() { + return Arrays.asList( + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) + ); + } + + /** + * @return Collection of feature transit nodes ids. + */ + private Collection featureTransitions() { + return Arrays.asList( + nodeId(SRV_FEATURE_TRANSITION), + nodeId(CLNT_FEATURE_TRANSITION) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + + /** Enum for ways to invoke compute. */ + enum ComputeInvoke { + /** Broadcast. */ + BROADCAST, + /** Broadcast async. */ + BROADCAST_ASYNC, + /** Call. */ + CALL, + /** Call async. */ + CALL_ASYNC, + /** Run. */ + RUN, + /** Run async. */ + RUN_ASYNC, + /** Apply. */ + APPLY, + /** Apply async. */ + APPLY_ASYNC; + + /** + * @return True if an invoke is broadcast. + */ + public boolean isBroadcast() { + return this == BROADCAST || this == BROADCAST_ASYNC; + } + } + + /** + * Common closure for tests. + */ + static class CommonClosure implements IgniteRunnable, IgniteCallable, + IgniteClosure { + + /** Type of compute invoke. */ + private final ComputeInvoke cmpInvoke; + + /** Collection of endpoint node ids. */ + private final Collection transitions; + + /** Collection of endpoint node ids. */ + private final Collection endpoints; + + /** + * @param endpoints Collection of endpoint node ids. + */ + public CommonClosure(ComputeInvoke cmpInvoke, Collection transitions, + Collection endpoints) { + assert cmpInvoke != null; + assert !endpoints.isEmpty(); + + this.cmpInvoke = cmpInvoke; + this.transitions = transitions; + this.endpoints = endpoints; + } + + /** + * @param endpoints Collection of endpoint node ids. + */ + private CommonClosure(Collection endpoints) { + this(BROADCAST, Collections.emptyList(), endpoints); + } + + /** + * Main logic of CommonClosure. + */ + private void body() { + verify(); + + Ignite ignite = Ignition.localIgnite(); + + if (!transitions.isEmpty()) { + if (cmpInvoke.isBroadcast()) + transit(compute(ignite, transitions)); + else { + for (UUID id : transitions) + transit(compute(ignite, id)); + } + } + else { + compute(ignite, endpoints) + .broadcast(new IgniteRunnable() { + @Override public void run() { + verify(); + } + }); + } + } + + /** + * Executes transition invoke. + * + * @param cmp IgniteCompute. + */ + private void transit(IgniteCompute cmp) { + CommonClosure c = new CommonClosure(endpoints); + + switch (cmpInvoke) { + case BROADCAST: { + cmp.broadcast((IgniteRunnable)c); + + break; + } + case BROADCAST_ASYNC: { + cmp.broadcastAsync((IgniteRunnable)c).get(); + + break; + } + case CALL: { + cmp.call(c); + + break; + } + case CALL_ASYNC: { + cmp.callAsync(c).get(); + + break; + } + case RUN: { + cmp.run(c); + + break; + } + case RUN_ASYNC: { + cmp.runAsync(c).get(); + + break; + } + case APPLY: { + cmp.apply(c, new Object()); + + break; + } + case APPLY_ASYNC: { + cmp.applyAsync(c, new Object()).get(); + + break; + } + default: + throw new IllegalArgumentException("Unknown ComputeInvoke: " + cmpInvoke); + } + } + + /** {@inheritDoc} */ + @Override public void run() { + body(); + } + + /** {@inheritDoc} */ + @Override public Object call() { + body(); + + return null; + } + + /** {@inheritDoc} */ + @Override public Object apply(Object o) { + body(); + + return null; + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index dc9dd7bbd9d8c..57679c2d46426 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -188,20 +188,6 @@ private Collection endpoints() { ); } - /** - * @return IgniteCompute is produced by passed node for cluster group that contains nodes with ids from collection. - */ - private static IgniteCompute compute(Ignite ignite, Collection ids) { - return ignite.compute(ignite.cluster().forNodeIds(ids)); - } - - /** - * @return IgniteCompute is produced by passed node for cluster group that contains node with id. - */ - private static IgniteCompute compute(Ignite ignite, UUID id) { - return ignite.compute(ignite.cluster().forNodeId(id)); - } - /** * Common closure for tests. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceAdvancedRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..ad62534082deb --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceAdvancedRemoteSecurityContextCheckTest.java @@ -0,0 +1,191 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.compute.closure; + +import java.util.Arrays; +import java.util.Collection; +import java.util.UUID; +import java.util.concurrent.ExecutorService; +import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing permissions when the service task is executed cache operations on remote node. + */ +@RunWith(JUnit4.class) +public class ExecutorServiceAdvancedRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of client feature call node. */ + private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature transit node. */ + private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_FEATURE_CALL, 1) + .add(CLNT_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 2) + .add(CLNT_FEATURE_TRANSITION, 2) + .add(SRV_ENDPOINT, 4) + .add(CLNT_ENDPOINT, 4); + } + + /** + * + */ + @Test + public void test() { + runAndCheck(grid(SRV_INITIATOR)); + runAndCheck(grid(CLNT_INITIATOR)); + } + + /** + * Performs test case. + */ + private void runAndCheck(IgniteEx initiator) { + runAndCheck(secSubjectId(initiator), + () -> compute(initiator, featureCalls()).broadcast( + new IgniteRunnable() { + @Override public void run() { + verify(); + + Ignite loc = Ignition.localIgnite(); + + for (UUID nodeId : featureTransitions()) { + ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); + + try { + svc.submit(new TestIgniteRunnable(endpoints())).get(); + } + catch (Exception e) { + throw new RuntimeException(e); + } + } + } + } + ) + ); + } + + /** + * @return Collection of feature call nodes ids. + */ + private Collection featureCalls() { + return Arrays.asList( + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) + ); + } + + /** + * @return Collection of feature transit nodes ids. + */ + private Collection featureTransitions() { + return Arrays.asList( + nodeId(SRV_FEATURE_TRANSITION), + nodeId(CLNT_FEATURE_TRANSITION) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + + /** + * Runnable for tests. + */ + static class TestIgniteRunnable implements IgniteRunnable { + /** Collection of endpoint node ids. */ + private final Collection endpoints; + + /** + * @param endpoints Collection of endpoint node ids. + */ + public TestIgniteRunnable(Collection endpoints) { + assert !endpoints.isEmpty(); + + this.endpoints = endpoints; + } + + /** {@inheritDoc} */ + @Override public void run() { + verify(); + + compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { + @Override public void run() { + verify(); + } + }); + } + } +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerAdvancedRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..2dd1d1c431223 --- /dev/null +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerAdvancedRemoteSecurityContextCheckTest.java @@ -0,0 +1,165 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processor.security.datastreamer.closure; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Map; +import java.util.UUID; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCache; +import org.apache.ignite.IgniteDataStreamer; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.stream.StreamVisitor; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing permissions when the closure od DataStreamer is executed cache operations on remote node. + */ +@RunWith(JUnit4.class) +public class DataStreamerAdvancedRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Name of server initiator node. */ + private static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + private static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of server endpoint node. */ + private static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .add(SRV_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 1) + .add(SRV_ENDPOINT, 1) + .add(CLNT_ENDPOINT, 1); + } + + /** + * + */ + @Test + public void testDataStreamer() { + runAndCheck(SRV_INITIATOR); + runAndCheck(CLNT_INITIATOR); + } + + /** + * @param name Initiator node name. + */ + private void runAndCheck(String name){ + runAndCheck( + secSubjectId(name), + () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( + new IgniteRunnable() { + @Override public void run() { + verify(); + + dataStreamer(Ignition.localIgnite()); + } + } + ) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + + /** + * @param node Node. + */ + private void dataStreamer(Ignite node) { + try (IgniteDataStreamer strm = node.dataStreamer(CACHE_NAME)) { + strm.receiver(StreamVisitor.from(new TestClosure(endpoints()))); + + strm.addData(prmKey(grid(SRV_FEATURE_TRANSITION)), 100); + } + } + + /** + * Closure for tests. + */ + static class TestClosure implements + IgniteBiInClosure, Map.Entry> { + /** Endpoint node id. */ + private final Collection endpoints; + + /** + * @param endpoints Collection of endpont nodes ids. + */ + public TestClosure(Collection endpoints) { + assert !endpoints.isEmpty(); + + this.endpoints = endpoints; + } + + /** {@inheritDoc} */ + @Override public void apply(IgniteCache entries, + Map.Entry entry) { + verify(); + + compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { + @Override public void run() { + verify(); + } + }); + } + } +} From b01f162505cbed5a46894c20613385f63ad8d0e8 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 4 Mar 2019 14:08:44 +0300 Subject: [PATCH 63/98] IGNITE-9560 fix comments --- .../internal/processors/query/h2/CommandProcessor.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java index 0bc5e0632caba..5b7f4d0f43ef9 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java @@ -410,7 +410,7 @@ else if (cmdH2 instanceof GridSqlDropIndex) { else if (cmdH2 instanceof GridSqlCreateTable) { GridSqlCreateTable cmd = (GridSqlCreateTable)cmdH2; - ctx.security().authorize(cmd.tableName(), SecurityPermission.CACHE_CREATE); + ctx.security().authorize(cmd.cacheName(), SecurityPermission.CACHE_CREATE); isDdlOnSchemaSupported(cmd.schemaName()); @@ -455,8 +455,6 @@ else if (cmdH2 instanceof GridSqlCreateTable) { else if (cmdH2 instanceof GridSqlDropTable) { GridSqlDropTable cmd = (GridSqlDropTable)cmdH2; - ctx.security().authorize(cmd.tableName(), SecurityPermission.CACHE_DESTROY); - isDdlOnSchemaSupported(cmd.schemaName()); GridH2Table tbl = schemaMgr.dataTable(cmd.schemaName(), cmd.tableName()); @@ -466,8 +464,11 @@ else if (cmdH2 instanceof GridSqlDropTable) { throw new SchemaOperationException(SchemaOperationException.CODE_TABLE_NOT_FOUND, cmd.tableName()); } - else + else { + ctx.security().authorize(tbl.cacheName(), SecurityPermission.CACHE_DESTROY); + ctx.query().dynamicTableDrop(tbl.cacheName(), cmd.tableName(), cmd.ifExists()); + } } else if (cmdH2 instanceof GridSqlAlterTableAddColumn) { GridSqlAlterTableAddColumn cmd = (GridSqlAlterTableAddColumn)cmdH2; From 729d08e8ec8acfa9d269031d04b9c2c01f0c50d7 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 4 Mar 2019 14:58:27 +0300 Subject: [PATCH 64/98] IMDBGG-1522 Advanced tests for compute, cache, datastreamer --- ...bstractRemoteSecurityContextCheckTest.java | 38 ++- ...dvancedRemoteSecurityContextCheckTest.java | 233 ------------- ...cheLoadRemoteSecurityContextCheckTest.java | 104 ++++-- ...dvancedRemoteSecurityContextCheckTest.java | 206 ------------ ...ocessorRemoteSecurityContextCheckTest.java | 94 ++++-- ...dvancedRemoteSecurityContextCheckTest.java | 219 ------------ ...anQueryRemoteSecurityContextCheckTest.java | 190 ++++++----- ...dvancedRemoteSecurityContextCheckTest.java | 251 -------------- ...uteTaskRemoteSecurityContextCheckTest.java | 121 ++++--- ...dvancedRemoteSecurityContextCheckTest.java | 313 ------------------ ...ClosureRemoteSecurityContextCheckTest.java | 260 +++++++++------ ...dvancedRemoteSecurityContextCheckTest.java | 191 ----------- ...ServiceRemoteSecurityContextCheckTest.java | 109 +++--- ...dvancedRemoteSecurityContextCheckTest.java | 165 --------- ...treamerRemoteSecurityContextCheckTest.java | 86 +++-- ...ssagingRemoteSecurityContextCheckTest.java | 172 +++++++--- 16 files changed, 757 insertions(+), 1995 deletions(-) delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadAdvancedRemoteSecurityContextCheckTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorAdvancedRemoteSecurityContextCheckTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryAdvancedRemoteSecurityContextCheckTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskAdvancedRemoteSecurityContextCheckTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureAdvancedRemoteSecurityContextCheckTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceAdvancedRemoteSecurityContextCheckTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerAdvancedRemoteSecurityContextCheckTest.java diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 7e3e3b5dc1fad..45adf650b3595 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -17,7 +17,10 @@ package org.apache.ignite.internal.processor.security; +import java.util.ArrayList; import java.util.Collection; +import java.util.Collections; +import java.util.List; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import java.util.function.BiFunction; @@ -41,10 +44,10 @@ public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSec private static final Verifier VERIFIER = new Verifier(); /** - * Checks that current security context is valid and incriments invoke's counter. + * Registers current security context and incriments invoke's counter. */ - protected static void verify(){ - VERIFIER.verify((IgniteEx)Ignition.localIgnite()); + protected static void register() { + VERIFIER.register((IgniteEx)Ignition.localIgnite()); } /** @@ -65,7 +68,7 @@ protected static IgniteCompute compute(Ignite ignite, UUID id) { * @param ign Node. * @return Security subject id of passed node. */ - protected UUID secSubjectId(IgniteEx ign) { + protected static UUID secSubjectId(IgniteEx ign) { return ign.context().security().securityContext().subject().id(); } @@ -122,6 +125,11 @@ public static class Verifier { */ private final ConcurrentHashMap> map = new ConcurrentHashMap<>(); + /** + * List of registered security subjects. + */ + private final List> list = Collections.synchronizedList(new ArrayList<>()); + /** * Expected security subject id. */ @@ -135,14 +143,15 @@ public static class Verifier { private Verifier start(UUID expSecSubjId) { this.expSecSubjId = expSecSubjId; + list.clear(); map.clear(); return this; } /** - * Adds expected behaivior the method {@link #verify(IgniteEx)} will be invoke exp times on the node with passed - * name. + * Adds expected behaivior the method {@link #register(IgniteEx)} will be invoke exp times on the node with + * passed name. * * @param nodeName Node name. * @param exp Expected number of invokes. @@ -154,18 +163,15 @@ public Verifier add(String nodeName, int exp) { } /** - * Checks that current security context is valid and incriments invoke's counter. + * Registers current security context and incriments invoke's counter. * * @param ignite Local node. */ - private void verify(IgniteEx ignite) { + private void register(IgniteEx ignite) { assert expSecSubjId != null; assert ignite != null; - assertThat( - ignite.context().security().securityContext().subject().id(), - is(expSecSubjId) - ); + list.add(new T2<>(secSubjectId(ignite), ignite.name())); map.computeIfPresent(ignite.name(), new BiFunction, T2>() { @@ -185,10 +191,16 @@ private void verify(IgniteEx ignite) { private void checkResult() { assert !map.isEmpty(); + list.forEach(t -> + assertThat("Invalide security context on node " + t.get2(), + t.get1(), is(expSecSubjId)) + ); + map.forEach((key, value) -> - assertThat("Node " + key + ". Execution of verify: ", + assertThat("Node " + key + ". Execution of register: ", value.get2(), is(value.get1()))); + list.clear(); map.clear(); expSecSubjId = null; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadAdvancedRemoteSecurityContextCheckTest.java deleted file mode 100644 index c35302f37a95e..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadAdvancedRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.cache.closure; - -import java.util.Arrays; -import java.util.Collection; -import java.util.UUID; -import javax.cache.Cache; -import javax.cache.configuration.Factory; -import javax.cache.integration.CacheLoaderException; -import org.apache.ignite.Ignite; -import org.apache.ignite.Ignition; -import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.cache.store.CacheStoreAdapter; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteBiInClosure; -import org.apache.ignite.lang.IgniteBiPredicate; -import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.resources.IgniteInstanceResource; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing permissions when the filter of Load cache is executed cache operations on remote node. - */ -@RunWith(JUnit4.class) -public class CacheLoadAdvancedRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** Transition load cache. */ - private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; - - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .add(SRV_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 1) - .add(SRV_ENDPOINT, 1) - .add(CLNT_ENDPOINT, 1); - } - - /** {@inheritDoc} */ - @Override protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - .setCacheStoreFactory(new TestStoreFactory()), - new CacheConfiguration() - .setName(TRANSITION_LOAD_CACHE) - .setCacheMode(CacheMode.PARTITIONED) - .setCacheStoreFactory(new TestStoreFactory()) - }; - } - - /** - * - */ - @Test - public void test() { - runAndCheck(SRV_INITIATOR); - runAndCheck(CLNT_INITIATOR); - } - - /** - * @param name Initiator node name. - */ - private void runAndCheck(String name) { - runAndCheck( - secSubjectId(name), - () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( - new IgniteRunnable() { - @Override public void run() { - verify(); - - loadCache(Ignition.localIgnite()); - } - } - ) - ); - } - - /** - * @param node Node. - */ - private void loadCache(Ignite node) { - node.cache(CACHE_NAME).loadCache( - new TestClosure(SRV_FEATURE_TRANSITION, endpoints()) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - - /** - * Closure for tests. - */ - static class TestClosure implements IgniteBiPredicate { - /** Local ignite. */ - @IgniteInstanceResource - private Ignite loc; - - /** Expected local node name. */ - private final String node; - - /** Endpoint node id. */ - private final Collection endpoints; - - /** - * @param node Expected local node name. - * @param endpoints Collection of endpont nodes ids. - */ - public TestClosure(String node, Collection endpoints) { - assert node != null; - assert !endpoints.isEmpty(); - - this.node = node; - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public boolean apply(Integer k, Integer v) { - if (node.equals(loc.name())) { - verify(); - - compute(loc, endpoints).broadcast( - new IgniteRunnable() { - @Override public void run() { - verify(); - } - } - ); - } - - return false; - } - } - - /** - * Test store factory. - */ - private static class TestStoreFactory implements Factory { - /** {@inheritDoc} */ - @Override public TestCacheStore create() { - return new TestCacheStore(); - } - } - - /** - * Test cache store. - */ - private static class TestCacheStore extends CacheStoreAdapter { - /** {@inheritDoc} */ - @Override public void loadCache(IgniteBiInClosure clo, Object... args) { - clo.apply(1, 1); - } - - /** {@inheritDoc} */ - @Override public Integer load(Integer key) throws CacheLoaderException { - return key; - } - - /** {@inheritDoc} */ - @Override public void write(Cache.Entry entry) { - throw new UnsupportedOperationException(); - } - - /** {@inheritDoc} */ - @Override public void delete(Object key) { - // No-op. - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 38633f880b7b0..1f0ce4f353e84 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -17,18 +17,22 @@ package org.apache.ignite.internal.processor.security.cache.closure; +import java.util.Arrays; +import java.util.Collection; +import java.util.UUID; import javax.cache.Cache; import javax.cache.configuration.Factory; import javax.cache.integration.CacheLoaderException; import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.store.CacheStoreAdapter; import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.resources.IgniteInstanceResource; import org.junit.Test; import org.junit.runner.RunWith; @@ -39,18 +43,27 @@ */ @RunWith(JUnit4.class) public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Transition load cache. */ + private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; + /** Name of server initiator node. */ private static final String SRV_INITIATOR = "srv_initiator"; /** Name of client initiator node. */ private static final String CLNT_INITIATOR = "clnt_initiator"; - /** Name of server transition node. */ - private static final String SRV_TRANSITION = "srv_transition"; + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; /** Name of server endpoint node. */ private static final String SRV_ENDPOINT = "srv_endpoint"; + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -59,23 +72,26 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - startGrid(SRV_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + G.allGrids().get(0).cluster().active(true); } /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_TRANSITION, 1) - .add(SRV_ENDPOINT, 1); + .add(SRV_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 1) + .add(SRV_ENDPOINT, 1) + .add(CLNT_ENDPOINT, 1); } - /** Transition load cache. */ - private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; - /** {@inheritDoc} */ @Override protected CacheConfiguration[] getCacheConfigurations() { return new CacheConfiguration[] { @@ -95,19 +111,44 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat */ @Test public void test() { - IgniteEx srvInitiator = grid(SRV_INITIATOR); - IgniteEx clntInitiator = grid(CLNT_INITIATOR); + runAndCheck(SRV_INITIATOR); + runAndCheck(CLNT_INITIATOR); + } - runAndCheck(secSubjectId(srvInitiator), ()->loadCache(srvInitiator)); - runAndCheck(secSubjectId(clntInitiator), ()->loadCache(clntInitiator)); + /** + * @param name Initiator node name. + */ + private void runAndCheck(String name) { + runAndCheck( + secSubjectId(name), + () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( + new IgniteRunnable() { + @Override public void run() { + register(); + + loadCache(Ignition.localIgnite()); + } + } + ) + ); } /** - * @param initiator Initiator node. + * @param node Node. */ - private void loadCache(IgniteEx initiator) { - initiator.cache(CACHE_NAME).loadCache( - new TestClosure(SRV_TRANSITION, SRV_ENDPOINT) + private void loadCache(Ignite node) { + node.cache(CACHE_NAME).loadCache( + new TestClosure(SRV_FEATURE_TRANSITION, endpoints()) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) ); } @@ -122,28 +163,33 @@ static class TestClosure implements IgniteBiPredicate { /** Expected local node name. */ private final String node; - /** Endpoint node name. */ - private final String endpoint; + /** Endpoint node id. */ + private final Collection endpoints; /** * @param node Expected local node name. - * @param endpoint Endpoint node name. + * @param endpoints Collection of endpont nodes ids. */ - public TestClosure(String node, String endpoint) { + public TestClosure(String node, Collection endpoints) { + assert node != null; + assert !endpoints.isEmpty(); + this.node = node; - this.endpoint = endpoint; + this.endpoints = endpoints; } /** {@inheritDoc} */ @Override public boolean apply(Integer k, Integer v) { if (node.equals(loc.name())) { - verify(); - - if (endpoint != null) { - loc.cache(TRANSITION_LOAD_CACHE).loadCache( - new TestClosure(endpoint, null) - ); - } + register(); + + compute(loc, endpoints).broadcast( + new IgniteRunnable() { + @Override public void run() { + register(); + } + } + ); } return false; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorAdvancedRemoteSecurityContextCheckTest.java deleted file mode 100644 index d5bb2a29c1669..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorAdvancedRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.cache.closure; - -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.UUID; -import javax.cache.processor.EntryProcessor; -import javax.cache.processor.EntryProcessorException; -import javax.cache.processor.MutableEntry; -import org.apache.ignite.Ignite; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing permissions when EntryProcessor closure is executed cache operations on remote node. - */ -@RunWith(JUnit4.class) -public class EntryProcessorAdvancedRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .add(SRV_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 1) - .add(SRV_ENDPOINT, 1) - .add(CLNT_ENDPOINT, 1); - } - - /** - * - */ - @Test - public void test() { - runAndCheck(grid(SRV_INITIATOR)); - runAndCheck(grid(CLNT_INITIATOR)); - } - - /** - * @param initiator Node that initiates an execution. - */ - private void runAndCheck(IgniteEx initiator) { - UUID secSubjectId = secSubjectId(initiator); - - for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { - runAndCheck( - secSubjectId, - () -> compute(initiator, nodeId(SRV_FEATURE_CALL)).broadcast( - new IgniteRunnable() { - @Override public void run() { - verify(); - - invoke(ime, Ignition.localIgnite(), - new TestEntryProcessor(endpoints()), prmKey(grid(SRV_FEATURE_TRANSITION))); - } - } - ) - ); - } - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - - /** - * @param ime Invoke Method. - * @param node Node. - * @param ep Entry Processor. - * @param key Key. - */ - private void invoke(InvokeMethodEnum ime, Ignite node, - EntryProcessor ep, Integer key) { - switch (ime) { - case INVOKE: - node.cache(CACHE_NAME) - .invoke(key, ep); - - break; - case INVOKE_ALL: - node.cache(CACHE_NAME) - .invokeAll(Collections.singleton(key), ep); - - break; - case INVOKE_ASYNC: - node.cache(CACHE_NAME) - .invokeAsync(key, ep).get(); - - break; - case INVOKE_ALL_ASYNC: - node.cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), ep).get(); - - break; - default: - throw new IllegalArgumentException("Unknown invoke method " + ime); - } - } - - /** Enum for ways to invoke EntryProcessor. */ - private enum InvokeMethodEnum { - /** Invoke. */ - INVOKE, - /** Invoke all. */ - INVOKE_ALL, - /** Invoke async. */ - INVOKE_ASYNC, - /** Invoke all async. */ - INVOKE_ALL_ASYNC - } - - /** - * Entry processor for tests with transition invoke call. - */ - static class TestEntryProcessor implements EntryProcessor { - /** Collection of endpont nodes ids. */ - private final Collection endpoints; - - /** - * @param endpoints Collection of endpont nodes ids. - */ - public TestEntryProcessor(Collection endpoints) { - assert !endpoints.isEmpty(); - - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public Object process(MutableEntry entry, Object... objects) - throws EntryProcessorException { - verify(); - - compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { - @Override public void run() { - verify(); - } - }); - - return null; - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index a777d06636827..453fea309bd3b 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -17,16 +17,19 @@ package org.apache.ignite.internal.processor.security.cache.closure; +import java.util.Arrays; +import java.util.Collection; import java.util.Collections; import java.util.UUID; import javax.cache.processor.EntryProcessor; import javax.cache.processor.EntryProcessorException; import javax.cache.processor.MutableEntry; +import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -42,12 +45,18 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO /** Name of client initiator node. */ private static final String CLNT_INITIATOR = "clnt_initiator"; - /** Name of server transition node. */ - private static final String SRV_TRANSITION = "srv_transition"; + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; /** Name of server endpoint node. */ private static final String SRV_ENDPOINT = "srv_endpoint"; + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -56,18 +65,24 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - startGrid(SRV_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + G.allGrids().get(0).cluster().active(true); } /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_TRANSITION, 1) - .add(SRV_ENDPOINT, 1); + .add(SRV_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 1) + .add(SRV_ENDPOINT, 1) + .add(CLNT_ENDPOINT, 1); } /** @@ -88,38 +103,56 @@ private void runAndCheck(IgniteEx initiator) { for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { runAndCheck( secSubjectId, - () -> invoke(ime, initiator, - new TestEntryProcessor(grid(SRV_ENDPOINT).localNode().id()), prmKey(grid(SRV_TRANSITION))) + () -> compute(initiator, nodeId(SRV_FEATURE_CALL)).broadcast( + new IgniteRunnable() { + @Override public void run() { + register(); + + invoke(ime, Ignition.localIgnite(), + new TestEntryProcessor(endpoints()), prmKey(grid(SRV_FEATURE_TRANSITION))); + } + } + ) ); } } + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + /** * @param ime Invoke Method. - * @param initiator Initiator. + * @param node Node. * @param ep Entry Processor. * @param key Key. */ - private void invoke(InvokeMethodEnum ime, IgniteEx initiator, + private void invoke(InvokeMethodEnum ime, Ignite node, EntryProcessor ep, Integer key) { switch (ime) { case INVOKE: - initiator.cache(CACHE_NAME) + node.cache(CACHE_NAME) .invoke(key, ep); break; case INVOKE_ALL: - initiator.cache(CACHE_NAME) + node.cache(CACHE_NAME) .invokeAll(Collections.singleton(key), ep); break; case INVOKE_ASYNC: - initiator.cache(CACHE_NAME) + node.cache(CACHE_NAME) .invokeAsync(key, ep).get(); break; case INVOKE_ALL_ASYNC: - initiator.cache(CACHE_NAME) + node.cache(CACHE_NAME) .invokeAllAsync(Collections.singleton(key), ep).get(); break; @@ -144,29 +177,28 @@ private enum InvokeMethodEnum { * Entry processor for tests with transition invoke call. */ static class TestEntryProcessor implements EntryProcessor { - /** Endpoint node id. */ - private final UUID endpointId; + /** Collection of endpont nodes ids. */ + private final Collection endpoints; /** - * @param endpointId Endpoint node id. + * @param endpoints Collection of endpont nodes ids. */ - public TestEntryProcessor(UUID endpointId) { - this.endpointId = endpointId; + public TestEntryProcessor(Collection endpoints) { + assert !endpoints.isEmpty(); + + this.endpoints = endpoints; } /** {@inheritDoc} */ - @Override public Object process(MutableEntry entry, - Object... objects) throws EntryProcessorException { - verify(); - - if (endpointId != null) { - IgniteEx loc = (IgniteEx)Ignition.localIgnite(); - - loc.compute(loc.cluster().forNodeId(endpointId)) - .broadcast( - AbstractRemoteSecurityContextCheckTest::verify - ); - } + @Override public Object process(MutableEntry entry, Object... objects) + throws EntryProcessorException { + register(); + + compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { + @Override public void run() { + register(); + } + }); return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryAdvancedRemoteSecurityContextCheckTest.java deleted file mode 100644 index 372f467e54d95..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryAdvancedRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,219 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.cache.closure; - -import java.util.Arrays; -import java.util.Collection; -import java.util.UUID; -import javax.cache.Cache; -import org.apache.ignite.Ignite; -import org.apache.ignite.Ignition; -import org.apache.ignite.cache.query.ScanQuery; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteBiPredicate; -import org.apache.ignite.lang.IgniteClosure; -import org.apache.ignite.lang.IgniteRunnable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing permissions when the filter of ScanQuery is executed cache operations on remote node. - */ -@RunWith(JUnit4.class) -public class ScanQueryAdvancedRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of client feature call node. */ - private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - - startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .add(SRV_FEATURE_CALL, 1) - .add(CLNT_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 2) - .add(SRV_ENDPOINT, 2) - .add(CLNT_ENDPOINT, 2); - } - - /** - * - */ - @Test - public void test() throws Exception { - grid(SRV_INITIATOR).cache(CACHE_NAME) - .put(prmKey(grid(SRV_FEATURE_TRANSITION)), 1); - - awaitPartitionMapExchange(); - - runAndCheck(SRV_INITIATOR); - runAndCheck(CLNT_INITIATOR); - } - - /** - * @param name Inintiator node name. - */ - private void runAndCheck(String name) { - for (IgniteRunnable r : runnables()) { - runAndCheck(secSubjectId(name), - () -> compute(grid(name), featureCalls()).broadcast(r)); - } - } - - /** - * - */ - private IgniteRunnable[] runnables() { - return new IgniteRunnable[] { - new IgniteRunnable() { - @Override public void run() { - verify(); - - Ignition.localIgnite().cache(CACHE_NAME).query( - new ScanQuery<>( - new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) - ) - ).getAll(); - } - }, - new IgniteRunnable() { - @Override public void run() { - verify(); - - Ignition.localIgnite().cache(CACHE_NAME).query( - new ScanQuery<>((k, v) -> true), - new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) - ).getAll(); - } - } - }; - } - - /** - * @return Collection of feature call nodes ids. - */ - private Collection featureCalls() { - return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - - /** - * Common closure for tests. - */ - static class CommonClosure implements IgniteClosure, Integer>, - IgniteBiPredicate { - /** Expected local node name. */ - private final String node; - - /** Collection of endpont nodes ids. */ - private final Collection endpoints; - - /** - * @param node Expected local node name. - * @param endpoints Collection of endpont nodes ids. - */ - public CommonClosure(String node, Collection endpoints) { - assert !endpoints.isEmpty(); - - this.node = node; - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public Integer apply(Cache.Entry entry) { - verifyAndBroadcast(); - - return entry.getValue(); - } - - /** {@inheritDoc} */ - @Override public boolean apply(Integer s, Integer i) { - verifyAndBroadcast(); - - return false; - } - - /** - * - */ - private void verifyAndBroadcast() { - Ignite loc = Ignition.localIgnite(); - - if (node.equals(loc.name())) { - verify(); - - compute(loc, endpoints).broadcast(new IgniteRunnable() { - @Override public void run() { - verify(); - } - }); - } - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 798565a9a6dbe..985c5ca4c98b4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -17,15 +17,18 @@ package org.apache.ignite.internal.processor.security.cache.closure; +import java.util.Arrays; +import java.util.Collection; +import java.util.UUID; import javax.cache.Cache; import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; import org.apache.ignite.cache.query.ScanQuery; -import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteClosure; -import org.apache.ignite.resources.IgniteInstanceResource; +import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -41,12 +44,21 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat /** Name of client initiator node. */ private static final String CLNT_INITIATOR = "clnt_initiator"; - /** Name of server transition node. */ - private static final String SRV_TRANSITION = "srv_transition"; + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature call node. */ + private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; /** Name of server endpoint node. */ private static final String SRV_ENDPOINT = "srv_endpoint"; + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -55,18 +67,27 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - startGrid(SRV_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + G.allGrids().get(0).cluster().active(true); } /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_TRANSITION, 1) - .add(SRV_ENDPOINT, 1); + .add(SRV_FEATURE_CALL, 1) + .add(CLNT_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 2) + .add(SRV_ENDPOINT, 2) + .add(CLNT_ENDPOINT, 2); } /** @@ -74,120 +95,125 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat */ @Test public void test() throws Exception { - IgniteEx srvInitiator = grid(SRV_INITIATOR); - IgniteEx clntInitiator = grid(CLNT_INITIATOR); - IgniteEx srvTransition = grid(SRV_TRANSITION); - IgniteEx srvEndpoint = grid(SRV_ENDPOINT); - - srvInitiator.cache(CACHE_NAME).put(prmKey(srvTransition), 1); - srvInitiator.cache(CACHE_NAME).put(prmKey(srvEndpoint), 2); + grid(SRV_INITIATOR).cache(CACHE_NAME) + .put(prmKey(grid(SRV_FEATURE_TRANSITION)), 1); awaitPartitionMapExchange(); - runAndCheck(secSubjectId(srvInitiator), () -> query(srvInitiator)); - runAndCheck(secSubjectId(clntInitiator), () -> query(clntInitiator)); + runAndCheck(SRV_INITIATOR); + runAndCheck(CLNT_INITIATOR); + } - runAndCheck(secSubjectId(srvInitiator), () -> transform(srvInitiator)); - runAndCheck(secSubjectId(clntInitiator), () -> transform(clntInitiator)); + /** + * @param name Inintiator node name. + */ + private void runAndCheck(String name) { + for (IgniteRunnable r : runnables()) { + runAndCheck(secSubjectId(name), + () -> compute(grid(name), featureCalls()).broadcast(r)); + } } /** - * @param initiator Initiator node. + * */ - private void query(IgniteEx initiator) { - initiator.cache(CACHE_NAME).query( - new ScanQuery<>( - new QueryFilter(SRV_TRANSITION, SRV_ENDPOINT) - ) - ).getAll(); + private IgniteRunnable[] runnables() { + return new IgniteRunnable[] { + new IgniteRunnable() { + @Override public void run() { + register(); + + Ignition.localIgnite().cache(CACHE_NAME).query( + new ScanQuery<>( + new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) + ) + ).getAll(); + } + }, + new IgniteRunnable() { + @Override public void run() { + register(); + + Ignition.localIgnite().cache(CACHE_NAME).query( + new ScanQuery<>((k, v) -> true), + new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) + ).getAll(); + } + } + }; } /** - * @param initiator Initiator node. + * @return Collection of feature call nodes ids. */ - private void transform(IgniteEx initiator) { - initiator.cache(CACHE_NAME).query( - new ScanQuery<>((k, v) -> true), - new Transformer(SRV_TRANSITION, SRV_ENDPOINT) - ).getAll(); + private Collection featureCalls() { + return Arrays.asList( + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) + ); } /** - * Test query filter. + * @return Collection of endpont nodes ids. */ - static class QueryFilter implements IgniteBiPredicate { - /** Local ignite. */ - @IgniteInstanceResource - private Ignite loc; + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + /** + * Common closure for tests. + */ + static class CommonClosure implements IgniteClosure, Integer>, + IgniteBiPredicate { /** Expected local node name. */ private final String node; - /** Endpoint node name. */ - private final String endpoint; + /** Collection of endpont nodes ids. */ + private final Collection endpoints; /** * @param node Expected local node name. - * @param endpoint Endpoint node name. + * @param endpoints Collection of endpont nodes ids. */ - public QueryFilter(String node, String endpoint) { + public CommonClosure(String node, Collection endpoints) { + assert !endpoints.isEmpty(); + this.node = node; - this.endpoint = endpoint; + this.endpoints = endpoints; } /** {@inheritDoc} */ - @Override public boolean apply(Integer s, Integer i) { - if (node.equals(loc.name())) { - verify(); - - if (endpoint != null) { - loc.cache(CACHE_NAME).query( - new ScanQuery<>(new QueryFilter(endpoint, null)) - ).getAll(); - } - } + @Override public Integer apply(Cache.Entry entry) { + verifyAndBroadcast(); - return false; + return entry.getValue(); } - } - /** - * Test transformer. - */ - static class Transformer implements IgniteClosure, Integer> { - /** Local ignite. */ - @IgniteInstanceResource - private Ignite loc; - - /** Expected local node name. */ - private final String node; + /** {@inheritDoc} */ + @Override public boolean apply(Integer s, Integer i) { + verifyAndBroadcast(); - /** Endpoint node name. */ - private final String endpoint; + return false; + } /** - * @param node Expected local node name. - * @param endpoint Endpoint node name. + * */ - public Transformer(String node, String endpoint) { - this.node = node; - this.endpoint = endpoint; - } + private void verifyAndBroadcast() { + Ignite loc = Ignition.localIgnite(); - /** {@inheritDoc} */ - @Override public Integer apply(Cache.Entry entry) { if (node.equals(loc.name())) { - verify(); + register(); - if (endpoint != null) { - loc.cache(CACHE_NAME).query( - new ScanQuery<>((k, v) -> true), - new Transformer(endpoint, null) - ).getAll(); - } + compute(loc, endpoints).broadcast(new IgniteRunnable() { + @Override public void run() { + register(); + } + }); } - - return entry.getValue(); } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskAdvancedRemoteSecurityContextCheckTest.java deleted file mode 100644 index b259d080d21de..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskAdvancedRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,251 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute.closure; - -import java.util.Arrays; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteException; -import org.apache.ignite.Ignition; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.compute.ComputeJob; -import org.apache.ignite.compute.ComputeJobResult; -import org.apache.ignite.compute.ComputeJobResultPolicy; -import org.apache.ignite.compute.ComputeTask; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.resources.IgniteInstanceResource; -import org.jetbrains.annotations.Nullable; -import org.junit.Test; - -/** - * Testing permissions when the compute task is executed cache operations on remote node. - */ -public class ComputeTaskAdvancedRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of client feature call node. */ - private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of client feature transit node. */ - private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - - startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - - startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .add(SRV_FEATURE_CALL, 1) - .add(CLNT_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 2) - .add(CLNT_FEATURE_TRANSITION, 2) - .add(SRV_ENDPOINT, 4) - .add(CLNT_ENDPOINT, 4); - } - - /** - * - */ - @Test - public void test() { - runAndCheck(grid(SRV_INITIATOR)); - runAndCheck(grid(CLNT_INITIATOR)); - } - - /** - * @param initiator Node that initiates an execution. - */ - private void runAndCheck(IgniteEx initiator) { - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, featureCalls()).broadcast( - new IgniteRunnable() { - @Override public void run() { - verify(); - - Ignition.localIgnite().compute().execute( - new TestComputeTask(featureTransitions(), endpoints()), 0 - ); - } - } - ) - ); - - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, featureCalls()).broadcast( - new IgniteRunnable() { - @Override public void run() { - verify(); - - Ignition.localIgnite().compute().executeAsync( - new TestComputeTask(featureTransitions(), endpoints()), 0 - ).get(); - } - } - ) - ); - } - - /** - * @return Collection of feature call nodes ids. - */ - private Collection featureCalls() { - return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) - ); - } - - /** - * @return Collection of feature transit nodes ids. - */ - private Collection featureTransitions() { - return Arrays.asList( - nodeId(SRV_FEATURE_TRANSITION), - nodeId(CLNT_FEATURE_TRANSITION) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - - /** - * Compute task for tests. - */ - static class TestComputeTask implements ComputeTask { - /** Collection of transition node ids. */ - private final Collection remotes; - - /** Collection of endpoint node ids. */ - private final Collection endpoints; - - /** Local ignite. */ - @IgniteInstanceResource - protected Ignite loc; - - /** - * @param remotes Collection of transition node ids. - * @param endpoints Collection of endpoint node ids. - */ - public TestComputeTask(Collection remotes, Collection endpoints) { - assert !remotes.isEmpty(); - assert !endpoints.isEmpty(); - - this.remotes = remotes; - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public @Nullable Map map(List subgrid, - @Nullable Integer arg) throws IgniteException { - Map res = new HashMap<>(); - - for (UUID id : remotes) { - res.put( - new ComputeJob() { - @IgniteInstanceResource - private Ignite loc; - - @Override public void cancel() { - // no-op - } - - @Override public Object execute() throws IgniteException { - verify(); - - compute(loc, endpoints).broadcast( - new IgniteRunnable() { - @Override public void run() { - verify(); - } - } - ); - - return null; - } - }, loc.cluster().node(id) - ); - } - - return res; - } - - /** {@inheritDoc} */ - @Override public ComputeJobResultPolicy result(ComputeJobResult res, - List rcvd) throws IgniteException { - if (res.getException() != null) - throw res.getException(); - - return ComputeJobResultPolicy.WAIT; - } - - /** {@inheritDoc} */ - @Override public @Nullable Integer reduce(List results) throws IgniteException { - return null; - } - } -} \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index b40d48f830937..57dd610cd38ea 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -19,13 +19,13 @@ import java.util.Arrays; import java.util.Collection; -import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.UUID; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteException; +import org.apache.ignite.Ignition; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.compute.ComputeJob; import org.apache.ignite.compute.ComputeJobResult; @@ -34,6 +34,7 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.resources.IgniteInstanceResource; import org.jetbrains.annotations.Nullable; import org.junit.Test; @@ -48,15 +49,21 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec /** Name of client initiator node. */ private static final String CLNT_INITIATOR = "clnt_initiator"; - /** Name of server transition node. */ - private static final String SRV_TRANSITION = "srv_transition"; + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of client feature call node. */ + private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature transit node. */ + private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; /** Name of server endpoint node. */ private static final String SRV_ENDPOINT = "srv_endpoint"; - /** Name of client transition node. */ - private static final String CLNT_TRANSITION = "clnt_transition"; - /** Name of client endpoint node. */ private static final String CLNT_ENDPOINT = "clnt_endpoint"; @@ -68,13 +75,17 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - startGrid(SRV_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); - startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); G.allGrids().get(0).cluster().active(true); } @@ -82,10 +93,12 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_TRANSITION, 1) - .add(CLNT_TRANSITION, 1) - .add(SRV_ENDPOINT, 2) - .add(CLNT_ENDPOINT, 2); + .add(SRV_FEATURE_CALL, 1) + .add(CLNT_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 2) + .add(CLNT_FEATURE_TRANSITION, 2) + .add(SRV_ENDPOINT, 4) + .add(CLNT_ENDPOINT, 4); } /** @@ -102,25 +115,51 @@ public void test() { */ private void runAndCheck(IgniteEx initiator) { runAndCheck(secSubjectId(initiator), - () -> initiator.compute().execute( - new TestComputeTask(transitions(), endpoints(), false), 0 + () -> compute(initiator, featureCalls()).broadcast( + new IgniteRunnable() { + @Override public void run() { + register(); + + Ignition.localIgnite().compute().execute( + new TestComputeTask(featureTransitions(), endpoints()), 0 + ); + } + } ) ); runAndCheck(secSubjectId(initiator), - () -> initiator.compute().executeAsync( - new TestComputeTask(transitions(), endpoints(), true), 0 - ).get() + () -> compute(initiator, featureCalls()).broadcast( + new IgniteRunnable() { + @Override public void run() { + register(); + + Ignition.localIgnite().compute().executeAsync( + new TestComputeTask(featureTransitions(), endpoints()), 0 + ).get(); + } + } + ) + ); + } + + /** + * @return Collection of feature call nodes ids. + */ + private Collection featureCalls() { + return Arrays.asList( + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) ); } /** - * @return Collection of transition node ids. + * @return Collection of feature transit nodes ids. */ - private Collection transitions() { + private Collection featureTransitions() { return Arrays.asList( - grid(SRV_TRANSITION).localNode().id(), - grid(CLNT_TRANSITION).localNode().id() + nodeId(SRV_FEATURE_TRANSITION), + nodeId(CLNT_FEATURE_TRANSITION) ); } @@ -129,8 +168,8 @@ private Collection transitions() { */ private Collection endpoints() { return Arrays.asList( - grid(SRV_ENDPOINT).localNode().id(), - grid(CLNT_ENDPOINT).localNode().id() + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) ); } @@ -144,9 +183,6 @@ static class TestComputeTask implements ComputeTask { /** Collection of endpoint node ids. */ private final Collection endpoints; - /** If true then run async. */ - private final boolean isAsync; - /** Local ignite. */ @IgniteInstanceResource protected Ignite loc; @@ -154,19 +190,13 @@ static class TestComputeTask implements ComputeTask { /** * @param remotes Collection of transition node ids. * @param endpoints Collection of endpoint node ids. - * @param isAsync If true then run async. */ - public TestComputeTask(Collection remotes, Collection endpoints, boolean isAsync) { + public TestComputeTask(Collection remotes, Collection endpoints) { + assert !remotes.isEmpty(); + assert !endpoints.isEmpty(); + this.remotes = remotes; this.endpoints = endpoints; - this.isAsync = isAsync; - } - - /** - * @param remotes Collection of transition node ids. - */ - public TestComputeTask(Collection remotes) { - this(remotes, Collections.emptyList(), false); } /** {@inheritDoc} */ @@ -185,14 +215,15 @@ public TestComputeTask(Collection remotes) { } @Override public Object execute() throws IgniteException { - verify(); - - if (!endpoints.isEmpty()) { - if (isAsync) - loc.compute().executeAsync(new TestComputeTask(endpoints), 0).get(); - else - loc.compute().execute(new TestComputeTask(endpoints), 0); - } + register(); + + compute(loc, endpoints).broadcast( + new IgniteRunnable() { + @Override public void run() { + register(); + } + } + ); return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureAdvancedRemoteSecurityContextCheckTest.java deleted file mode 100644 index be16dba85c03a..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureAdvancedRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,313 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute.closure; - -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.UUID; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteCompute; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteCallable; -import org.apache.ignite.lang.IgniteClosure; -import org.apache.ignite.lang.IgniteRunnable; -import org.junit.Test; - -import static org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureAdvancedRemoteSecurityContextCheckTest.ComputeInvoke.BROADCAST; - -/** - * Testing permissions when the compute closure is executed cache operations on remote node. - */ -public class DistributedClosureAdvancedRemoteSecurityContextCheckTest - extends AbstractRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of client feature call node. */ - private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of client feature transit node. */ - private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - - startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - - startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .add(SRV_FEATURE_CALL, 1) - .add(CLNT_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 2) - .add(CLNT_FEATURE_TRANSITION, 2) - .add(SRV_ENDPOINT, 4) - .add(CLNT_ENDPOINT, 4); - } - - /** - * - */ - @Test - public void test() { - runAndCheck(grid(SRV_INITIATOR)); - runAndCheck(grid(CLNT_INITIATOR)); - } - - /** - * @param initiator Initiator node. - */ - private void runAndCheck(IgniteEx initiator) { - for (ComputeInvoke ci : ComputeInvoke.values()) { - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, featureCalls()).broadcast((IgniteRunnable) - new CommonClosure(ci, featureTransitions(), endpoints()) - ) - ); - } - } - - /** - * @return Collection of feature call nodes ids. - */ - private Collection featureCalls() { - return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) - ); - } - - /** - * @return Collection of feature transit nodes ids. - */ - private Collection featureTransitions() { - return Arrays.asList( - nodeId(SRV_FEATURE_TRANSITION), - nodeId(CLNT_FEATURE_TRANSITION) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - - /** Enum for ways to invoke compute. */ - enum ComputeInvoke { - /** Broadcast. */ - BROADCAST, - /** Broadcast async. */ - BROADCAST_ASYNC, - /** Call. */ - CALL, - /** Call async. */ - CALL_ASYNC, - /** Run. */ - RUN, - /** Run async. */ - RUN_ASYNC, - /** Apply. */ - APPLY, - /** Apply async. */ - APPLY_ASYNC; - - /** - * @return True if an invoke is broadcast. - */ - public boolean isBroadcast() { - return this == BROADCAST || this == BROADCAST_ASYNC; - } - } - - /** - * Common closure for tests. - */ - static class CommonClosure implements IgniteRunnable, IgniteCallable, - IgniteClosure { - - /** Type of compute invoke. */ - private final ComputeInvoke cmpInvoke; - - /** Collection of endpoint node ids. */ - private final Collection transitions; - - /** Collection of endpoint node ids. */ - private final Collection endpoints; - - /** - * @param endpoints Collection of endpoint node ids. - */ - public CommonClosure(ComputeInvoke cmpInvoke, Collection transitions, - Collection endpoints) { - assert cmpInvoke != null; - assert !endpoints.isEmpty(); - - this.cmpInvoke = cmpInvoke; - this.transitions = transitions; - this.endpoints = endpoints; - } - - /** - * @param endpoints Collection of endpoint node ids. - */ - private CommonClosure(Collection endpoints) { - this(BROADCAST, Collections.emptyList(), endpoints); - } - - /** - * Main logic of CommonClosure. - */ - private void body() { - verify(); - - Ignite ignite = Ignition.localIgnite(); - - if (!transitions.isEmpty()) { - if (cmpInvoke.isBroadcast()) - transit(compute(ignite, transitions)); - else { - for (UUID id : transitions) - transit(compute(ignite, id)); - } - } - else { - compute(ignite, endpoints) - .broadcast(new IgniteRunnable() { - @Override public void run() { - verify(); - } - }); - } - } - - /** - * Executes transition invoke. - * - * @param cmp IgniteCompute. - */ - private void transit(IgniteCompute cmp) { - CommonClosure c = new CommonClosure(endpoints); - - switch (cmpInvoke) { - case BROADCAST: { - cmp.broadcast((IgniteRunnable)c); - - break; - } - case BROADCAST_ASYNC: { - cmp.broadcastAsync((IgniteRunnable)c).get(); - - break; - } - case CALL: { - cmp.call(c); - - break; - } - case CALL_ASYNC: { - cmp.callAsync(c).get(); - - break; - } - case RUN: { - cmp.run(c); - - break; - } - case RUN_ASYNC: { - cmp.runAsync(c).get(); - - break; - } - case APPLY: { - cmp.apply(c, new Object()); - - break; - } - case APPLY_ASYNC: { - cmp.applyAsync(c, new Object()).get(); - - break; - } - default: - throw new IllegalArgumentException("Unknown ComputeInvoke: " + cmpInvoke); - } - } - - /** {@inheritDoc} */ - @Override public void run() { - body(); - } - - /** {@inheritDoc} */ - @Override public Object call() { - body(); - - return null; - } - - /** {@inheritDoc} */ - @Override public Object apply(Object o) { - body(); - - return null; - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 57679c2d46426..67ae4ca7337d8 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -21,7 +21,6 @@ import java.util.Collection; import java.util.Collections; import java.util.UUID; -import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; @@ -36,22 +35,29 @@ /** * Testing permissions when the compute closure is executed cache operations on remote node. */ -public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { +public class DistributedClosureRemoteSecurityContextCheckTest + extends AbstractRemoteSecurityContextCheckTest { /** Name of server initiator node. */ private static final String SRV_INITIATOR = "srv_initiator"; /** Name of client initiator node. */ private static final String CLNT_INITIATOR = "clnt_initiator"; - /** Name of server transition node. */ - private static final String SRV_TRANSITION = "srv_transition"; + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of client feature call node. */ + private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature transit node. */ + private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; /** Name of server endpoint node. */ private static final String SRV_ENDPOINT = "srv_endpoint"; - /** Name of client transition node. */ - private static final String CLNT_TRANSITION = "clnt_transition"; - /** Name of client endpoint node. */ private static final String CLNT_ENDPOINT = "clnt_endpoint"; @@ -63,24 +69,30 @@ public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRe startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - startGrid(SRV_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); + startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); G.allGrids().get(0).cluster().active(true); } /** {@inheritDoc} */ - @Override protected void setupVerifier(AbstractRemoteSecurityContextCheckTest.Verifier verifier) { + @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_TRANSITION, 1) - .add(CLNT_TRANSITION, 1) - .add(SRV_ENDPOINT, 2) - .add(CLNT_ENDPOINT, 2); + .add(SRV_FEATURE_CALL, 1) + .add(CLNT_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 2) + .add(CLNT_FEATURE_TRANSITION, 2) + .add(SRV_ENDPOINT, 4) + .add(CLNT_ENDPOINT, 4); } /** @@ -93,88 +105,35 @@ public void test() { } /** - * @param initiator Node that initiates an execution. + * @param initiator Initiator node. */ private void runAndCheck(IgniteEx initiator) { - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, transitions()) - .broadcast((IgniteRunnable)new CommonClosure(endpoints(), true) { - @Override protected void transit(IgniteCompute cmp) { - cmp.broadcast((IgniteRunnable)endpointClosure()); - } - })); - - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, transitions()) - .broadcastAsync((IgniteRunnable)new CommonClosure(endpoints(), true) { - @Override protected void transit(IgniteCompute cmp) { - cmp.broadcastAsync((IgniteRunnable)endpointClosure()).get(); - } - }).get()); - - runAndCheck(initiator, - (cmp) -> cmp.call(new CommonClosure(endpoints()) { - @Override protected void transit(IgniteCompute cmp) { - cmp.call(endpointClosure()); - } - })); - - runAndCheck(initiator, - (cmp) -> cmp.callAsync(new CommonClosure(endpoints()) { - @Override protected void transit(IgniteCompute cmp) { - cmp.callAsync(endpointClosure()).get(); - } - }).get()); - - runAndCheck(initiator, - (cmp) -> cmp.run(new CommonClosure(endpoints()) { - @Override protected void transit(IgniteCompute cmp) { - cmp.run(endpointClosure()); - } - })); - - runAndCheck(initiator, - (cmp) -> cmp.runAsync(new CommonClosure(endpoints()) { - @Override protected void transit(IgniteCompute cmp) { - cmp.runAsync(endpointClosure()).get(); - } - }).get()); - - runAndCheck(initiator, - (cmp) -> cmp.apply(new CommonClosure(endpoints()) { - @Override protected void transit(IgniteCompute cmp) { - cmp.apply(endpointClosure(), new Object()); - } - }, new Object())); - - runAndCheck(initiator, - (cmp) -> cmp.applyAsync(new CommonClosure(endpoints()) { - @Override protected void transit(IgniteCompute cmp) { - cmp.applyAsync(endpointClosure(), new Object()).get(); - } - }, new Object()).get()); + for (ComputeInvoke ci : ComputeInvoke.values()) { + runAndCheck(secSubjectId(initiator), + () -> compute(initiator, featureCalls()).broadcast((IgniteRunnable) + new CommonClosure(ci, featureTransitions(), endpoints()) + ) + ); + } } /** - * Performs test case. + * @return Collection of feature call nodes ids. */ - private void runAndCheck(IgniteEx initiator, Consumer c) { - runAndCheck( - secSubjectId(initiator), - () -> { - for (UUID nodeId : transitions()) - c.accept(compute(initiator, nodeId)); - } + private Collection featureCalls() { + return Arrays.asList( + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) ); } /** - * @return Collection of transition node ids. + * @return Collection of feature transit nodes ids. */ - private Collection transitions() { + private Collection featureTransitions() { return Arrays.asList( - grid(SRV_TRANSITION).localNode().id(), - grid(CLNT_TRANSITION).localNode().id() + nodeId(SRV_FEATURE_TRANSITION), + nodeId(CLNT_FEATURE_TRANSITION) ); } @@ -183,61 +142,97 @@ private Collection transitions() { */ private Collection endpoints() { return Arrays.asList( - grid(SRV_ENDPOINT).localNode().id(), - grid(CLNT_ENDPOINT).localNode().id() + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) ); } + /** Enum for ways to invoke compute. */ + enum ComputeInvoke { + /** Broadcast. */ + BROADCAST, + /** Broadcast async. */ + BROADCAST_ASYNC, + /** Call. */ + CALL, + /** Call async. */ + CALL_ASYNC, + /** Run. */ + RUN, + /** Run async. */ + RUN_ASYNC, + /** Apply. */ + APPLY, + /** Apply async. */ + APPLY_ASYNC; + + /** + * @return True if an invoke is broadcast. + */ + public boolean isBroadcast() { + return this == BROADCAST || this == BROADCAST_ASYNC; + } + } + /** * Common closure for tests. */ static class CommonClosure implements IgniteRunnable, IgniteCallable, IgniteClosure { + + /** Type of compute invoke. */ + private final ComputeInvoke cmpInvoke; + /** Collection of endpoint node ids. */ - private final Collection endpoints; + private final Collection transitions; - /** If true then execution is broadcast. */ - private final boolean isBroadcast; + /** Collection of endpoint node ids. */ + private final Collection endpoints; /** * @param endpoints Collection of endpoint node ids. - * @param isBroadcast If true then execution is broadcast. */ - public CommonClosure(Collection endpoints, boolean isBroadcast) { + public CommonClosure(ComputeInvoke cmpInvoke, Collection transitions, + Collection endpoints) { + assert cmpInvoke != null; + assert !endpoints.isEmpty(); + + this.cmpInvoke = cmpInvoke; + this.transitions = transitions; this.endpoints = endpoints; - this.isBroadcast = isBroadcast; } /** * @param endpoints Collection of endpoint node ids. */ - public CommonClosure(Collection endpoints) { - this(endpoints, false); + private CommonClosure(Collection endpoints) { + this(ComputeInvoke.BROADCAST, Collections.emptyList(), endpoints); } /** * Main logic of CommonClosure. */ private void body() { - verify(); + register(); - if (!endpoints.isEmpty()) { - Ignite ignite = Ignition.localIgnite(); + Ignite ignite = Ignition.localIgnite(); - if (isBroadcast) - transit(compute(ignite, endpoints)); + if (!transitions.isEmpty()) { + if (cmpInvoke.isBroadcast()) + transit(compute(ignite, transitions)); else { - for (UUID id : endpoints) + for (UUID id : transitions) transit(compute(ignite, id)); } } - } - - /** - * @return CommonClosure to execute on an endpoint node. - */ - protected CommonClosure endpointClosure() { - return new CommonClosure(Collections.emptyList()); + else { + compute(ignite, endpoints) + .broadcast(new IgniteRunnable() { + @Override public void run() { + register(); + } + }); + } } /** @@ -245,8 +240,53 @@ protected CommonClosure endpointClosure() { * * @param cmp IgniteCompute. */ - protected void transit(IgniteCompute cmp) { - //no-op by default + private void transit(IgniteCompute cmp) { + CommonClosure c = new CommonClosure(endpoints); + + switch (cmpInvoke) { + case BROADCAST: { + cmp.broadcast((IgniteRunnable)c); + + break; + } + case BROADCAST_ASYNC: { + cmp.broadcastAsync((IgniteRunnable)c).get(); + + break; + } + case CALL: { + cmp.call(c); + + break; + } + case CALL_ASYNC: { + cmp.callAsync(c).get(); + + break; + } + case RUN: { + cmp.run(c); + + break; + } + case RUN_ASYNC: { + cmp.runAsync(c).get(); + + break; + } + case APPLY: { + cmp.apply(c, new Object()); + + break; + } + case APPLY_ASYNC: { + cmp.applyAsync(c, new Object()).get(); + + break; + } + default: + throw new IllegalArgumentException("Unknown ComputeInvoke: " + cmpInvoke); + } } /** {@inheritDoc} */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceAdvancedRemoteSecurityContextCheckTest.java deleted file mode 100644 index ad62534082deb..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceAdvancedRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.compute.closure; - -import java.util.Arrays; -import java.util.Collection; -import java.util.UUID; -import java.util.concurrent.ExecutorService; -import org.apache.ignite.Ignite; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing permissions when the service task is executed cache operations on remote node. - */ -@RunWith(JUnit4.class) -public class ExecutorServiceAdvancedRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of client feature call node. */ - private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of client feature transit node. */ - private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - - startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - - startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .add(SRV_FEATURE_CALL, 1) - .add(CLNT_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 2) - .add(CLNT_FEATURE_TRANSITION, 2) - .add(SRV_ENDPOINT, 4) - .add(CLNT_ENDPOINT, 4); - } - - /** - * - */ - @Test - public void test() { - runAndCheck(grid(SRV_INITIATOR)); - runAndCheck(grid(CLNT_INITIATOR)); - } - - /** - * Performs test case. - */ - private void runAndCheck(IgniteEx initiator) { - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, featureCalls()).broadcast( - new IgniteRunnable() { - @Override public void run() { - verify(); - - Ignite loc = Ignition.localIgnite(); - - for (UUID nodeId : featureTransitions()) { - ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); - - try { - svc.submit(new TestIgniteRunnable(endpoints())).get(); - } - catch (Exception e) { - throw new RuntimeException(e); - } - } - } - } - ) - ); - } - - /** - * @return Collection of feature call nodes ids. - */ - private Collection featureCalls() { - return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) - ); - } - - /** - * @return Collection of feature transit nodes ids. - */ - private Collection featureTransitions() { - return Arrays.asList( - nodeId(SRV_FEATURE_TRANSITION), - nodeId(CLNT_FEATURE_TRANSITION) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - - /** - * Runnable for tests. - */ - static class TestIgniteRunnable implements IgniteRunnable { - /** Collection of endpoint node ids. */ - private final Collection endpoints; - - /** - * @param endpoints Collection of endpoint node ids. - */ - public TestIgniteRunnable(Collection endpoints) { - assert !endpoints.isEmpty(); - - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public void run() { - verify(); - - compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { - @Override public void run() { - verify(); - } - }); - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index ae913543af939..8fed0adf395d2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -19,7 +19,6 @@ import java.util.Arrays; import java.util.Collection; -import java.util.Collections; import java.util.UUID; import java.util.concurrent.ExecutorService; import org.apache.ignite.Ignite; @@ -43,15 +42,21 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot /** Name of client initiator node. */ private static final String CLNT_INITIATOR = "clnt_initiator"; - /** Name of server transition node. */ - private static final String SRV_TRANSITION = "srv_transition"; + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of client feature call node. */ + private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature transit node. */ + private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; /** Name of server endpoint node. */ private static final String SRV_ENDPOINT = "srv_endpoint"; - /** Name of client transition node. */ - private static final String CLNT_TRANSITION = "clnt_transition"; - /** Name of client endpoint node. */ private static final String CLNT_ENDPOINT = "clnt_endpoint"; @@ -63,13 +68,17 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - startGrid(SRV_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); + startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); G.allGrids().get(0).cluster().active(true); } @@ -77,10 +86,12 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_TRANSITION, 1) - .add(CLNT_TRANSITION, 1) - .add(SRV_ENDPOINT, 2) - .add(CLNT_ENDPOINT, 2); + .add(SRV_FEATURE_CALL, 1) + .add(CLNT_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 2) + .add(CLNT_FEATURE_TRANSITION, 2) + .add(SRV_ENDPOINT, 4) + .add(CLNT_ENDPOINT, 4); } /** @@ -97,27 +108,46 @@ public void test() { */ private void runAndCheck(IgniteEx initiator) { runAndCheck(secSubjectId(initiator), - () -> { - for (UUID nodeId : transitions()) { - ExecutorService svc = initiator.executorService(initiator.cluster().forNodeId(nodeId)); - - try { - svc.submit(new TestIgniteRunnable(endpoints())).get(); - } - catch (Exception e) { - throw new RuntimeException(e); + () -> compute(initiator, featureCalls()).broadcast( + new IgniteRunnable() { + @Override public void run() { + register(); + + Ignite loc = Ignition.localIgnite(); + + for (UUID nodeId : featureTransitions()) { + ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); + + try { + svc.submit(new TestIgniteRunnable(endpoints())).get(); + } + catch (Exception e) { + throw new RuntimeException(e); + } + } } } - }); + ) + ); } /** - * @return Collection of transition node ids. + * @return Collection of feature call nodes ids. */ - private Collection transitions() { + private Collection featureCalls() { return Arrays.asList( - grid(SRV_TRANSITION).localNode().id(), - grid(CLNT_TRANSITION).localNode().id() + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) + ); + } + + /** + * @return Collection of feature transit nodes ids. + */ + private Collection featureTransitions() { + return Arrays.asList( + nodeId(SRV_FEATURE_TRANSITION), + nodeId(CLNT_FEATURE_TRANSITION) ); } @@ -126,8 +156,8 @@ private Collection transitions() { */ private Collection endpoints() { return Arrays.asList( - grid(SRV_ENDPOINT).localNode().id(), - grid(CLNT_ENDPOINT).localNode().id() + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) ); } @@ -142,27 +172,20 @@ static class TestIgniteRunnable implements IgniteRunnable { * @param endpoints Collection of endpoint node ids. */ public TestIgniteRunnable(Collection endpoints) { + assert !endpoints.isEmpty(); + this.endpoints = endpoints; } /** {@inheritDoc} */ @Override public void run() { - verify(); - - if (!endpoints.isEmpty()) { - Ignite ignite = Ignition.localIgnite(); + register(); - try { - for (UUID nodeId : endpoints) { - ignite.executorService(ignite.cluster().forNodeId(nodeId)) - .submit(new TestIgniteRunnable(Collections.emptyList())) - .get(); - } + compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { + @Override public void run() { + register(); } - catch (Exception e) { - throw new RuntimeException(e); - } - } + }); } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerAdvancedRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerAdvancedRemoteSecurityContextCheckTest.java deleted file mode 100644 index 2dd1d1c431223..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerAdvancedRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.datastreamer.closure; - -import java.util.Arrays; -import java.util.Collection; -import java.util.Map; -import java.util.UUID; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteCache; -import org.apache.ignite.IgniteDataStreamer; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteBiInClosure; -import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.stream.StreamVisitor; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing permissions when the closure od DataStreamer is executed cache operations on remote node. - */ -@RunWith(JUnit4.class) -public class DataStreamerAdvancedRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .add(SRV_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 1) - .add(SRV_ENDPOINT, 1) - .add(CLNT_ENDPOINT, 1); - } - - /** - * - */ - @Test - public void testDataStreamer() { - runAndCheck(SRV_INITIATOR); - runAndCheck(CLNT_INITIATOR); - } - - /** - * @param name Initiator node name. - */ - private void runAndCheck(String name){ - runAndCheck( - secSubjectId(name), - () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( - new IgniteRunnable() { - @Override public void run() { - verify(); - - dataStreamer(Ignition.localIgnite()); - } - } - ) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - - /** - * @param node Node. - */ - private void dataStreamer(Ignite node) { - try (IgniteDataStreamer strm = node.dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor.from(new TestClosure(endpoints()))); - - strm.addData(prmKey(grid(SRV_FEATURE_TRANSITION)), 100); - } - } - - /** - * Closure for tests. - */ - static class TestClosure implements - IgniteBiInClosure, Map.Entry> { - /** Endpoint node id. */ - private final Collection endpoints; - - /** - * @param endpoints Collection of endpont nodes ids. - */ - public TestClosure(Collection endpoints) { - assert !endpoints.isEmpty(); - - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public void apply(IgniteCache entries, - Map.Entry entry) { - verify(); - - compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { - @Override public void run() { - verify(); - } - }); - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index e62d65310ee50..35f8dd751bd9e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -17,13 +17,14 @@ package org.apache.ignite.internal.processor.security.datastreamer.closure; +import java.util.Arrays; +import java.util.Collection; import java.util.Map; import java.util.UUID; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiInClosure; @@ -44,12 +45,18 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe /** Name of client initiator node. */ private static final String CLNT_INITIATOR = "clnt_initiator"; - /** Name of server transition node. */ - private static final String SRV_TRANSITION = "srv_transition"; + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; /** Name of server endpoint node. */ private static final String SRV_ENDPOINT = "srv_endpoint"; + /** Name of client endpoint node. */ + private static final String CLNT_ENDPOINT = "clnt_endpoint"; + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -58,18 +65,24 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - startGrid(SRV_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + G.allGrids().get(0).cluster().active(true); } /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_TRANSITION, 1) - .add(SRV_ENDPOINT, 1); + .add(SRV_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 1) + .add(SRV_ENDPOINT, 1) + .add(CLNT_ENDPOINT, 1); } /** @@ -77,21 +90,46 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe */ @Test public void testDataStreamer() { - IgniteEx srvInitiator = grid(SRV_INITIATOR); - IgniteEx clntInitiator = grid(CLNT_INITIATOR); + runAndCheck(SRV_INITIATOR); + runAndCheck(CLNT_INITIATOR); + } + + /** + * @param name Initiator node name. + */ + private void runAndCheck(String name){ + runAndCheck( + secSubjectId(name), + () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( + new IgniteRunnable() { + @Override public void run() { + register(); + + dataStreamer(Ignition.localIgnite()); + } + } + ) + ); + } - runAndCheck(secSubjectId(srvInitiator), () -> dataStreamer(srvInitiator)); - runAndCheck(secSubjectId(clntInitiator), () -> dataStreamer(clntInitiator)); + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); } /** - * @param initiator Initiator node. + * @param node Node. */ - private void dataStreamer(Ignite initiator) { - try (IgniteDataStreamer strm = initiator.dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor.from(new TestClosure(grid(SRV_ENDPOINT).localNode().id()))); + private void dataStreamer(Ignite node) { + try (IgniteDataStreamer strm = node.dataStreamer(CACHE_NAME)) { + strm.receiver(StreamVisitor.from(new TestClosure(endpoints()))); - strm.addData(prmKey(grid(SRV_TRANSITION)), 100); + strm.addData(prmKey(grid(SRV_FEATURE_TRANSITION)), 100); } } @@ -101,25 +139,25 @@ private void dataStreamer(Ignite initiator) { static class TestClosure implements IgniteBiInClosure, Map.Entry> { /** Endpoint node id. */ - private final UUID endpoint; + private final Collection endpoints; /** - * @param endpoint Endpoint node id. + * @param endpoints Collection of endpont nodes ids. */ - public TestClosure(UUID endpoint) { - this.endpoint = endpoint; + public TestClosure(Collection endpoints) { + assert !endpoints.isEmpty(); + + this.endpoints = endpoints; } /** {@inheritDoc} */ @Override public void apply(IgniteCache entries, Map.Entry entry) { - verify(); - - IgniteEx loc = (IgniteEx)Ignition.localIgnite(); + register(); - loc.compute(loc.cluster().forNodeId(endpoint)).broadcast(new IgniteRunnable() { + compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { @Override public void run() { - verify(); + register(); } }); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java index 24ced2ac266b3..da19211f2bdb8 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java @@ -17,17 +17,23 @@ package org.apache.ignite.internal.processor.security.messaging; +import java.util.Arrays; +import java.util.Collection; import java.util.UUID; import java.util.concurrent.BrokenBarrierException; import java.util.concurrent.CyclicBarrier; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; +import org.apache.ignite.Ignite; import org.apache.ignite.IgniteMessaging; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.testframework.GridTestUtils; +import org.apache.ignite.testframework.config.GridTestProperties; import org.apache.ignite.testframework.junits.GridAbstractTest; import org.junit.Test; import org.junit.runner.RunWith; @@ -47,11 +53,17 @@ public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecur /** Name of client initiator node. */ private static final String CLNT_INITIATOR = "clnt_initiator"; - /** Name of server transition node. */ - private static final String SRV_TRANSITION = "srv_transition"; + /** Name of server feature call node. */ + private static final String SRV_FEATURE_CALL = "srv_feature_call"; - /** Name of client transition node. */ - public static final String CLNT_TRANSITION = "clnt_transition"; + /** Name of client feature call node. */ + private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + + /** Name of server feature transit node. */ + private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature transit node. */ + private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; /** Name of server endpoint node. */ private static final String SRV_ENDPOINT = "srv_endpoint"; @@ -67,11 +79,15 @@ public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecur startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); - startGrid(SRV_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + + startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - startGrid(CLNT_TRANSITION, allowAllPermissionSet(), true); + startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); @@ -81,8 +97,12 @@ public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecur /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_ENDPOINT, 1) - .add(CLNT_ENDPOINT, 1); + .add(SRV_FEATURE_CALL, 1) + .add(CLNT_FEATURE_CALL, 1) + .add(SRV_FEATURE_TRANSITION, 2) + .add(CLNT_FEATURE_TRANSITION, 2) + .add(SRV_ENDPOINT, 4) + .add(CLNT_ENDPOINT, 4); } /** @@ -90,66 +110,138 @@ public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecur */ @Test public void test() { - runAndCheck(grid(SRV_INITIATOR), grid(SRV_TRANSITION)); - runAndCheck(grid(SRV_INITIATOR), grid(CLNT_TRANSITION)); + fail("https://issues.apache.org/jira/browse/IGNITE-11410"); - runAndCheck(grid(CLNT_INITIATOR), grid(SRV_TRANSITION)); - runAndCheck(grid(CLNT_INITIATOR), grid(CLNT_TRANSITION)); + runAndCheck(grid(SRV_INITIATOR), grid(CLNT_INITIATOR)); + runAndCheck(grid(CLNT_INITIATOR), grid(SRV_INITIATOR)); } /** * Performs the test. * - * @param lsnrNode Node that registers a listener on a remote node. - * @param evtNode Node that generates an event. + * @param initiator Initiator node. + * @param evt Node that generates an event. */ - private void runAndCheck(IgniteEx lsnrNode, IgniteEx evtNode) { - runAndCheck(secSubjectId(lsnrNode), + private void runAndCheck(IgniteEx initiator, IgniteEx evt) { + runAndCheck( + secSubjectId(initiator), () -> { - BARRIER.reset(); + for (UUID nodeId : featureCalls()) { + compute(initiator, nodeId).broadcast(new IgniteRunnable() { + @Override public void run() { + register(); - IgniteMessaging messaging = lsnrNode.message( - lsnrNode.cluster().forNode(grid(SRV_ENDPOINT).localNode(), grid(CLNT_ENDPOINT).localNode()) - ); + BARRIER.reset(); - String topic = "HOT_TOPIC"; + Ignite loc = Ignition.localIgnite(); - UUID lsnrId = messaging.remoteListen(topic, - new IgniteBiPredicate() { - @Override public boolean apply(UUID uuid, Object o) { - try { - verify(); + IgniteMessaging messaging = loc.message(loc.cluster().forNodeIds(featureTransitions())); - return true; + String topic = "HOT_TOPIC"; + + UUID lsnrId = messaging.remoteListen(topic, new TestListener(endpoints())); + + try { + evt.message().send(topic, "Fire!"); } finally { barrierAwait(); + + messaging.stopRemoteListen(lsnrId); } } - } - ); - - try { - evtNode.message().send(topic, "Fire!"); - } - finally { - barrierAwait(); - - messaging.stopRemoteListen(lsnrId); + }); } } ); } + /** + * @return Collection of feature call nodes ids. + */ + private Collection featureCalls() { + return Arrays.asList( + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) + ); + } + + /** + * @return Collection of feature transit nodes ids. + */ + private Collection featureTransitions() { + return Arrays.asList( + nodeId(SRV_FEATURE_TRANSITION), + nodeId(CLNT_FEATURE_TRANSITION) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + /** * Call await method on {@link #BARRIER} with {@link GridAbstractTest#getTestTimeout()} timeout. */ - private void barrierAwait() { + private static void barrierAwait() { try { - BARRIER.await(getTestTimeout(), TimeUnit.MILLISECONDS); + BARRIER.await(getTimeout(), TimeUnit.MILLISECONDS); } catch (InterruptedException | BrokenBarrierException | TimeoutException e) { fail(e.toString()); } } + + /** + * @return Barrier timeout. + */ + private static long getTimeout() { + String timeout = GridTestProperties.getProperty("test.timeout"); + + if (timeout != null) + return Long.parseLong(timeout); + + return GridTestUtils.DFLT_TEST_TIMEOUT; + } + + /** + * + */ + static class TestListener implements IgniteBiPredicate { + /** Collection of endpoint node ids. */ + private final Collection endpoints; + + /** + * @param endpoints Collection of endpoint node ids. + */ + public TestListener(Collection endpoints) { + assert !endpoints.isEmpty(); + + this.endpoints = endpoints; + } + + /** {@inheritDoc} */ + @Override public boolean apply(UUID o, String o2) { + try { + register(); + + compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { + @Override public void run() { + register(); + } + }); + + return true; + } + finally { + barrierAwait(); + } + } + } } From 2fd96301f8f07c3857ed4be6816411960efe01ad Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 5 Mar 2019 12:00:18 +0300 Subject: [PATCH 65/98] IGNITE-9560 fix comments --- .../security/IgniteSecurityProcessorImpl.java | 33 ++++++++++- .../security/NoOpIgniteSecurityProcessor.java | 4 +- .../processors/security/package-info.java | 21 +++++++ .../security/AbstractSecurityTest.java | 6 +- .../client/ThinClientPermissionCheckTest.java | 57 +++++++++++-------- 5 files changed, 91 insertions(+), 30 deletions(-) create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/package-info.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index 9c4b340504f5d..670e64b044fb6 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -26,6 +26,7 @@ import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteInternalFuture; import org.apache.ignite.internal.processors.GridProcessor; +import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.lang.IgniteFuture; import org.apache.ignite.marshaller.MarshallerUtils; @@ -47,6 +48,11 @@ * Default Grid security Manager implementation. */ public class IgniteSecurityProcessorImpl implements IgniteSecurityProcessor, GridProcessor { + /** */ + private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's grid security processor class " + + "is not equal to remote node's grid security processor class " + + "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; + /** Internal attribute name constant. */ public static final String ATTR_GRID_SEC_PROC_CLASS = "grid.security.processor.class"; @@ -209,13 +215,17 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor /** {@inheritDoc} */ @Override public @Nullable IgniteNodeValidationResult validateNode( ClusterNode node) { - return secPrc.validateNode(node); + IgniteNodeValidationResult res = validateSecProcClass(node); + + return res != null ? res : secPrc.validateNode(node); } /** {@inheritDoc} */ @Override public @Nullable IgniteNodeValidationResult validateNode( ClusterNode node, DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { - return secPrc.validateNode(node, discoData); + IgniteNodeValidationResult res = validateSecProcClass(node); + + return res != null ? res : secPrc.validateNode(node, discoData); } /** {@inheritDoc} */ @@ -242,4 +252,23 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor private SecurityContext localSecurityContext() { return nodeSecurityContext(marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().localNode()); } + + /** + * Validates that remote node's grid security processor class is the same as local one. + * + * @param node Joining node. + * @return Validation result or {@code null} in case of success. + */ + private IgniteNodeValidationResult validateSecProcClass(ClusterNode node){ + String rmtCls = node.attribute(ATTR_GRID_SEC_PROC_CLASS); + String locCls = secPrc.getClass().getName(); + + if (!F.eq(locCls, rmtCls)) { + return new IgniteNodeValidationResult(node.id(), + String.format(MSG_SEC_PROC_CLS_IS_INVALID, ctx.localNodeId(), node.id(), locCls, rmtCls), + String.format(MSG_SEC_PROC_CLS_IS_INVALID, node.id(), ctx.localNodeId(), rmtCls, locCls)); + } + + return null; + } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java index 3fa7f19492d27..341ff59d6ee13 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -41,8 +41,8 @@ */ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, GridProcessor { /** */ - private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's grid security processor class " + - "is not equal to remote node's grid security processor class " + + private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's ignite security processor class " + + "is not equal to remote node's ignite security processor class " + "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; /** No operation Security session. */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/package-info.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/package-info.java new file mode 100644 index 0000000000000..a4b191ca59cf5 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/package-info.java @@ -0,0 +1,21 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Package with Apache Ignite Securitu classes. + */ +package org.apache.ignite.internal.processors.security; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index 6bd0cdcbe804d..c95c030caa08e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -17,6 +17,7 @@ package org.apache.ignite.internal.processor.security; +import java.util.Arrays; import org.apache.ignite.configuration.DataRegionConfiguration; import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; @@ -35,7 +36,8 @@ */ public class AbstractSecurityTest extends GridCommonAbstractTest { /** Test security processor. */ - public static final String TEST_SECURITY_PROCESSOR = "org.apache.ignite.internal.processor.security.TestSecurityProcessor"; + public static final String TEST_SECURITY_PROCESSOR = + "org.apache.ignite.internal.processor.security.TestSecurityProcessor"; /** Empty array of permissions. */ protected static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; @@ -182,7 +184,7 @@ protected void forbiddenRun(TestRunnable r, Class... types) { try { r.run(); - fail("Should not happen."); + fail("Test should throw one of the following exceptions " + Arrays.toString(types)); } catch (Throwable e) { assertThat(cause(e, types), notNullValue()); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java index 13e4b1ee8a162..d2726a7adb2ab 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java @@ -35,6 +35,7 @@ import org.apache.ignite.internal.processor.security.TestSecurityData; import org.apache.ignite.internal.processor.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; @@ -161,11 +162,11 @@ protected IgniteConfiguration getConfiguration(int idx, */ @Test public void testCacheSinglePermOperations() throws Exception { - for (Consumer c : consumers(CACHE)) - executeOperation(CLIENT, c); + for (T2, String> t : consumers(CACHE)) + executeOperation(CLIENT, t.get1()); - for (Consumer c : consumers(FORBIDDEN_CACHE)) - executeForbiddenOperation(c); + for (T2, String> t : consumers(FORBIDDEN_CACHE)) + executeForbiddenOperation(t); } /** @@ -180,8 +181,8 @@ public void testCacheTaskPermOperations() throws Exception { executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).removeAll()); executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).clear()); - executeForbiddenOperation(c -> c.cache(CACHE).removeAll()); - executeForbiddenOperation(c -> c.cache(CACHE).clear()); + executeForbiddenOperation(biTuple(c -> c.cache(CACHE).removeAll(), "removeAll")); + executeForbiddenOperation(biTuple(c -> c.cache(CACHE).clear(), "clear")); } /** @@ -199,26 +200,26 @@ public void testSysOperation() throws Exception { assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(false)); } - executeForbiddenOperation(c -> c.createCache(DYNAMIC_CACHE)); - executeForbiddenOperation(c -> c.destroyCache(CACHE)); + executeForbiddenOperation(biTuple(c -> c.createCache(DYNAMIC_CACHE), "createCache")); + executeForbiddenOperation(biTuple(c -> c.destroyCache(CACHE), "destroyCache")); } /** * @param cacheName Cache name. */ - private Collection> consumers(final String cacheName) { + private Collection, String>> consumers(final String cacheName) { return Arrays.asList( - c -> c.cache(cacheName).put("key", "value"), - c -> c.cache(cacheName).putAll(singletonMap("key", "value")), - c -> c.cache(cacheName).get("key"), - c -> c.cache(cacheName).getAll(Collections.singleton("key")), - c -> c.cache(cacheName).containsKey("key"), - c -> c.cache(cacheName).remove("key"), - c -> c.cache(cacheName).replace("key", "value"), - c -> c.cache(cacheName).putIfAbsent("key", "value"), - c -> c.cache(cacheName).getAndPut("key", "value"), - c -> c.cache(cacheName).getAndRemove("key"), - c -> c.cache(cacheName).getAndReplace("key", "value") + biTuple(c -> c.cache(cacheName).put("key", "value"), "put"), + biTuple(c -> c.cache(cacheName).putAll(singletonMap("key", "value")), "putAll"), + biTuple(c -> c.cache(cacheName).get("key"), "get)"), + biTuple(c -> c.cache(cacheName).getAll(Collections.singleton("key")), "getAll"), + biTuple(c -> c.cache(cacheName).containsKey("key"), "containsKey"), + biTuple(c -> c.cache(cacheName).remove("key"), "remove"), + biTuple(c -> c.cache(cacheName).replace("key", "value"), "replace"), + biTuple(c -> c.cache(cacheName).putIfAbsent("key", "value"), "putIfAbsent"), + biTuple(c -> c.cache(cacheName).getAndPut("key", "value"), "getAndPut"), + biTuple(c -> c.cache(cacheName).getAndRemove("key"), "getAndRemove"), + biTuple(c -> c.cache(cacheName).getAndReplace("key", "value"), "getAndReplace") ); } @@ -232,13 +233,21 @@ private void executeOperation(String clientName, Consumer cons) th } /** - * @param cons Consumer. + * @param c Consumer. + * @param opName Operation name. + */ + private T2, String> biTuple(Consumer c, String opName) { + return new T2<>(c, opName); + } + + /** + * @param t Contains consumer that executes an operation and the name of this operation. */ - private void executeForbiddenOperation(Consumer cons) { + private void executeForbiddenOperation(T2, String> t) { try (IgniteClient client = startClient(CLIENT)) { - cons.accept(client); + t.get1().accept(client); - fail(); + fail("The operation " + t.get2() + " has to be forbidden."); } catch (Exception e) { From f2f513d42363d8de8c0a83b88fcc23f2b1ec36ca Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 7 Mar 2019 14:13:31 +0300 Subject: [PATCH 66/98] IGNITE-9560 fix comments --- .../processors/security/IgniteSecurityProcessor.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index d76888bfa6d9a..ce31a1d9508a0 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -29,6 +29,15 @@ /** * Ignite Security Processor. + *

+ * The differences between {@code IgniteSecurityProcessor} and {@code GridSecurityProcessor} are: + *

    + *
  • {@code IgniteSecurityProcessor} allows to define a current security context by + * {@link #startSession(SecurityContext)} or {@link #startSession(UUID)} methods. + *
  • {@code IgniteSecurityProcessor} doesn't require to pass {@code SecurityContext} to authorize operations. + *
  • {@code IgniteSecurityProcessor} doesn't extend {@code GridProcessor} interface + * sequentially it doesn't have any methods of the lifecycle of {@code GridProcessor}. + *
*/ public interface IgniteSecurityProcessor { /** From 4f2b3e9d48aefae085a07616f55afa7c60d2b571 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 7 Mar 2019 16:19:51 +0300 Subject: [PATCH 67/98] IGNITE-9560 fix comments --- .../managers/communication/GridIoManager.java | 6 +++--- .../processors/cache/GridCacheProcessor.java | 4 ++-- .../odbc/ClientListenerNioListener.java | 4 ++-- .../processors/rest/GridRestProcessor.java | 4 ++-- .../security/IgniteSecurityProcessor.java | 20 +++++++++---------- .../security/IgniteSecurityProcessorImpl.java | 8 ++++---- .../security/NoOpIgniteSecurityProcessor.java | 12 +++++------ ...ession.java => SecurityContextHolder.java} | 4 ++-- ...pl.java => SecurityContextHolderImpl.java} | 10 +++++----- 9 files changed, 36 insertions(+), 36 deletions(-) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{IgniteSecuritySession.java => SecurityContextHolder.java} (89%) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{IgniteSecuritySessionImpl.java => SecurityContextHolderImpl.java} (82%) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 0c30b962650e3..42a5fa5d7a0c7 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,7 +70,7 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; -import org.apache.ignite.internal.processors.security.IgniteSecuritySession; +import org.apache.ignite.internal.processors.security.SecurityContextHolder; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -1561,7 +1561,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj UUID curSecSubjId = secSubjId != null ? secSubjId : nodeId; - try(IgniteSecuritySession s = ctx.security().startSession(curSecSubjId)) { + try(SecurityContextHolder s = ctx.security().replaceContext(curSecSubjId)) { lsnr.onMessage(nodeId, msg, plc); } finally { @@ -2547,7 +2547,7 @@ private class GridUserMessageListener implements GridMessageListener { if (msgBody != null) { if (predLsnr != null) { - try(IgniteSecuritySession s = ctx.security().startSession(initNodeId)) { + try(SecurityContextHolder s = ctx.security().replaceContext(initNodeId)) { if (!predLsnr.apply(nodeId, msgBody)) removeMessageListener(TOPIC_COMM_USER, this); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index 5c23642f7671c..05512b9ea2226 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -138,7 +138,7 @@ import org.apache.ignite.internal.processors.query.schema.SchemaNodeLeaveExchangeWorkerTask; import org.apache.ignite.internal.processors.query.schema.message.SchemaAbstractDiscoveryMessage; import org.apache.ignite.internal.processors.query.schema.message.SchemaProposeDiscoveryMessage; -import org.apache.ignite.internal.processors.security.IgniteSecuritySession; +import org.apache.ignite.internal.processors.security.SecurityContextHolder; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; @@ -3341,7 +3341,7 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) { - try (IgniteSecuritySession s = ctx.security().startSession(secCtx)) { + try (SecurityContextHolder s = ctx.security().replaceContext(secCtx)) { authorizeCacheCreate(cacheInfo.cacheData().config()); } catch (SecurityException ex) { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java index 4d6de1bd93a9e..99ebcf059a85d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java @@ -33,7 +33,7 @@ import org.apache.ignite.internal.processors.odbc.odbc.OdbcConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientStatus; -import org.apache.ignite.internal.processors.security.IgniteSecuritySession; +import org.apache.ignite.internal.processors.security.SecurityContextHolder; import org.apache.ignite.internal.util.GridSpinBusyLock; import org.apache.ignite.internal.util.nio.GridNioServerListenerAdapter; import org.apache.ignite.internal.util.nio.GridNioSession; @@ -175,7 +175,7 @@ public ClientListenerNioListener(GridKernalContext ctx, GridSpinBusyLock busyLoc if (authCtx != null) AuthorizationContext.context(authCtx); - try(IgniteSecuritySession s = ctx.security().startSession(connCtx.securityContext())) { + try(SecurityContextHolder s = ctx.security().replaceContext(connCtx.securityContext())) { resp = handler.handle(req); } finally { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index ae435d6f184f8..8d818c9a8ba75 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -64,7 +64,7 @@ import org.apache.ignite.internal.processors.rest.request.GridRestRequest; import org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest; import org.apache.ignite.internal.processors.rest.request.RestQueryRequest; -import org.apache.ignite.internal.processors.security.IgniteSecuritySession; +import org.apache.ignite.internal.processors.security.SecurityContextHolder; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.GridSpinReadWriteLock; import org.apache.ignite.internal.util.future.GridFinishedFuture; @@ -272,7 +272,7 @@ private IgniteInternalFuture handleRequest(final GridRestReque if (secCtx0 == null || ses.isTokenExpired(sesTokTtl)) ses.secCtx = secCtx0 = authenticate(req, ses); - try(IgniteSecuritySession s = ctx.security().startSession(secCtx0)) { + try(SecurityContextHolder s = ctx.security().replaceContext(secCtx0)) { authorize(req); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index ce31a1d9508a0..9ca78df4bb5a3 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -33,7 +33,7 @@ * The differences between {@code IgniteSecurityProcessor} and {@code GridSecurityProcessor} are: *
    *
  • {@code IgniteSecurityProcessor} allows to define a current security context by - * {@link #startSession(SecurityContext)} or {@link #startSession(UUID)} methods. + * {@link #replaceContext(SecurityContext)} or {@link #replaceContext(UUID)} methods. *
  • {@code IgniteSecurityProcessor} doesn't require to pass {@code SecurityContext} to authorize operations. *
  • {@code IgniteSecurityProcessor} doesn't extend {@code GridProcessor} interface * sequentially it doesn't have any methods of the lifecycle of {@code GridProcessor}. @@ -41,27 +41,27 @@ */ public interface IgniteSecurityProcessor { /** - * Creates {@link IgniteSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * Creates {@link SecurityContextHolder}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until - * session {@link IgniteSecuritySession} will be closed. + * holder {@link SecurityContextHolder} will be closed. * * @param secCtx Security Context. - * @return Grid security Session. + * @return Security context holder. */ - public IgniteSecuritySession startSession(SecurityContext secCtx); + public SecurityContextHolder replaceContext(SecurityContext secCtx); /** - * Creates {@link IgniteSecuritySession}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * Creates {@link SecurityContextHolder}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by - * node with given nodeId until session {@link IgniteSecuritySession} will be closed. + * node with given nodeId until holder {@link SecurityContextHolder} will be closed. * * @param nodeId Node id. - * @return Grid security Session. + * @return Security context holder. */ - public IgniteSecuritySession startSession(UUID nodeId); + public SecurityContextHolder replaceContext(UUID nodeId); /** - * @return SecurityContext of opened session {@link IgniteSecuritySession}. + * @return SecurityContext of holder {@link SecurityContextHolder}. */ public SecurityContext securityContext(); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index 670e64b044fb6..4e109c68fd8fe 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -86,19 +86,19 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor } /** {@inheritDoc} */ - @Override public IgniteSecuritySession startSession(SecurityContext secCtx) { + @Override public SecurityContextHolder replaceContext(SecurityContext secCtx) { assert secCtx != null; SecurityContext old = curSecCtx.get(); curSecCtx.set(secCtx); - return new IgniteSecuritySessionImpl(this, old); + return new SecurityContextHolderImpl(this, old); } /** {@inheritDoc} */ - @Override public IgniteSecuritySession startSession(UUID nodeId) { - return startSession( + @Override public SecurityContextHolder replaceContext(UUID nodeId) { + return replaceContext( secCtxs.computeIfAbsent(nodeId, uuid -> nodeSecurityContext( marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().node(uuid) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java index 341ff59d6ee13..498bf44fc094a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -45,8 +45,8 @@ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, Gri "is not equal to remote node's ignite security processor class " + "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; - /** No operation Security session. */ - private static final IgniteSecuritySession NO_OP_SECURITY_SESSION = new IgniteSecuritySession() { + /** No operation security holder. */ + private static final SecurityContextHolder NO_OP_SECURITY_HOLDER = new SecurityContextHolder() { @Override public void close() { //no-op } @@ -63,13 +63,13 @@ public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { } /** {@inheritDoc} */ - @Override public IgniteSecuritySession startSession(SecurityContext secCtx) { - return NO_OP_SECURITY_SESSION; + @Override public SecurityContextHolder replaceContext(SecurityContext secCtx) { + return NO_OP_SECURITY_HOLDER; } /** {@inheritDoc} */ - @Override public IgniteSecuritySession startSession(UUID nodeId) { - return NO_OP_SECURITY_SESSION; + @Override public SecurityContextHolder replaceContext(UUID nodeId) { + return NO_OP_SECURITY_HOLDER; } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySession.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java similarity index 89% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySession.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java index c074b9f51fcad..e5b261c95cf03 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySession.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java @@ -18,9 +18,9 @@ package org.apache.ignite.internal.processors.security; /** - * Representation of Grid Security Session. + * Representation of Security Context Holder. */ -public interface IgniteSecuritySession extends AutoCloseable { +public interface SecurityContextHolder extends AutoCloseable { /** {@inheritDoc} */ @Override public void close(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySessionImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java similarity index 82% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySessionImpl.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java index fde97f6c18d1c..9cbcb85c8407a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecuritySessionImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java @@ -20,24 +20,24 @@ /** * */ -public class IgniteSecuritySessionImpl implements IgniteSecuritySession { - /** Grid Security Manager. */ +public class SecurityContextHolderImpl implements SecurityContextHolder { + /** Ignite Security processor. */ private final IgniteSecurityProcessor proc; /** Security context. */ private final SecurityContext secCtx; /** - * @param proc Grid Security Manager. + * @param proc Ignite Security processor. * @param secCtx Security context. */ - public IgniteSecuritySessionImpl(IgniteSecurityProcessor proc, SecurityContext secCtx) { + public SecurityContextHolderImpl(IgniteSecurityProcessor proc, SecurityContext secCtx) { this.proc = proc; this.secCtx = secCtx; } /** {@inheritDoc} */ @Override public void close() { - proc.startSession(secCtx); + proc.replaceContext(secCtx); } } From 86de8f35fe32be11fd36e41538cf9a48cd74e1a4 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 12 Mar 2019 16:50:37 +0300 Subject: [PATCH 68/98] IGNITE-9560 fix comments --- .../managers/communication/GridIoManager.java | 4 +- .../security/SecurityContextHolderImpl.java | 3 + .../DataStreamerImplSelfTest.java | 2 +- .../security/AbstractSecurityTest.java | 8 + ...cheLoadRemoteSecurityContextCheckTest.java | 4 +- ...ocessorRemoteSecurityContextCheckTest.java | 76 +++---- .../compute/ComputePermissionCheckTest.java | 6 +- ...uteTaskRemoteSecurityContextCheckTest.java | 8 +- ...ClosureRemoteSecurityContextCheckTest.java | 195 ++++++++---------- ...ServiceRemoteSecurityContextCheckTest.java | 8 +- ...treamerRemoteSecurityContextCheckTest.java | 4 +- ...ssagingRemoteSecurityContextCheckTest.java | 6 +- 12 files changed, 145 insertions(+), 179 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 42a5fa5d7a0c7..fa1be46f5a543 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -1559,9 +1559,9 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - UUID curSecSubjId = secSubjId != null ? secSubjId : nodeId; + UUID newSecSubjId = secSubjId != null ? secSubjId : nodeId; - try(SecurityContextHolder s = ctx.security().replaceContext(curSecSubjId)) { + try(SecurityContextHolder s = ctx.security().replaceContext(newSecSubjId)) { lsnr.onMessage(nodeId, msg, plc); } finally { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java index 9cbcb85c8407a..9a914aa164f36 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java @@ -32,6 +32,9 @@ public class SecurityContextHolderImpl implements SecurityContextHolder { * @param secCtx Security context. */ public SecurityContextHolderImpl(IgniteSecurityProcessor proc, SecurityContext secCtx) { + assert proc != null; + assert secCtx != null; + this.proc = proc; this.secCtx = secCtx; } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java index 9eaad637b341d..4ba4f210143d9 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java @@ -604,7 +604,7 @@ private static class StaleTopologyCommunicationSpi extends TcpCommunicationSpi { -1); msg = new GridIoMessage( - GridTestUtils.getFieldValue(ioMsg, "secSubjId"), + GridTestUtils.getFieldValue(ioMsg, "secSubjId"), GridTestUtils.getFieldValue(ioMsg, "plc"), GridTestUtils.getFieldValue(ioMsg, "topic"), GridTestUtils.getFieldValue(ioMsg, "topicOrd"), diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index c95c030caa08e..c4d63a5743dc5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -117,6 +117,14 @@ protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, ); } + /** + * @param login Login. + * @param prmSet Security permission set. + */ + protected IgniteEx startClient(String login, SecurityPermissionSet prmSet) throws Exception { + return startGrid(login, prmSet, true); + } + /** * @param login Login. * @param pwd Password. diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 1f0ce4f353e84..7d50e3297cff0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -70,7 +70,7 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat startGrid(SRV_INITIATOR, allowAllPermissionSet()); - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + startClient(CLNT_INITIATOR, allowAllPermissionSet()); startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); @@ -78,7 +78,7 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); G.allGrids().get(0).cluster().active(true); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 453fea309bd3b..e19e28e15ed3d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -20,11 +20,11 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; +import java.util.List; import java.util.UUID; import javax.cache.processor.EntryProcessor; import javax.cache.processor.EntryProcessorException; import javax.cache.processor.MutableEntry; -import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; @@ -100,7 +100,7 @@ public void test() { private void runAndCheck(IgniteEx initiator) { UUID secSubjectId = secSubjectId(initiator); - for (InvokeMethodEnum ime : InvokeMethodEnum.values()) { + for (IgniteRunnable r : featureRuns()) { runAndCheck( secSubjectId, () -> compute(initiator, nodeId(SRV_FEATURE_CALL)).broadcast( @@ -108,8 +108,7 @@ private void runAndCheck(IgniteEx initiator) { @Override public void run() { register(); - invoke(ime, Ignition.localIgnite(), - new TestEntryProcessor(endpoints()), prmKey(grid(SRV_FEATURE_TRANSITION))); + r.run(); } } ) @@ -118,59 +117,36 @@ private void runAndCheck(IgniteEx initiator) { } /** - * @return Collection of endpont nodes ids. + * @return Collection of runnables to call invoke methods. */ - private Collection endpoints() { + private List featureRuns() { + final Integer key = prmKey(grid(SRV_FEATURE_TRANSITION)); + return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) + () -> Ignition.localIgnite().cache(CACHE_NAME) + .invoke(key, new TestEntryProcessor(endpoints())), + + () -> Ignition.localIgnite().cache(CACHE_NAME) + .invokeAll(Collections.singleton(key), new TestEntryProcessor(endpoints())), + + () -> Ignition.localIgnite().cache(CACHE_NAME) + .invokeAsync(key, new TestEntryProcessor(endpoints())) + .get(), + + () -> Ignition.localIgnite().cache(CACHE_NAME) + .invokeAllAsync(Collections.singleton(key), new TestEntryProcessor(endpoints())) + .get() ); } /** - * @param ime Invoke Method. - * @param node Node. - * @param ep Entry Processor. - * @param key Key. + * @return Collection of endpont nodes ids. */ - private void invoke(InvokeMethodEnum ime, Ignite node, - EntryProcessor ep, Integer key) { - switch (ime) { - case INVOKE: - node.cache(CACHE_NAME) - .invoke(key, ep); - - break; - case INVOKE_ALL: - node.cache(CACHE_NAME) - .invokeAll(Collections.singleton(key), ep); - - break; - case INVOKE_ASYNC: - node.cache(CACHE_NAME) - .invokeAsync(key, ep).get(); - - break; - case INVOKE_ALL_ASYNC: - node.cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), ep).get(); - - break; - default: - throw new IllegalArgumentException("Unknown invoke method " + ime); - } - } - - /** Enum for ways to invoke EntryProcessor. */ - private enum InvokeMethodEnum { - /** Invoke. */ - INVOKE, - /** Invoke all. */ - INVOKE_ALL, - /** Invoke async. */ - INVOKE_ASYNC, - /** Invoke all async. */ - INVOKE_ALL_ASYNC + private Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java index 55208c3316d8b..4dca6ca07aee7 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java @@ -124,11 +124,11 @@ public void test() throws Exception { Ignite srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); - Ignite clntAllowed = startGrid("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), true); + Ignite clntAllowed = startClient("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); - Ignite clntForbidden = startGrid("clnt_forbidden", permissions(EMPTY_PERMS), true); + Ignite clntForbidden = startClient("clnt_forbidden", permissions(EMPTY_PERMS)); - Ignite clntForbiddenCancel = startGrid("clnt_forbidden_cnl", permissions(TASK_EXECUTE), true); + Ignite clntForbiddenCancel = startClient("clnt_forbidden_cnl", permissions(TASK_EXECUTE)); srvAllowed.cluster().active(true); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 57dd610cd38ea..9b70a0d4189be 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -73,19 +73,19 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec startGrid(SRV_INITIATOR, allowAllPermissionSet()); - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + startClient(CLNT_INITIATOR, allowAllPermissionSet()); startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); + startClient(CLNT_FEATURE_TRANSITION, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); G.allGrids().get(0).cluster().active(true); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 67ae4ca7337d8..b0c79a552d089 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -20,9 +20,9 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; +import java.util.List; import java.util.UUID; import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; @@ -67,19 +67,19 @@ public class DistributedClosureRemoteSecurityContextCheckTest startGrid(SRV_INITIATOR, allowAllPermissionSet()); - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + startClient(CLNT_INITIATOR, allowAllPermissionSet()); startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); + startClient(CLNT_FEATURE_TRANSITION, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); G.allGrids().get(0).cluster().active(true); } @@ -108,10 +108,10 @@ public void test() { * @param initiator Initiator node. */ private void runAndCheck(IgniteEx initiator) { - for (ComputeInvoke ci : ComputeInvoke.values()) { + for (IgniteRunnable r : featureRuns()) { runAndCheck(secSubjectId(initiator), () -> compute(initiator, featureCalls()).broadcast((IgniteRunnable) - new CommonClosure(ci, featureTransitions(), endpoints()) + new CommonClosure(r) ) ); } @@ -147,31 +147,73 @@ private Collection endpoints() { ); } - /** Enum for ways to invoke compute. */ - enum ComputeInvoke { - /** Broadcast. */ - BROADCAST, - /** Broadcast async. */ - BROADCAST_ASYNC, - /** Call. */ - CALL, - /** Call async. */ - CALL_ASYNC, - /** Run. */ - RUN, - /** Run async. */ - RUN_ASYNC, - /** Apply. */ - APPLY, - /** Apply async. */ - APPLY_ASYNC; - - /** - * @return True if an invoke is broadcast. - */ - public boolean isBroadcast() { - return this == BROADCAST || this == BROADCAST_ASYNC; - } + /** + * @return Collection of consumers to call compute methods. + */ + private List featureRuns() { + return Arrays.asList( + new IgniteRunnable() { + @Override public void run() { + compute(Ignition.localIgnite(), featureTransitions()) + .broadcast((IgniteRunnable)new CommonClosure(endpoints())); + } + }, + new IgniteRunnable() { + @Override public void run() { + compute(Ignition.localIgnite(), featureTransitions()) + .broadcastAsync((IgniteRunnable)new CommonClosure(endpoints())) + .get(); + } + }, + new IgniteRunnable() { + @Override public void run() { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .call(new CommonClosure(endpoints())); + } + } + }, + new IgniteRunnable() { + @Override public void run() { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .callAsync(new CommonClosure(endpoints())).get(); + } + } + }, + new IgniteRunnable() { + @Override public void run() { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .run(new CommonClosure(endpoints())); + } + } + }, + new IgniteRunnable() { + @Override public void run() { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .runAsync(new CommonClosure(endpoints())).get(); + } + } + }, + new IgniteRunnable() { + @Override public void run() { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .apply(new CommonClosure(endpoints()), new Object()); + } + } + }, + new IgniteRunnable() { + @Override public void run() { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .applyAsync(new CommonClosure(endpoints()), new Object()).get(); + } + } + } + ); } /** @@ -180,33 +222,30 @@ public boolean isBroadcast() { static class CommonClosure implements IgniteRunnable, IgniteCallable, IgniteClosure { - /** Type of compute invoke. */ - private final ComputeInvoke cmpInvoke; - - /** Collection of endpoint node ids. */ - private final Collection transitions; + /** Runnable. */ + private final IgniteRunnable runnable; /** Collection of endpoint node ids. */ private final Collection endpoints; /** - * @param endpoints Collection of endpoint node ids. + * @param runnable Runnable. */ - public CommonClosure(ComputeInvoke cmpInvoke, Collection transitions, - Collection endpoints) { - assert cmpInvoke != null; - assert !endpoints.isEmpty(); + public CommonClosure(IgniteRunnable runnable) { + assert runnable != null; - this.cmpInvoke = cmpInvoke; - this.transitions = transitions; - this.endpoints = endpoints; + this.runnable = runnable; + endpoints = Collections.emptyList(); } /** * @param endpoints Collection of endpoint node ids. */ private CommonClosure(Collection endpoints) { - this(ComputeInvoke.BROADCAST, Collections.emptyList(), endpoints); + assert !endpoints.isEmpty(); + + runnable = null; + this.endpoints = endpoints; } /** @@ -217,14 +256,8 @@ private void body() { Ignite ignite = Ignition.localIgnite(); - if (!transitions.isEmpty()) { - if (cmpInvoke.isBroadcast()) - transit(compute(ignite, transitions)); - else { - for (UUID id : transitions) - transit(compute(ignite, id)); - } - } + if (runnable != null) + runnable.run(); else { compute(ignite, endpoints) .broadcast(new IgniteRunnable() { @@ -235,60 +268,6 @@ private void body() { } } - /** - * Executes transition invoke. - * - * @param cmp IgniteCompute. - */ - private void transit(IgniteCompute cmp) { - CommonClosure c = new CommonClosure(endpoints); - - switch (cmpInvoke) { - case BROADCAST: { - cmp.broadcast((IgniteRunnable)c); - - break; - } - case BROADCAST_ASYNC: { - cmp.broadcastAsync((IgniteRunnable)c).get(); - - break; - } - case CALL: { - cmp.call(c); - - break; - } - case CALL_ASYNC: { - cmp.callAsync(c).get(); - - break; - } - case RUN: { - cmp.run(c); - - break; - } - case RUN_ASYNC: { - cmp.runAsync(c).get(); - - break; - } - case APPLY: { - cmp.apply(c, new Object()); - - break; - } - case APPLY_ASYNC: { - cmp.applyAsync(c, new Object()).get(); - - break; - } - default: - throw new IllegalArgumentException("Unknown ComputeInvoke: " + cmpInvoke); - } - } - /** {@inheritDoc} */ @Override public void run() { body(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index 8fed0adf395d2..839d003836341 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -66,19 +66,19 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot startGrid(SRV_INITIATOR, allowAllPermissionSet()); - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + startClient(CLNT_INITIATOR, allowAllPermissionSet()); startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); + startClient(CLNT_FEATURE_TRANSITION, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); G.allGrids().get(0).cluster().active(true); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 35f8dd751bd9e..d3638f6cbc7cc 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -63,7 +63,7 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe startGrid(SRV_INITIATOR, allowAllPermissionSet()); - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + startClient(CLNT_INITIATOR, allowAllPermissionSet()); startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); @@ -71,7 +71,7 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); G.allGrids().get(0).cluster().active(true); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java index da19211f2bdb8..218c9921f8c57 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java @@ -77,15 +77,15 @@ public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecur startGrid(SRV_INITIATOR, allowAllPermissionSet()); - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + startClient(CLNT_INITIATOR, allowAllPermissionSet()); startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - startGrid(CLNT_FEATURE_TRANSITION, allowAllPermissionSet(), true); + startClient(CLNT_FEATURE_TRANSITION, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); From 08e5a88dbd720c2dc0091873a79c81b49e174ad7 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 14 Mar 2019 12:57:19 +0300 Subject: [PATCH 69/98] IGNITE-9560 fix comments --- .../managers/communication/GridIoManager.java | 6 +- .../processors/cache/GridCacheProcessor.java | 4 +- .../odbc/ClientListenerNioListener.java | 4 +- .../processors/rest/GridRestProcessor.java | 4 +- .../security/IgniteSecurityProcessor.java | 16 +- .../security/IgniteSecurityProcessorImpl.java | 17 +- .../security/NoOpIgniteSecurityProcessor.java | 12 +- ...der.java => OperationSecurityContext.java} | 4 +- ...java => OperationSecurityContextImpl.java} | 6 +- .../processors/security/package-info.java | 21 -- ...cheLoadRemoteSecurityContextCheckTest.java | 15 +- ...ocessorRemoteSecurityContextCheckTest.java | 13 +- ...anQueryRemoteSecurityContextCheckTest.java | 13 +- .../security/cache/closure/package-info.java | 21 -- .../security/cache/package-info.java | 21 -- .../security/client/package-info.java | 21 -- ...uteTaskRemoteSecurityContextCheckTest.java | 15 +- ...ClosureRemoteSecurityContextCheckTest.java | 12 +- ...ServiceRemoteSecurityContextCheckTest.java | 13 +- .../compute/closure/package-info.java | 21 -- .../security/compute/package-info.java | 21 -- ...treamerRemoteSecurityContextCheckTest.java | 15 +- .../datastreamer/closure/package-info.java | 21 -- .../security/datastreamer/package-info.java | 21 -- ...ssagingRemoteSecurityContextCheckTest.java | 247 ------------------ .../security/messaging/package-info.java | 21 -- .../processor/security/package-info.java | 21 -- ...sTestSuite.java => SecurityTestSuite.java} | 4 +- .../ignite/testsuites/package-info.java | 21 -- 29 files changed, 86 insertions(+), 565 deletions(-) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{SecurityContextHolder.java => OperationSecurityContext.java} (89%) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{SecurityContextHolderImpl.java => OperationSecurityContextImpl.java} (86%) delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/package-info.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/package-info.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/package-info.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/package-info.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/package-info.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/package-info.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/package-info.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/package-info.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/package-info.java delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java rename modules/security/src/test/java/org/apache/ignite/testsuites/{AuthorizeOperationsTestSuite.java => SecurityTestSuite.java} (93%) delete mode 100644 modules/security/src/test/java/org/apache/ignite/testsuites/package-info.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index fa1be46f5a543..041424c58f300 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,7 +70,7 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; -import org.apache.ignite.internal.processors.security.SecurityContextHolder; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -1561,7 +1561,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj UUID newSecSubjId = secSubjId != null ? secSubjId : nodeId; - try(SecurityContextHolder s = ctx.security().replaceContext(newSecSubjId)) { + try(OperationSecurityContext s = ctx.security().withContext(newSecSubjId)) { lsnr.onMessage(nodeId, msg, plc); } finally { @@ -2547,7 +2547,7 @@ private class GridUserMessageListener implements GridMessageListener { if (msgBody != null) { if (predLsnr != null) { - try(SecurityContextHolder s = ctx.security().replaceContext(initNodeId)) { + try(OperationSecurityContext s = ctx.security().withContext(initNodeId)) { if (!predLsnr.apply(nodeId, msgBody)) removeMessageListener(TOPIC_COMM_USER, this); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index 05512b9ea2226..a9872a6705e93 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -138,7 +138,7 @@ import org.apache.ignite.internal.processors.query.schema.SchemaNodeLeaveExchangeWorkerTask; import org.apache.ignite.internal.processors.query.schema.message.SchemaAbstractDiscoveryMessage; import org.apache.ignite.internal.processors.query.schema.message.SchemaProposeDiscoveryMessage; -import org.apache.ignite.internal.processors.security.SecurityContextHolder; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; @@ -3341,7 +3341,7 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) { - try (SecurityContextHolder s = ctx.security().replaceContext(secCtx)) { + try (OperationSecurityContext s = ctx.security().withContext(secCtx)) { authorizeCacheCreate(cacheInfo.cacheData().config()); } catch (SecurityException ex) { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java index 99ebcf059a85d..7d58503467db3 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java @@ -33,7 +33,7 @@ import org.apache.ignite.internal.processors.odbc.odbc.OdbcConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientStatus; -import org.apache.ignite.internal.processors.security.SecurityContextHolder; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.util.GridSpinBusyLock; import org.apache.ignite.internal.util.nio.GridNioServerListenerAdapter; import org.apache.ignite.internal.util.nio.GridNioSession; @@ -175,7 +175,7 @@ public ClientListenerNioListener(GridKernalContext ctx, GridSpinBusyLock busyLoc if (authCtx != null) AuthorizationContext.context(authCtx); - try(SecurityContextHolder s = ctx.security().replaceContext(connCtx.securityContext())) { + try(OperationSecurityContext s = ctx.security().withContext(connCtx.securityContext())) { resp = handler.handle(req); } finally { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index 8d818c9a8ba75..2dd23a3dd5f0c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -64,7 +64,7 @@ import org.apache.ignite.internal.processors.rest.request.GridRestRequest; import org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest; import org.apache.ignite.internal.processors.rest.request.RestQueryRequest; -import org.apache.ignite.internal.processors.security.SecurityContextHolder; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.GridSpinReadWriteLock; import org.apache.ignite.internal.util.future.GridFinishedFuture; @@ -272,7 +272,7 @@ private IgniteInternalFuture handleRequest(final GridRestReque if (secCtx0 == null || ses.isTokenExpired(sesTokTtl)) ses.secCtx = secCtx0 = authenticate(req, ses); - try(SecurityContextHolder s = ctx.security().replaceContext(secCtx0)) { + try(OperationSecurityContext s = ctx.security().withContext(secCtx0)) { authorize(req); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index 9ca78df4bb5a3..1c4371257b84d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -33,7 +33,7 @@ * The differences between {@code IgniteSecurityProcessor} and {@code GridSecurityProcessor} are: *
      *
    • {@code IgniteSecurityProcessor} allows to define a current security context by - * {@link #replaceContext(SecurityContext)} or {@link #replaceContext(UUID)} methods. + * {@link #withContext(SecurityContext)} or {@link #withContext(UUID)} methods. *
    • {@code IgniteSecurityProcessor} doesn't require to pass {@code SecurityContext} to authorize operations. *
    • {@code IgniteSecurityProcessor} doesn't extend {@code GridProcessor} interface * sequentially it doesn't have any methods of the lifecycle of {@code GridProcessor}. @@ -41,27 +41,27 @@ */ public interface IgniteSecurityProcessor { /** - * Creates {@link SecurityContextHolder}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until - * holder {@link SecurityContextHolder} will be closed. + * holder {@link OperationSecurityContext} will be closed. * * @param secCtx Security Context. * @return Security context holder. */ - public SecurityContextHolder replaceContext(SecurityContext secCtx); + public OperationSecurityContext withContext(SecurityContext secCtx); /** - * Creates {@link SecurityContextHolder}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by - * node with given nodeId until holder {@link SecurityContextHolder} will be closed. + * node with given nodeId until holder {@link OperationSecurityContext} will be closed. * * @param nodeId Node id. * @return Security context holder. */ - public SecurityContextHolder replaceContext(UUID nodeId); + public OperationSecurityContext withContext(UUID nodeId); /** - * @return SecurityContext of holder {@link SecurityContextHolder}. + * @return SecurityContext of holder {@link OperationSecurityContext}. */ public SecurityContext securityContext(); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index 4e109c68fd8fe..a0a50f31f5464 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -86,19 +86,19 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor } /** {@inheritDoc} */ - @Override public SecurityContextHolder replaceContext(SecurityContext secCtx) { + @Override public OperationSecurityContext withContext(SecurityContext secCtx) { assert secCtx != null; SecurityContext old = curSecCtx.get(); curSecCtx.set(secCtx); - return new SecurityContextHolderImpl(this, old); + return new OperationSecurityContextImpl(this, old); } /** {@inheritDoc} */ - @Override public SecurityContextHolder replaceContext(UUID nodeId) { - return replaceContext( + @Override public OperationSecurityContext withContext(UUID nodeId) { + return withContext( secCtxs.computeIfAbsent(nodeId, uuid -> nodeSecurityContext( marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().node(uuid) @@ -213,16 +213,15 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor } /** {@inheritDoc} */ - @Override public @Nullable IgniteNodeValidationResult validateNode( - ClusterNode node) { + @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node) { IgniteNodeValidationResult res = validateSecProcClass(node); return res != null ? res : secPrc.validateNode(node); } /** {@inheritDoc} */ - @Override public @Nullable IgniteNodeValidationResult validateNode( - ClusterNode node, DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { + @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node, + DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { IgniteNodeValidationResult res = validateSecProcClass(node); return res != null ? res : secPrc.validateNode(node, discoData); @@ -259,7 +258,7 @@ private SecurityContext localSecurityContext() { * @param node Joining node. * @return Validation result or {@code null} in case of success. */ - private IgniteNodeValidationResult validateSecProcClass(ClusterNode node){ + private IgniteNodeValidationResult validateSecProcClass(ClusterNode node) { String rmtCls = node.attribute(ATTR_GRID_SEC_PROC_CLASS); String locCls = secPrc.getClass().getName(); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java index 498bf44fc094a..95a76a802578f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -45,8 +45,8 @@ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, Gri "is not equal to remote node's ignite security processor class " + "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; - /** No operation security holder. */ - private static final SecurityContextHolder NO_OP_SECURITY_HOLDER = new SecurityContextHolder() { + /** No operation security context. */ + private static final OperationSecurityContext NO_OP_SEC_CTX = new OperationSecurityContext() { @Override public void close() { //no-op } @@ -63,13 +63,13 @@ public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { } /** {@inheritDoc} */ - @Override public SecurityContextHolder replaceContext(SecurityContext secCtx) { - return NO_OP_SECURITY_HOLDER; + @Override public OperationSecurityContext withContext(SecurityContext secCtx) { + return NO_OP_SEC_CTX; } /** {@inheritDoc} */ - @Override public SecurityContextHolder replaceContext(UUID nodeId) { - return NO_OP_SECURITY_HOLDER; + @Override public OperationSecurityContext withContext(UUID nodeId) { + return NO_OP_SEC_CTX; } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java similarity index 89% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java index e5b261c95cf03..d9a85622dbcce 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java @@ -18,9 +18,9 @@ package org.apache.ignite.internal.processors.security; /** - * Representation of Security Context Holder. + * Representation of Operation Security Context. */ -public interface SecurityContextHolder extends AutoCloseable { +public interface OperationSecurityContext extends AutoCloseable { /** {@inheritDoc} */ @Override public void close(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContextImpl.java similarity index 86% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContextImpl.java index 9a914aa164f36..aab9a65c0f17b 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolderImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContextImpl.java @@ -20,7 +20,7 @@ /** * */ -public class SecurityContextHolderImpl implements SecurityContextHolder { +public class OperationSecurityContextImpl implements OperationSecurityContext { /** Ignite Security processor. */ private final IgniteSecurityProcessor proc; @@ -31,7 +31,7 @@ public class SecurityContextHolderImpl implements SecurityContextHolder { * @param proc Ignite Security processor. * @param secCtx Security context. */ - public SecurityContextHolderImpl(IgniteSecurityProcessor proc, SecurityContext secCtx) { + public OperationSecurityContextImpl(IgniteSecurityProcessor proc, SecurityContext secCtx) { assert proc != null; assert secCtx != null; @@ -41,6 +41,6 @@ public SecurityContextHolderImpl(IgniteSecurityProcessor proc, SecurityContext s /** {@inheritDoc} */ @Override public void close() { - proc.replaceContext(secCtx); + proc.withContext(secCtx); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/package-info.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/package-info.java deleted file mode 100644 index a4b191ca59cf5..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Package with Apache Ignite Securitu classes. - */ -package org.apache.ignite.internal.processors.security; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 7d50e3297cff0..e9475cdc42cf4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -39,7 +39,11 @@ import org.junit.runners.JUnit4; /** - * Testing permissions when the filter of Load cache is executed cache operations on remote node. + * Testing operation security context when the filter of Load cache is executed on remote node. + *

      + * The initiator node broadcasts a task to feature call node that starts load cache with filter. That filter is + * executed on feature transition node and broadcasts a task to endpoint nodes. On every step, it is performed + * verification that operation security context is the initiator context. */ @RunWith(JUnit4.class) public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { @@ -183,13 +187,8 @@ public TestClosure(String node, Collection endpoints) { if (node.equals(loc.name())) { register(); - compute(loc, endpoints).broadcast( - new IgniteRunnable() { - @Override public void run() { - register(); - } - } - ); + compute(loc, endpoints) + .broadcast(() -> register()); } return false; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index e19e28e15ed3d..d0e50c25dd0b3 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -35,7 +35,11 @@ import org.junit.runners.JUnit4; /** - * Testing permissions when EntryProcessor closure is executed cache operations on remote node. + * Testing operation security context when EntryProcessor closure is executed on remote node. + *

      + * The initiator node broadcasts a task to feature call node that starts EntryProcessor closure. That closure is + * executed on feature transition node and broadcasts a task to endpoint nodes. On every step, it is performed + * verification that operation security context is the initiator context. */ @RunWith(JUnit4.class) public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { @@ -170,11 +174,8 @@ public TestEntryProcessor(Collection endpoints) { throws EntryProcessorException { register(); - compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { - @Override public void run() { - register(); - } - }); + compute(Ignition.localIgnite(), endpoints) + .broadcast(() -> register()); return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 985c5ca4c98b4..1ab1b8fcda6d0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -34,7 +34,11 @@ import org.junit.runners.JUnit4; /** - * Testing permissions when the filter of ScanQuery is executed cache operations on remote node. + * Testing operation security context when the filter of ScanQuery is executed on remote node. + *

      + * The initiator node broadcasts a task to feature call node that starts ScanQuery's filter. That filter is executed on + * feature transition node and broadcasts a task to endpoint nodes. On every step, it is performed verification that + * operation security context is the initiator context. */ @RunWith(JUnit4.class) public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { @@ -208,11 +212,8 @@ private void verifyAndBroadcast() { if (node.equals(loc.name())) { register(); - compute(loc, endpoints).broadcast(new IgniteRunnable() { - @Override public void run() { - register(); - } - }); + compute(loc, endpoints) + .broadcast(() -> register()); } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/package-info.java deleted file mode 100644 index faffca2917edf..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains security tests for cache closures. - */ -package org.apache.ignite.internal.processor.security.cache.closure; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/package-info.java deleted file mode 100644 index 4d66dd6c324b0..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains security tests for caches. - */ -package org.apache.ignite.internal.processor.security.cache; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/package-info.java deleted file mode 100644 index fd21bbbe114bf..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains security tests for Thin Client. - */ -package org.apache.ignite.internal.processor.security.client; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 9b70a0d4189be..ee03cbadc5524 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -40,7 +40,11 @@ import org.junit.Test; /** - * Testing permissions when the compute task is executed cache operations on remote node. + * Testing operation security context when the compute task is executed on remote nodes. + *

      + * The initiator node broadcasts a task to feature call nodes that starts compute task. That compute task is executed + * on feature transition nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that + * operation security context is the initiator context. */ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { /** Name of server initiator node. */ @@ -217,13 +221,8 @@ public TestComputeTask(Collection remotes, Collection endpoints) { @Override public Object execute() throws IgniteException { register(); - compute(loc, endpoints).broadcast( - new IgniteRunnable() { - @Override public void run() { - register(); - } - } - ); + compute(loc, endpoints) + .broadcast(() -> register()); return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index b0c79a552d089..5da651f8e24df 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -33,7 +33,11 @@ import org.junit.Test; /** - * Testing permissions when the compute closure is executed cache operations on remote node. + * Testing operation security context when the compute closure is executed on remote nodes. + *

      + * The initiator node broadcasts a task to feature call nodes that starts compute operation. That operation is executed + * on feature transition nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that + * operation security context is the initiator context. */ public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { @@ -260,11 +264,7 @@ private void body() { runnable.run(); else { compute(ignite, endpoints) - .broadcast(new IgniteRunnable() { - @Override public void run() { - register(); - } - }); + .broadcast(() -> register()); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index 839d003836341..f42c3f0c56308 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -32,7 +32,11 @@ import org.junit.runners.JUnit4; /** - * Testing permissions when the service task is executed cache operations on remote node. + * Testing operation security context when the service task is executed on remote nodes. + *

      + * The initiator node broadcasts a task to feature call nodes that starts service task. That service task is executed + * on feature transition nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that + * operation security context is the initiator context. */ @RunWith(JUnit4.class) public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { @@ -181,11 +185,8 @@ public TestIgniteRunnable(Collection endpoints) { @Override public void run() { register(); - compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { - @Override public void run() { - register(); - } - }); + compute(Ignition.localIgnite(), endpoints) + .broadcast(() -> register()); } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/package-info.java deleted file mode 100644 index 1f32285ebe7e0..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains security tests for compute closure. - */ -package org.apache.ignite.internal.processor.security.compute.closure; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/package-info.java deleted file mode 100644 index 98743d62ecc7c..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains security tests for compute. - */ -package org.apache.ignite.internal.processor.security.compute; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index d3638f6cbc7cc..6f0c00bc05706 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -35,7 +35,11 @@ import org.junit.runners.JUnit4; /** - * Testing permissions when the closure od DataStreamer is executed cache operations on remote node. + * Testing operation security context when the closure of DataStreamer is executed on remote node. + *

      + * The initiator node broadcasts a task to feature call node that starts DataStreamer's closure. That closure is + * executed on feature transition node and broadcasts a task to endpoint nodes. On every step, it is performed + * verification that operation security context is the initiator context. */ @RunWith(JUnit4.class) public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { @@ -97,7 +101,7 @@ public void testDataStreamer() { /** * @param name Initiator node name. */ - private void runAndCheck(String name){ + private void runAndCheck(String name) { runAndCheck( secSubjectId(name), () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( @@ -155,11 +159,8 @@ public TestClosure(Collection endpoints) { Map.Entry entry) { register(); - compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { - @Override public void run() { - register(); - } - }); + compute(Ignition.localIgnite(), endpoints) + .broadcast(() -> register()); } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/package-info.java deleted file mode 100644 index 3d0ccbb4e4cc3..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains security tests for Data Streamer closure. - */ -package org.apache.ignite.internal.processor.security.datastreamer.closure; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/package-info.java deleted file mode 100644 index 68c2b42c8db19..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains security tests for Data Streamer. - */ -package org.apache.ignite.internal.processor.security.datastreamer; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java deleted file mode 100644 index 218c9921f8c57..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/MessagingRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,247 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security.messaging; - -import java.util.Arrays; -import java.util.Collection; -import java.util.UUID; -import java.util.concurrent.BrokenBarrierException; -import java.util.concurrent.CyclicBarrier; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.TimeoutException; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteMessaging; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteBiPredicate; -import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.testframework.GridTestUtils; -import org.apache.ignite.testframework.config.GridTestProperties; -import org.apache.ignite.testframework.junits.GridAbstractTest; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing permissions when the message listener is executed cache operations on remote node. - */ -@RunWith(JUnit4.class) -public class MessagingRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** Barrier. */ - private static final CyclicBarrier BARRIER = new CyclicBarrier(3); - - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of client feature call node. */ - private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of client feature transit node. */ - private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - public static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startClient(CLNT_INITIATOR, allowAllPermissionSet()); - - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - - startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); - - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); - - startClient(CLNT_FEATURE_TRANSITION, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startGrid(CLNT_ENDPOINT, allowAllPermissionSet()); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .add(SRV_FEATURE_CALL, 1) - .add(CLNT_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 2) - .add(CLNT_FEATURE_TRANSITION, 2) - .add(SRV_ENDPOINT, 4) - .add(CLNT_ENDPOINT, 4); - } - - /** - * - */ - @Test - public void test() { - fail("https://issues.apache.org/jira/browse/IGNITE-11410"); - - runAndCheck(grid(SRV_INITIATOR), grid(CLNT_INITIATOR)); - runAndCheck(grid(CLNT_INITIATOR), grid(SRV_INITIATOR)); - } - - /** - * Performs the test. - * - * @param initiator Initiator node. - * @param evt Node that generates an event. - */ - private void runAndCheck(IgniteEx initiator, IgniteEx evt) { - runAndCheck( - secSubjectId(initiator), - () -> { - for (UUID nodeId : featureCalls()) { - compute(initiator, nodeId).broadcast(new IgniteRunnable() { - @Override public void run() { - register(); - - BARRIER.reset(); - - Ignite loc = Ignition.localIgnite(); - - IgniteMessaging messaging = loc.message(loc.cluster().forNodeIds(featureTransitions())); - - String topic = "HOT_TOPIC"; - - UUID lsnrId = messaging.remoteListen(topic, new TestListener(endpoints())); - - try { - evt.message().send(topic, "Fire!"); - } - finally { - barrierAwait(); - - messaging.stopRemoteListen(lsnrId); - } - } - }); - } - } - ); - } - - /** - * @return Collection of feature call nodes ids. - */ - private Collection featureCalls() { - return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) - ); - } - - /** - * @return Collection of feature transit nodes ids. - */ - private Collection featureTransitions() { - return Arrays.asList( - nodeId(SRV_FEATURE_TRANSITION), - nodeId(CLNT_FEATURE_TRANSITION) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - - /** - * Call await method on {@link #BARRIER} with {@link GridAbstractTest#getTestTimeout()} timeout. - */ - private static void barrierAwait() { - try { - BARRIER.await(getTimeout(), TimeUnit.MILLISECONDS); - } - catch (InterruptedException | BrokenBarrierException | TimeoutException e) { - fail(e.toString()); - } - } - - /** - * @return Barrier timeout. - */ - private static long getTimeout() { - String timeout = GridTestProperties.getProperty("test.timeout"); - - if (timeout != null) - return Long.parseLong(timeout); - - return GridTestUtils.DFLT_TEST_TIMEOUT; - } - - /** - * - */ - static class TestListener implements IgniteBiPredicate { - /** Collection of endpoint node ids. */ - private final Collection endpoints; - - /** - * @param endpoints Collection of endpoint node ids. - */ - public TestListener(Collection endpoints) { - assert !endpoints.isEmpty(); - - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public boolean apply(UUID o, String o2) { - try { - register(); - - compute(Ignition.localIgnite(), endpoints).broadcast(new IgniteRunnable() { - @Override public void run() { - register(); - } - }); - - return true; - } - finally { - barrierAwait(); - } - } - } -} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/package-info.java deleted file mode 100644 index b34aa8409304d..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/messaging/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains security tests for Ignite Messaging. - */ -package org.apache.ignite.internal.processor.security.messaging; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java deleted file mode 100644 index a56ad296c1aa5..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains security tests. - */ -package org.apache.ignite.internal.processor.security; \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java b/modules/security/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java similarity index 93% rename from modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java rename to modules/security/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java index 039f8b54d14f3..6b664fa81e370 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/AuthorizeOperationsTestSuite.java +++ b/modules/security/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java @@ -30,7 +30,6 @@ import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceRemoteSecurityContextCheckTest; import org.apache.ignite.internal.processor.security.datastreamer.DataStreamerPermissionCheckTest; import org.apache.ignite.internal.processor.security.datastreamer.closure.DataStreamerRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.messaging.MessagingRemoteSecurityContextCheckTest; import org.junit.runner.RunWith; import org.junit.runners.Suite; @@ -53,7 +52,6 @@ DataStreamerRemoteSecurityContextCheckTest.class, CacheLoadRemoteSecurityContextCheckTest.class, ThinClientPermissionCheckTest.class, - MessagingRemoteSecurityContextCheckTest.class, }) -public class AuthorizeOperationsTestSuite { +public class SecurityTestSuite { } diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/package-info.java b/modules/security/src/test/java/org/apache/ignite/testsuites/package-info.java deleted file mode 100644 index 998eaa88f3685..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Contains internal tests or test related classes and interfaces. - */ -package org.apache.ignite.testsuites; \ No newline at end of file From a56067aa6351ad8e86dc1fd49727ff14ab833e05 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 15 Mar 2019 11:07:03 +0300 Subject: [PATCH 70/98] IGNITE-9560 fix comments --- .../EntryProcessorRemoteSecurityContextCheckTest.java | 4 ++-- .../closure/ScanQueryRemoteSecurityContextCheckTest.java | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index d0e50c25dd0b3..07d422336a40a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -67,7 +67,7 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO startGrid(SRV_INITIATOR, allowAllPermissionSet()); - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + startClient(CLNT_INITIATOR, allowAllPermissionSet()); startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); @@ -75,7 +75,7 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); G.allGrids().get(0).cluster().active(true); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 1ab1b8fcda6d0..5349cfd5d10bc 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -69,17 +69,17 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat startGrid(SRV_INITIATOR, allowAllPermissionSet()); - startGrid(CLNT_INITIATOR, allowAllPermissionSet(), true); + startClient(CLNT_INITIATOR, allowAllPermissionSet()); startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); - startGrid(CLNT_FEATURE_CALL, allowAllPermissionSet(), true); + startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - startGrid(CLNT_ENDPOINT, allowAllPermissionSet(), true); + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); G.allGrids().get(0).cluster().active(true); } From af087f65a4e3ecba527232029bc4d2e3e1eaaef4 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 15 Mar 2019 12:33:55 +0300 Subject: [PATCH 71/98] IGNITE-9560 fix comments --- .../security/IgniteSecurityProcessorImpl.java | 2 +- .../security/NoOpIgniteSecurityProcessor.java | 10 ++-- .../security/OperationSecurityContext.java | 26 +++++++++-- .../OperationSecurityContextImpl.java | 46 ------------------- 4 files changed, 27 insertions(+), 57 deletions(-) delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContextImpl.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java index a0a50f31f5464..2249061bbb56d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java @@ -93,7 +93,7 @@ public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor curSecCtx.set(secCtx); - return new OperationSecurityContextImpl(this, old); + return new OperationSecurityContext(this, old); } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java index 95a76a802578f..bc4ec718f159e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -46,11 +46,7 @@ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, Gri "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; /** No operation security context. */ - private static final OperationSecurityContext NO_OP_SEC_CTX = new OperationSecurityContext() { - @Override public void close() { - //no-op - } - }; + private final OperationSecurityContext opSecCtx = new OperationSecurityContext(this, null); /** Grid kernal context. */ private final GridKernalContext ctx; @@ -64,12 +60,12 @@ public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public OperationSecurityContext withContext(SecurityContext secCtx) { - return NO_OP_SEC_CTX; + return opSecCtx; } /** {@inheritDoc} */ @Override public OperationSecurityContext withContext(UUID nodeId) { - return NO_OP_SEC_CTX; + return opSecCtx; } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java index d9a85622dbcce..978876c5396e5 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java @@ -18,9 +18,29 @@ package org.apache.ignite.internal.processors.security; /** - * Representation of Operation Security Context. + * */ -public interface OperationSecurityContext extends AutoCloseable { +public class OperationSecurityContext implements AutoCloseable { + /** Ignite Security processor. */ + private final IgniteSecurityProcessor proc; + + /** Security context. */ + private final SecurityContext secCtx; + + /** + * @param proc Ignite Security processor. + * @param secCtx Security context. + */ + OperationSecurityContext(IgniteSecurityProcessor proc, SecurityContext secCtx) { + assert proc != null; + assert secCtx != null || !proc.enabled(); + + this.proc = proc; + this.secCtx = secCtx; + } + /** {@inheritDoc} */ - @Override public void close(); + @Override public void close() { + proc.withContext(secCtx); + } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContextImpl.java deleted file mode 100644 index aab9a65c0f17b..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContextImpl.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -/** - * - */ -public class OperationSecurityContextImpl implements OperationSecurityContext { - /** Ignite Security processor. */ - private final IgniteSecurityProcessor proc; - - /** Security context. */ - private final SecurityContext secCtx; - - /** - * @param proc Ignite Security processor. - * @param secCtx Security context. - */ - public OperationSecurityContextImpl(IgniteSecurityProcessor proc, SecurityContext secCtx) { - assert proc != null; - assert secCtx != null; - - this.proc = proc; - this.secCtx = secCtx; - } - - /** {@inheritDoc} */ - @Override public void close() { - proc.withContext(secCtx); - } -} From c161fcb942cfa6715800859fbf338faa4b916de2 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 18 Mar 2019 12:44:57 +0300 Subject: [PATCH 72/98] IGNITE-9560 fix comments --- .../CacheOperationPermissionCheckTest.java | 61 ++++++--------- .../EntryProcessorPermissionCheckTest.java | 24 +++--- ...cheLoadRemoteSecurityContextCheckTest.java | 9 +-- ...ocessorRemoteSecurityContextCheckTest.java | 8 +- ...anQueryRemoteSecurityContextCheckTest.java | 32 ++++---- .../client/ThinClientPermissionCheckTest.java | 49 +++++------- ...uteTaskRemoteSecurityContextCheckTest.java | 29 +++---- ...ClosureRemoteSecurityContextCheckTest.java | 78 +++++++------------ ...ServiceRemoteSecurityContextCheckTest.java | 22 +++--- ...treamerRemoteSecurityContextCheckTest.java | 9 +-- 10 files changed, 132 insertions(+), 189 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java index 4d4e7657930ca..c6ec1ca1cad14 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java @@ -17,8 +17,12 @@ package org.apache.ignite.internal.processor.security.cache; +import java.util.Arrays; import java.util.Collections; +import java.util.List; +import java.util.function.Consumer; import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCache; import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; import org.junit.Test; import org.junit.runner.RunWith; @@ -60,43 +64,28 @@ private void testCrudCachePermissions(boolean isClient) throws Exception { .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); - node.cache(CACHE_NAME).put("key", "value"); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).put("key", "value")); + for (Consumer> c : consumers()) { + c.accept(node.cache(CACHE_NAME)); - node.cache(CACHE_NAME).putAll(singletonMap("key", "value")); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).putAll(singletonMap("key", "value"))); - - node.cache(CACHE_NAME).get("key"); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).get("key")); - - node.cache(CACHE_NAME).getAll(Collections.singleton("key")); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAll(Collections.singleton("key"))); - - node.cache(CACHE_NAME).containsKey("key"); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).containsKey("key")); - - node.cache(CACHE_NAME).remove("key"); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).remove("key")); - - node.cache(CACHE_NAME).removeAll(Collections.singleton("key")); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).removeAll(Collections.singleton("key"))); - - node.cache(CACHE_NAME).clear(); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).clear()); - - node.cache(CACHE_NAME).replace("key", "value"); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).replace("key", "value")); - - node.cache(CACHE_NAME).putIfAbsent("key", "value"); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).putIfAbsent("key", "value")); - - node.cache(CACHE_NAME).getAndPut("key", "value"); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAndPut("key", "value")); - - node.cache(CACHE_NAME).getAndRemove("key"); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAndRemove("key")); + forbiddenRun(() -> c.accept(node.cache(FORBIDDEN_CACHE))); + } + } - node.cache(CACHE_NAME).getAndReplace("key", "value"); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).getAndReplace("key", "value")); + private List>> consumers() { + return Arrays.asList( + (c) -> c.put("key", "value"), + (c) -> c.putAll(singletonMap("key", "value")), + (c) -> c.get("key"), + (c) -> c.getAll(Collections.singleton("key")), + (c) -> c.containsKey("key"), + (c) -> c.remove("key"), + (c) -> c.removeAll(Collections.singleton("key")), + IgniteCache::clear, + (c) -> c.replace("key", "value"), + (c) -> c.putIfAbsent("key", "value"), + (c) -> c.getAndPut("key", "value"), + (c) -> c.getAndRemove("key"), + (c) -> c.getAndReplace("key", "value") + ); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java index d61ecc00b711a..fc05433968c66 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java @@ -76,13 +76,13 @@ public void test() throws Exception { * @param node Node. */ private void invoke(Ignite node) { - assertAllowed(node, CACHE_NAME, + assertAllowed(node, (t) -> node.cache(CACHE_NAME).invoke( t.getKey(), processor(t) ) ); - assertForbidden(node, CACHE_NAME, + assertForbidden(node, (t) -> node.cache(FORBIDDEN_CACHE).invoke( t.getKey(), processor(t) ) @@ -93,13 +93,13 @@ private void invoke(Ignite node) { * @param node Node. */ private void invokeAll(Ignite node) { - assertAllowed(node, CACHE_NAME, + assertAllowed(node, (t) -> node.cache(CACHE_NAME).invokeAll( singleton(t.getKey()), processor(t) ) ); - assertForbidden(node, CACHE_NAME, + assertForbidden(node, (t) -> node.cache(FORBIDDEN_CACHE).invokeAll( singleton(t.getKey()), processor(t) ) @@ -110,13 +110,13 @@ private void invokeAll(Ignite node) { * @param node Node. */ private void invokeAsync(Ignite node) { - assertAllowed(node, CACHE_NAME, + assertAllowed(node, (t) -> node.cache(CACHE_NAME).invokeAsync( t.getKey(), processor(t) ).get() ); - assertForbidden(node, CACHE_NAME, + assertForbidden(node, (t) -> node.cache(FORBIDDEN_CACHE).invokeAsync( t.getKey(), processor(t) ).get() @@ -127,13 +127,13 @@ private void invokeAsync(Ignite node) { * @param node Node. */ private void invokeAsyncAll(Ignite node) { - assertAllowed(node, CACHE_NAME, + assertAllowed(node, (t) -> node.cache(CACHE_NAME).invokeAllAsync( singleton(t.getKey()), processor(t) ).get() ); - assertForbidden(node, CACHE_NAME, + assertForbidden(node, (t) -> node.cache(FORBIDDEN_CACHE).invokeAllAsync( singleton(t.getKey()), processor(t) ).get() @@ -154,18 +154,18 @@ private static CacheEntryProcessor processor(T2> c) { + protected void assertAllowed(Ignite validator, Consumer> c) { T2 entry = entry(); c.accept(entry); - assertThat(validator.cache(cacheName).get(entry.getKey()), is(entry.getValue())); + assertThat(validator.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); } /** * @param c Consumer. */ - protected void assertForbidden(Ignite validator, String cacheName, Consumer> c) { + protected void assertForbidden(Ignite validator, Consumer> c) { T2 entry = entry(); try { @@ -177,6 +177,6 @@ protected void assertForbidden(Ignite validator, String cacheName, Consumer compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( - new IgniteRunnable() { - @Override public void run() { - register(); + () -> { + register(); - loadCache(Ignition.localIgnite()); - } + loadCache(Ignition.localIgnite()); } ) ); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 07d422336a40a..c478f83c0d4dc 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -108,12 +108,10 @@ private void runAndCheck(IgniteEx initiator) { runAndCheck( secSubjectId, () -> compute(initiator, nodeId(SRV_FEATURE_CALL)).broadcast( - new IgniteRunnable() { - @Override public void run() { - register(); + () -> { + register(); - r.run(); - } + r.run(); } ) ); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 5349cfd5d10bc..28f9c8a90b7c0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -123,26 +123,22 @@ private void runAndCheck(String name) { */ private IgniteRunnable[] runnables() { return new IgniteRunnable[] { - new IgniteRunnable() { - @Override public void run() { - register(); - - Ignition.localIgnite().cache(CACHE_NAME).query( - new ScanQuery<>( - new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) - ) - ).getAll(); - } - }, - new IgniteRunnable() { - @Override public void run() { - register(); + () -> { + register(); - Ignition.localIgnite().cache(CACHE_NAME).query( - new ScanQuery<>((k, v) -> true), + Ignition.localIgnite().cache(CACHE_NAME).query( + new ScanQuery<>( new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) - ).getAll(); - } + ) + ).getAll(); + }, + () -> { + register(); + + Ignition.localIgnite().cache(CACHE_NAME).query( + new ScanQuery<>((k, v) -> true), + new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) + ).getAll(); } }; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java index d2726a7adb2ab..45ee1ee63b1f9 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java @@ -35,13 +35,14 @@ import org.apache.ignite.internal.processor.security.TestSecurityData; import org.apache.ignite.internal.processor.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.internal.util.typedef.T2; +import org.apache.ignite.lang.IgniteBiTuple; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonMap; +import static org.apache.ignite.internal.util.lang.GridFunc.t; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; @@ -162,10 +163,10 @@ protected IgniteConfiguration getConfiguration(int idx, */ @Test public void testCacheSinglePermOperations() throws Exception { - for (T2, String> t : consumers(CACHE)) + for (IgniteBiTuple, String> t : consumers(CACHE)) executeOperation(CLIENT, t.get1()); - for (T2, String> t : consumers(FORBIDDEN_CACHE)) + for (IgniteBiTuple, String> t : consumers(FORBIDDEN_CACHE)) executeForbiddenOperation(t); } @@ -181,8 +182,8 @@ public void testCacheTaskPermOperations() throws Exception { executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).removeAll()); executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).clear()); - executeForbiddenOperation(biTuple(c -> c.cache(CACHE).removeAll(), "removeAll")); - executeForbiddenOperation(biTuple(c -> c.cache(CACHE).clear(), "clear")); + executeForbiddenOperation(t(c -> c.cache(CACHE).removeAll(), "removeAll")); + executeForbiddenOperation(t(c -> c.cache(CACHE).clear(), "clear")); } /** @@ -200,26 +201,26 @@ public void testSysOperation() throws Exception { assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(false)); } - executeForbiddenOperation(biTuple(c -> c.createCache(DYNAMIC_CACHE), "createCache")); - executeForbiddenOperation(biTuple(c -> c.destroyCache(CACHE), "destroyCache")); + executeForbiddenOperation(t(c -> c.createCache(DYNAMIC_CACHE), "createCache")); + executeForbiddenOperation(t(c -> c.destroyCache(CACHE), "destroyCache")); } /** * @param cacheName Cache name. */ - private Collection, String>> consumers(final String cacheName) { + private Collection, String>> consumers(final String cacheName) { return Arrays.asList( - biTuple(c -> c.cache(cacheName).put("key", "value"), "put"), - biTuple(c -> c.cache(cacheName).putAll(singletonMap("key", "value")), "putAll"), - biTuple(c -> c.cache(cacheName).get("key"), "get)"), - biTuple(c -> c.cache(cacheName).getAll(Collections.singleton("key")), "getAll"), - biTuple(c -> c.cache(cacheName).containsKey("key"), "containsKey"), - biTuple(c -> c.cache(cacheName).remove("key"), "remove"), - biTuple(c -> c.cache(cacheName).replace("key", "value"), "replace"), - biTuple(c -> c.cache(cacheName).putIfAbsent("key", "value"), "putIfAbsent"), - biTuple(c -> c.cache(cacheName).getAndPut("key", "value"), "getAndPut"), - biTuple(c -> c.cache(cacheName).getAndRemove("key"), "getAndRemove"), - biTuple(c -> c.cache(cacheName).getAndReplace("key", "value"), "getAndReplace") + t(c -> c.cache(cacheName).put("key", "value"), "put"), + t(c -> c.cache(cacheName).putAll(singletonMap("key", "value")), "putAll"), + t(c -> c.cache(cacheName).get("key"), "get)"), + t(c -> c.cache(cacheName).getAll(Collections.singleton("key")), "getAll"), + t(c -> c.cache(cacheName).containsKey("key"), "containsKey"), + t(c -> c.cache(cacheName).remove("key"), "remove"), + t(c -> c.cache(cacheName).replace("key", "value"), "replace"), + t(c -> c.cache(cacheName).putIfAbsent("key", "value"), "putIfAbsent"), + t(c -> c.cache(cacheName).getAndPut("key", "value"), "getAndPut"), + t(c -> c.cache(cacheName).getAndRemove("key"), "getAndRemove"), + t(c -> c.cache(cacheName).getAndReplace("key", "value"), "getAndReplace") ); } @@ -232,18 +233,10 @@ private void executeOperation(String clientName, Consumer cons) th } } - /** - * @param c Consumer. - * @param opName Operation name. - */ - private T2, String> biTuple(Consumer c, String opName) { - return new T2<>(c, opName); - } - /** * @param t Contains consumer that executes an operation and the name of this operation. */ - private void executeForbiddenOperation(T2, String> t) { + private void executeForbiddenOperation(IgniteBiTuple, String> t) { try (IgniteClient client = startClient(CLIENT)) { t.get1().accept(client); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index ee03cbadc5524..0247c1ab0874d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -34,7 +34,6 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.resources.IgniteInstanceResource; import org.jetbrains.annotations.Nullable; import org.junit.Test; @@ -120,28 +119,24 @@ public void test() { private void runAndCheck(IgniteEx initiator) { runAndCheck(secSubjectId(initiator), () -> compute(initiator, featureCalls()).broadcast( - new IgniteRunnable() { - @Override public void run() { - register(); - - Ignition.localIgnite().compute().execute( - new TestComputeTask(featureTransitions(), endpoints()), 0 - ); - } + () -> { + register(); + + Ignition.localIgnite().compute().execute( + new TestComputeTask(featureTransitions(), endpoints()), 0 + ); } ) ); runAndCheck(secSubjectId(initiator), () -> compute(initiator, featureCalls()).broadcast( - new IgniteRunnable() { - @Override public void run() { - register(); - - Ignition.localIgnite().compute().executeAsync( - new TestComputeTask(featureTransitions(), endpoints()), 0 - ).get(); - } + () -> { + register(); + + Ignition.localIgnite().compute().executeAsync( + new TestComputeTask(featureTransitions(), endpoints()), 0 + ).get(); } ) ); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 5da651f8e24df..9855dc8966ecf 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -156,65 +156,45 @@ private Collection endpoints() { */ private List featureRuns() { return Arrays.asList( - new IgniteRunnable() { - @Override public void run() { - compute(Ignition.localIgnite(), featureTransitions()) - .broadcast((IgniteRunnable)new CommonClosure(endpoints())); + () -> compute(Ignition.localIgnite(), featureTransitions()) + .broadcast((IgniteRunnable)new CommonClosure(endpoints())), + () -> compute(Ignition.localIgnite(), featureTransitions()) + .broadcastAsync((IgniteRunnable)new CommonClosure(endpoints())) + .get(), + () -> { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .call(new CommonClosure(endpoints())); } }, - new IgniteRunnable() { - @Override public void run() { - compute(Ignition.localIgnite(), featureTransitions()) - .broadcastAsync((IgniteRunnable)new CommonClosure(endpoints())) - .get(); + () -> { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .callAsync(new CommonClosure(endpoints())).get(); } }, - new IgniteRunnable() { - @Override public void run() { - for (UUID id : featureTransitions()) { - compute(Ignition.localIgnite(), id) - .call(new CommonClosure(endpoints())); - } + () -> { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .run(new CommonClosure(endpoints())); } }, - new IgniteRunnable() { - @Override public void run() { - for (UUID id : featureTransitions()) { - compute(Ignition.localIgnite(), id) - .callAsync(new CommonClosure(endpoints())).get(); - } + () -> { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .runAsync(new CommonClosure(endpoints())).get(); } }, - new IgniteRunnable() { - @Override public void run() { - for (UUID id : featureTransitions()) { - compute(Ignition.localIgnite(), id) - .run(new CommonClosure(endpoints())); - } + () -> { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .apply(new CommonClosure(endpoints()), new Object()); } }, - new IgniteRunnable() { - @Override public void run() { - for (UUID id : featureTransitions()) { - compute(Ignition.localIgnite(), id) - .runAsync(new CommonClosure(endpoints())).get(); - } - } - }, - new IgniteRunnable() { - @Override public void run() { - for (UUID id : featureTransitions()) { - compute(Ignition.localIgnite(), id) - .apply(new CommonClosure(endpoints()), new Object()); - } - } - }, - new IgniteRunnable() { - @Override public void run() { - for (UUID id : featureTransitions()) { - compute(Ignition.localIgnite(), id) - .applyAsync(new CommonClosure(endpoints()), new Object()).get(); - } + () -> { + for (UUID id : featureTransitions()) { + compute(Ignition.localIgnite(), id) + .applyAsync(new CommonClosure(endpoints()), new Object()).get(); } } ); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index f42c3f0c56308..12cd818e0e2b7 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -113,21 +113,19 @@ public void test() { private void runAndCheck(IgniteEx initiator) { runAndCheck(secSubjectId(initiator), () -> compute(initiator, featureCalls()).broadcast( - new IgniteRunnable() { - @Override public void run() { - register(); + () -> { + register(); - Ignite loc = Ignition.localIgnite(); + Ignite loc = Ignition.localIgnite(); - for (UUID nodeId : featureTransitions()) { - ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); + for (UUID nodeId : featureTransitions()) { + ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); - try { - svc.submit(new TestIgniteRunnable(endpoints())).get(); - } - catch (Exception e) { - throw new RuntimeException(e); - } + try { + svc.submit(new TestIgniteRunnable(endpoints())).get(); + } + catch (Exception e) { + throw new RuntimeException(e); } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 6f0c00bc05706..98409787f9661 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -28,7 +28,6 @@ import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiInClosure; -import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.stream.StreamVisitor; import org.junit.Test; import org.junit.runner.RunWith; @@ -105,12 +104,10 @@ private void runAndCheck(String name) { runAndCheck( secSubjectId(name), () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( - new IgniteRunnable() { - @Override public void run() { - register(); + () -> { + register(); - dataStreamer(Ignition.localIgnite()); - } + dataStreamer(Ignition.localIgnite()); } ) ); From 0d2bb61d3710b072d9ed395709105a082f6be2ec Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 19 Mar 2019 14:09:07 +0300 Subject: [PATCH 73/98] IGNITE-9560 fix comments --- .../junits/common/GridCommonAbstractTest.java | 20 ++- ...erationRemoteSecurityContextCheckTest.java | 20 +-- ...bstractRemoteSecurityContextCheckTest.java | 58 +++++++++ .../security/AbstractSecurityTest.java | 47 +++++--- .../CacheOperationPermissionCheckTest.java | 5 +- .../EntryProcessorPermissionCheckTest.java | 114 +++++------------- .../cache/ScanQueryPermissionCheckTest.java | 2 +- ...cheLoadRemoteSecurityContextCheckTest.java | 32 ----- ...ocessorRemoteSecurityContextCheckTest.java | 28 ----- ...anQueryRemoteSecurityContextCheckTest.java | 42 ------- .../client/ThinClientPermissionCheckTest.java | 25 +--- .../compute/ComputePermissionCheckTest.java | 4 +- ...uteTaskRemoteSecurityContextCheckTest.java | 55 --------- ...ClosureRemoteSecurityContextCheckTest.java | 54 --------- ...ServiceRemoteSecurityContextCheckTest.java | 55 --------- .../DataStreamerPermissionCheckTest.java | 53 ++++---- ...treamerRemoteSecurityContextCheckTest.java | 29 ----- 17 files changed, 176 insertions(+), 467 deletions(-) diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java b/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java index 58f8712465c17..c00e35d185086 100755 --- a/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java +++ b/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java @@ -1090,11 +1090,23 @@ protected List primaryKeys(IgniteCache cache, final int cnt, fina * @return Collection of keys for which given cache is primary. */ protected List findKeys(IgniteCache cache, final int cnt, final int startFrom, final int type) { + return findKeys(null, cache, cnt, startFrom, type); + } + + /** + * @param node Node. + * @param cache Cache. + * @param cnt Keys count. + * @param startFrom Start value for keys search. + * @return Collection of keys for which given cache is primary. + */ + protected List findKeys(@Nullable ClusterNode node, IgniteCache cache, + final int cnt, final int startFrom, final int type) { assert cnt > 0 : cnt; final List found = new ArrayList<>(cnt); - final ClusterNode locNode = localNode(cache); + final ClusterNode node0 = node != null ? node : localNode(cache); final Affinity aff = (Affinity)affinity(cache); @@ -1107,11 +1119,11 @@ protected List findKeys(IgniteCache cache, final int cnt, final i boolean ok; if (type == 0) - ok = aff.isPrimary(locNode, key); + ok = aff.isPrimary(node0, key); else if (type == 1) - ok = aff.isBackup(locNode, key); + ok = aff.isBackup(node0, key); else if (type == 2) - ok = !aff.isPrimaryOrBackup(locNode, key); + ok = !aff.isPrimaryOrBackup(node0, key); else { fail(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java index 5e0c9ddc5a78f..b0865023c256f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java @@ -18,7 +18,6 @@ package org.apache.ignite.internal.processor.security; import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.cache.affinity.Affinity; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; @@ -54,18 +53,11 @@ protected CacheConfiguration[] getCacheConfigurations() { * @param ignite Node. * @return Key. */ - protected static Integer prmKey(IgniteEx ignite) { - Affinity affinity = ignite.affinity(CACHE_NAME); - - int i = 0; - do { - if (affinity.isPrimary(ignite.localNode(), ++i)) - return i; - - } - while (i <= 1_000); - - throw new IllegalStateException(ignite.name() + " isn't primary node for any key."); + protected Integer prmKey(IgniteEx ignite) { + return findKeys(ignite.localNode(), ignite.cache(CACHE_NAME), 1, 0, 0) + .stream() + .findFirst() + .orElseThrow(() -> new IllegalStateException(ignite.name() + " isn't primary node for any key.")); } /** @@ -74,7 +66,7 @@ protected static Integer prmKey(IgniteEx ignite) { * @param nodeName Node name. * @return Key. */ - protected static Integer prmKey(String nodeName) { + protected Integer prmKey(String nodeName) { return prmKey((IgniteEx)G.ignite(nodeName)); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 45adf650b3595..7d7447ee6ffd0 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -18,6 +18,7 @@ package org.apache.ignite.internal.processor.security; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.List; @@ -40,6 +41,33 @@ * */ public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSecurityTest { + /** Transition load cache. */ + protected static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; + + /** Name of server initiator node. */ + protected static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + protected static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server feature call node. */ + protected static final String SRV_FEATURE_CALL = "srv_feature_call"; + + /** Name of client feature call node. */ + protected static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + + /** Name of server feature transit node. */ + protected static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + + /** Name of client feature transit node. */ + protected static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; + + /** Name of server endpoint node. */ + protected static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client endpoint node. */ + protected static final String CLNT_ENDPOINT = "clnt_endpoint"; + /** Verifier to check results of tests. */ private static final Verifier VERIFIER = new Verifier(); @@ -80,6 +108,36 @@ protected UUID secSubjectId(String name) { return secSubjectId(grid(name)); } + /** + * @return Collection of feature call nodes ids. + */ + protected Collection featureCalls() { + return Arrays.asList( + nodeId(SRV_FEATURE_CALL), + nodeId(CLNT_FEATURE_CALL) + ); + } + + /** + * @return Collection of feature transit nodes ids. + */ + protected Collection featureTransitions() { + return Arrays.asList( + nodeId(SRV_FEATURE_TRANSITION), + nodeId(CLNT_FEATURE_TRANSITION) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + protected Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + /** * @param name Node name. * @return Node id. diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java index c4d63a5743dc5..00efcc1f00dbe 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java @@ -53,12 +53,10 @@ public class AbstractSecurityTest extends GridCommonAbstractTest { /** * @param instanceName Instance name. - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. + * @param secCfg Security plugin configuration. */ protected IgniteConfiguration getConfiguration(String instanceName, - String login, String pwd, SecurityPermissionSet prmSet) throws Exception { + TestSecurityPluginConfiguration secCfg) throws Exception { return getConfiguration(instanceName) .setDataStorageConfiguration( @@ -68,13 +66,7 @@ protected IgniteConfiguration getConfiguration(String instanceName, ) ) .setAuthenticationEnabled(true) - .setPluginConfigurations( - new TestSecurityPluginConfiguration() - .setSecurityProcessorClass(TEST_SECURITY_PROCESSOR) - .setLogin(login) - .setPwd(pwd) - .setPermissions(prmSet) - ); + .setPluginConfigurations(secCfg); } /** @@ -85,7 +77,21 @@ protected IgniteConfiguration getConfiguration(String instanceName, */ protected IgniteConfiguration getConfiguration(int idx, String login, String pwd, SecurityPermissionSet prmSet) throws Exception { - return getConfiguration(getTestIgniteInstanceName(idx), login, pwd, prmSet); + return getConfiguration(getTestIgniteInstanceName(idx), secPluginCfg(login, pwd, prmSet)); + } + + /** + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + * @return Security plaugin configuration. + */ + protected TestSecurityPluginConfiguration secPluginCfg(String login, String pwd, SecurityPermissionSet prmSet){ + return new TestSecurityPluginConfiguration() + .setSecurityProcessorClass(TEST_SECURITY_PROCESSOR) + .setLogin(login) + .setPwd(pwd) + .setPermissions(prmSet); } /** @@ -113,7 +119,8 @@ protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prm protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, boolean isClient) throws Exception { return startGrid( - getConfiguration(login, login, "", prmSet).setClientMode(isClient) + getConfiguration(login, secPluginCfg(login, "", prmSet)) + .setClientMode(isClient) ); } @@ -134,7 +141,8 @@ protected IgniteEx startClient(String login, SecurityPermissionSet prmSet) throw protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet, boolean isClient) throws Exception { return startGrid( - getConfiguration(login, login, pwd, prmSet).setClientMode(isClient) + getConfiguration(login, secPluginCfg(login, pwd, prmSet)) + .setClientMode(isClient) ); } @@ -146,7 +154,7 @@ protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prm */ protected IgniteEx startGrid(String instanceName, String login, String pwd, SecurityPermissionSet prmSet) throws Exception { - return startGrid(getConfiguration(instanceName, login, pwd, prmSet)); + return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet))); } /** @@ -158,7 +166,8 @@ protected IgniteEx startGrid(String instanceName, String login, String pwd, */ protected IgniteEx startGrid(String instanceName, String login, String pwd, SecurityPermissionSet prmSet, boolean isClient) throws Exception { - return startGrid(getConfiguration(instanceName, login, pwd, prmSet).setClientMode(isClient)); + return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet)) + .setClientMode(isClient)); } /** @@ -180,15 +189,15 @@ protected SecurityPermissionSet allowAllPermissionSet() { * * @param r Runnable. */ - protected void forbiddenRun(TestRunnable r) { - forbiddenRun(r, SecurityException.class); + protected void assertForbidden(TestRunnable r) { + assertForbidden(r, SecurityException.class); } /** * @param r Runnable. * @param types Array of expected exception types. */ - protected void forbiddenRun(TestRunnable r, Class... types) { + protected void assertForbidden(TestRunnable r, Class... types) { try { r.run(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java index c6ec1ca1cad14..4fdea51ddcad4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java @@ -67,10 +67,13 @@ private void testCrudCachePermissions(boolean isClient) throws Exception { for (Consumer> c : consumers()) { c.accept(node.cache(CACHE_NAME)); - forbiddenRun(() -> c.accept(node.cache(FORBIDDEN_CACHE))); + assertForbidden(() -> c.accept(node.cache(FORBIDDEN_CACHE))); } } + /** + * @return Collection of consumers to invoke a cache operation. + */ private List>> consumers() { return Arrays.asList( (c) -> c.put("key", "value"), diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java index fc05433968c66..7a8a9a9f85655 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java @@ -17,14 +17,15 @@ package org.apache.ignite.internal.processor.security.cache; -import java.util.function.Consumer; +import java.util.Arrays; +import java.util.List; +import java.util.function.BiConsumer; +import java.util.stream.Stream; import org.apache.ignite.Ignite; import org.apache.ignite.cache.CacheEntryProcessor; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.T2; -import org.apache.ignite.internal.util.typedef.X; -import org.apache.ignite.plugin.security.SecurityException; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -32,7 +33,6 @@ import static java.util.Collections.singleton; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; -import static org.hamcrest.CoreMatchers.notNullValue; import static org.hamcrest.core.Is.is; import static org.hamcrest.core.IsNull.nullValue; import static org.junit.Assert.assertThat; @@ -59,82 +59,33 @@ public void test() throws Exception { srvNode.cluster().active(true); - invoke(srvNode); - invoke(clientNode); + Stream.of(srvNode, clientNode) + .forEach( + (n) -> consumers(n).forEach( + (c) -> { + assertAllowed(n, c); - invokeAll(srvNode); - invokeAll(clientNode); - - invokeAsync(srvNode); - invokeAsync(clientNode); - - invokeAsyncAll(srvNode); - invokeAsyncAll(clientNode); + assertForbidden(n, c); + } + ) + ); } /** - * @param node Node. + * @return Collection of consumers to invoke entry processor. */ - private void invoke(Ignite node) { - assertAllowed(node, - (t) -> node.cache(CACHE_NAME).invoke( - t.getKey(), processor(t) - ) - ); - - assertForbidden(node, - (t) -> node.cache(FORBIDDEN_CACHE).invoke( + private List>> consumers(final Ignite node) { + return Arrays.asList( + (cacheName, t) -> node.cache(cacheName).invoke( t.getKey(), processor(t) - ) - ); - } - - /** - * @param node Node. - */ - private void invokeAll(Ignite node) { - assertAllowed(node, - (t) -> node.cache(CACHE_NAME).invokeAll( - singleton(t.getKey()), processor(t) - ) - ); - - assertForbidden(node, - (t) -> node.cache(FORBIDDEN_CACHE).invokeAll( + ), + (cacheName, t) -> node.cache(cacheName).invokeAll( singleton(t.getKey()), processor(t) - ) - ); - } - - /** - * @param node Node. - */ - private void invokeAsync(Ignite node) { - assertAllowed(node, - (t) -> node.cache(CACHE_NAME).invokeAsync( - t.getKey(), processor(t) - ).get() - ); - - assertForbidden(node, - (t) -> node.cache(FORBIDDEN_CACHE).invokeAsync( + ), + (cacheName, t) -> node.cache(cacheName).invokeAsync( t.getKey(), processor(t) - ).get() - ); - } - - /** - * @param node Node. - */ - private void invokeAsyncAll(Ignite node) { - assertAllowed(node, - (t) -> node.cache(CACHE_NAME).invokeAllAsync( - singleton(t.getKey()), processor(t) - ).get() - ); - - assertForbidden(node, - (t) -> node.cache(FORBIDDEN_CACHE).invokeAllAsync( + ).get(), + (cacheName, t) -> node.cache(cacheName).invokeAllAsync( singleton(t.getKey()), processor(t) ).get() ); @@ -154,29 +105,22 @@ private static CacheEntryProcessor processor(T2> c) { + private void assertAllowed(Ignite node, BiConsumer> c) { T2 entry = entry(); - c.accept(entry); + c.accept(CACHE_NAME, entry); - assertThat(validator.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); + assertThat(node.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); } /** * @param c Consumer. */ - protected void assertForbidden(Ignite validator, Consumer> c) { + private void assertForbidden(Ignite node, BiConsumer> c) { T2 entry = entry(); - try { - c.accept(entry); - - fail("Should not happen."); - } - catch (Throwable e) { - assertThat(X.cause(e, SecurityException.class), notNullValue()); - } + assertForbidden(() -> c.accept(FORBIDDEN_CACHE, entry)); - assertThat(validator.cache(CACHE_NAME).get(entry.getKey()), nullValue()); + assertThat(node.cache(CACHE_NAME).get(entry.getKey()), nullValue()); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java index b06ae70898e16..2038883e92078 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java @@ -63,7 +63,7 @@ private void testScanQuery(boolean isClient) throws Exception { assertFalse(node.cache(CACHE_NAME).query(new ScanQuery()).getAll().isEmpty()); - forbiddenRun(() -> node.cache(FORBIDDEN_CACHE).query(new ScanQuery()).getAll()); + assertForbidden(() -> node.cache(FORBIDDEN_CACHE).query(new ScanQuery()).getAll()); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index e78822bdf5c9a..de199ac1ef685 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -17,7 +17,6 @@ package org.apache.ignite.internal.processor.security.cache.closure; -import java.util.Arrays; import java.util.Collection; import java.util.UUID; import javax.cache.Cache; @@ -46,27 +45,6 @@ */ @RunWith(JUnit4.class) public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** Transition load cache. */ - private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; - - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -143,16 +121,6 @@ private void loadCache(Ignite node) { ); } - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - /** * Closure for tests. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index c478f83c0d4dc..f51b4eb675b35 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -43,24 +43,6 @@ */ @RunWith(JUnit4.class) public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -141,16 +123,6 @@ private List featureRuns() { ); } - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - /** * Entry processor for tests with transition invoke call. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 28f9c8a90b7c0..fbc7686d253ce 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -17,7 +17,6 @@ package org.apache.ignite.internal.processor.security.cache.closure; -import java.util.Arrays; import java.util.Collection; import java.util.UUID; import javax.cache.Cache; @@ -42,27 +41,6 @@ */ @RunWith(JUnit4.class) public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of client feature call node. */ - private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -143,26 +121,6 @@ private IgniteRunnable[] runnables() { }; } - /** - * @return Collection of feature call nodes ids. - */ - private Collection featureCalls() { - return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - /** * Common closure for tests. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java index 45ee1ee63b1f9..62a4bcd3225fc 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java @@ -27,13 +27,10 @@ import org.apache.ignite.client.IgniteClient; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.ClientConfiguration; -import org.apache.ignite.configuration.DataRegionConfiguration; -import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractSecurityTest; import org.apache.ignite.internal.processor.security.TestSecurityData; -import org.apache.ignite.internal.processor.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiTuple; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; @@ -86,7 +83,7 @@ public class ThinClientPermissionCheckTest extends AbstractSecurityTest { /** * @param clientData Array of client security data. */ - protected IgniteConfiguration getConfiguration(TestSecurityData... clientData) throws Exception { + private IgniteConfiguration getConfiguration(TestSecurityData... clientData) throws Exception { return getConfiguration(G.allGrids().size(), clientData); } @@ -94,26 +91,14 @@ protected IgniteConfiguration getConfiguration(TestSecurityData... clientData) t * @param idx Index. * @param clientData Array of client security data. */ - protected IgniteConfiguration getConfiguration(int idx, + private IgniteConfiguration getConfiguration(int idx, TestSecurityData... clientData) throws Exception { String instanceName = getTestIgniteInstanceName(idx); - return getConfiguration(instanceName) - .setDataStorageConfiguration( - new DataStorageConfiguration() - .setDefaultDataRegionConfiguration( - new DataRegionConfiguration().setPersistenceEnabled(true) - ) - ) - .setAuthenticationEnabled(true) - .setPluginConfigurations( - new TestSecurityPluginConfiguration() - .setSecurityProcessorClass(TEST_SECURITY_PROCESSOR) - .setLogin("srv_" + instanceName) - .setPermissions(allowAllPermissionSet()) - .thinClientSecData(clientData) - ) + return getConfiguration(instanceName, + secPluginCfg("srv_" + instanceName, null, allowAllPermissionSet()) + .thinClientSecData(clientData)) .setCacheConfiguration( new CacheConfiguration().setName(CACHE), new CacheConfiguration().setName(FORBIDDEN_CACHE) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java index 4dca6ca07aee7..c65d644c778d8 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java @@ -136,7 +136,7 @@ public void test() throws Exception { allowedRun(r); for (TestRunnable r : runnables(srvForbidden, clntForbidden)) - forbiddenRun(r); + assertForbidden(r); for (Supplier s : suppliers(srvAllowed, clntAllowed)) allowedCancel(s); @@ -228,7 +228,7 @@ private void forbiddenCancel(Supplier s) { try { FutureAdapter f = s.get(); - forbiddenRun(f::cancel); + assertForbidden(f::cancel); } finally { RNT_LOCK.unlock(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 0247c1ab0874d..2631794067f61 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -17,7 +17,6 @@ package org.apache.ignite.internal.processor.security.compute.closure; -import java.util.Arrays; import java.util.Collection; import java.util.HashMap; import java.util.List; @@ -46,30 +45,6 @@ * operation security context is the initiator context. */ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of client feature call node. */ - private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of client feature transit node. */ - private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -142,36 +117,6 @@ private void runAndCheck(IgniteEx initiator) { ); } - /** - * @return Collection of feature call nodes ids. - */ - private Collection featureCalls() { - return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) - ); - } - - /** - * @return Collection of feature transit nodes ids. - */ - private Collection featureTransitions() { - return Arrays.asList( - nodeId(SRV_FEATURE_TRANSITION), - nodeId(CLNT_FEATURE_TRANSITION) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - /** * Compute task for tests. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 9855dc8966ecf..e06f1c1010d53 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -41,30 +41,6 @@ */ public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of client feature call node. */ - private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of client feature transit node. */ - private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -121,36 +97,6 @@ private void runAndCheck(IgniteEx initiator) { } } - /** - * @return Collection of feature call nodes ids. - */ - private Collection featureCalls() { - return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) - ); - } - - /** - * @return Collection of feature transit nodes ids. - */ - private Collection featureTransitions() { - return Arrays.asList( - nodeId(SRV_FEATURE_TRANSITION), - nodeId(CLNT_FEATURE_TRANSITION) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - /** * @return Collection of consumers to call compute methods. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index 12cd818e0e2b7..c60e8d82e920c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -17,7 +17,6 @@ package org.apache.ignite.internal.processor.security.compute.closure; -import java.util.Arrays; import java.util.Collection; import java.util.UUID; import java.util.concurrent.ExecutorService; @@ -40,30 +39,6 @@ */ @RunWith(JUnit4.class) public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of client feature call node. */ - private static final String CLNT_FEATURE_CALL = "clnt_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of client feature transit node. */ - private static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -133,36 +108,6 @@ private void runAndCheck(IgniteEx initiator) { ); } - /** - * @return Collection of feature call nodes ids. - */ - private Collection featureCalls() { - return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) - ); - } - - /** - * @return Collection of feature transit nodes ids. - */ - private Collection featureTransitions() { - return Arrays.asList( - nodeId(SRV_FEATURE_TRANSITION), - nodeId(CLNT_FEATURE_TRANSITION) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - /** * Runnable for tests. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java index bd5c733d350d1..cd222c99d74aa 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -17,13 +17,13 @@ package org.apache.ignite.internal.processor.security.datastreamer; +import java.util.Arrays; +import java.util.List; import java.util.Map; import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; -import org.apache.ignite.internal.util.typedef.X; -import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.junit.Test; import org.junit.runner.RunWith; @@ -31,8 +31,6 @@ import static java.util.Collections.singletonList; import static java.util.Collections.singletonMap; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.junit.Assert.assertThat; /** * Test cache permissions for Data Streamer. @@ -66,27 +64,32 @@ private void testDataStreamer(boolean isClient) throws Exception { .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) .build(), isClient); - allowed(node, s -> s.addData("k", 1)); - forbidden(node, s -> s.addData("k", 1)); + consumers().forEach( + (c) -> { + assertAllowed(node, c); - allowed(node, s -> s.addData(singletonMap("key", 2))); - forbidden(node, s -> s.addData(singletonMap("key", 2))); - - Map.Entry entry = entry(); - - allowed(node, s -> s.addData(entry)); - forbidden(node, s -> s.addData(entry)); - - allowed(node, s -> s.addData(singletonList(entry()))); - forbidden(node, s -> s.addData(singletonList(entry()))); + assertForbidden(node, c); + } + ); + } + /** + * @return Collections of consumers to invoke data streamer addData method. + */ + private List>> consumers() { + return Arrays.asList( + s -> s.addData("k", 1), + s -> s.addData(singletonMap("key", 2)), + s -> s.addData((Map.Entry)entry()), + s -> s.addData(singletonList(entry())) + ); } /** * @param node Node. * @param c Consumer. */ - private void allowed(Ignite node, Consumer> c) { + private void assertAllowed(Ignite node, Consumer> c) { try (IgniteDataStreamer s = node.dataStreamer(CACHE_NAME)) { c.accept(s); } @@ -96,14 +99,12 @@ private void allowed(Ignite node, Consumer> * @param node Node. * @param c Consumer. */ - private void forbidden(Ignite node, Consumer> c) { - try (IgniteDataStreamer s = node.dataStreamer(FORBIDDEN_CACHE)) { - c.accept(s); - - fail("Should not happen"); - } - catch (Throwable e) { - assertThat(X.cause(e, SecurityException.class), notNullValue()); - } + private void assertForbidden(Ignite node, Consumer> c) { + assertForbidden(() -> { + try (IgniteDataStreamer s = node.dataStreamer(FORBIDDEN_CACHE)) { + c.accept(s); + } + } + ); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 98409787f9661..40d25fd0021e1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -17,7 +17,6 @@ package org.apache.ignite.internal.processor.security.datastreamer.closure; -import java.util.Arrays; import java.util.Collection; import java.util.Map; import java.util.UUID; @@ -42,24 +41,6 @@ */ @RunWith(JUnit4.class) public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** Name of server initiator node. */ - private static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - private static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - private static final String SRV_FEATURE_CALL = "srv_feature_call"; - - /** Name of server feature transit node. */ - private static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; - - /** Name of server endpoint node. */ - private static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - private static final String CLNT_ENDPOINT = "clnt_endpoint"; - /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -113,16 +94,6 @@ private void runAndCheck(String name) { ); } - /** - * @return Collection of endpont nodes ids. - */ - private Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - /** * @param node Node. */ From fcb78db4844c2593822dca81923f2dc8a9bcc077 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 20 Mar 2019 10:45:51 +0300 Subject: [PATCH 74/98] IGNITE-9560 fix comments --- ...bstractRemoteSecurityContextCheckTest.java | 10 +++---- ...cheLoadRemoteSecurityContextCheckTest.java | 8 +++--- ...ocessorRemoteSecurityContextCheckTest.java | 8 +++--- ...anQueryRemoteSecurityContextCheckTest.java | 10 +++---- ...uteTaskRemoteSecurityContextCheckTest.java | 12 ++++----- ...ClosureRemoteSecurityContextCheckTest.java | 27 +++++++------------ ...ServiceRemoteSecurityContextCheckTest.java | 12 ++++----- ...treamerRemoteSecurityContextCheckTest.java | 8 +++--- 8 files changed, 44 insertions(+), 51 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 7d7447ee6ffd0..60f94499a1219 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -72,7 +72,7 @@ public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSec private static final Verifier VERIFIER = new Verifier(); /** - * Registers current security context and incriments invoke's counter. + * Registers current security context and increments invoke's counter. */ protected static void register() { VERIFIER.register((IgniteEx)Ignition.localIgnite()); @@ -212,16 +212,16 @@ private Verifier start(UUID expSecSubjId) { * passed name. * * @param nodeName Node name. - * @param exp Expected number of invokes. + * @param num Expected number of invokes. */ - public Verifier add(String nodeName, int exp) { - map.put(nodeName, new T2<>(exp, 0)); + public Verifier expect(String nodeName, int num) { + map.put(nodeName, new T2<>(num, 0)); return this; } /** - * Registers current security context and incriments invoke's counter. + * Registers current security context and increments invoke's counter. * * @param ignite Local node. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index de199ac1ef685..2cc53e4278d84 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -67,10 +67,10 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 1) - .add(SRV_ENDPOINT, 1) - .add(CLNT_ENDPOINT, 1); + .expect(SRV_FEATURE_CALL, 1) + .expect(SRV_FEATURE_TRANSITION, 1) + .expect(SRV_ENDPOINT, 1) + .expect(CLNT_ENDPOINT, 1); } /** {@inheritDoc} */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index f51b4eb675b35..7d140bf4cd7bf 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -65,10 +65,10 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 1) - .add(SRV_ENDPOINT, 1) - .add(CLNT_ENDPOINT, 1); + .expect(SRV_FEATURE_CALL, 1) + .expect(SRV_FEATURE_TRANSITION, 1) + .expect(SRV_ENDPOINT, 1) + .expect(CLNT_ENDPOINT, 1); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index fbc7686d253ce..19ee1bf691c10 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -65,11 +65,11 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_FEATURE_CALL, 1) - .add(CLNT_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 2) - .add(SRV_ENDPOINT, 2) - .add(CLNT_ENDPOINT, 2); + .expect(SRV_FEATURE_CALL, 1) + .expect(CLNT_FEATURE_CALL, 1) + .expect(SRV_FEATURE_TRANSITION, 2) + .expect(SRV_ENDPOINT, 2) + .expect(CLNT_ENDPOINT, 2); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 2631794067f61..5dfaa297a8e42 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -71,12 +71,12 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_FEATURE_CALL, 1) - .add(CLNT_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 2) - .add(CLNT_FEATURE_TRANSITION, 2) - .add(SRV_ENDPOINT, 4) - .add(CLNT_ENDPOINT, 4); + .expect(SRV_FEATURE_CALL, 1) + .expect(CLNT_FEATURE_CALL, 1) + .expect(SRV_FEATURE_TRANSITION, 2) + .expect(CLNT_FEATURE_TRANSITION, 2) + .expect(SRV_ENDPOINT, 4) + .expect(CLNT_ENDPOINT, 4); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index e06f1c1010d53..0f885dc697e22 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -67,12 +67,12 @@ public class DistributedClosureRemoteSecurityContextCheckTest /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_FEATURE_CALL, 1) - .add(CLNT_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 2) - .add(CLNT_FEATURE_TRANSITION, 2) - .add(SRV_ENDPOINT, 4) - .add(CLNT_ENDPOINT, 4); + .expect(SRV_FEATURE_CALL, 1) + .expect(CLNT_FEATURE_CALL, 1) + .expect(SRV_FEATURE_TRANSITION, 2) + .expect(CLNT_FEATURE_TRANSITION, 2) + .expect(SRV_ENDPOINT, 4) + .expect(CLNT_ENDPOINT, 4); } /** @@ -178,10 +178,8 @@ private CommonClosure(Collection endpoints) { this.endpoints = endpoints; } - /** - * Main logic of CommonClosure. - */ - private void body() { + /** {@inheritDoc} */ + @Override public void run() { register(); Ignite ignite = Ignition.localIgnite(); @@ -194,21 +192,16 @@ private void body() { } } - /** {@inheritDoc} */ - @Override public void run() { - body(); - } - /** {@inheritDoc} */ @Override public Object call() { - body(); + run(); return null; } /** {@inheritDoc} */ @Override public Object apply(Object o) { - body(); + run(); return null; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index c60e8d82e920c..057e348eec4ab 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -65,12 +65,12 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_FEATURE_CALL, 1) - .add(CLNT_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 2) - .add(CLNT_FEATURE_TRANSITION, 2) - .add(SRV_ENDPOINT, 4) - .add(CLNT_ENDPOINT, 4); + .expect(SRV_FEATURE_CALL, 1) + .expect(CLNT_FEATURE_CALL, 1) + .expect(SRV_FEATURE_TRANSITION, 2) + .expect(CLNT_FEATURE_TRANSITION, 2) + .expect(SRV_ENDPOINT, 4) + .expect(CLNT_ENDPOINT, 4); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 40d25fd0021e1..cc529e0772f55 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -63,10 +63,10 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .add(SRV_FEATURE_CALL, 1) - .add(SRV_FEATURE_TRANSITION, 1) - .add(SRV_ENDPOINT, 1) - .add(CLNT_ENDPOINT, 1); + .expect(SRV_FEATURE_CALL, 1) + .expect(SRV_FEATURE_TRANSITION, 1) + .expect(SRV_ENDPOINT, 1) + .expect(CLNT_ENDPOINT, 1); } /** From d839df9b39193a0abfb657d5f0470961305f4cdb Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 20 Mar 2019 19:48:37 +0300 Subject: [PATCH 75/98] IGNITE-9560 fix comments --- ...bstractRemoteSecurityContextCheckTest.java | 129 ++++++++++++++--- ...cheLoadRemoteSecurityContextCheckTest.java | 58 ++++---- ...ocessorRemoteSecurityContextCheckTest.java | 92 ++++-------- ...anQueryRemoteSecurityContextCheckTest.java | 44 +++--- ...uteTaskRemoteSecurityContextCheckTest.java | 64 ++++----- ...ClosureRemoteSecurityContextCheckTest.java | 135 ++++-------------- ...ServiceRemoteSecurityContextCheckTest.java | 81 +++-------- ...treamerRemoteSecurityContextCheckTest.java | 76 ++++------ 8 files changed, 297 insertions(+), 382 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 60f94499a1219..575405b126267 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -22,15 +22,24 @@ import java.util.Collection; import java.util.Collections; import java.util.List; +import java.util.Map; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import java.util.function.BiFunction; +import javax.cache.processor.EntryProcessor; +import javax.cache.processor.EntryProcessorException; +import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCache; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteCallable; +import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.plugin.security.SecurityException; import static org.hamcrest.CoreMatchers.notNullValue; @@ -51,16 +60,16 @@ public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSec protected static final String CLNT_INITIATOR = "clnt_initiator"; /** Name of server feature call node. */ - protected static final String SRV_FEATURE_CALL = "srv_feature_call"; + protected static final String SRV_RUN = "srv_run"; /** Name of client feature call node. */ - protected static final String CLNT_FEATURE_CALL = "clnt_feature_call"; + protected static final String CLNT_RUN = "clnt_run"; /** Name of server feature transit node. */ - protected static final String SRV_FEATURE_TRANSITION = "srv_feature_transition"; + protected static final String SRV_CHECK = "srv_check"; /** Name of client feature transit node. */ - protected static final String CLNT_FEATURE_TRANSITION = "clnt_feature_transition"; + protected static final String CLNT_CHECK = "clnt_check"; /** Name of server endpoint node. */ protected static final String SRV_ENDPOINT = "srv_endpoint"; @@ -111,20 +120,20 @@ protected UUID secSubjectId(String name) { /** * @return Collection of feature call nodes ids. */ - protected Collection featureCalls() { + protected Collection nodesToRun() { return Arrays.asList( - nodeId(SRV_FEATURE_CALL), - nodeId(CLNT_FEATURE_CALL) + nodeId(SRV_RUN), + nodeId(CLNT_RUN) ); } /** * @return Collection of feature transit nodes ids. */ - protected Collection featureTransitions() { + protected Collection nodesToCheck() { return Arrays.asList( - nodeId(SRV_FEATURE_TRANSITION), - nodeId(CLNT_FEATURE_TRANSITION) + nodeId(SRV_CHECK), + nodeId(CLNT_CHECK) ); } @@ -160,18 +169,28 @@ protected void assertCauseSecurityException(Throwable throwable) { */ protected abstract void setupVerifier(Verifier verifier); + /** + * @param initiator Node that initiates an execution. + * @param runnable Check case. + */ + protected void runAndCheck(IgniteEx initiator, IgniteRunnable runnable) { + runAndCheck(initiator, Collections.singleton(runnable)); + } + /** * Sets up VERIFIER, performs the runnable and checks the result. * - * @param secSubjId Expected security subject id. - * @param r Runnable. + * @param initiator Node that initiates an execution. + * @param runnables Collection of check cases. */ - protected final void runAndCheck(UUID secSubjId, Runnable r) { - setupVerifier(VERIFIER.start(secSubjId)); + protected void runAndCheck(IgniteEx initiator, Collection runnables) { + for (IgniteRunnable r : runnables) { + setupVerifier(VERIFIER.start(secSubjectId(initiator))); - r.run(); + compute(initiator, nodesToRun()).broadcast(r); - VERIFIER.checkResult(); + VERIFIER.checkResult(); + } } /** @@ -264,4 +283,82 @@ private void checkResult() { expSecSubjId = null; } } + + /** + * Common closure for tests. + */ + protected static class CommonClosure implements + IgniteRunnable, + IgniteCallable, + IgniteClosure, + EntryProcessor, + IgniteBiInClosure, Map.Entry> { + + /** Runnable. */ + private final IgniteRunnable runnable; + + /** Collection of endpoint node ids. */ + private final Collection endpoints; + + /** + * @param runnable Runnable. + */ + public CommonClosure(IgniteRunnable runnable) { + assert runnable != null; + + this.runnable = runnable; + endpoints = Collections.emptyList(); + } + + /** + * @param endpoints Collection of endpoint node ids. + */ + public CommonClosure(Collection endpoints) { + assert !endpoints.isEmpty(); + + runnable = null; + this.endpoints = endpoints; + } + + /** {@inheritDoc} */ + @Override public void run() { + register(); + + Ignite ignite = Ignition.localIgnite(); + + if (runnable != null) + runnable.run(); + else { + compute(ignite, endpoints) + .broadcast(() -> register()); + } + } + + /** {@inheritDoc} */ + @Override public Object call() { + run(); + + return null; + } + + /** {@inheritDoc} */ + @Override public Object apply(Object o) { + run(); + + return null; + } + + /** {@inheritDoc} */ + @Override public Object process(MutableEntry entry, + Object... arguments) throws EntryProcessorException { + run(); + + return null; + } + + /** {@inheritDoc} */ + @Override public void apply(IgniteCache entries, Map.Entry entry) { + run(); + } + } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 2cc53e4278d84..ab5381acae1cb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -18,6 +18,7 @@ package org.apache.ignite.internal.processor.security.cache.closure; import java.util.Collection; +import java.util.Collections; import java.util.UUID; import javax.cache.Cache; import javax.cache.configuration.Factory; @@ -31,6 +32,7 @@ import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.resources.IgniteInstanceResource; import org.junit.Test; import org.junit.runner.RunWith; @@ -53,9 +55,9 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat startClient(CLNT_INITIATOR, allowAllPermissionSet()); - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + startGrid(SRV_RUN, allowAllPermissionSet()); - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_CHECK, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); @@ -64,15 +66,6 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat G.allGrids().get(0).cluster().active(true); } - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .expect(SRV_FEATURE_CALL, 1) - .expect(SRV_FEATURE_TRANSITION, 1) - .expect(SRV_ENDPOINT, 1) - .expect(CLNT_ENDPOINT, 1); - } - /** {@inheritDoc} */ @Override protected CacheConfiguration[] getCacheConfigurations() { return new CacheConfiguration[] { @@ -87,29 +80,38 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat }; } + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .expect(SRV_RUN, 1) + .expect(SRV_CHECK, 1) + .expect(SRV_ENDPOINT, 1) + .expect(CLNT_ENDPOINT, 1); + } + /** * */ @Test public void test() { - runAndCheck(SRV_INITIATOR); - runAndCheck(CLNT_INITIATOR); + IgniteRunnable checkCase = () -> { + register(); + + loadCache(Ignition.localIgnite()); + }; + + runAndCheck(grid(SRV_INITIATOR), checkCase); + runAndCheck(grid(CLNT_INITIATOR), checkCase); } - /** - * @param name Initiator node name. - */ - private void runAndCheck(String name) { - runAndCheck( - secSubjectId(name), - () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( - () -> { - register(); - - loadCache(Ignition.localIgnite()); - } - ) - ); + /** {@inheritDoc} */ + @Override protected Collection nodesToRun() { + return Collections.singletonList(nodeId(SRV_RUN)); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToCheck() { + return Collections.singletonList(nodeId(SRV_CHECK)); } /** @@ -117,7 +119,7 @@ private void runAndCheck(String name) { */ private void loadCache(Ignite node) { node.cache(CACHE_NAME).loadCache( - new TestClosure(SRV_FEATURE_TRANSITION, endpoints()) + new TestClosure(SRV_CHECK, endpoints()) ); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 7d140bf4cd7bf..311686cdbad4c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -17,16 +17,14 @@ package org.apache.ignite.internal.processor.security.cache.closure; -import java.util.Arrays; +import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.UUID; -import javax.cache.processor.EntryProcessor; -import javax.cache.processor.EntryProcessorException; -import javax.cache.processor.MutableEntry; +import java.util.stream.Collectors; +import java.util.stream.Stream; import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; @@ -51,9 +49,9 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO startClient(CLNT_INITIATOR, allowAllPermissionSet()); - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + startGrid(SRV_RUN, allowAllPermissionSet()); - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_CHECK, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); @@ -65,8 +63,8 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .expect(SRV_FEATURE_CALL, 1) - .expect(SRV_FEATURE_TRANSITION, 1) + .expect(SRV_RUN, 1) + .expect(SRV_CHECK, 1) .expect(SRV_ENDPOINT, 1) .expect(CLNT_ENDPOINT, 1); } @@ -76,78 +74,42 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO */ @Test public void test() { - runAndCheck(grid(SRV_INITIATOR)); - runAndCheck(grid(CLNT_INITIATOR)); + runAndCheck(grid(SRV_INITIATOR), checkCases()); + runAndCheck(grid(CLNT_INITIATOR), checkCases()); } - /** - * @param initiator Node that initiates an execution. - */ - private void runAndCheck(IgniteEx initiator) { - UUID secSubjectId = secSubjectId(initiator); - - for (IgniteRunnable r : featureRuns()) { - runAndCheck( - secSubjectId, - () -> compute(initiator, nodeId(SRV_FEATURE_CALL)).broadcast( - () -> { - register(); - - r.run(); - } - ) - ); - } + /** {@inheritDoc} */ + @Override protected Collection nodesToRun() { + return Collections.singletonList(nodeId(SRV_RUN)); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToCheck() { + return Collections.singletonList(nodeId(SRV_CHECK)); } /** * @return Collection of runnables to call invoke methods. */ - private List featureRuns() { - final Integer key = prmKey(grid(SRV_FEATURE_TRANSITION)); + private List checkCases() { + final Integer key = prmKey(grid(SRV_CHECK)); - return Arrays.asList( + return Stream.of( () -> Ignition.localIgnite().cache(CACHE_NAME) - .invoke(key, new TestEntryProcessor(endpoints())), + .invoke(key, new CommonClosure(endpoints())), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAll(Collections.singleton(key), new TestEntryProcessor(endpoints())), + .invokeAll(Collections.singleton(key), new CommonClosure(endpoints())), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAsync(key, new TestEntryProcessor(endpoints())) + .invokeAsync(key, new CommonClosure(endpoints())) .get(), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), new TestEntryProcessor(endpoints())) + .invokeAllAsync(Collections.singleton(key), new CommonClosure(endpoints())) .get() - ); - } - - /** - * Entry processor for tests with transition invoke call. - */ - static class TestEntryProcessor implements EntryProcessor { - /** Collection of endpont nodes ids. */ - private final Collection endpoints; - - /** - * @param endpoints Collection of endpont nodes ids. - */ - public TestEntryProcessor(Collection endpoints) { - assert !endpoints.isEmpty(); - - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public Object process(MutableEntry entry, Object... objects) - throws EntryProcessorException { - register(); - - compute(Ignition.localIgnite(), endpoints) - .broadcast(() -> register()); - - return null; - } + ) + .map(CommonClosure::new) + .collect(Collectors.toCollection(ArrayList::new)); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 19ee1bf691c10..43b6cebfc2545 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -17,7 +17,9 @@ package org.apache.ignite.internal.processor.security.cache.closure; +import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.UUID; import javax.cache.Cache; import org.apache.ignite.Ignite; @@ -49,11 +51,11 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat startClient(CLNT_INITIATOR, allowAllPermissionSet()); - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + startGrid(SRV_RUN, allowAllPermissionSet()); - startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); + startClient(CLNT_RUN, allowAllPermissionSet()); - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_CHECK, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); @@ -65,9 +67,9 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .expect(SRV_FEATURE_CALL, 1) - .expect(CLNT_FEATURE_CALL, 1) - .expect(SRV_FEATURE_TRANSITION, 2) + .expect(SRV_RUN, 1) + .expect(CLNT_RUN, 1) + .expect(SRV_CHECK, 2) .expect(SRV_ENDPOINT, 2) .expect(CLNT_ENDPOINT, 2); } @@ -78,35 +80,30 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat @Test public void test() throws Exception { grid(SRV_INITIATOR).cache(CACHE_NAME) - .put(prmKey(grid(SRV_FEATURE_TRANSITION)), 1); + .put(prmKey(grid(SRV_CHECK)), 1); awaitPartitionMapExchange(); - runAndCheck(SRV_INITIATOR); - runAndCheck(CLNT_INITIATOR); + runAndCheck(grid(SRV_INITIATOR), runnables()); + runAndCheck(grid(CLNT_INITIATOR), runnables()); } - /** - * @param name Inintiator node name. - */ - private void runAndCheck(String name) { - for (IgniteRunnable r : runnables()) { - runAndCheck(secSubjectId(name), - () -> compute(grid(name), featureCalls()).broadcast(r)); - } + /** {@inheritDoc} */ + @Override protected Collection nodesToCheck() { + return Collections.singletonList(nodeId(SRV_CHECK)); } /** * */ - private IgniteRunnable[] runnables() { - return new IgniteRunnable[] { + private Collection runnables() { + return Arrays.asList( () -> { register(); Ignition.localIgnite().cache(CACHE_NAME).query( new ScanQuery<>( - new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) + new CommonClosure(SRV_CHECK, endpoints()) ) ).getAll(); }, @@ -115,16 +112,17 @@ private IgniteRunnable[] runnables() { Ignition.localIgnite().cache(CACHE_NAME).query( new ScanQuery<>((k, v) -> true), - new CommonClosure(SRV_FEATURE_TRANSITION, endpoints()) + new CommonClosure(SRV_CHECK, endpoints()) ).getAll(); } - }; + ); } /** * Common closure for tests. */ - static class CommonClosure implements IgniteClosure, Integer>, + static class CommonClosure implements + IgniteClosure, Integer>, IgniteBiPredicate { /** Expected local node name. */ private final String node; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 5dfaa297a8e42..1f271d1f69ad4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -17,6 +17,7 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Arrays; import java.util.Collection; import java.util.HashMap; import java.util.List; @@ -30,9 +31,9 @@ import org.apache.ignite.compute.ComputeJobResult; import org.apache.ignite.compute.ComputeJobResultPolicy; import org.apache.ignite.compute.ComputeTask; -import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.resources.IgniteInstanceResource; import org.jetbrains.annotations.Nullable; import org.junit.Test; @@ -40,8 +41,8 @@ /** * Testing operation security context when the compute task is executed on remote nodes. *

      - * The initiator node broadcasts a task to feature call nodes that starts compute task. That compute task is executed - * on feature transition nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that + * The initiator node broadcasts a task to feature call nodes that starts compute task. That compute task is executed on + * feature transition nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that * operation security context is the initiator context. */ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { @@ -53,13 +54,13 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec startClient(CLNT_INITIATOR, allowAllPermissionSet()); - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + startGrid(SRV_RUN, allowAllPermissionSet()); - startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); + startClient(CLNT_RUN, allowAllPermissionSet()); - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_CHECK, allowAllPermissionSet()); - startClient(CLNT_FEATURE_TRANSITION, allowAllPermissionSet()); + startClient(CLNT_CHECK, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); @@ -71,10 +72,10 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .expect(SRV_FEATURE_CALL, 1) - .expect(CLNT_FEATURE_CALL, 1) - .expect(SRV_FEATURE_TRANSITION, 2) - .expect(CLNT_FEATURE_TRANSITION, 2) + .expect(SRV_RUN, 1) + .expect(CLNT_RUN, 1) + .expect(SRV_CHECK, 2) + .expect(CLNT_CHECK, 2) .expect(SRV_ENDPOINT, 4) .expect(CLNT_ENDPOINT, 4); } @@ -84,36 +85,29 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec */ @Test public void test() { - runAndCheck(grid(SRV_INITIATOR)); - runAndCheck(grid(CLNT_INITIATOR)); + runAndCheck(grid(SRV_INITIATOR), checkCases()); + runAndCheck(grid(CLNT_INITIATOR), checkCases()); } /** - * @param initiator Node that initiates an execution. + * @return Collection of check cases. */ - private void runAndCheck(IgniteEx initiator) { - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, featureCalls()).broadcast( - () -> { - register(); - - Ignition.localIgnite().compute().execute( - new TestComputeTask(featureTransitions(), endpoints()), 0 - ); - } - ) - ); + private List checkCases() { + return Arrays.asList( + () -> { + register(); - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, featureCalls()).broadcast( - () -> { - register(); + Ignition.localIgnite().compute().execute( + new TestComputeTask(nodesToCheck(), endpoints()), 0 + ); + }, + () -> { + register(); - Ignition.localIgnite().compute().executeAsync( - new TestComputeTask(featureTransitions(), endpoints()), 0 - ).get(); - } - ) + Ignition.localIgnite().compute().executeAsync( + new TestComputeTask(nodesToCheck(), endpoints()), 0 + ).get(); + } ); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 0f885dc697e22..38ea6753dbba9 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -17,26 +17,22 @@ package org.apache.ignite.internal.processor.security.compute.closure; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; +import java.util.ArrayList; import java.util.List; import java.util.UUID; -import org.apache.ignite.Ignite; +import java.util.stream.Collectors; +import java.util.stream.Stream; import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteCallable; -import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; /** * Testing operation security context when the compute closure is executed on remote nodes. *

      - * The initiator node broadcasts a task to feature call nodes that starts compute operation. That operation is executed - * on feature transition nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that + * The initiator node broadcasts a task to run nodes that starts compute operation. That operation is executed + * on check nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that * operation security context is the initiator context. */ public class DistributedClosureRemoteSecurityContextCheckTest @@ -49,13 +45,13 @@ public class DistributedClosureRemoteSecurityContextCheckTest startClient(CLNT_INITIATOR, allowAllPermissionSet()); - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + startGrid(SRV_RUN, allowAllPermissionSet()); - startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); + startClient(CLNT_RUN, allowAllPermissionSet()); - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_CHECK, allowAllPermissionSet()); - startClient(CLNT_FEATURE_TRANSITION, allowAllPermissionSet()); + startClient(CLNT_CHECK, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); @@ -67,10 +63,10 @@ public class DistributedClosureRemoteSecurityContextCheckTest /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .expect(SRV_FEATURE_CALL, 1) - .expect(CLNT_FEATURE_CALL, 1) - .expect(SRV_FEATURE_TRANSITION, 2) - .expect(CLNT_FEATURE_TRANSITION, 2) + .expect(SRV_RUN, 1) + .expect(CLNT_RUN, 1) + .expect(SRV_CHECK, 2) + .expect(CLNT_CHECK, 2) .expect(SRV_ENDPOINT, 4) .expect(CLNT_ENDPOINT, 4); } @@ -80,130 +76,59 @@ public class DistributedClosureRemoteSecurityContextCheckTest */ @Test public void test() { - runAndCheck(grid(SRV_INITIATOR)); - runAndCheck(grid(CLNT_INITIATOR)); + runAndCheck(grid(SRV_INITIATOR), checkCases()); + runAndCheck(grid(CLNT_INITIATOR), checkCases()); } /** - * @param initiator Initiator node. + * @return Collection of check cases. */ - private void runAndCheck(IgniteEx initiator) { - for (IgniteRunnable r : featureRuns()) { - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, featureCalls()).broadcast((IgniteRunnable) - new CommonClosure(r) - ) - ); - } - } - - /** - * @return Collection of consumers to call compute methods. - */ - private List featureRuns() { - return Arrays.asList( - () -> compute(Ignition.localIgnite(), featureTransitions()) + private List checkCases() { + return Stream.of( + () -> compute(Ignition.localIgnite(), nodesToCheck()) .broadcast((IgniteRunnable)new CommonClosure(endpoints())), - () -> compute(Ignition.localIgnite(), featureTransitions()) + + () -> compute(Ignition.localIgnite(), nodesToCheck()) .broadcastAsync((IgniteRunnable)new CommonClosure(endpoints())) .get(), () -> { - for (UUID id : featureTransitions()) { + for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) .call(new CommonClosure(endpoints())); } }, () -> { - for (UUID id : featureTransitions()) { + for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) .callAsync(new CommonClosure(endpoints())).get(); } }, () -> { - for (UUID id : featureTransitions()) { + for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) .run(new CommonClosure(endpoints())); } }, () -> { - for (UUID id : featureTransitions()) { + for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) .runAsync(new CommonClosure(endpoints())).get(); } }, () -> { - for (UUID id : featureTransitions()) { + for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) .apply(new CommonClosure(endpoints()), new Object()); } }, () -> { - for (UUID id : featureTransitions()) { + for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) .applyAsync(new CommonClosure(endpoints()), new Object()).get(); } } - ); - } - - /** - * Common closure for tests. - */ - static class CommonClosure implements IgniteRunnable, IgniteCallable, - IgniteClosure { - - /** Runnable. */ - private final IgniteRunnable runnable; - - /** Collection of endpoint node ids. */ - private final Collection endpoints; - - /** - * @param runnable Runnable. - */ - public CommonClosure(IgniteRunnable runnable) { - assert runnable != null; - - this.runnable = runnable; - endpoints = Collections.emptyList(); - } - - /** - * @param endpoints Collection of endpoint node ids. - */ - private CommonClosure(Collection endpoints) { - assert !endpoints.isEmpty(); - - runnable = null; - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public void run() { - register(); - - Ignite ignite = Ignition.localIgnite(); - - if (runnable != null) - runnable.run(); - else { - compute(ignite, endpoints) - .broadcast(() -> register()); - } - } - - /** {@inheritDoc} */ - @Override public Object call() { - run(); - - return null; - } - - /** {@inheritDoc} */ - @Override public Object apply(Object o) { - run(); - - return null; - } + ) + .map(CommonClosure::new) + .collect(Collectors.toCollection(ArrayList::new)); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index 057e348eec4ab..d14c0424acc75 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -17,12 +17,10 @@ package org.apache.ignite.internal.processor.security.compute.closure; -import java.util.Collection; import java.util.UUID; import java.util.concurrent.ExecutorService; import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; @@ -47,13 +45,13 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot startClient(CLNT_INITIATOR, allowAllPermissionSet()); - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + startGrid(SRV_RUN, allowAllPermissionSet()); - startClient(CLNT_FEATURE_CALL, allowAllPermissionSet()); + startClient(CLNT_RUN, allowAllPermissionSet()); - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_CHECK, allowAllPermissionSet()); - startClient(CLNT_FEATURE_TRANSITION, allowAllPermissionSet()); + startClient(CLNT_CHECK, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); @@ -65,10 +63,10 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .expect(SRV_FEATURE_CALL, 1) - .expect(CLNT_FEATURE_CALL, 1) - .expect(SRV_FEATURE_TRANSITION, 2) - .expect(CLNT_FEATURE_TRANSITION, 2) + .expect(SRV_RUN, 1) + .expect(CLNT_RUN, 1) + .expect(SRV_CHECK, 2) + .expect(CLNT_CHECK, 2) .expect(SRV_ENDPOINT, 4) .expect(CLNT_ENDPOINT, 4); } @@ -78,58 +76,25 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot */ @Test public void test() { - runAndCheck(grid(SRV_INITIATOR)); - runAndCheck(grid(CLNT_INITIATOR)); - } - - /** - * Performs test case. - */ - private void runAndCheck(IgniteEx initiator) { - runAndCheck(secSubjectId(initiator), - () -> compute(initiator, featureCalls()).broadcast( - () -> { - register(); - - Ignite loc = Ignition.localIgnite(); - - for (UUID nodeId : featureTransitions()) { - ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); - - try { - svc.submit(new TestIgniteRunnable(endpoints())).get(); - } - catch (Exception e) { - throw new RuntimeException(e); - } - } - } - ) - ); - } + IgniteRunnable checkCase = () -> { + register(); - /** - * Runnable for tests. - */ - static class TestIgniteRunnable implements IgniteRunnable { - /** Collection of endpoint node ids. */ - private final Collection endpoints; + Ignite loc = Ignition.localIgnite(); - /** - * @param endpoints Collection of endpoint node ids. - */ - public TestIgniteRunnable(Collection endpoints) { - assert !endpoints.isEmpty(); + for (UUID nodeId : nodesToCheck()) { + ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); - this.endpoints = endpoints; - } + try { + svc.submit((Runnable)new CommonClosure(endpoints())).get(); + } + catch (Exception e) { + throw new RuntimeException(e); + } + } + }; - /** {@inheritDoc} */ - @Override public void run() { - register(); - compute(Ignition.localIgnite(), endpoints) - .broadcast(() -> register()); - } + runAndCheck(grid(SRV_INITIATOR), checkCase); + runAndCheck(grid(CLNT_INITIATOR), checkCase); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index cc529e0772f55..dd0ccb1dd1914 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -18,15 +18,14 @@ package org.apache.ignite.internal.processor.security.datastreamer.closure; import java.util.Collection; -import java.util.Map; +import java.util.Collections; import java.util.UUID; import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteCache; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.stream.StreamVisitor; import org.junit.Test; import org.junit.runner.RunWith; @@ -49,9 +48,9 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe startClient(CLNT_INITIATOR, allowAllPermissionSet()); - startGrid(SRV_FEATURE_CALL, allowAllPermissionSet()); + startGrid(SRV_RUN, allowAllPermissionSet()); - startGrid(SRV_FEATURE_TRANSITION, allowAllPermissionSet()); + startGrid(SRV_CHECK, allowAllPermissionSet()); startGrid(SRV_ENDPOINT, allowAllPermissionSet()); @@ -63,8 +62,8 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe /** {@inheritDoc} */ @Override protected void setupVerifier(Verifier verifier) { verifier - .expect(SRV_FEATURE_CALL, 1) - .expect(SRV_FEATURE_TRANSITION, 1) + .expect(SRV_RUN, 1) + .expect(SRV_CHECK, 1) .expect(SRV_ENDPOINT, 1) .expect(CLNT_ENDPOINT, 1); } @@ -74,24 +73,24 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe */ @Test public void testDataStreamer() { - runAndCheck(SRV_INITIATOR); - runAndCheck(CLNT_INITIATOR); + IgniteRunnable checkCase = () -> { + register(); + + dataStreamer(Ignition.localIgnite()); + }; + + runAndCheck(grid(SRV_INITIATOR), checkCase); + runAndCheck(grid(CLNT_INITIATOR), checkCase); } - /** - * @param name Initiator node name. - */ - private void runAndCheck(String name) { - runAndCheck( - secSubjectId(name), - () -> compute(grid(name), nodeId(SRV_FEATURE_CALL)).broadcast( - () -> { - register(); - - dataStreamer(Ignition.localIgnite()); - } - ) - ); + /** {@inheritDoc} */ + @Override protected Collection nodesToRun() { + return Collections.singletonList(nodeId(SRV_RUN)); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToCheck() { + return Collections.singletonList(nodeId(SRV_CHECK)); } /** @@ -99,36 +98,9 @@ private void runAndCheck(String name) { */ private void dataStreamer(Ignite node) { try (IgniteDataStreamer strm = node.dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor.from(new TestClosure(endpoints()))); - - strm.addData(prmKey(grid(SRV_FEATURE_TRANSITION)), 100); - } - } - - /** - * Closure for tests. - */ - static class TestClosure implements - IgniteBiInClosure, Map.Entry> { - /** Endpoint node id. */ - private final Collection endpoints; - - /** - * @param endpoints Collection of endpont nodes ids. - */ - public TestClosure(Collection endpoints) { - assert !endpoints.isEmpty(); - - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public void apply(IgniteCache entries, - Map.Entry entry) { - register(); + strm.receiver(StreamVisitor.from(new CommonClosure(endpoints()))); - compute(Ignition.localIgnite(), endpoints) - .broadcast(() -> register()); + strm.addData(prmKey(grid(SRV_CHECK)), 100); } } } From 20a73eb2968fb80cf7e379244e0c737f02fa4bd7 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 21 Mar 2019 10:56:43 +0300 Subject: [PATCH 76/98] IGNITE-9560 fix comments --- ...bstractRemoteSecurityContextCheckTest.java | 19 +++++++++++-------- ...cheLoadRemoteSecurityContextCheckTest.java | 14 ++++---------- ...ocessorRemoteSecurityContextCheckTest.java | 10 +++------- ...anQueryRemoteSecurityContextCheckTest.java | 12 ++++++------ ...uteTaskRemoteSecurityContextCheckTest.java | 8 ++++---- ...ClosureRemoteSecurityContextCheckTest.java | 17 ++++++----------- 6 files changed, 34 insertions(+), 46 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 575405b126267..1847c119ed19f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -26,6 +26,7 @@ import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import java.util.function.BiFunction; +import java.util.stream.Stream; import javax.cache.processor.EntryProcessor; import javax.cache.processor.EntryProcessorException; import javax.cache.processor.MutableEntry; @@ -174,23 +175,25 @@ protected void assertCauseSecurityException(Throwable throwable) { * @param runnable Check case. */ protected void runAndCheck(IgniteEx initiator, IgniteRunnable runnable) { - runAndCheck(initiator, Collections.singleton(runnable)); + runAndCheck(initiator, Stream.of(runnable)); } /** * Sets up VERIFIER, performs the runnable and checks the result. * * @param initiator Node that initiates an execution. - * @param runnables Collection of check cases. + * @param runnables Stream of check cases. */ - protected void runAndCheck(IgniteEx initiator, Collection runnables) { - for (IgniteRunnable r : runnables) { - setupVerifier(VERIFIER.start(secSubjectId(initiator))); + protected void runAndCheck(IgniteEx initiator, Stream runnables) { + runnables.forEach( + r -> { + setupVerifier(VERIFIER.start(secSubjectId(initiator))); - compute(initiator, nodesToRun()).broadcast(r); + compute(initiator, nodesToRun()).broadcast(r); - VERIFIER.checkResult(); - } + VERIFIER.checkResult(); + } + ); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index ab5381acae1cb..c71754d1136ee 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -97,7 +97,10 @@ public void test() { IgniteRunnable checkCase = () -> { register(); - loadCache(Ignition.localIgnite()); + Ignition.localIgnite() + .cache(CACHE_NAME).loadCache( + new TestClosure(SRV_CHECK, endpoints()) + ); }; runAndCheck(grid(SRV_INITIATOR), checkCase); @@ -114,15 +117,6 @@ public void test() { return Collections.singletonList(nodeId(SRV_CHECK)); } - /** - * @param node Node. - */ - private void loadCache(Ignite node) { - node.cache(CACHE_NAME).loadCache( - new TestClosure(SRV_CHECK, endpoints()) - ); - } - /** * Closure for tests. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 311686cdbad4c..69f8dfa32acb1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -17,12 +17,9 @@ package org.apache.ignite.internal.processor.security.cache.closure; -import java.util.ArrayList; import java.util.Collection; import java.util.Collections; -import java.util.List; import java.util.UUID; -import java.util.stream.Collectors; import java.util.stream.Stream; import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; @@ -89,9 +86,9 @@ public void test() { } /** - * @return Collection of runnables to call invoke methods. + * @return Stream of runnables to call invoke methods. */ - private List checkCases() { + private Stream checkCases() { final Integer key = prmKey(grid(SRV_CHECK)); return Stream.of( @@ -109,7 +106,6 @@ private List checkCases() { .invokeAllAsync(Collections.singleton(key), new CommonClosure(endpoints())) .get() ) - .map(CommonClosure::new) - .collect(Collectors.toCollection(ArrayList::new)); + .map(CommonClosure::new); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 43b6cebfc2545..496e26df50265 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -17,10 +17,10 @@ package org.apache.ignite.internal.processor.security.cache.closure; -import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.UUID; +import java.util.stream.Stream; import javax.cache.Cache; import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; @@ -84,8 +84,8 @@ public void test() throws Exception { awaitPartitionMapExchange(); - runAndCheck(grid(SRV_INITIATOR), runnables()); - runAndCheck(grid(CLNT_INITIATOR), runnables()); + runAndCheck(grid(SRV_INITIATOR), checkCases()); + runAndCheck(grid(CLNT_INITIATOR), checkCases()); } /** {@inheritDoc} */ @@ -94,10 +94,10 @@ public void test() throws Exception { } /** - * + * Stream of runnables to call query methods. */ - private Collection runnables() { - return Arrays.asList( + private Stream checkCases() { + return Stream.of( () -> { register(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 1f271d1f69ad4..f952a74ddc543 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -17,12 +17,12 @@ package org.apache.ignite.internal.processor.security.compute.closure; -import java.util.Arrays; import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.UUID; +import java.util.stream.Stream; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteException; import org.apache.ignite.Ignition; @@ -90,10 +90,10 @@ public void test() { } /** - * @return Collection of check cases. + * @return Stream of check cases. */ - private List checkCases() { - return Arrays.asList( + private Stream checkCases() { + return Stream.of( () -> { register(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 38ea6753dbba9..f039bdd3896de 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -17,10 +17,7 @@ package org.apache.ignite.internal.processor.security.compute.closure; -import java.util.ArrayList; -import java.util.List; import java.util.UUID; -import java.util.stream.Collectors; import java.util.stream.Stream; import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; @@ -31,9 +28,9 @@ /** * Testing operation security context when the compute closure is executed on remote nodes. *

      - * The initiator node broadcasts a task to run nodes that starts compute operation. That operation is executed - * on check nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that - * operation security context is the initiator context. + * The initiator node broadcasts a task to run nodes that starts compute operation. That operation is executed on check + * nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that operation security + * context is the initiator context. */ public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { @@ -81,9 +78,9 @@ public void test() { } /** - * @return Collection of check cases. + * @return Stream of check cases. */ - private List checkCases() { + private Stream checkCases() { return Stream.of( () -> compute(Ignition.localIgnite(), nodesToCheck()) .broadcast((IgniteRunnable)new CommonClosure(endpoints())), @@ -127,8 +124,6 @@ private List checkCases() { .applyAsync(new CommonClosure(endpoints()), new Object()).get(); } } - ) - .map(CommonClosure::new) - .collect(Collectors.toCollection(ArrayList::new)); + ).map(CommonClosure::new); } } From 061ff49dd0cf104110a76cac7456582a7f604838 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 21 Mar 2019 12:07:33 +0300 Subject: [PATCH 77/98] IGNITE-9560 BroadcastRunner --- ...bstractRemoteSecurityContextCheckTest.java | 97 +++++++------------ ...cheLoadRemoteSecurityContextCheckTest.java | 42 ++------ ...ocessorRemoteSecurityContextCheckTest.java | 48 +++++++-- ...anQueryRemoteSecurityContextCheckTest.java | 47 ++------- ...uteTaskRemoteSecurityContextCheckTest.java | 12 +-- ...ClosureRemoteSecurityContextCheckTest.java | 62 +++++++++--- ...ServiceRemoteSecurityContextCheckTest.java | 20 +++- ...treamerRemoteSecurityContextCheckTest.java | 25 ++++- 8 files changed, 189 insertions(+), 164 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 1847c119ed19f..3362a7fae7703 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -22,24 +22,17 @@ import java.util.Collection; import java.util.Collections; import java.util.List; -import java.util.Map; +import java.util.Objects; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import java.util.function.BiFunction; import java.util.stream.Stream; -import javax.cache.processor.EntryProcessor; -import javax.cache.processor.EntryProcessorException; -import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteCache; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.internal.util.typedef.X; -import org.apache.ignite.lang.IgniteBiInClosure; -import org.apache.ignite.lang.IgniteCallable; -import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.plugin.security.SecurityException; @@ -287,81 +280,63 @@ private void checkResult() { } } - /** - * Common closure for tests. - */ - protected static class CommonClosure implements - IgniteRunnable, - IgniteCallable, - IgniteClosure, - EntryProcessor, - IgniteBiInClosure, Map.Entry> { - + /** */ + protected static class BroadcastRunner { /** Runnable. */ private final IgniteRunnable runnable; + /** Expected local node name. */ + private final String node; + /** Collection of endpoint node ids. */ private final Collection endpoints; /** * @param runnable Runnable. */ - public CommonClosure(IgniteRunnable runnable) { - assert runnable != null; - - this.runnable = runnable; + public BroadcastRunner(IgniteRunnable runnable) { + this.runnable = Objects.requireNonNull(runnable); + node = null; endpoints = Collections.emptyList(); } /** - * @param endpoints Collection of endpoint node ids. + * @param node Expected local node name. + * @param endpoints Collection of endpont nodes ids. */ - public CommonClosure(Collection endpoints) { - assert !endpoints.isEmpty(); - - runnable = null; + public BroadcastRunner(String node, Collection endpoints) { + this.node = node; this.endpoints = endpoints; + runnable = null; } - /** {@inheritDoc} */ - @Override public void run() { - register(); - - Ignite ignite = Ignition.localIgnite(); - - if (runnable != null) - runnable.run(); - else { - compute(ignite, endpoints) - .broadcast(() -> register()); - } - } - - /** {@inheritDoc} */ - @Override public Object call() { - run(); - - return null; + /** + * @param endpoints Collection of endpont nodes ids. + */ + public BroadcastRunner(Collection endpoints) { + this.endpoints = endpoints; + runnable = null; + node = null; } - /** {@inheritDoc} */ - @Override public Object apply(Object o) { - run(); - - return null; - } + /** + * + */ + protected void registerAndBroadcast() { + Ignite loc = Ignition.localIgnite(); - /** {@inheritDoc} */ - @Override public Object process(MutableEntry entry, - Object... arguments) throws EntryProcessorException { - run(); + if (node == null || node.equals(loc.name())) { + register(); - return null; - } + Ignite ignite = Ignition.localIgnite(); - /** {@inheritDoc} */ - @Override public void apply(IgniteCache entries, Map.Entry entry) { - run(); + if (runnable != null) + runnable.run(); + else { + compute(ignite, endpoints) + .broadcast(() -> register()); + } + } } } } \ No newline at end of file diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index c71754d1136ee..5069c9762cbcd 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -23,7 +23,6 @@ import javax.cache.Cache; import javax.cache.configuration.Factory; import javax.cache.integration.CacheLoaderException; -import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.store.CacheStoreAdapter; @@ -33,7 +32,6 @@ import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.resources.IgniteInstanceResource; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -41,8 +39,8 @@ /** * Testing operation security context when the filter of Load cache is executed on remote node. *

      - * The initiator node broadcasts a task to feature call node that starts load cache with filter. That filter is - * executed on feature transition node and broadcasts a task to endpoint nodes. On every step, it is performed + * The initiator node broadcasts a task to 'run' node that starts load cache with filter. That filter is + * executed on 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed * verification that operation security context is the initiator context. */ @RunWith(JUnit4.class) @@ -99,7 +97,7 @@ public void test() { Ignition.localIgnite() .cache(CACHE_NAME).loadCache( - new TestClosure(SRV_CHECK, endpoints()) + new CacheLoadClosure(SRV_CHECK, endpoints()) ); }; @@ -120,37 +118,15 @@ public void test() { /** * Closure for tests. */ - static class TestClosure implements IgniteBiPredicate { - /** Local ignite. */ - @IgniteInstanceResource - private Ignite loc; - - /** Expected local node name. */ - private final String node; - - /** Endpoint node id. */ - private final Collection endpoints; - - /** - * @param node Expected local node name. - * @param endpoints Collection of endpont nodes ids. - */ - public TestClosure(String node, Collection endpoints) { - assert node != null; - assert !endpoints.isEmpty(); - - this.node = node; - this.endpoints = endpoints; + static class CacheLoadClosure extends BroadcastRunner implements IgniteBiPredicate { + /** {@inheritDoc} */ + public CacheLoadClosure(String node, Collection endpoints) { + super(node, endpoints); } /** {@inheritDoc} */ - @Override public boolean apply(Integer k, Integer v) { - if (node.equals(loc.name())) { - register(); - - compute(loc, endpoints) - .broadcast(() -> register()); - } + @Override public boolean apply(Integer integer, Integer integer2) { + registerAndBroadcast(); return false; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 69f8dfa32acb1..cbde2af00ec86 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -21,6 +21,9 @@ import java.util.Collections; import java.util.UUID; import java.util.stream.Stream; +import javax.cache.processor.EntryProcessor; +import javax.cache.processor.EntryProcessorException; +import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; @@ -32,9 +35,9 @@ /** * Testing operation security context when EntryProcessor closure is executed on remote node. *

      - * The initiator node broadcasts a task to feature call node that starts EntryProcessor closure. That closure is - * executed on feature transition node and broadcasts a task to endpoint nodes. On every step, it is performed - * verification that operation security context is the initiator context. + * The initiator node broadcasts a task to 'run' node that starts EntryProcessor closure. That closure is executed on + * 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation + * security context is the initiator context. */ @RunWith(JUnit4.class) public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { @@ -93,19 +96,48 @@ private Stream checkCases() { return Stream.of( () -> Ignition.localIgnite().cache(CACHE_NAME) - .invoke(key, new CommonClosure(endpoints())), + .invoke(key, new EntryProcessorClosure(endpoints())), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAll(Collections.singleton(key), new CommonClosure(endpoints())), + .invokeAll(Collections.singleton(key), new EntryProcessorClosure(endpoints())), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAsync(key, new CommonClosure(endpoints())) + .invokeAsync(key, new EntryProcessorClosure(endpoints())) .get(), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), new CommonClosure(endpoints())) + .invokeAllAsync(Collections.singleton(key), new EntryProcessorClosure(endpoints())) .get() ) - .map(CommonClosure::new); + .map(EntryProcessorClosure::new); + } + + /** */ + static class EntryProcessorClosure extends BroadcastRunner implements + IgniteRunnable, + EntryProcessor { + + /** {@inheritDoc} */ + public EntryProcessorClosure(IgniteRunnable runnable) { + super(runnable); + } + + /** {@inheritDoc} */ + public EntryProcessorClosure(Collection endpoints) { + super(endpoints); + } + + /** {@inheritDoc} */ + @Override public Object process(MutableEntry entry, + Object... arguments) throws EntryProcessorException { + registerAndBroadcast(); + + return null; + } + + /** {@inheritDoc} */ + @Override public void run() { + registerAndBroadcast(); + } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 496e26df50265..3be926a610096 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -22,7 +22,6 @@ import java.util.UUID; import java.util.stream.Stream; import javax.cache.Cache; -import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; @@ -37,8 +36,8 @@ /** * Testing operation security context when the filter of ScanQuery is executed on remote node. *

      - * The initiator node broadcasts a task to feature call node that starts ScanQuery's filter. That filter is executed on - * feature transition node and broadcasts a task to endpoint nodes. On every step, it is performed verification that + * The initiator node broadcasts a task to 'run' node that starts ScanQuery's filter. That filter is executed on + * 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that * operation security context is the initiator context. */ @RunWith(JUnit4.class) @@ -103,7 +102,7 @@ private Stream checkCases() { Ignition.localIgnite().cache(CACHE_NAME).query( new ScanQuery<>( - new CommonClosure(SRV_CHECK, endpoints()) + new ScanQueryClosure(SRV_CHECK, endpoints()) ) ).getAll(); }, @@ -112,7 +111,7 @@ private Stream checkCases() { Ignition.localIgnite().cache(CACHE_NAME).query( new ScanQuery<>((k, v) -> true), - new CommonClosure(SRV_CHECK, endpoints()) + new ScanQueryClosure(SRV_CHECK, endpoints()) ).getAll(); } ); @@ -121,52 +120,26 @@ private Stream checkCases() { /** * Common closure for tests. */ - static class CommonClosure implements + static class ScanQueryClosure extends BroadcastRunner implements IgniteClosure, Integer>, IgniteBiPredicate { - /** Expected local node name. */ - private final String node; - - /** Collection of endpont nodes ids. */ - private final Collection endpoints; - - /** - * @param node Expected local node name. - * @param endpoints Collection of endpont nodes ids. - */ - public CommonClosure(String node, Collection endpoints) { - assert !endpoints.isEmpty(); - - this.node = node; - this.endpoints = endpoints; + /** {@inheritDoc} */ + public ScanQueryClosure(String node, Collection endpoints) { + super(node, endpoints); } /** {@inheritDoc} */ @Override public Integer apply(Cache.Entry entry) { - verifyAndBroadcast(); + registerAndBroadcast(); return entry.getValue(); } /** {@inheritDoc} */ @Override public boolean apply(Integer s, Integer i) { - verifyAndBroadcast(); + registerAndBroadcast(); return false; } - - /** - * - */ - private void verifyAndBroadcast() { - Ignite loc = Ignition.localIgnite(); - - if (node.equals(loc.name())) { - register(); - - compute(loc, endpoints) - .broadcast(() -> register()); - } - } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index f952a74ddc543..ee83b810bc4cc 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -41,8 +41,8 @@ /** * Testing operation security context when the compute task is executed on remote nodes. *

      - * The initiator node broadcasts a task to feature call nodes that starts compute task. That compute task is executed on - * feature transition nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that + * The initiator node broadcasts a task to 'run' nodes that starts compute task. That compute task is executed on + * 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that * operation security context is the initiator context. */ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { @@ -98,14 +98,14 @@ private Stream checkCases() { register(); Ignition.localIgnite().compute().execute( - new TestComputeTask(nodesToCheck(), endpoints()), 0 + new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 ); }, () -> { register(); Ignition.localIgnite().compute().executeAsync( - new TestComputeTask(nodesToCheck(), endpoints()), 0 + new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 ).get(); } ); @@ -114,7 +114,7 @@ private Stream checkCases() { /** * Compute task for tests. */ - static class TestComputeTask implements ComputeTask { + static class ComputeTaskClosure implements ComputeTask { /** Collection of transition node ids. */ private final Collection remotes; @@ -129,7 +129,7 @@ static class TestComputeTask implements ComputeTask { * @param remotes Collection of transition node ids. * @param endpoints Collection of endpoint node ids. */ - public TestComputeTask(Collection remotes, Collection endpoints) { + public ComputeTaskClosure(Collection remotes, Collection endpoints) { assert !remotes.isEmpty(); assert !endpoints.isEmpty(); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index f039bdd3896de..6bde19ab1faf6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -17,20 +17,23 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Collection; import java.util.UUID; import java.util.stream.Stream; import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteCallable; +import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; /** * Testing operation security context when the compute closure is executed on remote nodes. *

      - * The initiator node broadcasts a task to run nodes that starts compute operation. That operation is executed on check - * nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that operation security - * context is the initiator context. + * The initiator node broadcasts a task to 'run' nodes that starts compute operation. That operation is executed on + * 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation + * security context is the initiator context. */ public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { @@ -83,47 +86,82 @@ public void test() { private Stream checkCases() { return Stream.of( () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcast((IgniteRunnable)new CommonClosure(endpoints())), + .broadcast((IgniteRunnable)new ComputeClosure(endpoints())), () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcastAsync((IgniteRunnable)new CommonClosure(endpoints())) + .broadcastAsync((IgniteRunnable)new ComputeClosure(endpoints())) .get(), () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .call(new CommonClosure(endpoints())); + .call(new ComputeClosure(endpoints())); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .callAsync(new CommonClosure(endpoints())).get(); + .callAsync(new ComputeClosure(endpoints())).get(); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .run(new CommonClosure(endpoints())); + .run(new ComputeClosure(endpoints())); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .runAsync(new CommonClosure(endpoints())).get(); + .runAsync(new ComputeClosure(endpoints())).get(); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .apply(new CommonClosure(endpoints()), new Object()); + .apply(new ComputeClosure(endpoints()), new Object()); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .applyAsync(new CommonClosure(endpoints()), new Object()).get(); + .applyAsync(new ComputeClosure(endpoints()), new Object()).get(); } } - ).map(CommonClosure::new); + ).map(ComputeClosure::new); + } + + /** */ + static class ComputeClosure extends BroadcastRunner implements + IgniteRunnable, + IgniteCallable, + IgniteClosure { + /** {@inheritDoc} */ + public ComputeClosure(IgniteRunnable runnable) { + super(runnable); + } + + /** {@inheritDoc} */ + public ComputeClosure(Collection endpoints) { + super(endpoints); + } + + /** {@inheritDoc} */ + @Override public void run() { + registerAndBroadcast(); + } + + /** {@inheritDoc} */ + @Override public Object call() { + registerAndBroadcast(); + + return null; + } + + /** {@inheritDoc} */ + @Override public Object apply(Object o) { + registerAndBroadcast(); + + return null; + } } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index d14c0424acc75..bf509924ea930 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -17,6 +17,7 @@ package org.apache.ignite.internal.processor.security.compute.closure; +import java.util.Collection; import java.util.UUID; import java.util.concurrent.ExecutorService; import org.apache.ignite.Ignite; @@ -31,8 +32,8 @@ /** * Testing operation security context when the service task is executed on remote nodes. *

      - * The initiator node broadcasts a task to feature call nodes that starts service task. That service task is executed - * on feature transition nodes and broadcasts a task to endpoint nodes. On every step, it is performed verification that + * The initiator node broadcasts a task to 'run' nodes that starts service task. That service task is executed + * on 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that * operation security context is the initiator context. */ @RunWith(JUnit4.class) @@ -85,7 +86,7 @@ public void test() { ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); try { - svc.submit((Runnable)new CommonClosure(endpoints())).get(); + svc.submit(new ExecutorServiceClosure(endpoints())).get(); } catch (Exception e) { throw new RuntimeException(e); @@ -97,4 +98,17 @@ public void test() { runAndCheck(grid(SRV_INITIATOR), checkCase); runAndCheck(grid(CLNT_INITIATOR), checkCase); } + + /** */ + static class ExecutorServiceClosure extends BroadcastRunner implements Runnable { + /** {@inheritDoc} */ + public ExecutorServiceClosure(Collection endpoints) { + super(endpoints); + } + + /** {@inheritDoc} */ + @Override public void run() { + registerAndBroadcast(); + } + } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index dd0ccb1dd1914..1b70d54ac0576 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -19,12 +19,15 @@ import java.util.Collection; import java.util.Collections; +import java.util.Map; import java.util.UUID; import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCache; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.stream.StreamVisitor; import org.junit.Test; @@ -34,9 +37,9 @@ /** * Testing operation security context when the closure of DataStreamer is executed on remote node. *

      - * The initiator node broadcasts a task to feature call node that starts DataStreamer's closure. That closure is - * executed on feature transition node and broadcasts a task to endpoint nodes. On every step, it is performed - * verification that operation security context is the initiator context. + * The initiator node broadcasts a task to 'run' node that starts DataStreamer's closure. That closure is executed on + * 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation + * security context is the initiator context. */ @RunWith(JUnit4.class) public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { @@ -98,9 +101,23 @@ public void testDataStreamer() { */ private void dataStreamer(Ignite node) { try (IgniteDataStreamer strm = node.dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor.from(new CommonClosure(endpoints()))); + strm.receiver(StreamVisitor.from(new DataStreamClosure(endpoints()))); strm.addData(prmKey(grid(SRV_CHECK)), 100); } } + + /** */ + static class DataStreamClosure extends BroadcastRunner implements + IgniteBiInClosure, Map.Entry> { + /** {@inheritDoc} */ + public DataStreamClosure(Collection endpoints) { + super(endpoints); + } + + /** {@inheritDoc} */ + @Override public void apply(IgniteCache entries, Map.Entry entry) { + registerAndBroadcast(); + } + } } From 75b246dfd5da6a31e704184fa7315063af251aba Mon Sep 17 00:00:00 2001 From: Nikolay Izhikov Date: Thu, 21 Mar 2019 16:10:34 +0300 Subject: [PATCH 78/98] IGNITE-9560: test refactoring --- ...bstractRemoteSecurityContextCheckTest.java | 101 ++++++++++++++---- ...cheLoadRemoteSecurityContextCheckTest.java | 20 +--- ...ocessorRemoteSecurityContextCheckTest.java | 44 ++------ ...anQueryRemoteSecurityContextCheckTest.java | 33 +----- ...ClosureRemoteSecurityContextCheckTest.java | 56 ++-------- ...ServiceRemoteSecurityContextCheckTest.java | 16 +-- ...treamerRemoteSecurityContextCheckTest.java | 19 +--- 7 files changed, 104 insertions(+), 185 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 3362a7fae7703..46b93f7382894 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -25,14 +25,22 @@ import java.util.Objects; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; -import java.util.function.BiFunction; import java.util.stream.Stream; + +import javax.cache.Cache; +import javax.cache.processor.EntryProcessor; +import javax.cache.processor.MutableEntry; + import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.lang.IgniteCallable; +import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.plugin.security.SecurityException; @@ -246,16 +254,13 @@ private void register(IgniteEx ignite) { list.add(new T2<>(secSubjectId(ignite), ignite.name())); - map.computeIfPresent(ignite.name(), - new BiFunction, T2>() { - @Override public T2 apply(String name, T2 t2) { - Integer val = t2.getValue(); + map.computeIfPresent(ignite.name(), (name, t2) -> { + Integer val = t2.getValue(); - t2.setValue(++val); + t2.setValue(++val); - return t2; - } - }); + return t2; + }); } /** @@ -280,8 +285,37 @@ private void checkResult() { } } + protected static class ExecRegisterAndForwardAdapter implements IgniteBiInClosure { + private ExecRegisterAndForward instance; + + public ExecRegisterAndForwardAdapter(IgniteRunnable runnable) { + instance = new ExecRegisterAndForward<>(runnable); + } + + /** + * @param node Expected local node name. + * @param endpoints Collection of endpont nodes ids. + */ + public ExecRegisterAndForwardAdapter(String node, Collection endpoints) { + instance = new ExecRegisterAndForward<>(node, endpoints); + } + + /** + * @param endpoints Collection of endpont nodes ids. + */ + public ExecRegisterAndForwardAdapter(Collection endpoints) { + instance = new ExecRegisterAndForward<>(endpoints); + } + + @Override + public void apply(K k, V v) { + instance.run(); + } + } + /** */ - protected static class BroadcastRunner { + protected static class ExecRegisterAndForward implements IgniteBiPredicate, IgniteRunnable, + IgniteCallable, EntryProcessor, IgniteClosure { /** Runnable. */ private final IgniteRunnable runnable; @@ -294,7 +328,7 @@ protected static class BroadcastRunner { /** * @param runnable Runnable. */ - public BroadcastRunner(IgniteRunnable runnable) { + public ExecRegisterAndForward(IgniteRunnable runnable) { this.runnable = Objects.requireNonNull(runnable); node = null; endpoints = Collections.emptyList(); @@ -304,7 +338,7 @@ public BroadcastRunner(IgniteRunnable runnable) { * @param node Expected local node name. * @param endpoints Collection of endpont nodes ids. */ - public BroadcastRunner(String node, Collection endpoints) { + public ExecRegisterAndForward(String node, Collection endpoints) { this.node = node; this.endpoints = endpoints; runnable = null; @@ -313,16 +347,21 @@ public BroadcastRunner(String node, Collection endpoints) { /** * @param endpoints Collection of endpont nodes ids. */ - public BroadcastRunner(Collection endpoints) { + public ExecRegisterAndForward(Collection endpoints) { this.endpoints = endpoints; runnable = null; node = null; } - /** - * - */ - protected void registerAndBroadcast() { + @Override + public boolean apply(K k, V v) { + run(); + + return false; + } + + @Override + public void run() { Ignite loc = Ignition.localIgnite(); if (node == null || node.equals(loc.name())) { @@ -334,9 +373,33 @@ protected void registerAndBroadcast() { runnable.run(); else { compute(ignite, endpoints) - .broadcast(() -> register()); + .broadcast(() -> register()); } } } + + @Override + public Object process(MutableEntry mutableEntry, Object... objects) { + run(); + + return null; + } + + @Override + public V apply(K k) { + run(); + + if (k instanceof Cache.Entry) + return (V) ((Cache.Entry)k).getValue(); + + return null; + } + + @Override + public V call() throws Exception { + run(); + + return null; + } } -} \ No newline at end of file +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 5069c9762cbcd..f2fc2e735a250 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -30,7 +30,6 @@ import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiInClosure; -import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; import org.junit.runner.RunWith; @@ -97,7 +96,7 @@ public void test() { Ignition.localIgnite() .cache(CACHE_NAME).loadCache( - new CacheLoadClosure(SRV_CHECK, endpoints()) + new ExecRegisterAndForward(SRV_CHECK, endpoints()) ); }; @@ -115,23 +114,6 @@ public void test() { return Collections.singletonList(nodeId(SRV_CHECK)); } - /** - * Closure for tests. - */ - static class CacheLoadClosure extends BroadcastRunner implements IgniteBiPredicate { - /** {@inheritDoc} */ - public CacheLoadClosure(String node, Collection endpoints) { - super(node, endpoints); - } - - /** {@inheritDoc} */ - @Override public boolean apply(Integer integer, Integer integer2) { - registerAndBroadcast(); - - return false; - } - } - /** * Test store factory. */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index cbde2af00ec86..e0c726089ca90 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -21,9 +21,7 @@ import java.util.Collections; import java.util.UUID; import java.util.stream.Stream; -import javax.cache.processor.EntryProcessor; -import javax.cache.processor.EntryProcessorException; -import javax.cache.processor.MutableEntry; + import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; @@ -96,48 +94,18 @@ private Stream checkCases() { return Stream.of( () -> Ignition.localIgnite().cache(CACHE_NAME) - .invoke(key, new EntryProcessorClosure(endpoints())), + .invoke(key, new ExecRegisterAndForward(endpoints())), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAll(Collections.singleton(key), new EntryProcessorClosure(endpoints())), + .invokeAll(Collections.singleton(key), new ExecRegisterAndForward(endpoints())), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAsync(key, new EntryProcessorClosure(endpoints())) + .invokeAsync(key, new ExecRegisterAndForward(endpoints())) .get(), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), new EntryProcessorClosure(endpoints())) + .invokeAllAsync(Collections.singleton(key), new ExecRegisterAndForward(endpoints())) .get() - ) - .map(EntryProcessorClosure::new); - } - - /** */ - static class EntryProcessorClosure extends BroadcastRunner implements - IgniteRunnable, - EntryProcessor { - - /** {@inheritDoc} */ - public EntryProcessorClosure(IgniteRunnable runnable) { - super(runnable); - } - - /** {@inheritDoc} */ - public EntryProcessorClosure(Collection endpoints) { - super(endpoints); - } - - /** {@inheritDoc} */ - @Override public Object process(MutableEntry entry, - Object... arguments) throws EntryProcessorException { - registerAndBroadcast(); - - return null; - } - - /** {@inheritDoc} */ - @Override public void run() { - registerAndBroadcast(); - } + ).map(ExecRegisterAndForward::new); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 3be926a610096..48928e6450fe6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -21,13 +21,10 @@ import java.util.Collections; import java.util.UUID; import java.util.stream.Stream; -import javax.cache.Cache; import org.apache.ignite.Ignition; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteBiPredicate; -import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; import org.junit.runner.RunWith; @@ -102,7 +99,7 @@ private Stream checkCases() { Ignition.localIgnite().cache(CACHE_NAME).query( new ScanQuery<>( - new ScanQueryClosure(SRV_CHECK, endpoints()) + new ExecRegisterAndForward(SRV_CHECK, endpoints()) ) ).getAll(); }, @@ -111,35 +108,9 @@ private Stream checkCases() { Ignition.localIgnite().cache(CACHE_NAME).query( new ScanQuery<>((k, v) -> true), - new ScanQueryClosure(SRV_CHECK, endpoints()) + new ExecRegisterAndForward<>(SRV_CHECK, endpoints()) ).getAll(); } ); } - - /** - * Common closure for tests. - */ - static class ScanQueryClosure extends BroadcastRunner implements - IgniteClosure, Integer>, - IgniteBiPredicate { - /** {@inheritDoc} */ - public ScanQueryClosure(String node, Collection endpoints) { - super(node, endpoints); - } - - /** {@inheritDoc} */ - @Override public Integer apply(Cache.Entry entry) { - registerAndBroadcast(); - - return entry.getValue(); - } - - /** {@inheritDoc} */ - @Override public boolean apply(Integer s, Integer i) { - registerAndBroadcast(); - - return false; - } - } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 6bde19ab1faf6..a3740bf293fa1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -17,14 +17,11 @@ package org.apache.ignite.internal.processor.security.compute.closure; -import java.util.Collection; import java.util.UUID; import java.util.stream.Stream; import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteCallable; -import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; @@ -86,82 +83,47 @@ public void test() { private Stream checkCases() { return Stream.of( () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcast((IgniteRunnable)new ComputeClosure(endpoints())), + .broadcast((IgniteRunnable)new ExecRegisterAndForward<>(endpoints())), () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcastAsync((IgniteRunnable)new ComputeClosure(endpoints())) + .broadcastAsync((IgniteRunnable)new ExecRegisterAndForward<>(endpoints())) .get(), () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .call(new ComputeClosure(endpoints())); + .call(new ExecRegisterAndForward<>(endpoints())); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .callAsync(new ComputeClosure(endpoints())).get(); + .callAsync(new ExecRegisterAndForward<>(endpoints())).get(); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .run(new ComputeClosure(endpoints())); + .run(new ExecRegisterAndForward<>(endpoints())); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .runAsync(new ComputeClosure(endpoints())).get(); + .runAsync(new ExecRegisterAndForward<>(endpoints())).get(); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .apply(new ComputeClosure(endpoints()), new Object()); + .apply(new ExecRegisterAndForward(endpoints()), new Object()); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .applyAsync(new ComputeClosure(endpoints()), new Object()).get(); + .applyAsync(new ExecRegisterAndForward<>(endpoints()), new Object()).get(); } } - ).map(ComputeClosure::new); - } - - /** */ - static class ComputeClosure extends BroadcastRunner implements - IgniteRunnable, - IgniteCallable, - IgniteClosure { - /** {@inheritDoc} */ - public ComputeClosure(IgniteRunnable runnable) { - super(runnable); - } - - /** {@inheritDoc} */ - public ComputeClosure(Collection endpoints) { - super(endpoints); - } - - /** {@inheritDoc} */ - @Override public void run() { - registerAndBroadcast(); - } - - /** {@inheritDoc} */ - @Override public Object call() { - registerAndBroadcast(); - - return null; - } - - /** {@inheritDoc} */ - @Override public Object apply(Object o) { - registerAndBroadcast(); - - return null; - } + ).map(ExecRegisterAndForward::new); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index bf509924ea930..eb0fe038d1eeb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -17,7 +17,6 @@ package org.apache.ignite.internal.processor.security.compute.closure; -import java.util.Collection; import java.util.UUID; import java.util.concurrent.ExecutorService; import org.apache.ignite.Ignite; @@ -86,7 +85,7 @@ public void test() { ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); try { - svc.submit(new ExecutorServiceClosure(endpoints())).get(); + svc.submit((Runnable) new ExecRegisterAndForward<>(endpoints())).get(); } catch (Exception e) { throw new RuntimeException(e); @@ -98,17 +97,4 @@ public void test() { runAndCheck(grid(SRV_INITIATOR), checkCase); runAndCheck(grid(CLNT_INITIATOR), checkCase); } - - /** */ - static class ExecutorServiceClosure extends BroadcastRunner implements Runnable { - /** {@inheritDoc} */ - public ExecutorServiceClosure(Collection endpoints) { - super(endpoints); - } - - /** {@inheritDoc} */ - @Override public void run() { - registerAndBroadcast(); - } - } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 1b70d54ac0576..5a2851944529e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -27,7 +27,6 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.stream.StreamVisitor; import org.junit.Test; @@ -101,23 +100,11 @@ public void testDataStreamer() { */ private void dataStreamer(Ignite node) { try (IgniteDataStreamer strm = node.dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor.from(new DataStreamClosure(endpoints()))); + strm.receiver(StreamVisitor + .from(new ExecRegisterAndForwardAdapter, Map.Entry>( + endpoints()))); strm.addData(prmKey(grid(SRV_CHECK)), 100); } } - - /** */ - static class DataStreamClosure extends BroadcastRunner implements - IgniteBiInClosure, Map.Entry> { - /** {@inheritDoc} */ - public DataStreamClosure(Collection endpoints) { - super(endpoints); - } - - /** {@inheritDoc} */ - @Override public void apply(IgniteCache entries, Map.Entry entry) { - registerAndBroadcast(); - } - } } From ef3f233f9906f114f8517e8480732832e0553c5b Mon Sep 17 00:00:00 2001 From: Nikolay Izhikov Date: Thu, 21 Mar 2019 17:28:45 +0300 Subject: [PATCH 79/98] IGNITE-9560: test refactoring --- ...bstractRemoteSecurityContextCheckTest.java | 16 ++++++------- .../CacheOperationPermissionCheckTest.java | 24 +++++++++---------- .../EntryProcessorPermissionCheckTest.java | 4 ++-- ...cheLoadRemoteSecurityContextCheckTest.java | 4 ++-- ...ocessorRemoteSecurityContextCheckTest.java | 10 ++++---- ...anQueryRemoteSecurityContextCheckTest.java | 4 ++-- .../compute/ComputePermissionCheckTest.java | 11 ++++----- ...uteTaskRemoteSecurityContextCheckTest.java | 14 +++++------ ...ClosureRemoteSecurityContextCheckTest.java | 21 ++++++++-------- ...ServiceRemoteSecurityContextCheckTest.java | 2 +- 10 files changed, 53 insertions(+), 57 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 46b93f7382894..0b8a41f9137a4 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -286,10 +286,10 @@ private void checkResult() { } protected static class ExecRegisterAndForwardAdapter implements IgniteBiInClosure { - private ExecRegisterAndForward instance; + private RegisterExecAndForward instance; public ExecRegisterAndForwardAdapter(IgniteRunnable runnable) { - instance = new ExecRegisterAndForward<>(runnable); + instance = new RegisterExecAndForward<>(runnable); } /** @@ -297,14 +297,14 @@ public ExecRegisterAndForwardAdapter(IgniteRunnable runnable) { * @param endpoints Collection of endpont nodes ids. */ public ExecRegisterAndForwardAdapter(String node, Collection endpoints) { - instance = new ExecRegisterAndForward<>(node, endpoints); + instance = new RegisterExecAndForward<>(node, endpoints); } /** * @param endpoints Collection of endpont nodes ids. */ public ExecRegisterAndForwardAdapter(Collection endpoints) { - instance = new ExecRegisterAndForward<>(endpoints); + instance = new RegisterExecAndForward<>(endpoints); } @Override @@ -314,7 +314,7 @@ public void apply(K k, V v) { } /** */ - protected static class ExecRegisterAndForward implements IgniteBiPredicate, IgniteRunnable, + protected static class RegisterExecAndForward implements IgniteBiPredicate, IgniteRunnable, IgniteCallable, EntryProcessor, IgniteClosure { /** Runnable. */ private final IgniteRunnable runnable; @@ -328,7 +328,7 @@ protected static class ExecRegisterAndForward implements IgniteBiPredicate /** * @param runnable Runnable. */ - public ExecRegisterAndForward(IgniteRunnable runnable) { + public RegisterExecAndForward(IgniteRunnable runnable) { this.runnable = Objects.requireNonNull(runnable); node = null; endpoints = Collections.emptyList(); @@ -338,7 +338,7 @@ public ExecRegisterAndForward(IgniteRunnable runnable) { * @param node Expected local node name. * @param endpoints Collection of endpont nodes ids. */ - public ExecRegisterAndForward(String node, Collection endpoints) { + public RegisterExecAndForward(String node, Collection endpoints) { this.node = node; this.endpoints = endpoints; runnable = null; @@ -347,7 +347,7 @@ public ExecRegisterAndForward(String node, Collection endpoints) { /** * @param endpoints Collection of endpont nodes ids. */ - public ExecRegisterAndForward(Collection endpoints) { + public RegisterExecAndForward(Collection endpoints) { this.endpoints = endpoints; runnable = null; node = null; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java index 4fdea51ddcad4..1feab85fc8103 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java @@ -76,19 +76,19 @@ private void testCrudCachePermissions(boolean isClient) throws Exception { */ private List>> consumers() { return Arrays.asList( - (c) -> c.put("key", "value"), - (c) -> c.putAll(singletonMap("key", "value")), - (c) -> c.get("key"), - (c) -> c.getAll(Collections.singleton("key")), - (c) -> c.containsKey("key"), - (c) -> c.remove("key"), - (c) -> c.removeAll(Collections.singleton("key")), + c -> c.put("key", "value"), + c -> c.putAll(singletonMap("key", "value")), + c -> c.get("key"), + c -> c.getAll(Collections.singleton("key")), + c -> c.containsKey("key"), + c -> c.remove("key"), + c -> c.removeAll(Collections.singleton("key")), IgniteCache::clear, - (c) -> c.replace("key", "value"), - (c) -> c.putIfAbsent("key", "value"), - (c) -> c.getAndPut("key", "value"), - (c) -> c.getAndRemove("key"), - (c) -> c.getAndReplace("key", "value") + c -> c.replace("key", "value"), + c -> c.putIfAbsent("key", "value"), + c -> c.getAndPut("key", "value"), + c -> c.getAndRemove("key"), + c -> c.getAndReplace("key", "value") ); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java index 7a8a9a9f85655..8e9dab4f04918 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java @@ -61,8 +61,8 @@ public void test() throws Exception { Stream.of(srvNode, clientNode) .forEach( - (n) -> consumers(n).forEach( - (c) -> { + n -> consumers(n).forEach( + c -> { assertAllowed(n, c); assertForbidden(n, c); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index f2fc2e735a250..556a68fb82f12 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -96,7 +96,7 @@ public void test() { Ignition.localIgnite() .cache(CACHE_NAME).loadCache( - new ExecRegisterAndForward(SRV_CHECK, endpoints()) + new RegisterExecAndForward(SRV_CHECK, endpoints()) ); }; @@ -134,7 +134,7 @@ private static class TestCacheStore extends CacheStoreAdapter } /** {@inheritDoc} */ - @Override public Integer load(Integer key) throws CacheLoaderException { + @Override public Integer load(Integer key) { return key; } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index e0c726089ca90..458d309df0a25 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -94,18 +94,18 @@ private Stream checkCases() { return Stream.of( () -> Ignition.localIgnite().cache(CACHE_NAME) - .invoke(key, new ExecRegisterAndForward(endpoints())), + .invoke(key, new RegisterExecAndForward(endpoints())), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAll(Collections.singleton(key), new ExecRegisterAndForward(endpoints())), + .invokeAll(Collections.singleton(key), new RegisterExecAndForward(endpoints())), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAsync(key, new ExecRegisterAndForward(endpoints())) + .invokeAsync(key, new RegisterExecAndForward(endpoints())) .get(), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), new ExecRegisterAndForward(endpoints())) + .invokeAllAsync(Collections.singleton(key), new RegisterExecAndForward(endpoints())) .get() - ).map(ExecRegisterAndForward::new); + ).map(RegisterExecAndForward::new); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 48928e6450fe6..56874410a86fb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -99,7 +99,7 @@ private Stream checkCases() { Ignition.localIgnite().cache(CACHE_NAME).query( new ScanQuery<>( - new ExecRegisterAndForward(SRV_CHECK, endpoints()) + new RegisterExecAndForward(SRV_CHECK, endpoints()) ) ).getAll(); }, @@ -108,7 +108,7 @@ private Stream checkCases() { Ignition.localIgnite().cache(CACHE_NAME).query( new ScanQuery<>((k, v) -> true), - new ExecRegisterAndForward<>(SRV_CHECK, endpoints()) + new RegisterExecAndForward<>(SRV_CHECK, endpoints()) ).getAll(); } ); diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java index c65d644c778d8..6f8ab4337043a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java @@ -98,7 +98,7 @@ public class ComputePermissionCheckTest extends AbstractSecurityTest { }; /** Synchronization for tests TASK_CANCEL. */ - private static void syncForCancel() throws IgniteException { + private static void syncForCancel() { boolean isLocked = false; try { @@ -314,7 +314,7 @@ public boolean isCancelled() { private static class TestComputeTask implements ComputeTask { /** {@inheritDoc} */ @Override public @Nullable Map map(List subgrid, - @Nullable Object arg) throws IgniteException { + @Nullable Object arg) { IS_EXECUTED.set(true); return Collections.singletonMap( @@ -323,7 +323,7 @@ private static class TestComputeTask implements ComputeTask { // no-op } - @Override public Object execute() throws IgniteException { + @Override public Object execute() { syncForCancel(); return null; @@ -333,8 +333,7 @@ private static class TestComputeTask implements ComputeTask { } /** {@inheritDoc} */ - @Override public ComputeJobResultPolicy result(ComputeJobResult res, - List rcvd) throws IgniteException { + @Override public ComputeJobResultPolicy result(ComputeJobResult res, List rcvd) { if (res.getException() != null) throw res.getException(); @@ -342,7 +341,7 @@ private static class TestComputeTask implements ComputeTask { } /** {@inheritDoc} */ - @Override public @Nullable Integer reduce(List results) throws IgniteException { + @Override public @Nullable Integer reduce(List results) { return null; } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index ee83b810bc4cc..a4083349ac664 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -24,7 +24,6 @@ import java.util.UUID; import java.util.stream.Stream; import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteException; import org.apache.ignite.Ignition; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.compute.ComputeJob; @@ -123,7 +122,7 @@ static class ComputeTaskClosure implements ComputeTask { /** Local ignite. */ @IgniteInstanceResource - protected Ignite loc; + protected transient Ignite loc; /** * @param remotes Collection of transition node ids. @@ -139,7 +138,7 @@ public ComputeTaskClosure(Collection remotes, Collection endpoints) /** {@inheritDoc} */ @Override public @Nullable Map map(List subgrid, - @Nullable Integer arg) throws IgniteException { + @Nullable Integer arg) { Map res = new HashMap<>(); for (UUID id : remotes) { @@ -152,7 +151,7 @@ public ComputeTaskClosure(Collection remotes, Collection endpoints) // no-op } - @Override public Object execute() throws IgniteException { + @Override public Object execute() { register(); compute(loc, endpoints) @@ -168,8 +167,7 @@ public ComputeTaskClosure(Collection remotes, Collection endpoints) } /** {@inheritDoc} */ - @Override public ComputeJobResultPolicy result(ComputeJobResult res, - List rcvd) throws IgniteException { + @Override public ComputeJobResultPolicy result(ComputeJobResult res, List rcvd) { if (res.getException() != null) throw res.getException(); @@ -177,8 +175,8 @@ public ComputeTaskClosure(Collection remotes, Collection endpoints) } /** {@inheritDoc} */ - @Override public @Nullable Integer reduce(List results) throws IgniteException { + @Override public @Nullable Integer reduce(List results) { return null; } } -} \ No newline at end of file +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index a3740bf293fa1..a0e685358df3a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -32,8 +32,7 @@ * 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation * security context is the initiator context. */ -public class DistributedClosureRemoteSecurityContextCheckTest - extends AbstractRemoteSecurityContextCheckTest { +public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); @@ -83,47 +82,47 @@ public void test() { private Stream checkCases() { return Stream.of( () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcast((IgniteRunnable)new ExecRegisterAndForward<>(endpoints())), + .broadcast((IgniteRunnable)new RegisterExecAndForward<>(endpoints())), () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcastAsync((IgniteRunnable)new ExecRegisterAndForward<>(endpoints())) + .broadcastAsync((IgniteRunnable)new RegisterExecAndForward<>(endpoints())) .get(), () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .call(new ExecRegisterAndForward<>(endpoints())); + .call(new RegisterExecAndForward<>(endpoints())); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .callAsync(new ExecRegisterAndForward<>(endpoints())).get(); + .callAsync(new RegisterExecAndForward<>(endpoints())).get(); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .run(new ExecRegisterAndForward<>(endpoints())); + .run(new RegisterExecAndForward<>(endpoints())); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .runAsync(new ExecRegisterAndForward<>(endpoints())).get(); + .runAsync(new RegisterExecAndForward<>(endpoints())).get(); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .apply(new ExecRegisterAndForward(endpoints()), new Object()); + .apply(new RegisterExecAndForward(endpoints()), new Object()); } }, () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .applyAsync(new ExecRegisterAndForward<>(endpoints()), new Object()).get(); + .applyAsync(new RegisterExecAndForward<>(endpoints()), new Object()).get(); } } - ).map(ExecRegisterAndForward::new); + ).map(RegisterExecAndForward::new); } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index eb0fe038d1eeb..32598bb827777 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -85,7 +85,7 @@ public void test() { ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); try { - svc.submit((Runnable) new ExecRegisterAndForward<>(endpoints())).get(); + svc.submit((Runnable) new RegisterExecAndForward<>(endpoints())).get(); } catch (Exception e) { throw new RuntimeException(e); From 58efaf8cccb2bd7280063bbca81aa8a09699a15e Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Thu, 21 Mar 2019 18:41:55 +0300 Subject: [PATCH 80/98] IGNITE-9560 fix comments --- ...bstractRemoteSecurityContextCheckTest.java | 31 +++++++++++-------- ...cheLoadRemoteSecurityContextCheckTest.java | 1 - ...ocessorRemoteSecurityContextCheckTest.java | 4 +-- ...anQueryRemoteSecurityContextCheckTest.java | 2 +- ...ClosureRemoteSecurityContextCheckTest.java | 2 +- ...treamerRemoteSecurityContextCheckTest.java | 23 ++++---------- 6 files changed, 28 insertions(+), 35 deletions(-) diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java index 0b8a41f9137a4..6f5f9a92bdda1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java @@ -285,9 +285,14 @@ private void checkResult() { } } + /** */ protected static class ExecRegisterAndForwardAdapter implements IgniteBiInClosure { + /** RegisterExecAndForward. */ private RegisterExecAndForward instance; + /** + * @param runnable Runnable. + */ public ExecRegisterAndForwardAdapter(IgniteRunnable runnable) { instance = new RegisterExecAndForward<>(runnable); } @@ -307,8 +312,8 @@ public ExecRegisterAndForwardAdapter(Collection endpoints) { instance = new RegisterExecAndForward<>(endpoints); } - @Override - public void apply(K k, V v) { + /** {@inheritDoc} */ + @Override public void apply(K k, V v) { instance.run(); } } @@ -353,15 +358,15 @@ public RegisterExecAndForward(Collection endpoints) { node = null; } - @Override - public boolean apply(K k, V v) { + /** {@inheritDoc} */ + @Override public boolean apply(K k, V v) { run(); return false; } - @Override - public void run() { + /** {@inheritDoc} */ + @Override public void run() { Ignite loc = Ignition.localIgnite(); if (node == null || node.equals(loc.name())) { @@ -373,20 +378,20 @@ public void run() { runnable.run(); else { compute(ignite, endpoints) - .broadcast(() -> register()); + .broadcast(() -> register()); } } } - @Override - public Object process(MutableEntry mutableEntry, Object... objects) { + /** {@inheritDoc} */ + @Override public Object process(MutableEntry mutableEntry, Object... objects) { run(); return null; } - @Override - public V apply(K k) { + /** {@inheritDoc} */ + @Override public V apply(K k) { run(); if (k instanceof Cache.Entry) @@ -395,8 +400,8 @@ public V apply(K k) { return null; } - @Override - public V call() throws Exception { + /** {@inheritDoc} */ + @Override public V call() { run(); return null; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 556a68fb82f12..3b46abeba6949 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -22,7 +22,6 @@ import java.util.UUID; import javax.cache.Cache; import javax.cache.configuration.Factory; -import javax.cache.integration.CacheLoaderException; import org.apache.ignite.Ignition; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.store.CacheStoreAdapter; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 458d309df0a25..45225555f4ad5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -100,11 +100,11 @@ private Stream checkCases() { .invokeAll(Collections.singleton(key), new RegisterExecAndForward(endpoints())), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAsync(key, new RegisterExecAndForward(endpoints())) + .invokeAsync(key, new RegisterExecAndForward<>(endpoints())) .get(), () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), new RegisterExecAndForward(endpoints())) + .invokeAllAsync(Collections.singleton(key), new RegisterExecAndForward<>(endpoints())) .get() ).map(RegisterExecAndForward::new); } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 56874410a86fb..623e240032cfb 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -99,7 +99,7 @@ private Stream checkCases() { Ignition.localIgnite().cache(CACHE_NAME).query( new ScanQuery<>( - new RegisterExecAndForward(SRV_CHECK, endpoints()) + new RegisterExecAndForward<>(SRV_CHECK, endpoints()) ) ).getAll(); }, diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index a0e685358df3a..88de47161b0a1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -114,7 +114,7 @@ private Stream checkCases() { () -> { for (UUID id : nodesToCheck()) { compute(Ignition.localIgnite(), id) - .apply(new RegisterExecAndForward(endpoints()), new Object()); + .apply(new RegisterExecAndForward<>(endpoints()), new Object()); } }, () -> { diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 5a2851944529e..741fe35f1e01a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -19,10 +19,7 @@ import java.util.Collection; import java.util.Collections; -import java.util.Map; import java.util.UUID; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteCache; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; @@ -78,7 +75,12 @@ public void testDataStreamer() { IgniteRunnable checkCase = () -> { register(); - dataStreamer(Ignition.localIgnite()); + try (IgniteDataStreamer strm = Ignition.localIgnite().dataStreamer(CACHE_NAME)) { + strm.receiver(StreamVisitor + .from(new ExecRegisterAndForwardAdapter<>(endpoints()))); + + strm.addData(prmKey(grid(SRV_CHECK)), 100); + } }; runAndCheck(grid(SRV_INITIATOR), checkCase); @@ -94,17 +96,4 @@ public void testDataStreamer() { @Override protected Collection nodesToCheck() { return Collections.singletonList(nodeId(SRV_CHECK)); } - - /** - * @param node Node. - */ - private void dataStreamer(Ignite node) { - try (IgniteDataStreamer strm = node.dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor - .from(new ExecRegisterAndForwardAdapter, Map.Entry>( - endpoints()))); - - strm.addData(prmKey(grid(SRV_CHECK)), 100); - } - } } From 1f0d8c09f67337e9de1bccb218ac278f423c5c89 Mon Sep 17 00:00:00 2001 From: Denis Garus Date: Fri, 29 Mar 2019 13:13:17 +0300 Subject: [PATCH 81/98] Ignite 9560 rmv sec module (#8) * IGNITE-9560 remove security module * IGNITE-9560 remove security module * IGNITE-9560 Added TestReconnectProcessor * IGNITE-9560 Rename IgniteSecurityProcessor to IgniteSecurity * IGNITE-9560 Config improvement * IGNITE-9560 Config as FunctionalInterface --- assembly/dependencies-apache-ignite.xml | 1 - .../ignite/internal/GridKernalContext.java | 8 +- .../internal/GridKernalContextImpl.java | 12 +- .../apache/ignite/internal/IgniteKernal.java | 10 +- .../reader/StandaloneGridKernalContext.java | 4 +- .../security/GridSecurityProcessor.java | 2 +- ...rityProcessor.java => IgniteSecurity.java} | 12 +- ...essorImpl.java => IgniteSecurityImpl.java} | 4 +- ...Processor.java => NoOpIgniteSecurity.java} | 6 +- .../security/OperationSecurityContext.java | 8 +- .../org.apache.ignite.plugin.PluginProvider | 2 +- ...ridDiscoveryManagerAttributesSelfTest.java | 19 +- ...ractCacheOperationPermissionCheckTest.java | 2 +- ...erationRemoteSecurityContextCheckTest.java | 2 +- ...bstractRemoteSecurityContextCheckTest.java | 4 +- .../security/AbstractSecurityTest.java | 17 +- .../security/TestSecurityContext.java | 3 +- .../security/TestSecurityData.java | 2 +- .../TestSecurityPluginConfiguration.java | 33 +++ .../security/TestSecurityProcessor.java | 55 ++--- .../TestSecurityProcessorProvider.java | 48 +---- .../security/TestSecuritySubject.java | 2 +- .../CacheOperationPermissionCheckTest.java | 4 +- .../EntryProcessorPermissionCheckTest.java | 4 +- .../cache/ScanQueryPermissionCheckTest.java | 4 +- ...cheLoadRemoteSecurityContextCheckTest.java | 4 +- ...ocessorRemoteSecurityContextCheckTest.java | 6 +- ...anQueryRemoteSecurityContextCheckTest.java | 4 +- .../client/ThinClientPermissionCheckTest.java | 20 +- .../compute/ComputePermissionCheckTest.java | 4 +- ...uteTaskRemoteSecurityContextCheckTest.java | 4 +- ...ClosureRemoteSecurityContextCheckTest.java | 4 +- ...ServiceRemoteSecurityContextCheckTest.java | 4 +- .../DataStreamerPermissionCheckTest.java | 4 +- ...treamerRemoteSecurityContextCheckTest.java | 4 +- .../discovery/AuthenticationRestartTest.java | 15 +- ...ryNodeAttributesUpdateOnReconnectTest.java | 12 +- .../tcp/TestReconnectPluginProvider.java | 118 ---------- .../discovery/tcp/TestReconnectProcessor.java | 7 +- .../testsuites/IgniteBasicTestSuite.java | 2 + .../ignite/testsuites/SecurityTestSuite.java | 26 +-- modules/security/README.txt | 4 - modules/security/licenses/apache-2.0.txt | 202 ------------------ modules/security/pom.xml | 71 ------ .../org.apache.ignite.plugin.PluginProvider | 1 - .../TestSecurityPluginConfiguration.java | 134 ------------ pom.xml | 1 - 47 files changed, 178 insertions(+), 741 deletions(-) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{IgniteSecurityProcessor.java => IgniteSecurity.java} (90%) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{IgniteSecurityProcessorImpl.java => IgniteSecurityImpl.java} (98%) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{NoOpIgniteSecurityProcessor.java => NoOpIgniteSecurity.java} (96%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/AbstractCacheOperationPermissionCheckTest.java (97%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java (97%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/AbstractRemoteSecurityContextCheckTest.java (99%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/AbstractSecurityTest.java (94%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/TestSecurityContext.java (96%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/TestSecurityData.java (98%) create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/TestSecurityProcessor.java (76%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/TestSecurityProcessorProvider.java (64%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/TestSecuritySubject.java (98%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/cache/CacheOperationPermissionCheckTest.java (95%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/cache/EntryProcessorPermissionCheckTest.java (96%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/cache/ScanQueryPermissionCheckTest.java (94%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java (96%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java (95%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java (95%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/client/ThinClientPermissionCheckTest.java (95%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/compute/ComputePermissionCheckTest.java (98%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java (97%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java (96%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java (95%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/datastreamer/DataStreamerPermissionCheckTest.java (95%) rename modules/{security/src/test/java/org/apache/ignite/internal/processor => core/src/test/java/org/apache/ignite/internal/processors}/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java (94%) delete mode 100644 modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java rename modules/{security => core}/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java (54%) delete mode 100644 modules/security/README.txt delete mode 100644 modules/security/licenses/apache-2.0.txt delete mode 100644 modules/security/pom.xml delete mode 100644 modules/security/src/main/resources/META-INF/services/org.apache.ignite.plugin.PluginProvider delete mode 100644 modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java diff --git a/assembly/dependencies-apache-ignite.xml b/assembly/dependencies-apache-ignite.xml index bd5ac81f3166a..fa02927886587 100644 --- a/assembly/dependencies-apache-ignite.xml +++ b/assembly/dependencies-apache-ignite.xml @@ -143,7 +143,6 @@ org.apache.ignite:ignite-extdata-platform org.apache.ignite:ignite-compatibility org.apache.ignite:ignite-sqlline - org.apache.ignite:ignite-security true diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java index b60b81b0cfcfa..6e4de9e36d01e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java @@ -65,7 +65,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor; +import org.apache.ignite.internal.processors.security.IgniteSecurity; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.ServiceProcessorAdapter; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -423,11 +423,11 @@ public interface GridKernalContext extends Iterable { public GridCollisionManager collision(); /** - * Gets security manager. + * Gets instance of {@link IgniteSecurity}. * - * @return Security manager. + * @return Ignite security. */ - public IgniteSecurityProcessor security(); + public IgniteSecurity security(); /** * Gets load balancing manager. diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java index aac7845b2e091..db41f9c0272bd 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java @@ -85,7 +85,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor; +import org.apache.ignite.internal.processors.security.IgniteSecurity; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; import org.apache.ignite.internal.processors.subscription.GridInternalSubscriptionProcessor; @@ -161,7 +161,7 @@ public class GridKernalContextImpl implements GridKernalContext, Externalizable /** */ @GridToStringExclude - private IgniteSecurityProcessor securityProc; + private IgniteSecurity security; /** */ @GridToStringExclude @@ -664,8 +664,8 @@ else if (comp instanceof GridInternalSubscriptionProcessor) internalSubscriptionProc = (GridInternalSubscriptionProcessor)comp; else if (comp instanceof IgniteAuthenticationProcessor) authProc = (IgniteAuthenticationProcessor)comp; - else if (comp instanceof IgniteSecurityProcessor) - securityProc = (IgniteSecurityProcessor)comp; + else if (comp instanceof IgniteSecurity) + security = (IgniteSecurity)comp; else if (comp instanceof CompressionProcessor) compressProc = (CompressionProcessor)comp; else if (!(comp instanceof DiscoveryNodeValidationProcessor @@ -836,8 +836,8 @@ else if (helper instanceof HadoopHelper) } /** {@inheritDoc} */ - @Override public IgniteSecurityProcessor security() { - return securityProc; + @Override public IgniteSecurity security() { + return security; } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index 7bd9340a8da92..8c7656d956fd0 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -166,9 +166,9 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.resource.GridSpringResourceContext; import org.apache.ignite.internal.processors.rest.GridRestProcessor; -import org.apache.ignite.internal.processors.security.IgniteSecurityProcessorImpl; +import org.apache.ignite.internal.processors.security.IgniteSecurityImpl; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; -import org.apache.ignite.internal.processors.security.NoOpIgniteSecurityProcessor; +import org.apache.ignite.internal.processors.security.NoOpIgniteSecurity; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.service.IgniteServiceProcessor; @@ -1308,12 +1308,12 @@ private long checkPoolStarvation( /** * @param prc GridSecurityProcessor from plugin context or null. - * @return IgniteSecurityProcessor. + * @return IgniteSecurity. */ private GridProcessor igniteSecurityProcessor(GridSecurityProcessor prc) { return prc != null && prc.enabled() - ? new IgniteSecurityProcessorImpl(ctx, prc) - : new NoOpIgniteSecurityProcessor(ctx); + ? new IgniteSecurityImpl(ctx, prc) + : new NoOpIgniteSecurity(ctx); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java index 5c5eb38277350..c1ca45dbceb31 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java @@ -80,7 +80,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor; +import org.apache.ignite.internal.processors.security.IgniteSecurity; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -458,7 +458,7 @@ protected IgniteConfiguration prepareIgniteConfiguration() { } /** {@inheritDoc} */ - @Override public IgniteSecurityProcessor security() { + @Override public IgniteSecurity security() { return null; } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java index b44dab1462fcb..192cc3cd3a157 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java @@ -95,7 +95,7 @@ public void authorize(String name, SecurityPermission perm, SecurityContext secu /** * @return GridSecurityProcessor is enable. - * @deprecated To determine the security mode use {@link IgniteSecurityProcessor#enabled()}. + * @deprecated To determine the security mode use {@link IgniteSecurity#enabled()}. */ @Deprecated public boolean enabled(); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java similarity index 90% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java index 1c4371257b84d..bfdd4e2b3701a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java @@ -30,16 +30,16 @@ /** * Ignite Security Processor. *

      - * The differences between {@code IgniteSecurityProcessor} and {@code GridSecurityProcessor} are: + * The differences between {@code IgniteSecurity} and {@code GridSecurityProcessor} are: *

        - *
      • {@code IgniteSecurityProcessor} allows to define a current security context by + *
      • {@code IgniteSecurity} allows to define a current security context by * {@link #withContext(SecurityContext)} or {@link #withContext(UUID)} methods. - *
      • {@code IgniteSecurityProcessor} doesn't require to pass {@code SecurityContext} to authorize operations. - *
      • {@code IgniteSecurityProcessor} doesn't extend {@code GridProcessor} interface + *
      • {@code IgniteSecurity} doesn't require to pass {@code SecurityContext} to authorize operations. + *
      • {@code IgniteSecurity} doesn't extend {@code GridProcessor} interface * sequentially it doesn't have any methods of the lifecycle of {@code GridProcessor}. *
      */ -public interface IgniteSecurityProcessor { +public interface IgniteSecurity { /** * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until @@ -116,7 +116,7 @@ public default void authorize(SecurityPermission perm) throws SecurityException } /** - * @return True if IgniteSecurityProcessor is a plugin implementation, + * @return True if IgniteSecurity is a plugin implementation, * false if it's used a default NoOp implementation. */ public boolean enabled(); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityImpl.java similarity index 98% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityImpl.java index 2249061bbb56d..5af423fe4443f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessorImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityImpl.java @@ -47,7 +47,7 @@ /** * Default Grid security Manager implementation. */ -public class IgniteSecurityProcessorImpl implements IgniteSecurityProcessor, GridProcessor { +public class IgniteSecurityImpl implements IgniteSecurity, GridProcessor { /** */ private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's grid security processor class " + "is not equal to remote node's grid security processor class " + @@ -75,7 +75,7 @@ public class IgniteSecurityProcessorImpl implements IgniteSecurityProcessor, Gri * @param ctx Grid kernal context. * @param secPrc Security processor. */ - public IgniteSecurityProcessorImpl(GridKernalContext ctx, GridSecurityProcessor secPrc) { + public IgniteSecurityImpl(GridKernalContext ctx, GridSecurityProcessor secPrc) { assert ctx != null; assert secPrc != null; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurity.java similarity index 96% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurity.java index bc4ec718f159e..94666be00aa7d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurity.java @@ -34,12 +34,12 @@ import org.apache.ignite.spi.discovery.DiscoveryDataBag; import org.jetbrains.annotations.Nullable; -import static org.apache.ignite.internal.processors.security.IgniteSecurityProcessorImpl.ATTR_GRID_SEC_PROC_CLASS; +import static org.apache.ignite.internal.processors.security.IgniteSecurityImpl.ATTR_GRID_SEC_PROC_CLASS; /** * No operation Ignite Security Processor. */ -public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, GridProcessor { +public class NoOpIgniteSecurity implements IgniteSecurity, GridProcessor { /** */ private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's ignite security processor class " + "is not equal to remote node's ignite security processor class " + @@ -54,7 +54,7 @@ public class NoOpIgniteSecurityProcessor implements IgniteSecurityProcessor, Gri /** * @param ctx Grid kernal context. */ - public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { + public NoOpIgniteSecurity(GridKernalContext ctx) { this.ctx = ctx; } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java index 978876c5396e5..3fdac47dc89d2 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java @@ -21,17 +21,17 @@ * */ public class OperationSecurityContext implements AutoCloseable { - /** Ignite Security processor. */ - private final IgniteSecurityProcessor proc; + /** Ignite Security. */ + private final IgniteSecurity proc; /** Security context. */ private final SecurityContext secCtx; /** - * @param proc Ignite Security processor. + * @param proc Ignite Security. * @param secCtx Security context. */ - OperationSecurityContext(IgniteSecurityProcessor proc, SecurityContext secCtx) { + OperationSecurityContext(IgniteSecurity proc, SecurityContext secCtx) { assert proc != null; assert secCtx != null || !proc.enabled(); diff --git a/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider b/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider index 5805dfd95409a..74c2589365a47 100644 --- a/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider +++ b/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider @@ -1,4 +1,4 @@ -org.apache.ignite.spi.discovery.tcp.TestReconnectPluginProvider +org.apache.ignite.internal.processors.security.TestSecurityProcessorProvider org.apache.ignite.internal.processors.cache.persistence.standbycluster.IgniteStandByClusterTest$StanByClusterTestProvider org.apache.ignite.internal.processors.cache.persistence.wal.memtracker.PageMemoryTrackerPluginProvider org.apache.ignite.internal.processors.configuration.distributed.TestDistibutedConfigurationPlugin diff --git a/modules/core/src/test/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManagerAttributesSelfTest.java b/modules/core/src/test/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManagerAttributesSelfTest.java index 964190df911d1..f003a051c518f 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManagerAttributesSelfTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManagerAttributesSelfTest.java @@ -24,16 +24,16 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.binary.BinaryMarshaller; import org.apache.ignite.internal.marshaller.optimized.OptimizedMarshaller; +import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi; -import org.apache.ignite.spi.discovery.tcp.TestReconnectPluginProvider; import org.apache.ignite.spi.discovery.tcp.TestReconnectProcessor; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.junit.Test; import static org.apache.ignite.IgniteSystemProperties.IGNITE_BINARY_MARSHALLER_USE_STRING_SERIALIZATION_VER_2; +import static org.apache.ignite.IgniteSystemProperties.IGNITE_EVENT_DRIVEN_SERVICE_PROCESSOR_ENABLED; import static org.apache.ignite.IgniteSystemProperties.IGNITE_OPTIMIZED_MARSHALLER_USE_DEFAULT_SUID; import static org.apache.ignite.IgniteSystemProperties.IGNITE_SECURITY_COMPATIBILITY_MODE; -import static org.apache.ignite.IgniteSystemProperties.IGNITE_EVENT_DRIVEN_SERVICE_PROCESSOR_ENABLED; import static org.apache.ignite.configuration.DeploymentMode.CONTINUOUS; import static org.apache.ignite.configuration.DeploymentMode.SHARED; @@ -53,6 +53,9 @@ public abstract class GridDiscoveryManagerAttributesSelfTest extends GridCommonA /** */ private static boolean binaryMarshallerEnabled; + /** Security enabled. */ + private static boolean secEnabled; + /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName); @@ -67,6 +70,12 @@ public abstract class GridDiscoveryManagerAttributesSelfTest extends GridCommonA cfg.setDeploymentMode(mode); cfg.setPeerClassLoadingEnabled(p2pEnabled); + if(secEnabled){ + cfg.setPluginConfigurations( + (TestSecurityPluginConfiguration)TestReconnectProcessor::new + ); + } + return cfg; } @@ -256,8 +265,7 @@ public void testServiceProcessorModeProperty() throws Exception { */ @Test public void testSecurityCompatibilityEnabled() throws Exception { - TestReconnectPluginProvider.enabled = true; - TestReconnectProcessor.enabled = true; + secEnabled = true; try { doTestSecurityCompatibilityEnabled(true, null, true); @@ -272,8 +280,7 @@ public void testSecurityCompatibilityEnabled() throws Exception { doTestSecurityCompatibilityEnabled(true, true, false); } finally { - TestReconnectPluginProvider.enabled = false; - TestReconnectProcessor.enabled = false; + secEnabled = false; } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java index 6a59046eb82d9..8050897efeedd 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processors.security; import java.util.concurrent.atomic.AtomicInteger; import org.apache.ignite.configuration.CacheConfiguration; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java index b0865023c256f..f7380c2d513c5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processors.security; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.configuration.CacheConfiguration; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java similarity index 99% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java index 6f5f9a92bdda1..4181eefe40e6a 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processors.security; import java.util.ArrayList; import java.util.Arrays; @@ -26,11 +26,9 @@ import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; import java.util.stream.Stream; - import javax.cache.Cache; import javax.cache.processor.EntryProcessor; import javax.cache.processor.MutableEntry; - import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCompute; import org.apache.ignite.Ignition; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java similarity index 94% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java index 00efcc1f00dbe..52687771dea4c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/AbstractSecurityTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processors.security; import java.util.Arrays; import org.apache.ignite.configuration.DataRegionConfiguration; @@ -35,10 +35,6 @@ * Common class for security tests. */ public class AbstractSecurityTest extends GridCommonAbstractTest { - /** Test security processor. */ - public static final String TEST_SECURITY_PROCESSOR = - "org.apache.ignite.internal.processor.security.TestSecurityProcessor"; - /** Empty array of permissions. */ protected static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; @@ -86,12 +82,11 @@ protected IgniteConfiguration getConfiguration(int idx, String login, String pwd * @param prmSet Security permission set. * @return Security plaugin configuration. */ - protected TestSecurityPluginConfiguration secPluginCfg(String login, String pwd, SecurityPermissionSet prmSet){ - return new TestSecurityPluginConfiguration() - .setSecurityProcessorClass(TEST_SECURITY_PROCESSOR) - .setLogin(login) - .setPwd(pwd) - .setPermissions(prmSet); + protected TestSecurityPluginConfiguration secPluginCfg(String login, String pwd, SecurityPermissionSet prmSet, + TestSecurityData... clientData) { + return ctx -> new TestSecurityProcessor(ctx, + new TestSecurityData(login, pwd, prmSet), + Arrays.asList(clientData)); } /** diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java index 65219fde40fa7..c5fa46c03bca1 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityContext.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java @@ -15,11 +15,10 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processors.security; import java.io.Serializable; import java.util.Collection; -import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecuritySubject; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java index 9bb759fb2b2c3..91e225c2e8efe 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityData.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processors.security; import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityPermissionSet; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java new file mode 100644 index 0000000000000..9239509b0052a --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.plugin.PluginConfiguration; + +/** + * Grid security configuration for tests. + */ +@FunctionalInterface +public interface TestSecurityPluginConfiguration extends PluginConfiguration { + /** + * @param ctx GridKernalContext. + * @return GridSecurityProcessor. + */ + public GridSecurityProcessor build(GridKernalContext ctx); +} diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java similarity index 76% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java index ffdcf98a1501c..e20a5d147a4b7 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessor.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java @@ -15,9 +15,10 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processors.security; import java.net.InetSocketAddress; +import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.Map; @@ -25,14 +26,10 @@ import java.util.concurrent.ConcurrentHashMap; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteNodeAttributes; import org.apache.ignite.internal.processors.GridProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; -import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.typedef.F; -import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.security.AuthenticationContext; import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityException; @@ -49,14 +46,23 @@ public class TestSecurityProcessor extends GridProcessorAdapter implements GridS /** Permissions. */ private static final Map PERMS = new ConcurrentHashMap<>(); - /** Config. */ - private TestSecurityPluginConfiguration cfg; + /** Node security data. */ + private final TestSecurityData nodeSecData; + + /** Users security data. */ + private final Collection predefinedAuthData; /** - * @param ctx Context. + * Constructor. */ - public TestSecurityProcessor(GridKernalContext ctx) { + public TestSecurityProcessor(GridKernalContext ctx, TestSecurityData nodeSecData, + Collection predefinedAuthData) { super(ctx); + + this.nodeSecData = nodeSecData; + this.predefinedAuthData = predefinedAuthData.isEmpty() + ? Collections.emptyList() + : new ArrayList<>(predefinedAuthData); } /** {@inheritDoc} */ @@ -124,13 +130,11 @@ public TestSecurityProcessor(GridKernalContext ctx) { @Override public void start() throws IgniteCheckedException { super.start(); - TestSecurityData nodeSecData = configuration().nodeSecData(); - PERMS.put(nodeSecData.credentials(), nodeSecData.getPermissions()); ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, nodeSecData.credentials()); - for (TestSecurityData data : configuration().thinClientsSecData()) + for (TestSecurityData data : predefinedAuthData) PERMS.put(data.credentials(), data.getPermissions()); } @@ -138,32 +142,9 @@ public TestSecurityProcessor(GridKernalContext ctx) { @Override public void stop(boolean cancel) throws IgniteCheckedException { super.stop(cancel); - PERMS.remove(configuration().nodeSecData().credentials()); + PERMS.remove(nodeSecData.credentials()); - for (TestSecurityData data : configuration().thinClientsSecData()) + for (TestSecurityData data : predefinedAuthData) PERMS.remove(data.credentials()); } - - /** - * Security configuration. - */ - private TestSecurityPluginConfiguration configuration() { - if (cfg == null) { - IgniteConfiguration igniteCfg = ctx.config(); - - if (igniteCfg.getPluginConfigurations() != null) { - for (PluginConfiguration pluginCfg : igniteCfg.getPluginConfigurations()) { - if (pluginCfg instanceof TestSecurityPluginConfiguration) { - cfg = (TestSecurityPluginConfiguration)pluginCfg; - - break; - } - } - } - } - - assert cfg != null; - - return cfg; - } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java similarity index 64% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java index 27c42db832f8e..fef1d51868160 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityProcessorProvider.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java @@ -15,17 +15,13 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processors.security; import java.io.Serializable; -import java.lang.reflect.Constructor; import java.util.UUID; -import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.plugin.CachePluginContext; import org.apache.ignite.plugin.CachePluginProvider; import org.apache.ignite.plugin.ExtensionRegistry; @@ -70,58 +66,26 @@ public class TestSecurityProcessorProvider implements PluginProvider { @SuppressWarnings("unchecked") @Override public @Nullable Object createComponent(PluginContext ctx, Class cls) { if (cls.isAssignableFrom(GridSecurityProcessor.class)) { - String secProcCls = securityProcessorClass(ctx); + TestSecurityPluginConfiguration cfg = secProcBuilder(ctx); - if(secProcCls == null) - return null; - - try { - Class implCls = Class.forName(secProcCls); - - if (implCls == null) - throw new IgniteException("Failed to find component implementation: " + cls.getName()); - - if (!GridSecurityProcessor.class.isAssignableFrom(implCls)) - throw new IgniteException("Component implementation does not implement component interface " + - "[component=" + cls.getName() + ", implementation=" + implCls.getName() + ']'); - - Constructor constructor; - - try { - constructor = implCls.getConstructor(GridKernalContext.class); - } - catch (NoSuchMethodException e) { - throw new IgniteException("Component does not have expected constructor: " + implCls.getName(), e); - } - - try { - return constructor.newInstance(((IgniteEx)ctx.grid()).context()); - } - catch (ReflectiveOperationException e) { - throw new IgniteException("Failed to create component [component=" + cls.getName() + - ", implementation=" + implCls.getName() + ']', e); - } - } - catch (ClassNotFoundException e) { - throw new IgniteException("Failed to load class [cls=" + secProcCls + "]", e); - } + return cfg != null ? cfg.build(((IgniteEx)ctx.grid()).context()) : null; } return null; } /** - * Getting security processor class name. + * Gets security processor builder. * * @param ctx Context. */ - private String securityProcessorClass(PluginContext ctx) { + private TestSecurityPluginConfiguration secProcBuilder(PluginContext ctx){ IgniteConfiguration igniteCfg = ctx.igniteConfiguration(); if (igniteCfg.getPluginConfigurations() != null) { for (PluginConfiguration pluginCfg : igniteCfg.getPluginConfigurations()) { if (pluginCfg instanceof TestSecurityPluginConfiguration) - return ((TestSecurityPluginConfiguration)pluginCfg).getSecurityProcessorClass(); + return (TestSecurityPluginConfiguration)pluginCfg; } } diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java index 3466732cb142f..c26af70e116ce 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecuritySubject.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security; +package org.apache.ignite.internal.processors.security; import java.net.InetSocketAddress; import java.util.UUID; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java index 1feab85fc8103..cde739de6a7da 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/CacheOperationPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache; +package org.apache.ignite.internal.processors.security.cache; import java.util.Arrays; import java.util.Collections; @@ -23,7 +23,7 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java index 8e9dab4f04918..4baa4ec81272d 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache; +package org.apache.ignite.internal.processors.security.cache; import java.util.Arrays; import java.util.List; @@ -24,7 +24,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.cache.CacheEntryProcessor; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.T2; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java similarity index 94% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java index 2038883e92078..4813a63b3898f 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/ScanQueryPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java @@ -15,12 +15,12 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache; +package org.apache.ignite.internal.processors.security.cache; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.cache.query.ScanQuery; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 3b46abeba6949..6adca670da11c 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache.closure; +package org.apache.ignite.internal.processors.security.cache.closure; import java.util.Collection; import java.util.Collections; @@ -26,7 +26,7 @@ import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.store.CacheStoreAdapter; import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteRunnable; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 45225555f4ad5..bb9caa1784b85 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -15,16 +15,16 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache.closure; +package org.apache.ignite.internal.processors.security.cache.closure; import java.util.Collection; import java.util.Collections; import java.util.UUID; import java.util.stream.Stream; - import org.apache.ignite.Ignition; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; + import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 623e240032cfb..dd9d296678ce2 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.cache.closure; +package org.apache.ignite.internal.processors.security.cache.closure; import java.util.Collection; import java.util.Collections; @@ -23,7 +23,7 @@ import java.util.stream.Stream; import org.apache.ignite.Ignition; import org.apache.ignite.cache.query.ScanQuery; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java index 62a4bcd3225fc..fbfa7f1a5faea 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/client/ThinClientPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.client; +package org.apache.ignite.internal.processors.security.client; import java.util.Arrays; import java.util.Collection; @@ -29,8 +29,8 @@ import org.apache.ignite.configuration.ClientConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processor.security.AbstractSecurityTest; -import org.apache.ignite.internal.processor.security.TestSecurityData; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; +import org.apache.ignite.internal.processors.security.TestSecurityData; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiTuple; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; @@ -96,13 +96,13 @@ private IgniteConfiguration getConfiguration(int idx, String instanceName = getTestIgniteInstanceName(idx); - return getConfiguration(instanceName, - secPluginCfg("srv_" + instanceName, null, allowAllPermissionSet()) - .thinClientSecData(clientData)) - .setCacheConfiguration( - new CacheConfiguration().setName(CACHE), - new CacheConfiguration().setName(FORBIDDEN_CACHE) - ); + return getConfiguration( + instanceName, + secPluginCfg("srv_" + instanceName, null, allowAllPermissionSet(), clientData) + ).setCacheConfiguration( + new CacheConfiguration().setName(CACHE), + new CacheConfiguration().setName(FORBIDDEN_CACHE) + ); } /** {@inheritDoc} */ diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java similarity index 98% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java index 6f8ab4337043a..cfcb53ee83b52 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/ComputePermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.compute; +package org.apache.ignite.internal.processors.security.compute; import java.util.ArrayList; import java.util.Arrays; @@ -37,7 +37,7 @@ import org.apache.ignite.compute.ComputeJobResult; import org.apache.ignite.compute.ComputeJobResultPolicy; import org.apache.ignite.compute.ComputeTask; -import org.apache.ignite.internal.processor.security.AbstractSecurityTest; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.lang.IgniteCallable; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteFuture; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java similarity index 97% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index a4083349ac664..71070aacf2a66 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.compute.closure; +package org.apache.ignite.internal.processors.security.compute.closure; import java.util.Collection; import java.util.HashMap; @@ -30,7 +30,7 @@ import org.apache.ignite.compute.ComputeJobResult; import org.apache.ignite.compute.ComputeJobResultPolicy; import org.apache.ignite.compute.ComputeTask; -import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.resources.IgniteInstanceResource; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java similarity index 96% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 88de47161b0a1..1b3b5ad562c5e 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -15,12 +15,12 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.compute.closure; +package org.apache.ignite.internal.processors.security.compute.closure; import java.util.UUID; import java.util.stream.Stream; import org.apache.ignite.Ignition; -import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index 32598bb827777..fbf3402e4d0a6 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -15,13 +15,13 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.compute.closure; +package org.apache.ignite.internal.processors.security.compute.closure; import java.util.UUID; import java.util.concurrent.ExecutorService; import org.apache.ignite.Ignite; import org.apache.ignite.Ignition; -import org.apache.ignite.internal.processor.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java similarity index 95% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java index cd222c99d74aa..0442df8b7e9ea 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/DataStreamerPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.datastreamer; +package org.apache.ignite.internal.processors.security.datastreamer; import java.util.Arrays; import java.util.List; @@ -23,7 +23,7 @@ import java.util.function.Consumer; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.plugin.security.SecurityPermission; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java similarity index 94% rename from modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 741fe35f1e01a..399b259434aa5 100644 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -15,14 +15,14 @@ * limitations under the License. */ -package org.apache.ignite.internal.processor.security.datastreamer.closure; +package org.apache.ignite.internal.processors.security.datastreamer.closure; import java.util.Collection; import java.util.Collections; import java.util.UUID; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.Ignition; -import org.apache.ignite.internal.processor.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.stream.StreamVisitor; diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java index ad76174e6073b..ddfa4a0f47aaa 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java @@ -19,10 +19,10 @@ import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.lang.GridAbsPredicate; import org.apache.ignite.lang.IgniteFuture; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi; -import org.apache.ignite.spi.discovery.tcp.TestReconnectPluginProvider; import org.apache.ignite.spi.discovery.tcp.TestReconnectProcessor; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.junit.Test; @@ -42,24 +42,19 @@ public class AuthenticationRestartTest extends GridCommonAbstractTest { ((TcpDiscoverySpi)cfg.getDiscoverySpi()).setJoinTimeout(1120_000); + cfg.setPluginConfigurations( + (TestSecurityPluginConfiguration)TestReconnectProcessor::new + ); + return cfg; } /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - TestReconnectPluginProvider.enabled = true; - TestReconnectProcessor.enabled = true; - startGrid("server"); startGrid("client"); } - /** {@inheritDoc} */ - @Override protected void afterTestsStopped() throws Exception { - TestReconnectPluginProvider.enabled = false; - TestReconnectProcessor.enabled = false; - } - /** * @throws Exception If failed. */ diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java index b61696e09b35a..888e1f2bda57e 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java @@ -28,6 +28,7 @@ import org.apache.ignite.events.Event; import org.apache.ignite.events.EventType; import org.apache.ignite.internal.IgniteClientReconnectAbstractTest; +import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; import org.apache.ignite.lang.IgnitePredicate; import org.apache.ignite.resources.LoggerResource; import org.apache.ignite.spi.discovery.tcp.ipfinder.TcpDiscoveryIpFinder; @@ -68,21 +69,18 @@ public class TcpDiscoveryNodeAttributesUpdateOnReconnectTest extends GridCommonA cfg.setDiscoverySpi(spi); + cfg.setPluginConfigurations( + (TestSecurityPluginConfiguration)TestReconnectProcessor::new + ); + return cfg; } /** {@inheritDoc} */ @Override protected void afterTest() throws Exception { - TestReconnectPluginProvider.enabled = false; - stopAllGrids(); } - /** {@inheritDoc} */ - @Override protected void beforeTest() throws Exception { - TestReconnectPluginProvider.enabled = true; - } - /** * @throws Exception If failed. */ diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java deleted file mode 100644 index ccbf24340e631..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.spi.discovery.tcp; - -import java.io.Serializable; -import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteKernal; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; -import org.apache.ignite.plugin.CachePluginContext; -import org.apache.ignite.plugin.CachePluginProvider; -import org.apache.ignite.plugin.ExtensionRegistry; -import org.apache.ignite.plugin.IgnitePlugin; -import org.apache.ignite.plugin.PluginContext; -import org.apache.ignite.plugin.PluginProvider; -import org.apache.ignite.plugin.PluginValidationException; -import org.jetbrains.annotations.Nullable; - -/** - * Creates TestReconnectProcessor. - */ -public class TestReconnectPluginProvider implements PluginProvider { - /** */ - private GridKernalContext igniteCtx; - - /** */ - public static volatile boolean enabled; - - /** {@inheritDoc} */ - @Override public String name() { - return "TestReconnectPlugin"; - } - - /** {@inheritDoc} */ - @Override public String version() { - return "1.0"; - } - - /** {@inheritDoc} */ - @Override public String copyright() { - return ""; - } - - /** {@inheritDoc} */ - @Override public void initExtensions(PluginContext ctx, ExtensionRegistry registry) { - igniteCtx = ((IgniteKernal)ctx.grid()).context(); - } - - /** {@inheritDoc} */ - @Override public void start(PluginContext ctx) throws IgniteCheckedException { - // No-op - } - - /** {@inheritDoc} */ - @Override public void stop(boolean cancel) throws IgniteCheckedException { - // No-op - } - - /** {@inheritDoc} */ - @Override public void onIgniteStart() throws IgniteCheckedException { - // No-op - } - - /** {@inheritDoc} */ - @Override public void onIgniteStop(boolean cancel) { - // No-op - } - - /** {@inheritDoc} */ - @Nullable @Override public Serializable provideDiscoveryData(UUID nodeId) { - return null; - } - - /** {@inheritDoc} */ - @Override public void receiveDiscoveryData(UUID nodeId, Serializable data) { - // No-op - } - - /** {@inheritDoc} */ - @Override public void validateNewNode(ClusterNode node) throws PluginValidationException { - // No-op - } - - /** {@inheritDoc} */ - @Nullable @Override public Object createComponent(PluginContext ctx, Class cls) { - if (enabled && GridSecurityProcessor.class.equals(cls)) - return new TestReconnectProcessor(igniteCtx); - - return null; - } - - /** {@inheritDoc} */ - @Override public IgnitePlugin plugin() { - return new IgnitePlugin() {}; - } - - /** {@inheritDoc} */ - @Override public CachePluginProvider createCacheProvider(CachePluginContext ctx) { - return null; - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java index 93316fc651256..8af664fa2b4c3 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java @@ -42,13 +42,10 @@ * Updates node attributes on disconnect. */ public class TestReconnectProcessor extends GridProcessorAdapter implements GridSecurityProcessor { - /** Enabled flag. */ - public static boolean enabled; - /** * @param ctx Kernal context. */ - protected TestReconnectProcessor(GridKernalContext ctx) { + public TestReconnectProcessor(GridKernalContext ctx) { super(ctx); } @@ -187,4 +184,4 @@ public TestSecurityContext(SecuritySubject subj) { return true; } } -} +} \ No newline at end of file diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java index 40b3f2255346e..7fc845c773da4 100644 --- a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java +++ b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java @@ -119,6 +119,8 @@ IgnitePlatformsTestSuite.class, + SecurityTestSuite.class, + GridSelfTest.class, ClusterGroupHostsSelfTest.class, IgniteMessagingWithClientTest.class, diff --git a/modules/security/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java similarity index 54% rename from modules/security/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java rename to modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java index 6b664fa81e370..f48ee4878d540 100644 --- a/modules/security/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java +++ b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java @@ -17,19 +17,19 @@ package org.apache.ignite.testsuites; -import org.apache.ignite.internal.processor.security.cache.CacheOperationPermissionCheckTest; -import org.apache.ignite.internal.processor.security.cache.EntryProcessorPermissionCheckTest; -import org.apache.ignite.internal.processor.security.cache.ScanQueryPermissionCheckTest; -import org.apache.ignite.internal.processor.security.cache.closure.CacheLoadRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.cache.closure.EntryProcessorRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.cache.closure.ScanQueryRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.client.ThinClientPermissionCheckTest; -import org.apache.ignite.internal.processor.security.compute.ComputePermissionCheckTest; -import org.apache.ignite.internal.processor.security.compute.closure.ComputeTaskRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.compute.closure.DistributedClosureRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.compute.closure.ExecutorServiceRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processor.security.datastreamer.DataStreamerPermissionCheckTest; -import org.apache.ignite.internal.processor.security.datastreamer.closure.DataStreamerRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.cache.CacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.cache.EntryProcessorPermissionCheckTest; +import org.apache.ignite.internal.processors.security.cache.ScanQueryPermissionCheckTest; +import org.apache.ignite.internal.processors.security.cache.closure.CacheLoadRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.cache.closure.EntryProcessorRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.cache.closure.ScanQueryRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.client.ThinClientPermissionCheckTest; +import org.apache.ignite.internal.processors.security.compute.ComputePermissionCheckTest; +import org.apache.ignite.internal.processors.security.compute.closure.ComputeTaskRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.compute.closure.DistributedClosureRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.compute.closure.ExecutorServiceRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.datastreamer.DataStreamerPermissionCheckTest; +import org.apache.ignite.internal.processors.security.datastreamer.closure.DataStreamerRemoteSecurityContextCheckTest; import org.junit.runner.RunWith; import org.junit.runners.Suite; diff --git a/modules/security/README.txt b/modules/security/README.txt deleted file mode 100644 index 95e1332dcd284..0000000000000 --- a/modules/security/README.txt +++ /dev/null @@ -1,4 +0,0 @@ -Apache Ignite Security Tests ------------------------- - -Special module for security tests. diff --git a/modules/security/licenses/apache-2.0.txt b/modules/security/licenses/apache-2.0.txt deleted file mode 100644 index d645695673349..0000000000000 --- a/modules/security/licenses/apache-2.0.txt +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/modules/security/pom.xml b/modules/security/pom.xml deleted file mode 100644 index 3c5a4c7b887a2..0000000000000 --- a/modules/security/pom.xml +++ /dev/null @@ -1,71 +0,0 @@ - - - - - - - - 4.0.0 - - - org.apache.ignite - ignite-parent - 1 - ../../parent - - - ignite-security - 2.8.0-SNAPSHOT - http://ignite.apache.org - - - - org.apache.ignite - ignite-core - ${project.version} - - - - org.apache.ignite - ignite-log4j - ${project.version} - test - - - org.apache.ignite - ignite-spring - ${project.version} - test - - - com.google.guava - guava - ${guava.version} - test - - - org.apache.ignite - ignite-core - ${project.version} - test-jar - test - - - diff --git a/modules/security/src/main/resources/META-INF/services/org.apache.ignite.plugin.PluginProvider b/modules/security/src/main/resources/META-INF/services/org.apache.ignite.plugin.PluginProvider deleted file mode 100644 index 02875fb8c59a4..0000000000000 --- a/modules/security/src/main/resources/META-INF/services/org.apache.ignite.plugin.PluginProvider +++ /dev/null @@ -1 +0,0 @@ -org.apache.ignite.internal.processor.security.TestSecurityProcessorProvider diff --git a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java b/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java deleted file mode 100644 index 0a0279bc96ba9..0000000000000 --- a/modules/security/src/test/java/org/apache/ignite/internal/processor/security/TestSecurityPluginConfiguration.java +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processor.security; - -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import org.apache.ignite.plugin.PluginConfiguration; -import org.apache.ignite.plugin.security.SecurityPermissionSet; - -/** - * Security configuration for test. - */ -public class TestSecurityPluginConfiguration implements PluginConfiguration { - /** Node security data. */ - private TestSecurityData nodeSecData = new TestSecurityData(); - - /** Thin clients security data. */ - private Collection predefinedAuthData = Collections.emptyList(); - - /** Security processor class name. */ - private String secProcCls; - - /** - * Getting security permission set. - */ - public SecurityPermissionSet getPermissions() { - return nodeSecData.getPermissions(); - } - - /** - * @param prmSet Security permission set. - */ - public TestSecurityPluginConfiguration setPermissions(SecurityPermissionSet prmSet) { - nodeSecData.setPermissions(prmSet); - - return this; - } - - /** - * Login. - */ - public String getLogin() { - return nodeSecData.getLogin(); - } - - /** - * @param login Login. - */ - public TestSecurityPluginConfiguration setLogin(String login) { - nodeSecData.setLogin(login); - - return this; - } - - /** - * Password. - */ - public String getPwd() { - return nodeSecData.getPwd(); - } - - /** - * @param pwd Password. - */ - public TestSecurityPluginConfiguration setPwd(String pwd) { - nodeSecData.setPwd(pwd); - - return this; - } - - /** - * @param nodeSecData Node security data. - */ - public TestSecurityPluginConfiguration nodeSecData(TestSecurityData nodeSecData) { - this.nodeSecData = nodeSecData; - - return this; - } - - /** - * @return Node security data. - */ - public TestSecurityData nodeSecData() { - return nodeSecData; - } - - /** - * @param data Array of thin client security data. - */ - public TestSecurityPluginConfiguration thinClientSecData(TestSecurityData... data) { - predefinedAuthData = Collections.unmodifiableCollection(Arrays.asList(data)); - - return this; - } - - /** - * @return Collection of thin client security data. - */ - public Collection thinClientsSecData() { - return predefinedAuthData; - } - - /** - * Getting security processor class name. - */ - public String getSecurityProcessorClass() { - return secProcCls; - } - - /** - * @param secProcCls Security processor class name. - */ - public TestSecurityPluginConfiguration setSecurityProcessorClass(String secProcCls) { - this.secProcCls = secProcCls; - - return this; - } -} \ No newline at end of file diff --git a/pom.xml b/pom.xml index 5145de3b271c3..36f85dfb08a44 100644 --- a/pom.xml +++ b/pom.xml @@ -53,7 +53,6 @@ modules/extdata/uri modules/extdata/platform modules/clients - modules/security modules/spring modules/spring-data modules/spring-data-2.0 From 2c49569888336e627ff526858c874e066bce7fee Mon Sep 17 00:00:00 2001 From: Denis Garus Date: Fri, 29 Mar 2019 13:19:51 +0300 Subject: [PATCH 82/98] Ignite 9560 rmv sec module (#9) * IGNITE-9560 * IGNITE-9560 Added tests for compute case * IGNITE-9560 Added test suite. Added abstract initiator test class. * IGNITE-9560 Added test for execution service tasks. * IGNITE-9560 Added test for execution service tasks. * IGNITE-9560 Added test for ScanQuery and EntityProcessor * IGNITE-9560 Added tests for Distributed closure, DataStream, LoadCache, ComputeTask * IGNITE-9560 Refact * IGNITE-9560 fix comment * IGNITE-9560 fix comment * IGNITE-9560 dflt test SP * ignite-9560 Security processor for test * IGNITE-9560 fw * IGNITE-9560 fix comment * IGNITE-9560 fix comment * IGNITE-9560 fix comment * IGNITE-9560 fix comment * IGNITE-9560 fix comment * IGNITE-9560 fix comment * IGNITE-9560 thin client test * IGNITE-9560 added thin client test class * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 Added messaging fix and tests. Deleted authorize from thin client requests. * IGNITE-9560 Grid Security Manager. * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 Added Server/Client node tests. * IGNITE-9560 Added Data Streamer cache permissions test on Server/Client nodes. * IGNITE-9560 Added execute task permission test for Execute service. * IGNITE-9560 Added test for compute service. * IGNITE-9560 Added cache permission tests for ScanQuery, EntryProcessor, LoadCache * IGNITE-9560 Fix comments. * IGNITE-9560 Version 2.8.0 * IGNITE-9560 Renaming * IGNITE-9560 JUnit4 * IGNITE-9560 Invoke a closure from the closure * IGNITE-9560 Modified the logic of IgniteSecurityProcessorImpl with taking into account disabled mode. Refactoring of tests. * IGNITE-9560 NoOpIgniteSecurityProcessor. Delete old version of attribute SecurityContext. * IGNITE-9560 Renaming. * IGNITE-9560 Renaming. * IGNITE-9560 JUnit4 * IGNITE-9560 Test class renaming * IGNITE-9560 Test class renaming * IGNITE-9560 Test class renaming * IGNITE-9560 Fix comments. * IGNITE-9560 Fix comments. * IGNITE-9560 Fix comments. * IGNITE-9560 Fix comments. * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix tests * IGNITE-9560 support EntProc * IGNITE-9560 support EntProc * IGNITE-9560 support EntProc * IGNITE-9560 fix test * IMDBGG-1522 Advanced tests for compute, cache, datastreamer * IGNITE-9560 fix comments * IMDBGG-1522 Advanced tests for compute, cache, datastreamer * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 fix comments * IGNITE-9560 BroadcastRunner * IGNITE-9560: test refactoring * IGNITE-9560: test refactoring * IGNITE-9560 fix comments * IGNITE-9560 remove security module * IGNITE-9560 remove security module * IGNITE-9560 Added TestReconnectProcessor * IGNITE-9560 Rename IgniteSecurityProcessor to IgniteSecurity * IGNITE-9560 Config improvement * IGNITE-9560 Config as FunctionalInterface * IGNITE-9560 renaming --- .../internal/ComputeTaskInternalFuture.java | 2 +- .../ignite/internal/GridKernalContext.java | 8 +- .../internal/GridKernalContextImpl.java | 12 +- .../internal/GridMessageListenHandler.java | 2 +- .../apache/ignite/internal/IgniteKernal.java | 17 +- .../ignite/internal/IgniteNodeAttributes.java | 3 - .../managers/communication/GridIoManager.java | 67 ++- .../managers/communication/GridIoMessage.java | 42 +- .../eventstorage/GridEventStorageManager.java | 4 +- .../processors/cache/GridCacheContext.java | 2 +- .../processors/cache/GridCacheProcessor.java | 68 +-- .../reader/StandaloneGridKernalContext.java | 4 +- .../datastreamer/DataStreamerImpl.java | 2 +- .../datastreamer/DataStreamerUpdateJob.java | 2 +- .../odbc/ClientListenerNioListener.java | 8 +- .../processors/rest/GridRestProcessor.java | 10 +- .../top/GridTopologyCommandHandler.java | 2 - .../security/GridSecurityProcessor.java | 5 +- .../processors/security/IgniteSecurity.java | 123 ++++++ .../security/IgniteSecurityProcessor.java | 273 ++++++++++++ .../security/NoOpIgniteSecurityProcessor.java | 208 +++++++++ ...der.java => OperationSecurityContext.java} | 46 +- .../processors/security/SecurityUtils.java | 28 ++ .../security/os/GridOsSecurityProcessor.java | 88 ---- .../service/GridServiceProcessor.java | 10 +- .../service/IgniteServiceProcessor.java | 8 +- .../processors/task/GridTaskProcessor.java | 2 +- .../ignite/spi/discovery/tcp/ServerImpl.java | 81 +--- .../org.apache.ignite.plugin.PluginProvider | 2 +- ...ridDiscoveryManagerAttributesSelfTest.java | 19 +- .../DataStreamerImplSelfTest.java | 2 + ...ractCacheOperationPermissionCheckTest.java | 79 ++++ ...erationRemoteSecurityContextCheckTest.java | 72 ++++ ...bstractRemoteSecurityContextCheckTest.java | 408 ++++++++++++++++++ .../security/AbstractSecurityTest.java | 245 +++++++++++ .../security/TestSecurityContext.java | 124 ++++++ .../processors/security/TestSecurityData.java | 116 +++++ .../TestSecurityPluginConfiguration.java | 33 ++ .../security/TestSecurityProcessor.java | 150 +++++++ .../TestSecurityProcessorProvider.java} | 94 ++-- .../security/TestSecuritySubject.java | 146 +++++++ .../CacheOperationPermissionCheckTest.java | 94 ++++ .../EntryProcessorPermissionCheckTest.java | 126 ++++++ .../cache/ScanQueryPermissionCheckTest.java | 83 ++++ ...cheLoadRemoteSecurityContextCheckTest.java | 150 +++++++ ...ocessorRemoteSecurityContextCheckTest.java | 111 +++++ ...anQueryRemoteSecurityContextCheckTest.java | 116 +++++ .../client/ThinClientPermissionCheckTest.java | 253 +++++++++++ .../compute/ComputePermissionCheckTest.java | 348 +++++++++++++++ ...uteTaskRemoteSecurityContextCheckTest.java | 182 ++++++++ ...ClosureRemoteSecurityContextCheckTest.java | 128 ++++++ ...ServiceRemoteSecurityContextCheckTest.java | 100 +++++ .../DataStreamerPermissionCheckTest.java | 110 +++++ ...treamerRemoteSecurityContextCheckTest.java | 99 +++++ .../discovery/AuthenticationRestartTest.java | 15 +- ...ryNodeAttributesUpdateOnReconnectTest.java | 12 +- .../discovery/tcp/TestReconnectProcessor.java | 67 ++- .../junits/common/GridCommonAbstractTest.java | 20 +- .../testsuites/IgniteBasicTestSuite.java | 2 + .../ignite/testsuites/SecurityTestSuite.java | 57 +++ .../processors/query/h2/CommandProcessor.java | 11 +- .../processors/query/h2/IgniteH2Indexing.java | 2 +- 62 files changed, 4332 insertions(+), 371 deletions(-) create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{SecurityContextHolder.java => OperationSecurityContext.java} (52%) delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java rename modules/core/src/test/java/org/apache/ignite/{spi/discovery/tcp/TestReconnectPluginProvider.java => internal/processors/security/TestSecurityProcessorProvider.java} (59%) create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java create mode 100644 modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java b/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java index 2cb3dfad5e487..6ce9001138b1b 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java @@ -234,7 +234,7 @@ public ComputeTaskSession getTaskSession() { /** {@inheritDoc} */ @Override public boolean cancel() throws IgniteCheckedException { - ctx.security().authorize(ses.getTaskName(), SecurityPermission.TASK_CANCEL, null); + ctx.security().authorize(ses.getTaskName(), SecurityPermission.TASK_CANCEL); if (onCancelled()) { ctx.task().onCancelled(ses.getId()); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java index 744f85857a203..6e4de9e36d01e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java @@ -65,7 +65,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.IgniteSecurity; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.ServiceProcessorAdapter; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -423,11 +423,11 @@ public interface GridKernalContext extends Iterable { public GridCollisionManager collision(); /** - * Gets authentication processor. + * Gets instance of {@link IgniteSecurity}. * - * @return Authentication processor. + * @return Ignite security. */ - public GridSecurityProcessor security(); + public IgniteSecurity security(); /** * Gets load balancing manager. diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java index 85e02f93ce057..db41f9c0272bd 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java @@ -85,7 +85,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.IgniteSecurity; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; import org.apache.ignite.internal.processors.subscription.GridInternalSubscriptionProcessor; @@ -161,7 +161,7 @@ public class GridKernalContextImpl implements GridKernalContext, Externalizable /** */ @GridToStringExclude - private GridSecurityProcessor securityProc; + private IgniteSecurity security; /** */ @GridToStringExclude @@ -582,8 +582,6 @@ else if (comp instanceof GridFailoverManager) failoverMgr = (GridFailoverManager)comp; else if (comp instanceof GridCollisionManager) colMgr = (GridCollisionManager)comp; - else if (comp instanceof GridSecurityProcessor) - securityProc = (GridSecurityProcessor)comp; else if (comp instanceof GridLoadBalancerManager) loadMgr = (GridLoadBalancerManager)comp; else if (comp instanceof GridIndexingManager) @@ -666,6 +664,8 @@ else if (comp instanceof GridInternalSubscriptionProcessor) internalSubscriptionProc = (GridInternalSubscriptionProcessor)comp; else if (comp instanceof IgniteAuthenticationProcessor) authProc = (IgniteAuthenticationProcessor)comp; + else if (comp instanceof IgniteSecurity) + security = (IgniteSecurity)comp; else if (comp instanceof CompressionProcessor) compressProc = (CompressionProcessor)comp; else if (!(comp instanceof DiscoveryNodeValidationProcessor @@ -836,8 +836,8 @@ else if (helper instanceof HadoopHelper) } /** {@inheritDoc} */ - @Override public GridSecurityProcessor security() { - return securityProc; + @Override public IgniteSecurity security() { + return security; } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java index c6a2d0521655d..ea7d6466e4054 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java @@ -140,7 +140,7 @@ public GridMessageListenHandler(GridMessageListenHandler orig) { /** {@inheritDoc} */ @Override public RegisterStatus register(UUID nodeId, UUID routineId, final GridKernalContext ctx) throws IgniteCheckedException { - ctx.io().addUserMessageListener(topic, pred); + ctx.io().addUserMessageListener(topic, pred, nodeId); return RegisterStatus.REGISTERED; } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index 9462c50194bf7..fb9fdf134e1f6 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -166,7 +166,9 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.resource.GridSpringResourceContext; import org.apache.ignite.internal.processors.rest.GridRestProcessor; +import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.NoOpIgniteSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.service.IgniteServiceProcessor; @@ -991,7 +993,7 @@ public void start( startProcessor(new GridTimeoutProcessor(ctx)); // Start security processors. - startProcessor(createComponent(GridSecurityProcessor.class, ctx)); + startProcessor(igniteSecurityProcessor(createComponent(GridSecurityProcessor.class, ctx))); // Start SPI managers. // NOTE: that order matters as there are dependencies between managers. @@ -1304,6 +1306,16 @@ private long checkPoolStarvation( EventType.EVT_NODE_JOINED, localNode()); } + /** + * @param prc GridSecurityProcessor from plugin context or null. + * @return IgniteSecurity. + */ + private GridProcessor igniteSecurityProcessor(GridSecurityProcessor prc) { + return prc != null && prc.enabled() + ? new IgniteSecurityProcessor(ctx, prc) + : new NoOpIgniteSecurityProcessor(ctx); + } + /** * Create description of an executor service for logging. * @@ -4156,6 +4168,9 @@ private static T createComponent(Class cls, GridKer if (cls.equals(IGridClusterStateProcessor.class)) return (T)new GridClusterStateProcessor(ctx); + if(cls.equals(GridSecurityProcessor.class)) + return null; + Class implCls = null; try { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java index 1740072d386aa..1bd0dc8b9ff41 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java @@ -147,9 +147,6 @@ public final class IgniteNodeAttributes { /** Security credentials attribute name. Attribute is not available via public API. */ public static final String ATTR_SECURITY_CREDENTIALS = ATTR_PREFIX + ".security.cred"; - /** Security subject for authenticated node. */ - public static final String ATTR_SECURITY_SUBJECT = ATTR_PREFIX + ".security.subject"; - /** V2 security subject for authenticated node. */ public static final String ATTR_SECURITY_SUBJECT_V2 = ATTR_PREFIX + ".security.subject.v2"; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index c1e1684c57604..041424c58f300 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,6 +70,7 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -1043,7 +1044,7 @@ private void processP2PMessage( assert obj != null; - invokeListener(msg.policy(), lsnr, nodeId, obj); + invokeListener(msg.policy(), lsnr, nodeId, obj, msg.secSubjId()); } finally { threadProcessingMessage(false, null); @@ -1186,7 +1187,7 @@ private void processRegularMessage0(GridIoMessage msg, UUID nodeId) { assert obj != null; - invokeListener(msg.policy(), lsnr, nodeId, obj); + invokeListener(msg.policy(), lsnr, nodeId, obj, msg.secSubjId()); } /** @@ -1548,8 +1549,9 @@ private void unwindMessageSet(GridCommunicationMessageSet msgSet, GridMessageLis * @param lsnr Listener. * @param nodeId Node ID. * @param msg Message. + * @param secSubjId Security subject that will be used to open a security session. */ - private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Object msg) { + private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Object msg, UUID secSubjId) { Byte oldPlc = CUR_PLC.get(); boolean change = !F.eq(oldPlc, plc); @@ -1557,7 +1559,9 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - try { + UUID newSecSubjId = secSubjId != null ? secSubjId : nodeId; + + try(OperationSecurityContext s = ctx.security().withContext(newSecSubjId)) { lsnr.onMessage(nodeId, msg, plc); } finally { @@ -1619,7 +1623,16 @@ private void send( assert !async || msg instanceof GridIoUserMessage : msg; // Async execution was added only for IgniteMessaging. assert topicOrd >= 0 || !(topic instanceof GridTopic) : msg; - GridIoMessage ioMsg = new GridIoMessage(plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); + UUID secSubjId = null; + + if(ctx.security().enabled()) { + UUID curSecSubjId = ctx.security().securityContext().subject().id(); + + if (!locNodeId.equals(curSecSubjId)) + secSubjId = curSecSubjId; + } + + GridIoMessage ioMsg = new GridIoMessage(secSubjId, plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); if (locNodeId.equals(node.id())) { assert plc != P2P_POOL; @@ -1970,11 +1983,16 @@ else if (loc) { } } + public void addUserMessageListener(final @Nullable Object topic, final @Nullable IgniteBiPredicate p) { + addUserMessageListener(topic, p, null); + } + /** * @param topic Topic to subscribe to. * @param p Message predicate. */ - public void addUserMessageListener(@Nullable final Object topic, @Nullable final IgniteBiPredicate p) { + public void addUserMessageListener(final @Nullable Object topic, + final @Nullable IgniteBiPredicate p, final @Nullable UUID nodeId) { if (p != null) { try { if (p instanceof PlatformMessageFilter) @@ -1983,7 +2001,7 @@ public void addUserMessageListener(@Nullable final Object topic, @Nullable final ctx.resource().injectGeneric(p); addMessageListener(TOPIC_COMM_USER, - new GridUserMessageListener(topic, (IgniteBiPredicate)p)); + new GridUserMessageListener(topic, (IgniteBiPredicate)p, nodeId)); } catch (IgniteCheckedException e) { throw new IgniteException(e); @@ -1996,13 +2014,8 @@ public void addUserMessageListener(@Nullable final Object topic, @Nullable final * @param p Message predicate. */ public void removeUserMessageListener(@Nullable Object topic, IgniteBiPredicate p) { - try { - removeMessageListener(TOPIC_COMM_USER, - new GridUserMessageListener(topic, (IgniteBiPredicate)p)); - } - catch (IgniteCheckedException e) { - throw new IgniteException(e); - } + removeMessageListener(TOPIC_COMM_USER, + new GridUserMessageListener(topic, (IgniteBiPredicate)p)); } /** @@ -2417,15 +2430,27 @@ private class GridUserMessageListener implements GridMessageListener { /** User message topic. */ private final Object topic; + /** Initial node id. */ + private final UUID initNodeId; + /** * @param topic User topic. * @param predLsnr Predicate listener. - * @throws IgniteCheckedException If failed to inject resources to predicates. + * @param initNodeId Node id that registered given listener. */ - GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr) - throws IgniteCheckedException { + GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr, + @Nullable UUID initNodeId) { this.topic = topic; this.predLsnr = predLsnr; + this.initNodeId = initNodeId; + } + + /** + * @param topic User topic. + * @param predLsnr Predicate listener. + */ + GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr) { + this(topic, predLsnr, null); } /** {@inheritDoc} */ @@ -2522,8 +2547,10 @@ private class GridUserMessageListener implements GridMessageListener { if (msgBody != null) { if (predLsnr != null) { - if (!predLsnr.apply(nodeId, msgBody)) - removeMessageListener(TOPIC_COMM_USER, this); + try(OperationSecurityContext s = ctx.security().withContext(initNodeId)) { + if (!predLsnr.apply(nodeId, msgBody)) + removeMessageListener(TOPIC_COMM_USER, this); + } } } } @@ -2750,7 +2777,7 @@ void unwind(GridMessageListener lsnr) { for (GridTuple3 t = msgs.poll(); t != null; t = msgs.poll()) { try { - invokeListener(plc, lsnr, nodeId, t.get1().message()); + invokeListener(plc, lsnr, nodeId, t.get1().message(), t.get1().secSubjId()); } finally { if (t.get3() != null) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java index fe61aec834672..a93f45d5481ac 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java @@ -20,6 +20,7 @@ import java.io.Externalizable; import java.nio.ByteBuffer; +import java.util.UUID; import org.apache.ignite.internal.ExecutorAwareMessage; import org.apache.ignite.internal.GridDirectTransient; import org.apache.ignite.internal.processors.cache.GridCacheMessage; @@ -67,6 +68,9 @@ public class GridIoMessage implements Message { /** Message. */ private Message msg; + /** Security subject id that will be used during message processing on an remote node. */ + private UUID secSubjId; + /** * No-op constructor to support {@link Externalizable} interface. * This constructor is not meant to be used for other purposes. @@ -76,6 +80,7 @@ public GridIoMessage() { } /** + * @param secSubjId Security subject id. * @param plc Policy. * @param topic Communication topic. * @param topicOrd Topic ordinal value. @@ -85,6 +90,7 @@ public GridIoMessage() { * @param skipOnTimeout Whether message can be skipped on timeout. */ public GridIoMessage( + UUID secSubjId, byte plc, Object topic, int topicOrd, @@ -97,6 +103,7 @@ public GridIoMessage( assert topicOrd <= Byte.MAX_VALUE; assert msg != null; + this.secSubjId = secSubjId; this.plc = plc; this.msg = msg; this.topic = topic; @@ -113,6 +120,13 @@ byte policy() { return plc; } + /** + * @return Security subject id. + */ + UUID secSubjId() { + return secSubjId; + } + /** * @return Topic. */ @@ -222,24 +236,30 @@ boolean isOrdered() { writer.incrementState(); case 3: - if (!writer.writeBoolean("skipOnTimeout", skipOnTimeout)) + if (!writer.writeUuid("secSubjId", secSubjId)) return false; writer.incrementState(); case 4: - if (!writer.writeLong("timeout", timeout)) + if (!writer.writeBoolean("skipOnTimeout", skipOnTimeout)) return false; writer.incrementState(); case 5: - if (!writer.writeByteArray("topicBytes", topicBytes)) + if (!writer.writeLong("timeout", timeout)) return false; writer.incrementState(); case 6: + if (!writer.writeByteArray("topicBytes", topicBytes)) + return false; + + writer.incrementState(); + + case 7: if (!writer.writeInt("topicOrd", topicOrd)) return false; @@ -283,7 +303,7 @@ boolean isOrdered() { reader.incrementState(); case 3: - skipOnTimeout = reader.readBoolean("skipOnTimeout"); + secSubjId = reader.readUuid("secSubjId"); if (!reader.isLastRead()) return false; @@ -291,7 +311,7 @@ boolean isOrdered() { reader.incrementState(); case 4: - timeout = reader.readLong("timeout"); + skipOnTimeout = reader.readBoolean("skipOnTimeout"); if (!reader.isLastRead()) return false; @@ -299,7 +319,7 @@ boolean isOrdered() { reader.incrementState(); case 5: - topicBytes = reader.readByteArray("topicBytes"); + timeout = reader.readLong("timeout"); if (!reader.isLastRead()) return false; @@ -307,6 +327,14 @@ boolean isOrdered() { reader.incrementState(); case 6: + topicBytes = reader.readByteArray("topicBytes"); + + if (!reader.isLastRead()) + return false; + + reader.incrementState(); + + case 7: topicOrd = reader.readInt("topicOrd"); if (!reader.isLastRead()) @@ -326,7 +354,7 @@ boolean isOrdered() { /** {@inheritDoc} */ @Override public byte fieldsCount() { - return 7; + return 8; } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java index 5af3495fde2b3..12c480a0a8e9e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java @@ -374,7 +374,7 @@ public int[] enabledEvents() { public synchronized void enableEvents(int[] types) { assert types != null; - ctx.security().authorize(null, SecurityPermission.EVENTS_ENABLE, null); + ctx.security().authorize(SecurityPermission.EVENTS_ENABLE); boolean[] userRecordableEvts0 = userRecordableEvts; boolean[] recordableEvts0 = recordableEvts; @@ -416,7 +416,7 @@ public synchronized void enableEvents(int[] types) { public synchronized void disableEvents(int[] types) { assert types != null; - ctx.security().authorize(null, SecurityPermission.EVENTS_DISABLE, null); + ctx.security().authorize(SecurityPermission.EVENTS_DISABLE); boolean[] userRecordableEvts0 = userRecordableEvts; boolean[] recordableEvts0 = recordableEvts; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java index 294393293cca0..9d52c752c78ea 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java @@ -821,7 +821,7 @@ public void checkSecurity(SecurityPermission op) throws SecurityException { if (CU.isSystemCache(name())) return; - ctx.security().authorize(name(), op, null); + ctx.security().authorize(name(), op); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index 7bed0f6e281ca..69c8f510e178c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -138,6 +138,7 @@ import org.apache.ignite.internal.processors.query.schema.SchemaNodeLeaveExchangeWorkerTask; import org.apache.ignite.internal.processors.query.schema.message.SchemaAbstractDiscoveryMessage; import org.apache.ignite.internal.processors.query.schema.message.SchemaProposeDiscoveryMessage; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; @@ -204,6 +205,7 @@ import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_TX_CONFIG; import static org.apache.ignite.internal.processors.cache.GridCacheUtils.isNearEnabled; import static org.apache.ignite.internal.processors.cache.GridCacheUtils.isPersistentCache; +import static org.apache.ignite.internal.processors.security.SecurityUtils.nodeSecurityContext; import static org.apache.ignite.internal.util.IgniteUtils.doInParallel; /** @@ -3348,7 +3350,7 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, } /** {@inheritDoc} */ - @Nullable @Override public IgniteNodeValidationResult validateNode( + @Override public @Nullable IgniteNodeValidationResult validateNode( ClusterNode node, JoiningNodeDiscoveryData discoData ) { if(!cachesInfo.isMergeConfigSupports(node)) @@ -3359,24 +3361,30 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, boolean isGridActive = ctx.state().clusterState().active(); - StringBuilder errorMessage = new StringBuilder(); + StringBuilder errorMsg = new StringBuilder(); - for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { - try { - byte[] secCtxBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + SecurityContext secCtx = null; - if (secCtxBytes != null) { - SecurityContext secCtx = U.unmarshal(marsh, secCtxBytes, U.resolveClassLoader(ctx.config())); + if (ctx.security().enabled()) { + try { + secCtx = nodeSecurityContext(marsh, U.resolveClassLoader(ctx.config()), node); + } + catch (SecurityException se) { + errorMsg.append(se.getMessage()); + } + } - if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) - authorizeCacheCreate(cacheInfo.cacheData().config(), secCtx); + for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { + if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) { + try (OperationSecurityContext s = ctx.security().withContext(secCtx)) { + authorizeCacheCreate(cacheInfo.cacheData().config()); } - } - catch (SecurityException | IgniteCheckedException ex) { - if (errorMessage.length() > 0) - errorMessage.append("\n"); + catch (SecurityException ex) { + if (errorMsg.length() > 0) + errorMsg.append("\n"); - errorMessage.append(ex.getMessage()); + errorMsg.append(ex.getMessage()); + } } DynamicCacheDescriptor localDesc = cacheDescriptor(cacheInfo.cacheData().config().getName()); @@ -3387,19 +3395,19 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, QuerySchemaPatch schemaPatch = localDesc.makeSchemaPatch(cacheInfo.cacheData().queryEntities()); if (schemaPatch.hasConflicts() || (isGridActive && !schemaPatch.isEmpty())) { - if (errorMessage.length() > 0) - errorMessage.append("\n"); + if (errorMsg.length() > 0) + errorMsg.append("\n"); if (schemaPatch.hasConflicts()) - errorMessage.append(String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, + errorMsg.append(String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, localDesc.cacheName(), schemaPatch.getConflictsMessage())); else - errorMessage.append(String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, localDesc.cacheName())); + errorMsg.append(String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, localDesc.cacheName())); } } - if (errorMessage.length() > 0) { - String msg = errorMessage.toString(); + if (errorMsg.length() > 0) { + String msg = errorMsg.toString(); return new IgniteNodeValidationResult(node.id(), msg, msg); } @@ -4360,28 +4368,28 @@ private Collection initiateCacheChanges( * Authorize creating cache. * * @param cfg Cache configuration. - * @param secCtx Optional security context. */ - private void authorizeCacheCreate(CacheConfiguration cfg, SecurityContext secCtx) { - ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, secCtx); + private void authorizeCacheCreate(CacheConfiguration cfg) { + if(cfg != null) { + ctx.security().authorize(cfg.getName(), SecurityPermission.CACHE_CREATE); - if (cfg != null && cfg.isOnheapCacheEnabled() && - IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DISABLE_ONHEAP_CACHE)) - throw new SecurityException("Authorization failed for enabling on-heap cache."); + if (cfg.isOnheapCacheEnabled() && + IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DISABLE_ONHEAP_CACHE)) + throw new SecurityException("Authorization failed for enabling on-heap cache."); + } } /** - * Authorize dynamic cache management for this node. + * Authorize dynamic cache management. * * @param req start/stop cache request. */ private void authorizeCacheChange(DynamicCacheChangeRequest req) { - // Null security context means authorize this node. if (req.cacheType() == null || req.cacheType() == CacheType.USER) { if (req.stop()) - ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, null); + ctx.security().authorize(req.cacheName(), SecurityPermission.CACHE_DESTROY); else - authorizeCacheCreate(req.startCacheConfiguration(), null); + authorizeCacheCreate(req.startCacheConfiguration()); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java index 0396c3e43a76a..c1ca45dbceb31 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java @@ -80,7 +80,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.IgniteSecurity; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -458,7 +458,7 @@ protected IgniteConfiguration prepareIgniteConfiguration() { } /** {@inheritDoc} */ - @Override public GridSecurityProcessor security() { + @Override public IgniteSecurity security() { return null; } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java index 5e3a0c825ffc3..4f8ae3df399a3 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java @@ -1443,7 +1443,7 @@ private void checkSecurityPermission(SecurityPermission perm) if (!ctx.security().enabled()) return; - ctx.security().authorize(cacheName, perm, null); + ctx.security().authorize(cacheName, perm); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java index c2ab0c7cff679..ef9ef2db5f23f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java @@ -166,6 +166,6 @@ private void checkSecurityPermission(SecurityPermission perm) if (!ctx.security().enabled()) return; - ctx.security().authorize(cacheName, perm, null); + ctx.security().authorize(cacheName, perm); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java index defde3df5b0a8..7d58503467db3 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java @@ -33,8 +33,7 @@ import org.apache.ignite.internal.processors.odbc.odbc.OdbcConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientStatus; -import org.apache.ignite.internal.processors.security.SecurityContext; -import org.apache.ignite.internal.processors.security.SecurityContextHolder; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.util.GridSpinBusyLock; import org.apache.ignite.internal.util.nio.GridNioServerListenerAdapter; import org.apache.ignite.internal.util.nio.GridNioSession; @@ -172,17 +171,14 @@ public ClientListenerNioListener(GridKernalContext ctx, GridSpinBusyLock busyLoc ClientListenerResponse resp; AuthorizationContext authCtx = connCtx.authorizationContext(); - SecurityContext oldSecCtx = SecurityContextHolder.push(connCtx.securityContext()); if (authCtx != null) AuthorizationContext.context(authCtx); - try { + try(OperationSecurityContext s = ctx.security().withContext(connCtx.securityContext())) { resp = handler.handle(req); } finally { - SecurityContextHolder.pop(oldSecCtx); - if (authCtx != null) AuthorizationContext.clear(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index 2b0faafda3ec9..2dd23a3dd5f0c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -64,6 +64,7 @@ import org.apache.ignite.internal.processors.rest.request.GridRestRequest; import org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest; import org.apache.ignite.internal.processors.rest.request.RestQueryRequest; +import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.GridSpinReadWriteLock; import org.apache.ignite.internal.util.future.GridFinishedFuture; @@ -271,7 +272,9 @@ private IgniteInternalFuture handleRequest(final GridRestReque if (secCtx0 == null || ses.isTokenExpired(sesTokTtl)) ses.secCtx = secCtx0 = authenticate(req, ses); - authorize(req, secCtx0); + try(OperationSecurityContext s = ctx.security().withContext(secCtx0)) { + authorize(req); + } } catch (SecurityException e) { assert secCtx0 != null; @@ -821,10 +824,9 @@ private SecurityContext authenticate(GridRestRequest req, Session ses) throws Ig /** * @param req REST request. - * @param sCtx Security context. * @throws SecurityException If authorization failed. */ - private void authorize(GridRestRequest req, SecurityContext sCtx) throws SecurityException { + private void authorize(GridRestRequest req) throws SecurityException { SecurityPermission perm = null; String name = null; @@ -933,7 +935,7 @@ private void authorize(GridRestRequest req, SecurityContext sCtx) throws Securit } if (perm != null) - ctx.security().authorize(name, perm, sCtx); + ctx.security().authorize(name, perm); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java index edcb3741bc331..52a5f375e310c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java @@ -57,7 +57,6 @@ import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_REST_TCP_HOST_NAMES; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_REST_TCP_PORT; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS; -import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_SECURITY_SUBJECT; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_TX_CONFIG; import static org.apache.ignite.internal.processors.rest.GridRestCommand.NODE; @@ -293,7 +292,6 @@ private GridClientNodeBean createNodeBean(ClusterNode node, boolean mtr, boolean attrs.remove(ATTR_CACHE); attrs.remove(ATTR_TX_CONFIG); - attrs.remove(ATTR_SECURITY_SUBJECT); attrs.remove(ATTR_SECURITY_SUBJECT_V2); attrs.remove(ATTR_SECURITY_CREDENTIALS); attrs.remove(ATTR_BINARY_CONFIGURATION); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java index ef53566fd62bd..192cc3cd3a157 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java @@ -27,7 +27,6 @@ import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecuritySubject; -import org.jetbrains.annotations.Nullable; /** * This interface defines a grid authentication processor. @@ -84,7 +83,7 @@ public interface GridSecurityProcessor extends GridProcessor { * @param securityCtx Optional security context. * @throws SecurityException If security check failed. */ - public void authorize(String name, SecurityPermission perm, @Nullable SecurityContext securityCtx) + public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException; /** @@ -96,6 +95,8 @@ public void authorize(String name, SecurityPermission perm, @Nullable SecurityCo /** * @return GridSecurityProcessor is enable. + * @deprecated To determine the security mode use {@link IgniteSecurity#enabled()}. */ + @Deprecated public boolean enabled(); } \ No newline at end of file diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java new file mode 100644 index 0000000000000..bfdd4e2b3701a --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java @@ -0,0 +1,123 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.Collection; +import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; + +/** + * Ignite Security Processor. + *

      + * The differences between {@code IgniteSecurity} and {@code GridSecurityProcessor} are: + *

        + *
      • {@code IgniteSecurity} allows to define a current security context by + * {@link #withContext(SecurityContext)} or {@link #withContext(UUID)} methods. + *
      • {@code IgniteSecurity} doesn't require to pass {@code SecurityContext} to authorize operations. + *
      • {@code IgniteSecurity} doesn't extend {@code GridProcessor} interface + * sequentially it doesn't have any methods of the lifecycle of {@code GridProcessor}. + *
      + */ +public interface IgniteSecurity { + /** + * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until + * holder {@link OperationSecurityContext} will be closed. + * + * @param secCtx Security Context. + * @return Security context holder. + */ + public OperationSecurityContext withContext(SecurityContext secCtx); + + /** + * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link + * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by + * node with given nodeId until holder {@link OperationSecurityContext} will be closed. + * + * @param nodeId Node id. + * @return Security context holder. + */ + public OperationSecurityContext withContext(UUID nodeId); + + /** + * @return SecurityContext of holder {@link OperationSecurityContext}. + */ + public SecurityContext securityContext(); + + /** + * Delegates call to {@link GridSecurityProcessor#authenticateNode(org.apache.ignite.cluster.ClusterNode, + * org.apache.ignite.plugin.security.SecurityCredentials)} + */ + public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException; + + /** + * Delegates call to {@link GridSecurityProcessor#isGlobalNodeAuthentication()} + */ + public boolean isGlobalNodeAuthentication(); + + /** + * Delegates call to {@link GridSecurityProcessor#authenticate(AuthenticationContext)} + */ + public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException; + + /** + * Delegates call to {@link GridSecurityProcessor#authenticatedSubjects()} + */ + public Collection authenticatedSubjects() throws IgniteCheckedException; + + /** + * Delegates call to {@link GridSecurityProcessor#authenticatedSubject(UUID)} + */ + public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException; + + /** + * Delegates call to {@link GridSecurityProcessor#onSessionExpired(UUID)} + */ + public void onSessionExpired(UUID subjId); + + /** + * Authorizes grid operation. + * + * @param name Cache name or task class name. + * @param perm Permission to authorize. + * @throws SecurityException If security check failed. + */ + public void authorize(String name, SecurityPermission perm) throws SecurityException; + + /** + * Authorizes grid system operation. + * + * @param perm Permission to authorize. + * @throws SecurityException If security check failed. + */ + public default void authorize(SecurityPermission perm) throws SecurityException { + authorize(null, perm); + } + + /** + * @return True if IgniteSecurity is a plugin implementation, + * false if it's used a default NoOp implementation. + */ + public boolean enabled(); +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java new file mode 100644 index 0000000000000..4dbb927240d94 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -0,0 +1,273 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.Collection; +import java.util.Map; +import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.IgniteInternalFuture; +import org.apache.ignite.internal.processors.GridProcessor; +import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.internal.util.typedef.internal.U; +import org.apache.ignite.lang.IgniteFuture; +import org.apache.ignite.marshaller.MarshallerUtils; +import org.apache.ignite.marshaller.jdk.JdkMarshaller; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.spi.IgniteNodeValidationResult; +import org.apache.ignite.spi.discovery.DiscoveryDataBag; +import org.jetbrains.annotations.Nullable; + +import static org.apache.ignite.events.EventType.EVT_NODE_FAILED; +import static org.apache.ignite.events.EventType.EVT_NODE_LEFT; +import static org.apache.ignite.internal.processors.security.SecurityUtils.nodeSecurityContext; + +/** + * Default Grid security Manager implementation. + */ +public class IgniteSecurityProcessor implements IgniteSecurity, GridProcessor { + /** */ + private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's grid security processor class " + + "is not equal to remote node's grid security processor class " + + "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; + + /** Internal attribute name constant. */ + public static final String ATTR_GRID_SEC_PROC_CLASS = "grid.security.processor.class"; + + /** Current security context. */ + private final ThreadLocal curSecCtx = ThreadLocal.withInitial(this::localSecurityContext); + + /** Grid kernal context. */ + private final GridKernalContext ctx; + + /** Security processor. */ + private final GridSecurityProcessor secPrc; + + /** Must use JDK marshaller for Security Subject. */ + private final JdkMarshaller marsh; + + /** Map of security contexts. Key is node's id. */ + private final Map secCtxs = new ConcurrentHashMap<>(); + + /** + * @param ctx Grid kernal context. + * @param secPrc Security processor. + */ + public IgniteSecurityProcessor(GridKernalContext ctx, GridSecurityProcessor secPrc) { + assert ctx != null; + assert secPrc != null; + + this.ctx = ctx; + this.secPrc = secPrc; + + marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName()); + } + + /** {@inheritDoc} */ + @Override public OperationSecurityContext withContext(SecurityContext secCtx) { + assert secCtx != null; + + SecurityContext old = curSecCtx.get(); + + curSecCtx.set(secCtx); + + return new OperationSecurityContext(this, old); + } + + /** {@inheritDoc} */ + @Override public OperationSecurityContext withContext(UUID nodeId) { + return withContext( + secCtxs.computeIfAbsent(nodeId, + uuid -> nodeSecurityContext( + marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().node(uuid) + ) + ) + ); + } + + /** {@inheritDoc} */ + @Override public SecurityContext securityContext() { + SecurityContext res = curSecCtx.get(); + + assert res != null; + + return res; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) + throws IgniteCheckedException { + return secPrc.authenticateNode(node, cred); + } + + /** {@inheritDoc} */ + @Override public boolean isGlobalNodeAuthentication() { + return secPrc.isGlobalNodeAuthentication(); + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { + return secPrc.authenticate(ctx); + } + + /** {@inheritDoc} */ + @Override public Collection authenticatedSubjects() throws IgniteCheckedException { + return secPrc.authenticatedSubjects(); + } + + /** {@inheritDoc} */ + @Override public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException { + return secPrc.authenticatedSubject(subjId); + } + + /** {@inheritDoc} */ + @Override public void onSessionExpired(UUID subjId) { + secPrc.onSessionExpired(subjId); + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm) throws SecurityException { + SecurityContext secCtx = curSecCtx.get(); + + assert secCtx != null; + + secPrc.authorize(name, perm, secCtx); + } + + /** {@inheritDoc} */ + @Override public boolean enabled() { + return true; + } + + /** {@inheritDoc} */ + @Override public void start() throws IgniteCheckedException { + ctx.addNodeAttribute(ATTR_GRID_SEC_PROC_CLASS, secPrc.getClass().getName()); + + secPrc.start(); + } + + /** {@inheritDoc} */ + @Override public void stop(boolean cancel) throws IgniteCheckedException { + secPrc.stop(cancel); + } + + /** {@inheritDoc} */ + @Override public void onKernalStart(boolean active) throws IgniteCheckedException { + ctx.event().addDiscoveryEventListener( + (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()), EVT_NODE_FAILED, EVT_NODE_LEFT + ); + + secPrc.onKernalStart(active); + } + + /** {@inheritDoc} */ + @Override public void onKernalStop(boolean cancel) { + secPrc.onKernalStop(cancel); + } + + /** {@inheritDoc} */ + @Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) { + secPrc.collectJoiningNodeData(dataBag); + } + + /** {@inheritDoc} */ + @Override public void collectGridNodeData(DiscoveryDataBag dataBag) { + secPrc.collectGridNodeData(dataBag); + } + + /** {@inheritDoc} */ + @Override public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) { + secPrc.onGridDataReceived(data); + } + + /** {@inheritDoc} */ + @Override public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) { + secPrc.onJoiningNodeDataReceived(data); + } + + /** {@inheritDoc} */ + @Override public void printMemoryStats() { + secPrc.printMemoryStats(); + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node) { + IgniteNodeValidationResult res = validateSecProcClass(node); + + return res != null ? res : secPrc.validateNode(node); + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node, + DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { + IgniteNodeValidationResult res = validateSecProcClass(node); + + return res != null ? res : secPrc.validateNode(node, discoData); + } + + /** {@inheritDoc} */ + @Override public @Nullable DiscoveryDataExchangeType discoveryDataType() { + return secPrc.discoveryDataType(); + } + + /** {@inheritDoc} */ + @Override public void onDisconnected(IgniteFuture reconnectFut) throws IgniteCheckedException { + secPrc.onDisconnected(reconnectFut); + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteInternalFuture onReconnected( + boolean clusterRestarted) throws IgniteCheckedException { + return secPrc.onReconnected(clusterRestarted); + } + + /** + * Getting local node's security context. + * + * @return Security context of local node. + */ + private SecurityContext localSecurityContext() { + return nodeSecurityContext(marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().localNode()); + } + + /** + * Validates that remote node's grid security processor class is the same as local one. + * + * @param node Joining node. + * @return Validation result or {@code null} in case of success. + */ + private IgniteNodeValidationResult validateSecProcClass(ClusterNode node) { + String rmtCls = node.attribute(ATTR_GRID_SEC_PROC_CLASS); + String locCls = secPrc.getClass().getName(); + + if (!F.eq(locCls, rmtCls)) { + return new IgniteNodeValidationResult(node.id(), + String.format(MSG_SEC_PROC_CLS_IS_INVALID, ctx.localNodeId(), node.id(), locCls, rmtCls), + String.format(MSG_SEC_PROC_CLS_IS_INVALID, node.id(), ctx.localNodeId(), rmtCls, locCls)); + } + + return null; + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java new file mode 100644 index 0000000000000..00dabdf40e496 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -0,0 +1,208 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.Collection; +import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.IgniteInternalFuture; +import org.apache.ignite.internal.processors.GridProcessor; +import org.apache.ignite.lang.IgniteFuture; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.spi.IgniteNodeValidationResult; +import org.apache.ignite.spi.discovery.DiscoveryDataBag; +import org.jetbrains.annotations.Nullable; + +import static org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.ATTR_GRID_SEC_PROC_CLASS; + +/** + * No operation Ignite Security Processor. + */ +public class NoOpIgniteSecurityProcessor implements IgniteSecurity, GridProcessor { + /** */ + private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's ignite security processor class " + + "is not equal to remote node's ignite security processor class " + + "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; + + /** No operation security context. */ + private final OperationSecurityContext opSecCtx = new OperationSecurityContext(this, null); + + /** Grid kernal context. */ + private final GridKernalContext ctx; + + /** + * @param ctx Grid kernal context. + */ + public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { + this.ctx = ctx; + } + + /** {@inheritDoc} */ + @Override public OperationSecurityContext withContext(SecurityContext secCtx) { + return opSecCtx; + } + + /** {@inheritDoc} */ + @Override public OperationSecurityContext withContext(UUID nodeId) { + return opSecCtx; + } + + /** {@inheritDoc} */ + @Override public SecurityContext securityContext() { + return null; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) { + return null; + } + + /** {@inheritDoc} */ + @Override public boolean isGlobalNodeAuthentication() { + return false; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticate(AuthenticationContext ctx) { + return null; + } + + /** {@inheritDoc} */ + @Override public Collection authenticatedSubjects() { + return null; + } + + /** {@inheritDoc} */ + @Override public SecuritySubject authenticatedSubject(UUID subjId) { + return null; + } + + /** {@inheritDoc} */ + @Override public void onSessionExpired(UUID subjId) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm) throws SecurityException { + // No-op. + } + + /** {@inheritDoc} */ + @Override public boolean enabled() { + return false; + } + + /** {@inheritDoc} */ + @Override public void start() throws IgniteCheckedException { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void stop(boolean cancel) throws IgniteCheckedException { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void onKernalStart(boolean active) throws IgniteCheckedException { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void onKernalStop(boolean cancel) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void collectGridNodeData(DiscoveryDataBag dataBag) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void printMemoryStats() { + // No-op. + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node) { + return validateSecProcClass(node); + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node, + DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { + return validateSecProcClass(node); + } + + /** {@inheritDoc} */ + @Override public @Nullable DiscoveryDataExchangeType discoveryDataType() { + return null; + } + + /** {@inheritDoc} */ + @Override public void onDisconnected(IgniteFuture reconnectFut) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public @Nullable IgniteInternalFuture onReconnected(boolean clusterRestarted) { + return null; + } + + /** + * Validates that remote node's grid security processor class is undefined. + * + * @param node Joining node. + * @return Validation result or {@code null} in case of success. + */ + private IgniteNodeValidationResult validateSecProcClass(ClusterNode node){ + String rmtCls = node.attribute(ATTR_GRID_SEC_PROC_CLASS); + + if (rmtCls != null) { + ClusterNode locNode = ctx.discovery().localNode(); + + return new IgniteNodeValidationResult( + node.id(), + String.format(MSG_SEC_PROC_CLS_IS_INVALID, locNode.id(), node.id(), "undefined", rmtCls), + String.format(MSG_SEC_PROC_CLS_IS_INVALID, node.id(), locNode.id(), rmtCls, "undefined") + ); + } + + return null; + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java similarity index 52% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java index d01071166ea73..3fdac47dc89d2 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java @@ -17,44 +17,30 @@ package org.apache.ignite.internal.processors.security; -import org.jetbrains.annotations.Nullable; - /** - * Thread-local security context. + * */ -public class SecurityContextHolder { - /** Context. */ - private static final ThreadLocal CTX = new ThreadLocal<>(); +public class OperationSecurityContext implements AutoCloseable { + /** Ignite Security. */ + private final IgniteSecurity proc; - /** - * Get security context. - * - * @return Security context. - */ - @Nullable public static SecurityContext get() { - return CTX.get(); - } + /** Security context. */ + private final SecurityContext secCtx; /** - * Set security context. - * - * @param ctx Context. - * @return Old context. + * @param proc Ignite Security. + * @param secCtx Security context. */ - public static SecurityContext push(@Nullable SecurityContext ctx) { - SecurityContext oldCtx = CTX.get(); - - CTX.set(ctx); + OperationSecurityContext(IgniteSecurity proc, SecurityContext secCtx) { + assert proc != null; + assert secCtx != null || !proc.enabled(); - return oldCtx; + this.proc = proc; + this.secCtx = secCtx; } - /** - * Pop security context. - * - * @param oldCtx Old context. - */ - public static void pop(@Nullable SecurityContext oldCtx) { - CTX.set(oldCtx); + /** {@inheritDoc} */ + @Override public void close() { + proc.withContext(secCtx); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java index fbc3158ab1cb9..41d2ce9ea07d4 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java @@ -21,7 +21,13 @@ import java.util.Collection; import java.util.HashMap; import java.util.Map; +import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteSystemProperties; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.IgniteNodeAttributes; +import org.apache.ignite.internal.util.typedef.internal.U; +import org.apache.ignite.marshaller.Marshaller; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; /** @@ -85,4 +91,26 @@ public static Map> compatibleServicePermi return srvcPerms; } + + /** + * Getting node's security context. + * + * @param marsh Marshaller. + * @param ldr Class loader. + * @param node Node. + * @return Node's security context. + */ + public static SecurityContext nodeSecurityContext(Marshaller marsh, ClassLoader ldr, ClusterNode node) { + byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); + + if (subjBytes == null) + throw new SecurityException("Security context isn't certain."); + + try { + return U.unmarshal(marsh, subjBytes, ldr); + } + catch (IgniteCheckedException e) { + throw new SecurityException("Failed to get security context.", e); + } + } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java deleted file mode 100644 index 42f9661cc005d..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.os; - -import java.util.Collection; -import java.util.Collections; -import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.processors.GridProcessorAdapter; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; -import org.apache.ignite.internal.processors.security.SecurityContext; -import org.apache.ignite.plugin.security.AuthenticationContext; -import org.apache.ignite.plugin.security.SecurityCredentials; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecuritySubject; -import org.jetbrains.annotations.Nullable; - -/** - * No-op implementation for {@link GridSecurityProcessor}. - */ -public class GridOsSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { - /** - * @param ctx Kernal context. - */ - public GridOsSecurityProcessor(GridKernalContext ctx) { - super(ctx); - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) - throws IgniteCheckedException { - return null; - } - - /** {@inheritDoc} */ - @Override public boolean isGlobalNodeAuthentication() { - return false; - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException { - return null; - } - - /** {@inheritDoc} */ - @Override public Collection authenticatedSubjects() { - return Collections.emptyList(); - } - - /** {@inheritDoc} */ - @Override public SecuritySubject authenticatedSubject(UUID nodeId) { - return null; - } - - /** {@inheritDoc} */ - @Override public void authorize(String name, SecurityPermission perm, @Nullable SecurityContext securityCtx) - throws SecurityException { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onSessionExpired(UUID subjId) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public boolean enabled() { - return false; - } -} \ No newline at end of file diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java index 2b6e05098824d..602bf627775ad 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java @@ -538,7 +538,7 @@ private PreparedConfigurations prepareServiceConfigurations(CollectiongetFieldValue(ioMsg, "plc"), GridTestUtils.getFieldValue(ioMsg, "topic"), GridTestUtils.getFieldValue(ioMsg, "topicOrd"), diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java new file mode 100644 index 0000000000000..8050897efeedd --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.concurrent.atomic.AtomicInteger; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.util.typedef.T2; + +/** + * + */ +public abstract class AbstractCacheOperationPermissionCheckTest extends AbstractSecurityTest { + /** Cache name for tests. */ + protected static final String CACHE_NAME = "TEST_CACHE"; + + /** Forbidden cache. */ + protected static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; + + /** Values. */ + protected AtomicInteger values = new AtomicInteger(0); + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid("server", allowAllPermissionSet()).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + return super.getConfiguration(igniteInstanceName) + .setCacheConfiguration(getCacheConfigurations()); + } + + /** + * @return Array of cache configurations. + */ + protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration().setName(CACHE_NAME), + new CacheConfiguration().setName(FORBIDDEN_CACHE) + }; + } + + /** + * Getting login prefix. + * + * @param isClient True if is client mode. + * @return Prefix. + */ + protected String loginPrefix(boolean isClient) { + return isClient ? "client" : "server"; + } + + /** + * @return Cache entry for test. + */ + protected T2 entry() { + int val = values.incrementAndGet(); + + return new T2<>("key_" + val, -1 * val); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..f7380c2d513c5 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java @@ -0,0 +1,72 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.util.typedef.G; + +/** + * + */ +public abstract class AbstractCacheOperationRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** Cache name for tests. */ + protected static final String CACHE_NAME = "TEST_CACHE"; + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { + return super.getConfiguration(igniteInstanceName) + .setCacheConfiguration(getCacheConfigurations()); + } + + /** + * Getting array of cache configurations. + */ + protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration<>() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + }; + } + + /** + * Getting the key that is contained on primary partition on passed node for {@link #CACHE_NAME} cache. + * + * @param ignite Node. + * @return Key. + */ + protected Integer prmKey(IgniteEx ignite) { + return findKeys(ignite.localNode(), ignite.cache(CACHE_NAME), 1, 0, 0) + .stream() + .findFirst() + .orElseThrow(() -> new IllegalStateException(ignite.name() + " isn't primary node for any key.")); + } + + /** + * Getting the key that is contained on primary partition on passed node for {@link #CACHE_NAME} cache. + * + * @param nodeName Node name. + * @return Key. + */ + protected Integer prmKey(String nodeName) { + return prmKey((IgniteEx)G.ignite(nodeName)); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..4181eefe40e6a --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java @@ -0,0 +1,408 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Objects; +import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; +import java.util.stream.Stream; +import javax.cache.Cache; +import javax.cache.processor.EntryProcessor; +import javax.cache.processor.MutableEntry; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCompute; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.util.typedef.T2; +import org.apache.ignite.internal.util.typedef.X; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteBiPredicate; +import org.apache.ignite.lang.IgniteCallable; +import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.plugin.security.SecurityException; + +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; + +/** + * + */ +public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSecurityTest { + /** Transition load cache. */ + protected static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; + + /** Name of server initiator node. */ + protected static final String SRV_INITIATOR = "srv_initiator"; + + /** Name of client initiator node. */ + protected static final String CLNT_INITIATOR = "clnt_initiator"; + + /** Name of server feature call node. */ + protected static final String SRV_RUN = "srv_run"; + + /** Name of client feature call node. */ + protected static final String CLNT_RUN = "clnt_run"; + + /** Name of server feature transit node. */ + protected static final String SRV_CHECK = "srv_check"; + + /** Name of client feature transit node. */ + protected static final String CLNT_CHECK = "clnt_check"; + + /** Name of server endpoint node. */ + protected static final String SRV_ENDPOINT = "srv_endpoint"; + + /** Name of client endpoint node. */ + protected static final String CLNT_ENDPOINT = "clnt_endpoint"; + + /** Verifier to check results of tests. */ + private static final Verifier VERIFIER = new Verifier(); + + /** + * Registers current security context and increments invoke's counter. + */ + protected static void register() { + VERIFIER.register((IgniteEx)Ignition.localIgnite()); + } + + /** + * @return IgniteCompute is produced by passed node for cluster group that contains nodes with ids from collection. + */ + protected static IgniteCompute compute(Ignite ignite, Collection ids) { + return ignite.compute(ignite.cluster().forNodeIds(ids)); + } + + /** + * @return IgniteCompute is produced by passed node for cluster group that contains node with id. + */ + protected static IgniteCompute compute(Ignite ignite, UUID id) { + return ignite.compute(ignite.cluster().forNodeId(id)); + } + + /** + * @param ign Node. + * @return Security subject id of passed node. + */ + protected static UUID secSubjectId(IgniteEx ign) { + return ign.context().security().securityContext().subject().id(); + } + + /** + * @param name Security subject id of passed node. + * @return Security subject id of passed node. + */ + protected UUID secSubjectId(String name) { + return secSubjectId(grid(name)); + } + + /** + * @return Collection of feature call nodes ids. + */ + protected Collection nodesToRun() { + return Arrays.asList( + nodeId(SRV_RUN), + nodeId(CLNT_RUN) + ); + } + + /** + * @return Collection of feature transit nodes ids. + */ + protected Collection nodesToCheck() { + return Arrays.asList( + nodeId(SRV_CHECK), + nodeId(CLNT_CHECK) + ); + } + + /** + * @return Collection of endpont nodes ids. + */ + protected Collection endpoints() { + return Arrays.asList( + nodeId(SRV_ENDPOINT), + nodeId(CLNT_ENDPOINT) + ); + } + + /** + * @param name Node name. + * @return Node id. + */ + protected UUID nodeId(String name) { + return grid(name).context().discovery().localNode().id(); + } + + /** + * Assert that the passed throwable contains a cause exception with given type. + * + * @param throwable Throwable. + */ + protected void assertCauseSecurityException(Throwable throwable) { + assertThat(X.cause(throwable, SecurityException.class), notNullValue()); + } + + /** + * Setups expected behavior to passed verifier. + */ + protected abstract void setupVerifier(Verifier verifier); + + /** + * @param initiator Node that initiates an execution. + * @param runnable Check case. + */ + protected void runAndCheck(IgniteEx initiator, IgniteRunnable runnable) { + runAndCheck(initiator, Stream.of(runnable)); + } + + /** + * Sets up VERIFIER, performs the runnable and checks the result. + * + * @param initiator Node that initiates an execution. + * @param runnables Stream of check cases. + */ + protected void runAndCheck(IgniteEx initiator, Stream runnables) { + runnables.forEach( + r -> { + setupVerifier(VERIFIER.start(secSubjectId(initiator))); + + compute(initiator, nodesToRun()).broadcast(r); + + VERIFIER.checkResult(); + } + ); + } + + /** + * Responsible for verifying of tests results. + */ + public static class Verifier { + /** + * Map that contains an expected behaviour. + */ + private final ConcurrentHashMap> map = new ConcurrentHashMap<>(); + + /** + * List of registered security subjects. + */ + private final List> list = Collections.synchronizedList(new ArrayList<>()); + + /** + * Expected security subject id. + */ + private UUID expSecSubjId; + + /** + * Prepare for test. + * + * @param expSecSubjId Expected security subject id. + */ + private Verifier start(UUID expSecSubjId) { + this.expSecSubjId = expSecSubjId; + + list.clear(); + map.clear(); + + return this; + } + + /** + * Adds expected behaivior the method {@link #register(IgniteEx)} will be invoke exp times on the node with + * passed name. + * + * @param nodeName Node name. + * @param num Expected number of invokes. + */ + public Verifier expect(String nodeName, int num) { + map.put(nodeName, new T2<>(num, 0)); + + return this; + } + + /** + * Registers current security context and increments invoke's counter. + * + * @param ignite Local node. + */ + private void register(IgniteEx ignite) { + assert expSecSubjId != null; + assert ignite != null; + + list.add(new T2<>(secSubjectId(ignite), ignite.name())); + + map.computeIfPresent(ignite.name(), (name, t2) -> { + Integer val = t2.getValue(); + + t2.setValue(++val); + + return t2; + }); + } + + /** + * Checks result of test and clears expected behavior. + */ + private void checkResult() { + assert !map.isEmpty(); + + list.forEach(t -> + assertThat("Invalide security context on node " + t.get2(), + t.get1(), is(expSecSubjId)) + ); + + map.forEach((key, value) -> + assertThat("Node " + key + ". Execution of register: ", + value.get2(), is(value.get1()))); + + list.clear(); + map.clear(); + + expSecSubjId = null; + } + } + + /** */ + protected static class ExecRegisterAndForwardAdapter implements IgniteBiInClosure { + /** RegisterExecAndForward. */ + private RegisterExecAndForward instance; + + /** + * @param runnable Runnable. + */ + public ExecRegisterAndForwardAdapter(IgniteRunnable runnable) { + instance = new RegisterExecAndForward<>(runnable); + } + + /** + * @param node Expected local node name. + * @param endpoints Collection of endpont nodes ids. + */ + public ExecRegisterAndForwardAdapter(String node, Collection endpoints) { + instance = new RegisterExecAndForward<>(node, endpoints); + } + + /** + * @param endpoints Collection of endpont nodes ids. + */ + public ExecRegisterAndForwardAdapter(Collection endpoints) { + instance = new RegisterExecAndForward<>(endpoints); + } + + /** {@inheritDoc} */ + @Override public void apply(K k, V v) { + instance.run(); + } + } + + /** */ + protected static class RegisterExecAndForward implements IgniteBiPredicate, IgniteRunnable, + IgniteCallable, EntryProcessor, IgniteClosure { + /** Runnable. */ + private final IgniteRunnable runnable; + + /** Expected local node name. */ + private final String node; + + /** Collection of endpoint node ids. */ + private final Collection endpoints; + + /** + * @param runnable Runnable. + */ + public RegisterExecAndForward(IgniteRunnable runnable) { + this.runnable = Objects.requireNonNull(runnable); + node = null; + endpoints = Collections.emptyList(); + } + + /** + * @param node Expected local node name. + * @param endpoints Collection of endpont nodes ids. + */ + public RegisterExecAndForward(String node, Collection endpoints) { + this.node = node; + this.endpoints = endpoints; + runnable = null; + } + + /** + * @param endpoints Collection of endpont nodes ids. + */ + public RegisterExecAndForward(Collection endpoints) { + this.endpoints = endpoints; + runnable = null; + node = null; + } + + /** {@inheritDoc} */ + @Override public boolean apply(K k, V v) { + run(); + + return false; + } + + /** {@inheritDoc} */ + @Override public void run() { + Ignite loc = Ignition.localIgnite(); + + if (node == null || node.equals(loc.name())) { + register(); + + Ignite ignite = Ignition.localIgnite(); + + if (runnable != null) + runnable.run(); + else { + compute(ignite, endpoints) + .broadcast(() -> register()); + } + } + } + + /** {@inheritDoc} */ + @Override public Object process(MutableEntry mutableEntry, Object... objects) { + run(); + + return null; + } + + /** {@inheritDoc} */ + @Override public V apply(K k) { + run(); + + if (k instanceof Cache.Entry) + return (V) ((Cache.Entry)k).getValue(); + + return null; + } + + /** {@inheritDoc} */ + @Override public V call() { + run(); + + return null; + } + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java new file mode 100644 index 0000000000000..52687771dea4c --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -0,0 +1,245 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.util.Arrays; +import org.apache.ignite.configuration.DataRegionConfiguration; +import org.apache.ignite.configuration.DataStorageConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; +import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; + +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.junit.Assert.assertThat; + +/** + * Common class for security tests. + */ +public class AbstractSecurityTest extends GridCommonAbstractTest { + /** Empty array of permissions. */ + protected static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; + + /** {@inheritDoc} */ + @Override protected void afterTestsStopped() throws Exception { + super.afterTestsStopped(); + + stopAllGrids(); + + cleanPersistenceDir(); + } + + /** + * @param instanceName Instance name. + * @param secCfg Security plugin configuration. + */ + protected IgniteConfiguration getConfiguration(String instanceName, + TestSecurityPluginConfiguration secCfg) throws Exception { + + return getConfiguration(instanceName) + .setDataStorageConfiguration( + new DataStorageConfiguration() + .setDefaultDataRegionConfiguration( + new DataRegionConfiguration().setPersistenceEnabled(true) + ) + ) + .setAuthenticationEnabled(true) + .setPluginConfigurations(secCfg); + } + + /** + * @param idx Index. + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + */ + protected IgniteConfiguration getConfiguration(int idx, String login, String pwd, + SecurityPermissionSet prmSet) throws Exception { + return getConfiguration(getTestIgniteInstanceName(idx), secPluginCfg(login, pwd, prmSet)); + } + + /** + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + * @return Security plaugin configuration. + */ + protected TestSecurityPluginConfiguration secPluginCfg(String login, String pwd, SecurityPermissionSet prmSet, + TestSecurityData... clientData) { + return ctx -> new TestSecurityProcessor(ctx, + new TestSecurityData(login, pwd, prmSet), + Arrays.asList(clientData)); + } + + /** + * @param login Login. + * @param prmSet Security permission set. + */ + protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet) throws Exception { + return startGrid(login, "", prmSet, false); + } + + /** + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + */ + protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet) throws Exception { + return startGrid(login, pwd, prmSet, false); + } + + /** + * @param login Login. + * @param prmSet Security permission set. + * @param isClient Is client. + */ + protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, + boolean isClient) throws Exception { + return startGrid( + getConfiguration(login, secPluginCfg(login, "", prmSet)) + .setClientMode(isClient) + ); + } + + /** + * @param login Login. + * @param prmSet Security permission set. + */ + protected IgniteEx startClient(String login, SecurityPermissionSet prmSet) throws Exception { + return startGrid(login, prmSet, true); + } + + /** + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + * @param isClient Is client. + */ + protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet, + boolean isClient) throws Exception { + return startGrid( + getConfiguration(login, secPluginCfg(login, pwd, prmSet)) + .setClientMode(isClient) + ); + } + + /** + * @param instanceName Instance name. + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + */ + protected IgniteEx startGrid(String instanceName, String login, String pwd, + SecurityPermissionSet prmSet) throws Exception { + return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet))); + } + + /** + * @param instanceName Instance name. + * @param login Login. + * @param pwd Password. + * @param prmSet Security permission set. + * @param isClient If true then client mode. + */ + protected IgniteEx startGrid(String instanceName, String login, String pwd, + SecurityPermissionSet prmSet, boolean isClient) throws Exception { + return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet)) + .setClientMode(isClient)); + } + + /** + * Getting security permission set builder. + */ + protected SecurityPermissionSetBuilder builder() { + return SecurityPermissionSetBuilder.create().defaultAllowAll(true); + } + + /** + * Getting allow all security permission set. + */ + protected SecurityPermissionSet allowAllPermissionSet() { + return builder().build(); + } + + /** + * Method {@link TestRunnable#run()} should throw {@link SecurityException}. + * + * @param r Runnable. + */ + protected void assertForbidden(TestRunnable r) { + assertForbidden(r, SecurityException.class); + } + + /** + * @param r Runnable. + * @param types Array of expected exception types. + */ + protected void assertForbidden(TestRunnable r, Class... types) { + try { + r.run(); + + fail("Test should throw one of the following exceptions " + Arrays.toString(types)); + } + catch (Throwable e) { + assertThat(cause(e, types), notNullValue()); + } + } + + /** + * Gets first cause if passed in {@code 'Throwable'} has one of given classes in {@code 'cause'} hierarchy. + *

      + * Note that this method follows includes {@link Throwable#getSuppressed()} into check. + * + * @param t Throwable to check (if {@code null}, {@code null} is returned). + * @param types Array of cause classes to get cause (if {@code null}, {@code null} is returned). + * @return First causing exception of passed in class, {@code null} otherwise. + */ + private Throwable cause(Throwable t, Class... types) { + for (Throwable th = t; th != null; th = th.getCause()) { + for (Class cls : types) { + if (cls.isAssignableFrom(th.getClass())) + return th; + + for (Throwable n : th.getSuppressed()) { + Throwable found = cause(n, cls); + + if (found != null) + return found; + } + } + + if (th.getCause() == th) + break; + } + + return null; + } + + /** + * + */ + public interface TestRunnable { + /** + * + */ + void run() throws Exception; + } +} \ No newline at end of file diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java new file mode 100644 index 0000000000000..c5fa46c03bca1 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.io.Serializable; +import java.util.Collection; +import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; + +/** + * Security context for tests. + */ +public class TestSecurityContext implements SecurityContext, Serializable { + /** Subject. */ + private final SecuritySubject subject; + + /** + * @param subject Subject. + */ + public TestSecurityContext(SecuritySubject subject) { + this.subject = subject; + } + + /** + * @param opName Op name. + * @param perm Permission. + */ + public boolean operationAllowed(String opName, SecurityPermission perm) { + switch (perm) { + case CACHE_PUT: + case CACHE_READ: + case CACHE_REMOVE: + + return cacheOperationAllowed(opName, perm); + + case TASK_CANCEL: + case TASK_EXECUTE: + return taskOperationAllowed(opName, perm); + + case SERVICE_DEPLOY: + case SERVICE_INVOKE: + case SERVICE_CANCEL: + return serviceOperationAllowed(opName, perm); + + case EVENTS_DISABLE: + case EVENTS_ENABLE: + case ADMIN_VIEW: + case ADMIN_CACHE: + case ADMIN_QUERY: + case ADMIN_OPS: + case CACHE_CREATE: + case CACHE_DESTROY: + case JOIN_AS_SERVER: + return systemOperationAllowed(perm); + + default: + throw new IllegalStateException("Invalid security permission: " + perm); + } + } + + /** {@inheritDoc} */ + @Override public SecuritySubject subject() { + return subject; + } + + /** {@inheritDoc} */ + @Override public boolean taskOperationAllowed(String taskClsName, SecurityPermission perm) { + return hasPermission(subject.permissions().taskPermissions().get(taskClsName), perm); + } + + /** {@inheritDoc} */ + @Override public boolean cacheOperationAllowed(String cacheName, SecurityPermission perm) { + return hasPermission(subject.permissions().cachePermissions().get(cacheName), perm); + } + + /** {@inheritDoc} */ + @Override public boolean serviceOperationAllowed(String srvcName, SecurityPermission perm) { + return hasPermission(subject.permissions().servicePermissions().get(srvcName), perm); + } + + /** {@inheritDoc} */ + @Override public boolean systemOperationAllowed(SecurityPermission perm) { + Collection perms = subject.permissions().systemPermissions(); + + if (F.isEmpty(perms)) + return subject.permissions().defaultAllowAll(); + + return perms.stream().anyMatch(p -> perm == p); + } + + /** + * @param perms Permissions. + * @param perm Permission. + */ + private boolean hasPermission(Collection perms, SecurityPermission perm) { + if (perms == null) + return subject.permissions().defaultAllowAll(); + + return perms.stream().anyMatch(p -> perm == p); + } + + /** {@inheritDoc} */ + @Override public String toString() { + return "TestSecurityContext{" + + "subject=" + subject + + '}'; + } +} \ No newline at end of file diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java new file mode 100644 index 0000000000000..91e225c2e8efe --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java @@ -0,0 +1,116 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityPermissionSet; + +/** + * Test security data for subject configuration. + */ +public class TestSecurityData { + /** Login. */ + private String login; + + /** Password. */ + private String pwd; + + /** Security permission set. */ + private SecurityPermissionSet prmSet; + + /** + * Default constructor. + */ + public TestSecurityData() { + // No-op. + } + + /** + * @param login Login. + * @param pwd Password. + * @param prmSet Permissions. + */ + public TestSecurityData(String login, String pwd, SecurityPermissionSet prmSet) { + this.login = login; + this.pwd = pwd; + this.prmSet = prmSet; + } + + /** + * @param login Login. + * @param prmSet Permissions. + */ + public TestSecurityData(String login, SecurityPermissionSet prmSet) { + this(login, "", prmSet); + } + + /** + * Getting security permission set. + */ + public SecurityPermissionSet getPermissions() { + return prmSet; + } + + /** + * @param prmSet Security permission set. + */ + public TestSecurityData setPermissions(SecurityPermissionSet prmSet) { + this.prmSet = prmSet; + + return this; + } + + /** + * Login. + */ + public String getLogin() { + return login; + } + + /** + * @param login Login. + */ + public TestSecurityData setLogin(String login) { + this.login = login; + + return this; + } + + /** + * Password. + */ + public String getPwd() { + return pwd; + } + + /** + * @param pwd Password. + */ + public TestSecurityData setPwd(String pwd) { + this.pwd = pwd; + + return this; + } + + /** + * @return Security credentials. + */ + public SecurityCredentials credentials() { + return new SecurityCredentials(getLogin(), getPwd(), null); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java new file mode 100644 index 0000000000000..9239509b0052a --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.plugin.PluginConfiguration; + +/** + * Grid security configuration for tests. + */ +@FunctionalInterface +public interface TestSecurityPluginConfiguration extends PluginConfiguration { + /** + * @param ctx GridKernalContext. + * @return GridSecurityProcessor. + */ + public GridSecurityProcessor build(GridKernalContext ctx); +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java new file mode 100644 index 0000000000000..e20a5d147a4b7 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java @@ -0,0 +1,150 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.net.InetSocketAddress; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import java.util.UUID; +import java.util.concurrent.ConcurrentHashMap; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.IgniteNodeAttributes; +import org.apache.ignite.internal.processors.GridProcessorAdapter; +import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.apache.ignite.plugin.security.SecuritySubject; + +import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_NODE; + +/** + * Security processor for test. + */ +public class TestSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { + /** Permissions. */ + private static final Map PERMS = new ConcurrentHashMap<>(); + + /** Node security data. */ + private final TestSecurityData nodeSecData; + + /** Users security data. */ + private final Collection predefinedAuthData; + + /** + * Constructor. + */ + public TestSecurityProcessor(GridKernalContext ctx, TestSecurityData nodeSecData, + Collection predefinedAuthData) { + super(ctx); + + this.nodeSecData = nodeSecData; + this.predefinedAuthData = predefinedAuthData.isEmpty() + ? Collections.emptyList() + : new ArrayList<>(predefinedAuthData); + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) { + return new TestSecurityContext( + new TestSecuritySubject() + .setType(REMOTE_NODE) + .setId(node.id()) + .setAddr(new InetSocketAddress(F.first(node.addresses()), 0)) + .setLogin(cred.getLogin()) + .setPerms(PERMS.get(cred)) + ); + } + + /** {@inheritDoc} */ + @Override public boolean isGlobalNodeAuthentication() { + return false; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticate(AuthenticationContext ctx) { + return new TestSecurityContext( + new TestSecuritySubject() + .setType(ctx.subjectType()) + .setId(ctx.subjectId()) + .setAddr(ctx.address()) + .setLogin(ctx.credentials().getLogin()) + .setPerms(PERMS.get(ctx.credentials())) + ); + } + + /** {@inheritDoc} */ + @Override public Collection authenticatedSubjects() { + return Collections.emptyList(); + } + + /** {@inheritDoc} */ + @Override public SecuritySubject authenticatedSubject(UUID subjId) { + return null; + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) + throws SecurityException { + + assert securityCtx instanceof TestSecurityContext; + + if (!((TestSecurityContext)securityCtx).operationAllowed(name, perm)) + throw new SecurityException("Authorization failed [perm=" + perm + + ", name=" + name + + ", subject=" + securityCtx.subject() + ']'); + } + + /** {@inheritDoc} */ + @Override public void onSessionExpired(UUID subjId) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public boolean enabled() { + return true; + } + + /** {@inheritDoc} */ + @Override public void start() throws IgniteCheckedException { + super.start(); + + PERMS.put(nodeSecData.credentials(), nodeSecData.getPermissions()); + + ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, nodeSecData.credentials()); + + for (TestSecurityData data : predefinedAuthData) + PERMS.put(data.credentials(), data.getPermissions()); + } + + /** {@inheritDoc} */ + @Override public void stop(boolean cancel) throws IgniteCheckedException { + super.stop(cancel); + + PERMS.remove(nodeSecData.credentials()); + + for (TestSecurityData data : predefinedAuthData) + PERMS.remove(data.credentials()); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java similarity index 59% rename from modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java index ccbf24340e631..fef1d51868160 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java @@ -15,37 +15,30 @@ * limitations under the License. */ -package org.apache.ignite.spi.discovery.tcp; +package org.apache.ignite.internal.processors.security; import java.io.Serializable; import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteKernal; -import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.plugin.CachePluginContext; import org.apache.ignite.plugin.CachePluginProvider; import org.apache.ignite.plugin.ExtensionRegistry; import org.apache.ignite.plugin.IgnitePlugin; +import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.PluginContext; import org.apache.ignite.plugin.PluginProvider; import org.apache.ignite.plugin.PluginValidationException; import org.jetbrains.annotations.Nullable; /** - * Creates TestReconnectProcessor. + * Security processor provider for tests. */ -public class TestReconnectPluginProvider implements PluginProvider { - /** */ - private GridKernalContext igniteCtx; - - /** */ - public static volatile boolean enabled; - +public class TestSecurityProcessorProvider implements PluginProvider { /** {@inheritDoc} */ @Override public String name() { - return "TestReconnectPlugin"; + return "TestSecurityProcessorProvider"; } /** {@inheritDoc} */ @@ -55,64 +48,87 @@ public class TestReconnectPluginProvider implements PluginProvider { /** {@inheritDoc} */ @Override public String copyright() { - return ""; + return null; } /** {@inheritDoc} */ - @Override public void initExtensions(PluginContext ctx, ExtensionRegistry registry) { - igniteCtx = ((IgniteKernal)ctx.grid()).context(); + @Override public IgnitePlugin plugin() { + return new IgnitePlugin() { + }; } /** {@inheritDoc} */ - @Override public void start(PluginContext ctx) throws IgniteCheckedException { - // No-op + @Override public void initExtensions(PluginContext ctx, ExtensionRegistry registry) { + // No-op. } /** {@inheritDoc} */ - @Override public void stop(boolean cancel) throws IgniteCheckedException { - // No-op + @SuppressWarnings("unchecked") + @Override public @Nullable Object createComponent(PluginContext ctx, Class cls) { + if (cls.isAssignableFrom(GridSecurityProcessor.class)) { + TestSecurityPluginConfiguration cfg = secProcBuilder(ctx); + + return cfg != null ? cfg.build(((IgniteEx)ctx.grid()).context()) : null; + } + + return null; } - /** {@inheritDoc} */ - @Override public void onIgniteStart() throws IgniteCheckedException { - // No-op + /** + * Gets security processor builder. + * + * @param ctx Context. + */ + private TestSecurityPluginConfiguration secProcBuilder(PluginContext ctx){ + IgniteConfiguration igniteCfg = ctx.igniteConfiguration(); + + if (igniteCfg.getPluginConfigurations() != null) { + for (PluginConfiguration pluginCfg : igniteCfg.getPluginConfigurations()) { + if (pluginCfg instanceof TestSecurityPluginConfiguration) + return (TestSecurityPluginConfiguration)pluginCfg; + } + } + + return null; } /** {@inheritDoc} */ - @Override public void onIgniteStop(boolean cancel) { - // No-op + @Override public CachePluginProvider createCacheProvider(CachePluginContext ctx) { + return null; } /** {@inheritDoc} */ - @Nullable @Override public Serializable provideDiscoveryData(UUID nodeId) { - return null; + @Override public void start(PluginContext ctx) { + // No-op. } /** {@inheritDoc} */ - @Override public void receiveDiscoveryData(UUID nodeId, Serializable data) { - // No-op + @Override public void stop(boolean cancel) { + // No-op. } /** {@inheritDoc} */ - @Override public void validateNewNode(ClusterNode node) throws PluginValidationException { - // No-op + @Override public void onIgniteStart() { + // No-op. } /** {@inheritDoc} */ - @Nullable @Override public Object createComponent(PluginContext ctx, Class cls) { - if (enabled && GridSecurityProcessor.class.equals(cls)) - return new TestReconnectProcessor(igniteCtx); + @Override public void onIgniteStop(boolean cancel) { + // No-op. + } + /** {@inheritDoc} */ + @Override public @Nullable Serializable provideDiscoveryData(UUID nodeId) { return null; } /** {@inheritDoc} */ - @Override public IgnitePlugin plugin() { - return new IgnitePlugin() {}; + @Override public void receiveDiscoveryData(UUID nodeId, Serializable data) { + // No-op. } /** {@inheritDoc} */ - @Override public CachePluginProvider createCacheProvider(CachePluginContext ctx) { - return null; + @Override public void validateNewNode(ClusterNode node) throws PluginValidationException { + // No-op. } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java new file mode 100644 index 0000000000000..c26af70e116ce --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java @@ -0,0 +1,146 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security; + +import java.net.InetSocketAddress; +import java.util.UUID; +import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.plugin.security.SecuritySubjectType; + +/** + * Security subject for tests. + */ +public class TestSecuritySubject implements SecuritySubject { + /** Id. */ + private UUID id; + + /** Type. */ + private SecuritySubjectType type = SecuritySubjectType.REMOTE_NODE; + + /** Login. */ + private Object login; + + /** Address. */ + private InetSocketAddress addr; + + /** Permissions. */ + private SecurityPermissionSet perms; + + /** + * Default constructor. + */ + public TestSecuritySubject() { + // No-op. + } + + /** + * @param id Id. + * @param login Login. + * @param addr Address. + * @param perms Permissions. + */ + public TestSecuritySubject(UUID id, + Object login, + InetSocketAddress addr, + SecurityPermissionSet perms) { + this.id = id; + this.login = login; + this.addr = addr; + this.perms = perms; + } + + /** {@inheritDoc} */ + @Override public UUID id() { + return id; + } + + /** + * @param id Id. + */ + public TestSecuritySubject setId(UUID id) { + this.id = id; + + return this; + } + + /** {@inheritDoc} */ + @Override public SecuritySubjectType type() { + return type; + } + + /** + * @param type Type. + */ + public TestSecuritySubject setType(SecuritySubjectType type) { + this.type = type; + + return this; + } + + /** {@inheritDoc} */ + @Override public Object login() { + return login; + } + + /** + * @param login Login. + */ + public TestSecuritySubject setLogin(Object login) { + this.login = login; + + return this; + } + + /** {@inheritDoc} */ + @Override public InetSocketAddress address() { + return addr; + } + + /** + * @param addr Address. + */ + public TestSecuritySubject setAddr(InetSocketAddress addr) { + this.addr = addr; + + return this; + } + + /** {@inheritDoc} */ + @Override public SecurityPermissionSet permissions() { + return perms; + } + + /** + * @param perms Permissions. + */ + public TestSecuritySubject setPerms(SecurityPermissionSet perms) { + this.perms = perms; + + return this; + } + + /** {@inheritDoc} */ + @Override public String toString() { + return "TestSecuritySubject{" + + "id=" + id + + ", type=" + type + + ", login=" + login + + '}'; + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java new file mode 100644 index 0000000000000..cde739de6a7da --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java @@ -0,0 +1,94 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.cache; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.function.Consumer; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCache; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import static java.util.Collections.singletonMap; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; + +/** + * Test CRUD cache permissions. + */ +@RunWith(JUnit4.class) +public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { + /** + * @throws Exception If fail. + */ + @Test + public void testServerNode() throws Exception { + testCrudCachePermissions(false); + } + + /** + * @throws Exception If fail. + */ + @Test + public void testClientNode() throws Exception { + testCrudCachePermissions(true); + } + + /** + * @param isClient True if is client mode. + * @throws Exception If failed. + */ + private void testCrudCachePermissions(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_test_node", + builder() + .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); + + for (Consumer> c : consumers()) { + c.accept(node.cache(CACHE_NAME)); + + assertForbidden(() -> c.accept(node.cache(FORBIDDEN_CACHE))); + } + } + + /** + * @return Collection of consumers to invoke a cache operation. + */ + private List>> consumers() { + return Arrays.asList( + c -> c.put("key", "value"), + c -> c.putAll(singletonMap("key", "value")), + c -> c.get("key"), + c -> c.getAll(Collections.singleton("key")), + c -> c.containsKey("key"), + c -> c.remove("key"), + c -> c.removeAll(Collections.singleton("key")), + IgniteCache::clear, + c -> c.replace("key", "value"), + c -> c.putIfAbsent("key", "value"), + c -> c.getAndPut("key", "value"), + c -> c.getAndRemove("key"), + c -> c.getAndReplace("key", "value") + ); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java new file mode 100644 index 0000000000000..4baa4ec81272d --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java @@ -0,0 +1,126 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.cache; + +import java.util.Arrays; +import java.util.List; +import java.util.function.BiConsumer; +import java.util.stream.Stream; +import org.apache.ignite.Ignite; +import org.apache.ignite.cache.CacheEntryProcessor; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.util.typedef.T2; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import static java.util.Collections.singleton; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; +import static org.hamcrest.core.Is.is; +import static org.hamcrest.core.IsNull.nullValue; +import static org.junit.Assert.assertThat; + +/** + * Test cache permission for Entry processor. + */ +@RunWith(JUnit4.class) +public class EntryProcessorPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { + /** + * + */ + @Test + public void test() throws Exception { + IgniteEx srvNode = startGrid("server_node", + builder() + .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); + + IgniteEx clientNode = startGrid("client_node", + builder() + .appendCachePermissions(CACHE_NAME, CACHE_PUT, CACHE_READ) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); + + srvNode.cluster().active(true); + + Stream.of(srvNode, clientNode) + .forEach( + n -> consumers(n).forEach( + c -> { + assertAllowed(n, c); + + assertForbidden(n, c); + } + ) + ); + } + + /** + * @return Collection of consumers to invoke entry processor. + */ + private List>> consumers(final Ignite node) { + return Arrays.asList( + (cacheName, t) -> node.cache(cacheName).invoke( + t.getKey(), processor(t) + ), + (cacheName, t) -> node.cache(cacheName).invokeAll( + singleton(t.getKey()), processor(t) + ), + (cacheName, t) -> node.cache(cacheName).invokeAsync( + t.getKey(), processor(t) + ).get(), + (cacheName, t) -> node.cache(cacheName).invokeAllAsync( + singleton(t.getKey()), processor(t) + ).get() + ); + } + + /** + * @param t T2. + */ + private static CacheEntryProcessor processor(T2 t) { + return (entry, o) -> { + entry.setValue(t.getValue()); + + return null; + }; + } + + /** + * @param c Consumer. + */ + private void assertAllowed(Ignite node, BiConsumer> c) { + T2 entry = entry(); + + c.accept(CACHE_NAME, entry); + + assertThat(node.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); + } + + /** + * @param c Consumer. + */ + private void assertForbidden(Ignite node, BiConsumer> c) { + T2 entry = entry(); + + assertForbidden(() -> c.accept(FORBIDDEN_CACHE, entry)); + + assertThat(node.cache(CACHE_NAME).get(entry.getKey()), nullValue()); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java new file mode 100644 index 0000000000000..4813a63b3898f --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.cache; + +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteDataStreamer; +import org.apache.ignite.cache.query.ScanQuery; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; + +/** + * Test cache permission for invoking of Scan Query. + */ +@RunWith(JUnit4.class) +public class ScanQueryPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { + /** + * @throws Exception If fail. + */ + @Test + public void testServerNode() throws Exception { + testScanQuery(false); + } + + /** + * @throws Exception If fail. + */ + @Test + public void testClientNode() throws Exception { + testScanQuery(true); + } + + /** + * @param isClient True if is client mode. + * @throws Exception If failed. + */ + private void testScanQuery(boolean isClient) throws Exception { + putTestData(); + + Ignite node = startGrid(loginPrefix(isClient) + "_test_node", + builder() + .appendCachePermissions(CACHE_NAME, CACHE_READ) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); + + assertFalse(node.cache(CACHE_NAME).query(new ScanQuery()).getAll().isEmpty()); + + assertForbidden(() -> node.cache(FORBIDDEN_CACHE).query(new ScanQuery()).getAll()); + } + + /** + * + */ + private void putTestData() { + Ignite ignite = G.allGrids().stream().findFirst().get(); + + try (IgniteDataStreamer strAllowedCache = ignite.dataStreamer(CACHE_NAME); + IgniteDataStreamer strForbiddenCache = ignite.dataStreamer(FORBIDDEN_CACHE)) { + for (int i = 1; i <= 10; i++) { + strAllowedCache.addData(Integer.toString(i), i); + strForbiddenCache.addData(Integer.toString(i), i); + } + } + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..6adca670da11c --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -0,0 +1,150 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.cache.closure; + +import java.util.Collection; +import java.util.Collections; +import java.util.UUID; +import javax.cache.Cache; +import javax.cache.configuration.Factory; +import org.apache.ignite.Ignition; +import org.apache.ignite.cache.CacheMode; +import org.apache.ignite.cache.store.CacheStoreAdapter; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteBiInClosure; +import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing operation security context when the filter of Load cache is executed on remote node. + *

      + * The initiator node broadcasts a task to 'run' node that starts load cache with filter. That filter is + * executed on 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed + * verification that operation security context is the initiator context. + */ +@RunWith(JUnit4.class) +public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startClient(CLNT_INITIATOR, allowAllPermissionSet()); + + startGrid(SRV_RUN, allowAllPermissionSet()); + + startGrid(SRV_CHECK, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected CacheConfiguration[] getCacheConfigurations() { + return new CacheConfiguration[] { + new CacheConfiguration() + .setName(CACHE_NAME) + .setCacheMode(CacheMode.PARTITIONED) + .setCacheStoreFactory(new TestStoreFactory()), + new CacheConfiguration() + .setName(TRANSITION_LOAD_CACHE) + .setCacheMode(CacheMode.PARTITIONED) + .setCacheStoreFactory(new TestStoreFactory()) + }; + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .expect(SRV_RUN, 1) + .expect(SRV_CHECK, 1) + .expect(SRV_ENDPOINT, 1) + .expect(CLNT_ENDPOINT, 1); + } + + /** + * + */ + @Test + public void test() { + IgniteRunnable checkCase = () -> { + register(); + + Ignition.localIgnite() + .cache(CACHE_NAME).loadCache( + new RegisterExecAndForward(SRV_CHECK, endpoints()) + ); + }; + + runAndCheck(grid(SRV_INITIATOR), checkCase); + runAndCheck(grid(CLNT_INITIATOR), checkCase); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToRun() { + return Collections.singletonList(nodeId(SRV_RUN)); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToCheck() { + return Collections.singletonList(nodeId(SRV_CHECK)); + } + + /** + * Test store factory. + */ + private static class TestStoreFactory implements Factory { + /** {@inheritDoc} */ + @Override public TestCacheStore create() { + return new TestCacheStore(); + } + } + + /** + * Test cache store. + */ + private static class TestCacheStore extends CacheStoreAdapter { + /** {@inheritDoc} */ + @Override public void loadCache(IgniteBiInClosure clo, Object... args) { + clo.apply(1, 1); + } + + /** {@inheritDoc} */ + @Override public Integer load(Integer key) { + return key; + } + + /** {@inheritDoc} */ + @Override public void write(Cache.Entry entry) { + throw new UnsupportedOperationException(); + } + + /** {@inheritDoc} */ + @Override public void delete(Object key) { + // No-op. + } + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..bb9caa1784b85 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -0,0 +1,111 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.cache.closure; + +import java.util.Collection; +import java.util.Collections; +import java.util.UUID; +import java.util.stream.Stream; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; + +import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing operation security context when EntryProcessor closure is executed on remote node. + *

      + * The initiator node broadcasts a task to 'run' node that starts EntryProcessor closure. That closure is executed on + * 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation + * security context is the initiator context. + */ +@RunWith(JUnit4.class) +public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startClient(CLNT_INITIATOR, allowAllPermissionSet()); + + startGrid(SRV_RUN, allowAllPermissionSet()); + + startGrid(SRV_CHECK, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .expect(SRV_RUN, 1) + .expect(SRV_CHECK, 1) + .expect(SRV_ENDPOINT, 1) + .expect(CLNT_ENDPOINT, 1); + } + + /** + * + */ + @Test + public void test() { + runAndCheck(grid(SRV_INITIATOR), checkCases()); + runAndCheck(grid(CLNT_INITIATOR), checkCases()); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToRun() { + return Collections.singletonList(nodeId(SRV_RUN)); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToCheck() { + return Collections.singletonList(nodeId(SRV_CHECK)); + } + + /** + * @return Stream of runnables to call invoke methods. + */ + private Stream checkCases() { + final Integer key = prmKey(grid(SRV_CHECK)); + + return Stream.of( + () -> Ignition.localIgnite().cache(CACHE_NAME) + .invoke(key, new RegisterExecAndForward(endpoints())), + + () -> Ignition.localIgnite().cache(CACHE_NAME) + .invokeAll(Collections.singleton(key), new RegisterExecAndForward(endpoints())), + + () -> Ignition.localIgnite().cache(CACHE_NAME) + .invokeAsync(key, new RegisterExecAndForward<>(endpoints())) + .get(), + + () -> Ignition.localIgnite().cache(CACHE_NAME) + .invokeAllAsync(Collections.singleton(key), new RegisterExecAndForward<>(endpoints())) + .get() + ).map(RegisterExecAndForward::new); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..dd9d296678ce2 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -0,0 +1,116 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.cache.closure; + +import java.util.Collection; +import java.util.Collections; +import java.util.UUID; +import java.util.stream.Stream; +import org.apache.ignite.Ignition; +import org.apache.ignite.cache.query.ScanQuery; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing operation security context when the filter of ScanQuery is executed on remote node. + *

      + * The initiator node broadcasts a task to 'run' node that starts ScanQuery's filter. That filter is executed on + * 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that + * operation security context is the initiator context. + */ +@RunWith(JUnit4.class) +public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startClient(CLNT_INITIATOR, allowAllPermissionSet()); + + startGrid(SRV_RUN, allowAllPermissionSet()); + + startClient(CLNT_RUN, allowAllPermissionSet()); + + startGrid(SRV_CHECK, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .expect(SRV_RUN, 1) + .expect(CLNT_RUN, 1) + .expect(SRV_CHECK, 2) + .expect(SRV_ENDPOINT, 2) + .expect(CLNT_ENDPOINT, 2); + } + + /** + * + */ + @Test + public void test() throws Exception { + grid(SRV_INITIATOR).cache(CACHE_NAME) + .put(prmKey(grid(SRV_CHECK)), 1); + + awaitPartitionMapExchange(); + + runAndCheck(grid(SRV_INITIATOR), checkCases()); + runAndCheck(grid(CLNT_INITIATOR), checkCases()); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToCheck() { + return Collections.singletonList(nodeId(SRV_CHECK)); + } + + /** + * Stream of runnables to call query methods. + */ + private Stream checkCases() { + return Stream.of( + () -> { + register(); + + Ignition.localIgnite().cache(CACHE_NAME).query( + new ScanQuery<>( + new RegisterExecAndForward<>(SRV_CHECK, endpoints()) + ) + ).getAll(); + }, + () -> { + register(); + + Ignition.localIgnite().cache(CACHE_NAME).query( + new ScanQuery<>((k, v) -> true), + new RegisterExecAndForward<>(SRV_CHECK, endpoints()) + ).getAll(); + } + ); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java new file mode 100644 index 0000000000000..fbfa7f1a5faea --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java @@ -0,0 +1,253 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.client; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.function.Consumer; +import org.apache.ignite.Ignition; +import org.apache.ignite.client.ClientAuthorizationException; +import org.apache.ignite.client.Config; +import org.apache.ignite.client.IgniteClient; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.ClientConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; +import org.apache.ignite.internal.processors.security.TestSecurityData; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteBiTuple; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import static java.util.Collections.singletonMap; +import static org.apache.ignite.internal.util.lang.GridFunc.t; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; +import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; + +/** + * Security tests for thin client. + */ +@RunWith(JUnit4.class) +public class ThinClientPermissionCheckTest extends AbstractSecurityTest { + /** Client. */ + private static final String CLIENT = "client"; + + /** Client that has system permissions. */ + private static final String CLIENT_SYS_PERM = "client_sys_perm"; + + /** Client that has system permissions. */ + private static final String CLIENT_CACHE_TASK_OPER = "client_task_oper"; + + /** Cache. */ + private static final String CACHE = "TEST_CACHE"; + + /** Forbidden cache. */ + private static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; + + /** Cache to test system oper permissions. */ + private static final String DYNAMIC_CACHE = "DYNAMIC_TEST_CACHE"; + + /** Remove all task name. */ + public static final String REMOVE_ALL_TASK = + "org.apache.ignite.internal.processors.cache.distributed.GridDistributedCacheAdapter$RemoveAllTask"; + + /** Clear task name. */ + public static final String CLEAR_TASK = + "org.apache.ignite.internal.processors.cache.GridCacheAdapter$ClearTask"; + + /** + * @param clientData Array of client security data. + */ + private IgniteConfiguration getConfiguration(TestSecurityData... clientData) throws Exception { + return getConfiguration(G.allGrids().size(), clientData); + } + + /** + * @param idx Index. + * @param clientData Array of client security data. + */ + private IgniteConfiguration getConfiguration(int idx, + TestSecurityData... clientData) throws Exception { + + String instanceName = getTestIgniteInstanceName(idx); + + return getConfiguration( + instanceName, + secPluginCfg("srv_" + instanceName, null, allowAllPermissionSet(), clientData) + ).setCacheConfiguration( + new CacheConfiguration().setName(CACHE), + new CacheConfiguration().setName(FORBIDDEN_CACHE) + ); + } + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + IgniteEx ignite = startGrid( + getConfiguration( + new TestSecurityData( + CLIENT, + builder() + .appendCachePermissions(CACHE, CACHE_READ, CACHE_PUT, CACHE_REMOVE) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS) + .build() + ), + new TestSecurityData( + CLIENT_SYS_PERM, + builder() + .appendSystemPermissions(CACHE_CREATE, CACHE_DESTROY) + .build() + ), + new TestSecurityData( + CLIENT_CACHE_TASK_OPER, + builder() + .appendCachePermissions(CACHE, CACHE_REMOVE) + .appendTaskPermissions(REMOVE_ALL_TASK, TASK_EXECUTE) + .appendTaskPermissions(CLEAR_TASK, TASK_EXECUTE) + .build() + ) + ) + ); + + ignite.cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected SecurityPermissionSetBuilder builder() { + return super.builder().defaultAllowAll(false); + } + + /** + * @throws Exception If error occurs. + */ + @Test + public void testCacheSinglePermOperations() throws Exception { + for (IgniteBiTuple, String> t : consumers(CACHE)) + executeOperation(CLIENT, t.get1()); + + for (IgniteBiTuple, String> t : consumers(FORBIDDEN_CACHE)) + executeForbiddenOperation(t); + } + + /** + * That test shows the wrong case when a client has permission for a remove operation + * but a removeAll operation is forbidden for it. To have permission for the removeAll (clear) operation + * a client need to have the permission to execute {@link #REMOVE_ALL_TASK} ({@link #CLEAR_TASK}) task. + * + * @throws Exception If error occurs. + */ + @Test + public void testCacheTaskPermOperations() throws Exception { + executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).removeAll()); + executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).clear()); + + executeForbiddenOperation(t(c -> c.cache(CACHE).removeAll(), "removeAll")); + executeForbiddenOperation(t(c -> c.cache(CACHE).clear(), "clear")); + } + + /** + * @throws Exception If error occurs. + */ + @Test + public void testSysOperation() throws Exception { + try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { + sysPrmClnt.createCache(DYNAMIC_CACHE); + + assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(true)); + + sysPrmClnt.destroyCache(DYNAMIC_CACHE); + + assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(false)); + } + + executeForbiddenOperation(t(c -> c.createCache(DYNAMIC_CACHE), "createCache")); + executeForbiddenOperation(t(c -> c.destroyCache(CACHE), "destroyCache")); + } + + /** + * @param cacheName Cache name. + */ + private Collection, String>> consumers(final String cacheName) { + return Arrays.asList( + t(c -> c.cache(cacheName).put("key", "value"), "put"), + t(c -> c.cache(cacheName).putAll(singletonMap("key", "value")), "putAll"), + t(c -> c.cache(cacheName).get("key"), "get)"), + t(c -> c.cache(cacheName).getAll(Collections.singleton("key")), "getAll"), + t(c -> c.cache(cacheName).containsKey("key"), "containsKey"), + t(c -> c.cache(cacheName).remove("key"), "remove"), + t(c -> c.cache(cacheName).replace("key", "value"), "replace"), + t(c -> c.cache(cacheName).putIfAbsent("key", "value"), "putIfAbsent"), + t(c -> c.cache(cacheName).getAndPut("key", "value"), "getAndPut"), + t(c -> c.cache(cacheName).getAndRemove("key"), "getAndRemove"), + t(c -> c.cache(cacheName).getAndReplace("key", "value"), "getAndReplace") + ); + } + + /** + * @param cons Consumer. + */ + private void executeOperation(String clientName, Consumer cons) throws Exception { + try (IgniteClient client = startClient(clientName)) { + cons.accept(client); + } + } + + /** + * @param t Contains consumer that executes an operation and the name of this operation. + */ + private void executeForbiddenOperation(IgniteBiTuple, String> t) { + try (IgniteClient client = startClient(CLIENT)) { + t.get1().accept(client); + + fail("The operation " + t.get2() + " has to be forbidden."); + + } + catch (Exception e) { + assertThrowable(e); + } + } + + /** + * @param throwable Throwable. + */ + private void assertThrowable(Throwable throwable) { + assertThat(throwable instanceof ClientAuthorizationException, is(true)); + } + + /** + * @param userName User name. + */ + private IgniteClient startClient(String userName) { + return Ignition.startClient( + new ClientConfiguration().setAddresses(Config.SERVER) + .setUserName(userName) + .setUserPassword("") + ); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java new file mode 100644 index 0000000000000..cfcb53ee83b52 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java @@ -0,0 +1,348 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.compute; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Future; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.locks.ReentrantLock; +import java.util.function.Function; +import java.util.function.Supplier; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.compute.ComputeJob; +import org.apache.ignite.compute.ComputeJobResult; +import org.apache.ignite.compute.ComputeJobResultPolicy; +import org.apache.ignite.compute.ComputeTask; +import org.apache.ignite.internal.processors.security.AbstractSecurityTest; +import org.apache.ignite.lang.IgniteCallable; +import org.apache.ignite.lang.IgniteClosure; +import org.apache.ignite.lang.IgniteFuture; +import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.jetbrains.annotations.Nullable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import static java.util.Collections.singletonList; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; +import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; + +/** + * Task execute permission tests. + */ +@RunWith(JUnit4.class) +public class ComputePermissionCheckTest extends AbstractSecurityTest { + /** Flag that shows task was executed. */ + private static final AtomicBoolean IS_EXECUTED = new AtomicBoolean(false); + + /** Reentrant lock. */ + private static final ReentrantLock RNT_LOCK = new ReentrantLock(); + + /** Reentrant lock timeout. */ + private static final int RNT_LOCK_TIMEOUT = 20_000; + + /** Test compute task. */ + private static final TestComputeTask TEST_COMPUTE_TASK = new TestComputeTask(); + + /** Test callable. */ + private static final IgniteCallable TEST_CALLABLE = () -> { + IS_EXECUTED.set(true); + + syncForCancel(); + + return null; + }; + + /** Test runnable. */ + private static final IgniteRunnable TEST_RUNNABLE = () -> { + IS_EXECUTED.set(true); + + syncForCancel(); + }; + + /** Test closure. */ + private static final IgniteClosure TEST_CLOSURE = a -> { + IS_EXECUTED.set(true); + + syncForCancel(); + + return null; + }; + + /** Synchronization for tests TASK_CANCEL. */ + private static void syncForCancel() { + boolean isLocked = false; + + try { + isLocked = RNT_LOCK.tryLock(RNT_LOCK_TIMEOUT, TimeUnit.MILLISECONDS); + } + catch (InterruptedException e) { + throw new IgniteException(e); + } + finally { + if (isLocked) + RNT_LOCK.unlock(); + } + } + + /** + * + */ + @Test + public void test() throws Exception { + Ignite srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); + + Ignite srvForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS)); + + Ignite srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); + + Ignite clntAllowed = startClient("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); + + Ignite clntForbidden = startClient("clnt_forbidden", permissions(EMPTY_PERMS)); + + Ignite clntForbiddenCancel = startClient("clnt_forbidden_cnl", permissions(TASK_EXECUTE)); + + srvAllowed.cluster().active(true); + + for (TestRunnable r : runnables(srvAllowed, clntAllowed)) + allowedRun(r); + + for (TestRunnable r : runnables(srvForbidden, clntForbidden)) + assertForbidden(r); + + for (Supplier s : suppliers(srvAllowed, clntAllowed)) + allowedCancel(s); + + for (Supplier s : suppliers(srvForbiddenCancel, clntForbiddenCancel)) + forbiddenCancel(s); + } + + /** + * @param nodes Array of nodes. + */ + private Collection runnables(Ignite... nodes) { + Function f = (node) -> new TestRunnable[] { + () -> node.compute().execute(TEST_COMPUTE_TASK, 0), + () -> node.compute().executeAsync(TEST_COMPUTE_TASK, 0).get(), + () -> node.compute().broadcast(TEST_CALLABLE), + () -> node.compute().broadcastAsync(TEST_CALLABLE).get(), + () -> node.compute().call(TEST_CALLABLE), + () -> node.compute().callAsync(TEST_CALLABLE).get(), + () -> node.compute().run(TEST_RUNNABLE), + () -> node.compute().runAsync(TEST_RUNNABLE).get(), + () -> node.compute().apply(TEST_CLOSURE, new Object()), + () -> node.compute().applyAsync(TEST_CLOSURE, new Object()).get(), + () -> node.executorService().submit(TEST_CALLABLE).get(), + () -> node.executorService().invokeAll(singletonList(TEST_CALLABLE)), + () -> node.executorService().invokeAny(singletonList(TEST_CALLABLE)) + }; + + List res = new ArrayList<>(); + + for (Ignite node : nodes) + res.addAll(Arrays.asList(f.apply(node))); + + return res; + } + + /** + * + */ + private List> suppliers(Ignite... nodes) { + List> res = new ArrayList<>(); + + for (Ignite node : nodes) { + res.add(() -> new FutureAdapter(node.compute().broadcastAsync(TEST_CALLABLE))); + res.add(() -> new FutureAdapter(node.compute().callAsync(TEST_CALLABLE))); + res.add(() -> new FutureAdapter(node.compute().runAsync(TEST_RUNNABLE))); + res.add(() -> new FutureAdapter(node.compute().applyAsync(TEST_CLOSURE, new Object()))); + res.add(() -> new FutureAdapter(node.compute().executeAsync(TEST_COMPUTE_TASK, 0))); + res.add(() -> new FutureAdapter(node.executorService().submit(TEST_CALLABLE))); + } + + return res; + } + + /** + * @param perms Permissions. + */ + private SecurityPermissionSet permissions(SecurityPermission... perms) { + return builder() + .appendTaskPermissions(TEST_COMPUTE_TASK.getClass().getName(), perms) + .appendTaskPermissions(TEST_CALLABLE.getClass().getName(), perms) + .appendTaskPermissions(TEST_RUNNABLE.getClass().getName(), perms) + .appendTaskPermissions(TEST_CLOSURE.getClass().getName(), perms) + .build(); + } + + /** + * @param r TestRunnable. + */ + private void allowedRun(TestRunnable r) { + IS_EXECUTED.set(false); + + try { + r.run(); + } + catch (Exception e) { + throw new RuntimeException(e); + } + + assertTrue(IS_EXECUTED.get()); + } + + /** + * @param s Supplier. + */ + private void forbiddenCancel(Supplier s) { + RNT_LOCK.lock(); + + try { + FutureAdapter f = s.get(); + + assertForbidden(f::cancel); + } + finally { + RNT_LOCK.unlock(); + } + } + + /** + * @param s Supplier. + */ + private void allowedCancel(Supplier s) { + RNT_LOCK.lock(); + + try { + FutureAdapter f = s.get(); + + f.cancel(); + + assertThat(f.isCancelled(), is(true)); + } + finally { + RNT_LOCK.unlock(); + } + } + + /** + * + */ + private static class FutureAdapter { + /** Ignite future. */ + private final IgniteFuture igniteFut; + + /** Future. */ + private final Future fut; + + /** + * @param igniteFut Ignite future. + */ + public FutureAdapter(IgniteFuture igniteFut) { + assert igniteFut != null; + + this.igniteFut = igniteFut; + fut = null; + } + + /** + * @param fut Future. + */ + public FutureAdapter(Future fut) { + assert fut != null; + + this.fut = fut; + igniteFut = null; + } + + /** + * + */ + public void cancel() { + if (igniteFut != null) + igniteFut.cancel(); + else + fut.cancel(true); + } + + /** + * + */ + public Object get() throws ExecutionException, InterruptedException { + return igniteFut != null ? igniteFut.get() : fut.get(); + } + + /** + * + */ + public boolean isCancelled() { + return igniteFut != null ? igniteFut.isCancelled() : fut.isCancelled(); + } + } + + /** + * Abstract test compute task. + */ + private static class TestComputeTask implements ComputeTask { + /** {@inheritDoc} */ + @Override public @Nullable Map map(List subgrid, + @Nullable Object arg) { + IS_EXECUTED.set(true); + + return Collections.singletonMap( + new ComputeJob() { + @Override public void cancel() { + // no-op + } + + @Override public Object execute() { + syncForCancel(); + + return null; + } + }, subgrid.stream().findFirst().get() + ); + } + + /** {@inheritDoc} */ + @Override public ComputeJobResultPolicy result(ComputeJobResult res, List rcvd) { + if (res.getException() != null) + throw res.getException(); + + return ComputeJobResultPolicy.REDUCE; + } + + /** {@inheritDoc} */ + @Override public @Nullable Integer reduce(List results) { + return null; + } + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..71070aacf2a66 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -0,0 +1,182 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.compute.closure; + +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.stream.Stream; +import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.compute.ComputeJob; +import org.apache.ignite.compute.ComputeJobResult; +import org.apache.ignite.compute.ComputeJobResultPolicy; +import org.apache.ignite.compute.ComputeTask; +import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.resources.IgniteInstanceResource; +import org.jetbrains.annotations.Nullable; +import org.junit.Test; + +/** + * Testing operation security context when the compute task is executed on remote nodes. + *

      + * The initiator node broadcasts a task to 'run' nodes that starts compute task. That compute task is executed on + * 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that + * operation security context is the initiator context. + */ +public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startClient(CLNT_INITIATOR, allowAllPermissionSet()); + + startGrid(SRV_RUN, allowAllPermissionSet()); + + startClient(CLNT_RUN, allowAllPermissionSet()); + + startGrid(SRV_CHECK, allowAllPermissionSet()); + + startClient(CLNT_CHECK, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .expect(SRV_RUN, 1) + .expect(CLNT_RUN, 1) + .expect(SRV_CHECK, 2) + .expect(CLNT_CHECK, 2) + .expect(SRV_ENDPOINT, 4) + .expect(CLNT_ENDPOINT, 4); + } + + /** + * + */ + @Test + public void test() { + runAndCheck(grid(SRV_INITIATOR), checkCases()); + runAndCheck(grid(CLNT_INITIATOR), checkCases()); + } + + /** + * @return Stream of check cases. + */ + private Stream checkCases() { + return Stream.of( + () -> { + register(); + + Ignition.localIgnite().compute().execute( + new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 + ); + }, + () -> { + register(); + + Ignition.localIgnite().compute().executeAsync( + new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 + ).get(); + } + ); + } + + /** + * Compute task for tests. + */ + static class ComputeTaskClosure implements ComputeTask { + /** Collection of transition node ids. */ + private final Collection remotes; + + /** Collection of endpoint node ids. */ + private final Collection endpoints; + + /** Local ignite. */ + @IgniteInstanceResource + protected transient Ignite loc; + + /** + * @param remotes Collection of transition node ids. + * @param endpoints Collection of endpoint node ids. + */ + public ComputeTaskClosure(Collection remotes, Collection endpoints) { + assert !remotes.isEmpty(); + assert !endpoints.isEmpty(); + + this.remotes = remotes; + this.endpoints = endpoints; + } + + /** {@inheritDoc} */ + @Override public @Nullable Map map(List subgrid, + @Nullable Integer arg) { + Map res = new HashMap<>(); + + for (UUID id : remotes) { + res.put( + new ComputeJob() { + @IgniteInstanceResource + private Ignite loc; + + @Override public void cancel() { + // no-op + } + + @Override public Object execute() { + register(); + + compute(loc, endpoints) + .broadcast(() -> register()); + + return null; + } + }, loc.cluster().node(id) + ); + } + + return res; + } + + /** {@inheritDoc} */ + @Override public ComputeJobResultPolicy result(ComputeJobResult res, List rcvd) { + if (res.getException() != null) + throw res.getException(); + + return ComputeJobResultPolicy.WAIT; + } + + /** {@inheritDoc} */ + @Override public @Nullable Integer reduce(List results) { + return null; + } + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..1b3b5ad562c5e --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -0,0 +1,128 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.compute.closure; + +import java.util.UUID; +import java.util.stream.Stream; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; + +/** + * Testing operation security context when the compute closure is executed on remote nodes. + *

      + * The initiator node broadcasts a task to 'run' nodes that starts compute operation. That operation is executed on + * 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation + * security context is the initiator context. + */ +public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startClient(CLNT_INITIATOR, allowAllPermissionSet()); + + startGrid(SRV_RUN, allowAllPermissionSet()); + + startClient(CLNT_RUN, allowAllPermissionSet()); + + startGrid(SRV_CHECK, allowAllPermissionSet()); + + startClient(CLNT_CHECK, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .expect(SRV_RUN, 1) + .expect(CLNT_RUN, 1) + .expect(SRV_CHECK, 2) + .expect(CLNT_CHECK, 2) + .expect(SRV_ENDPOINT, 4) + .expect(CLNT_ENDPOINT, 4); + } + + /** + * + */ + @Test + public void test() { + runAndCheck(grid(SRV_INITIATOR), checkCases()); + runAndCheck(grid(CLNT_INITIATOR), checkCases()); + } + + /** + * @return Stream of check cases. + */ + private Stream checkCases() { + return Stream.of( + () -> compute(Ignition.localIgnite(), nodesToCheck()) + .broadcast((IgniteRunnable)new RegisterExecAndForward<>(endpoints())), + + () -> compute(Ignition.localIgnite(), nodesToCheck()) + .broadcastAsync((IgniteRunnable)new RegisterExecAndForward<>(endpoints())) + .get(), + () -> { + for (UUID id : nodesToCheck()) { + compute(Ignition.localIgnite(), id) + .call(new RegisterExecAndForward<>(endpoints())); + } + }, + () -> { + for (UUID id : nodesToCheck()) { + compute(Ignition.localIgnite(), id) + .callAsync(new RegisterExecAndForward<>(endpoints())).get(); + } + }, + () -> { + for (UUID id : nodesToCheck()) { + compute(Ignition.localIgnite(), id) + .run(new RegisterExecAndForward<>(endpoints())); + } + }, + () -> { + for (UUID id : nodesToCheck()) { + compute(Ignition.localIgnite(), id) + .runAsync(new RegisterExecAndForward<>(endpoints())).get(); + } + }, + () -> { + for (UUID id : nodesToCheck()) { + compute(Ignition.localIgnite(), id) + .apply(new RegisterExecAndForward<>(endpoints()), new Object()); + } + }, + () -> { + for (UUID id : nodesToCheck()) { + compute(Ignition.localIgnite(), id) + .applyAsync(new RegisterExecAndForward<>(endpoints()), new Object()).get(); + } + } + ).map(RegisterExecAndForward::new); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..fbf3402e4d0a6 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -0,0 +1,100 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.compute.closure; + +import java.util.UUID; +import java.util.concurrent.ExecutorService; +import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing operation security context when the service task is executed on remote nodes. + *

      + * The initiator node broadcasts a task to 'run' nodes that starts service task. That service task is executed + * on 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that + * operation security context is the initiator context. + */ +@RunWith(JUnit4.class) +public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startClient(CLNT_INITIATOR, allowAllPermissionSet()); + + startGrid(SRV_RUN, allowAllPermissionSet()); + + startClient(CLNT_RUN, allowAllPermissionSet()); + + startGrid(SRV_CHECK, allowAllPermissionSet()); + + startClient(CLNT_CHECK, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .expect(SRV_RUN, 1) + .expect(CLNT_RUN, 1) + .expect(SRV_CHECK, 2) + .expect(CLNT_CHECK, 2) + .expect(SRV_ENDPOINT, 4) + .expect(CLNT_ENDPOINT, 4); + } + + /** + * + */ + @Test + public void test() { + IgniteRunnable checkCase = () -> { + register(); + + Ignite loc = Ignition.localIgnite(); + + for (UUID nodeId : nodesToCheck()) { + ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); + + try { + svc.submit((Runnable) new RegisterExecAndForward<>(endpoints())).get(); + } + catch (Exception e) { + throw new RuntimeException(e); + } + } + }; + + + runAndCheck(grid(SRV_INITIATOR), checkCase); + runAndCheck(grid(CLNT_INITIATOR), checkCase); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java new file mode 100644 index 0000000000000..0442df8b7e9ea --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -0,0 +1,110 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.datastreamer; + +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.function.Consumer; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteDataStreamer; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import static java.util.Collections.singletonList; +import static java.util.Collections.singletonMap; + +/** + * Test cache permissions for Data Streamer. + */ +@RunWith(JUnit4.class) +public class DataStreamerPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { + /** + * @throws Exception If fail. + */ + @Test + public void testServerNode() throws Exception { + testDataStreamer(false); + } + + /** + * @throws Exception If fail. + */ + @Test + public void testClientNode() throws Exception { + testDataStreamer(true); + } + + /** + * @param isClient True if is client mode. + * @throws Exception If fail. + */ + private void testDataStreamer(boolean isClient) throws Exception { + Ignite node = startGrid(loginPrefix(isClient) + "_test_node", + builder() + .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_PUT) + .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) + .build(), isClient); + + consumers().forEach( + (c) -> { + assertAllowed(node, c); + + assertForbidden(node, c); + } + ); + } + + /** + * @return Collections of consumers to invoke data streamer addData method. + */ + private List>> consumers() { + return Arrays.asList( + s -> s.addData("k", 1), + s -> s.addData(singletonMap("key", 2)), + s -> s.addData((Map.Entry)entry()), + s -> s.addData(singletonList(entry())) + ); + } + + /** + * @param node Node. + * @param c Consumer. + */ + private void assertAllowed(Ignite node, Consumer> c) { + try (IgniteDataStreamer s = node.dataStreamer(CACHE_NAME)) { + c.accept(s); + } + } + + /** + * @param node Node. + * @param c Consumer. + */ + private void assertForbidden(Ignite node, Consumer> c) { + assertForbidden(() -> { + try (IgniteDataStreamer s = node.dataStreamer(FORBIDDEN_CACHE)) { + c.accept(s); + } + } + ); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java new file mode 100644 index 0000000000000..399b259434aa5 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.datastreamer.closure; + +import java.util.Collection; +import java.util.Collections; +import java.util.UUID; +import org.apache.ignite.IgniteDataStreamer; +import org.apache.ignite.Ignition; +import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.stream.StreamVisitor; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** + * Testing operation security context when the closure of DataStreamer is executed on remote node. + *

      + * The initiator node broadcasts a task to 'run' node that starts DataStreamer's closure. That closure is executed on + * 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation + * security context is the initiator context. + */ +@RunWith(JUnit4.class) +public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + super.beforeTestsStarted(); + + startGrid(SRV_INITIATOR, allowAllPermissionSet()); + + startClient(CLNT_INITIATOR, allowAllPermissionSet()); + + startGrid(SRV_RUN, allowAllPermissionSet()); + + startGrid(SRV_CHECK, allowAllPermissionSet()); + + startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + + startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + + G.allGrids().get(0).cluster().active(true); + } + + /** {@inheritDoc} */ + @Override protected void setupVerifier(Verifier verifier) { + verifier + .expect(SRV_RUN, 1) + .expect(SRV_CHECK, 1) + .expect(SRV_ENDPOINT, 1) + .expect(CLNT_ENDPOINT, 1); + } + + /** + * + */ + @Test + public void testDataStreamer() { + IgniteRunnable checkCase = () -> { + register(); + + try (IgniteDataStreamer strm = Ignition.localIgnite().dataStreamer(CACHE_NAME)) { + strm.receiver(StreamVisitor + .from(new ExecRegisterAndForwardAdapter<>(endpoints()))); + + strm.addData(prmKey(grid(SRV_CHECK)), 100); + } + }; + + runAndCheck(grid(SRV_INITIATOR), checkCase); + runAndCheck(grid(CLNT_INITIATOR), checkCase); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToRun() { + return Collections.singletonList(nodeId(SRV_RUN)); + } + + /** {@inheritDoc} */ + @Override protected Collection nodesToCheck() { + return Collections.singletonList(nodeId(SRV_CHECK)); + } +} diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java index ad76174e6073b..ddfa4a0f47aaa 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java @@ -19,10 +19,10 @@ import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.lang.GridAbsPredicate; import org.apache.ignite.lang.IgniteFuture; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi; -import org.apache.ignite.spi.discovery.tcp.TestReconnectPluginProvider; import org.apache.ignite.spi.discovery.tcp.TestReconnectProcessor; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.junit.Test; @@ -42,24 +42,19 @@ public class AuthenticationRestartTest extends GridCommonAbstractTest { ((TcpDiscoverySpi)cfg.getDiscoverySpi()).setJoinTimeout(1120_000); + cfg.setPluginConfigurations( + (TestSecurityPluginConfiguration)TestReconnectProcessor::new + ); + return cfg; } /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - TestReconnectPluginProvider.enabled = true; - TestReconnectProcessor.enabled = true; - startGrid("server"); startGrid("client"); } - /** {@inheritDoc} */ - @Override protected void afterTestsStopped() throws Exception { - TestReconnectPluginProvider.enabled = false; - TestReconnectProcessor.enabled = false; - } - /** * @throws Exception If failed. */ diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java index b61696e09b35a..888e1f2bda57e 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java @@ -28,6 +28,7 @@ import org.apache.ignite.events.Event; import org.apache.ignite.events.EventType; import org.apache.ignite.internal.IgniteClientReconnectAbstractTest; +import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; import org.apache.ignite.lang.IgnitePredicate; import org.apache.ignite.resources.LoggerResource; import org.apache.ignite.spi.discovery.tcp.ipfinder.TcpDiscoveryIpFinder; @@ -68,21 +69,18 @@ public class TcpDiscoveryNodeAttributesUpdateOnReconnectTest extends GridCommonA cfg.setDiscoverySpi(spi); + cfg.setPluginConfigurations( + (TestSecurityPluginConfiguration)TestReconnectProcessor::new + ); + return cfg; } /** {@inheritDoc} */ @Override protected void afterTest() throws Exception { - TestReconnectPluginProvider.enabled = false; - stopAllGrids(); } - /** {@inheritDoc} */ - @Override protected void beforeTest() throws Exception { - TestReconnectPluginProvider.enabled = true; - } - /** * @throws Exception If failed. */ diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java index 2476bd3d787bf..8af664fa2b4c3 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java @@ -18,6 +18,7 @@ package org.apache.ignite.spi.discovery.tcp; import java.io.Serializable; +import java.net.InetSocketAddress; import java.util.Collection; import java.util.UUID; import org.apache.ignite.IgniteCheckedException; @@ -32,20 +33,19 @@ import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecuritySubject; +import org.apache.ignite.plugin.security.SecuritySubjectType; import org.jetbrains.annotations.Nullable; /** * Updates node attributes on disconnect. */ public class TestReconnectProcessor extends GridProcessorAdapter implements GridSecurityProcessor { - /** Enabled flag. */ - public static boolean enabled; - /** * @param ctx Kernal context. */ - protected TestReconnectProcessor(GridKernalContext ctx) { + public TestReconnectProcessor(GridKernalContext ctx) { super(ctx); } @@ -57,7 +57,7 @@ protected TestReconnectProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException { - return new TestSecurityContext(); + return new TestSecurityContext(new TestSecuritySubject(ctx.localNodeId())); } /** {@inheritDoc} */ @@ -93,7 +93,7 @@ protected TestReconnectProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public boolean enabled() { - return enabled; + return true; } /** {@inheritDoc} */ @@ -101,6 +101,47 @@ protected TestReconnectProcessor(GridKernalContext ctx) { ctx.addNodeAttribute("test", "2"); } + /** + * + */ + private static class TestSecuritySubject implements SecuritySubject { + + /** Id. */ + private final UUID id; + + /** + * @param id Id. + */ + public TestSecuritySubject(UUID id) { + this.id = id; + } + + /** {@inheritDoc} */ + @Override public UUID id() { + return id; + } + + /** {@inheritDoc} */ + @Override public SecuritySubjectType type() { + return SecuritySubjectType.REMOTE_NODE; + } + + /** {@inheritDoc} */ + @Override public Object login() { + return null; + } + + /** {@inheritDoc} */ + @Override public InetSocketAddress address() { + return null; + } + + /** {@inheritDoc} */ + @Override public SecurityPermissionSet permissions() { + return null; + } + } + /** * */ @@ -108,9 +149,19 @@ private static class TestSecurityContext implements SecurityContext, Serializabl /** Serial version uid. */ private static final long serialVersionUID = 0L; + /** Subj. */ + final SecuritySubject subj; + + /** + * @param subj Subj. + */ + public TestSecurityContext(SecuritySubject subj) { + this.subj = subj; + } + /** {@inheritDoc} */ @Override public SecuritySubject subject() { - return null; + return subj; } /** {@inheritDoc} */ @@ -133,4 +184,4 @@ private static class TestSecurityContext implements SecurityContext, Serializabl return true; } } -} +} \ No newline at end of file diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java b/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java index 58f8712465c17..c00e35d185086 100755 --- a/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java +++ b/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java @@ -1090,11 +1090,23 @@ protected List primaryKeys(IgniteCache cache, final int cnt, fina * @return Collection of keys for which given cache is primary. */ protected List findKeys(IgniteCache cache, final int cnt, final int startFrom, final int type) { + return findKeys(null, cache, cnt, startFrom, type); + } + + /** + * @param node Node. + * @param cache Cache. + * @param cnt Keys count. + * @param startFrom Start value for keys search. + * @return Collection of keys for which given cache is primary. + */ + protected List findKeys(@Nullable ClusterNode node, IgniteCache cache, + final int cnt, final int startFrom, final int type) { assert cnt > 0 : cnt; final List found = new ArrayList<>(cnt); - final ClusterNode locNode = localNode(cache); + final ClusterNode node0 = node != null ? node : localNode(cache); final Affinity aff = (Affinity)affinity(cache); @@ -1107,11 +1119,11 @@ protected List findKeys(IgniteCache cache, final int cnt, final i boolean ok; if (type == 0) - ok = aff.isPrimary(locNode, key); + ok = aff.isPrimary(node0, key); else if (type == 1) - ok = aff.isBackup(locNode, key); + ok = aff.isBackup(node0, key); else if (type == 2) - ok = !aff.isPrimaryOrBackup(locNode, key); + ok = !aff.isPrimaryOrBackup(node0, key); else { fail(); diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java index 40b3f2255346e..7fc845c773da4 100644 --- a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java +++ b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java @@ -119,6 +119,8 @@ IgnitePlatformsTestSuite.class, + SecurityTestSuite.class, + GridSelfTest.class, ClusterGroupHostsSelfTest.class, IgniteMessagingWithClientTest.class, diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java new file mode 100644 index 0000000000000..f48ee4878d540 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.testsuites; + +import org.apache.ignite.internal.processors.security.cache.CacheOperationPermissionCheckTest; +import org.apache.ignite.internal.processors.security.cache.EntryProcessorPermissionCheckTest; +import org.apache.ignite.internal.processors.security.cache.ScanQueryPermissionCheckTest; +import org.apache.ignite.internal.processors.security.cache.closure.CacheLoadRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.cache.closure.EntryProcessorRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.cache.closure.ScanQueryRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.client.ThinClientPermissionCheckTest; +import org.apache.ignite.internal.processors.security.compute.ComputePermissionCheckTest; +import org.apache.ignite.internal.processors.security.compute.closure.ComputeTaskRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.compute.closure.DistributedClosureRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.compute.closure.ExecutorServiceRemoteSecurityContextCheckTest; +import org.apache.ignite.internal.processors.security.datastreamer.DataStreamerPermissionCheckTest; +import org.apache.ignite.internal.processors.security.datastreamer.closure.DataStreamerRemoteSecurityContextCheckTest; +import org.junit.runner.RunWith; +import org.junit.runners.Suite; + +/** + * Security test suite. + */ +@RunWith(Suite.class) +@Suite.SuiteClasses({ + CacheOperationPermissionCheckTest.class, + DataStreamerPermissionCheckTest.class, + ScanQueryPermissionCheckTest.class, + EntryProcessorPermissionCheckTest.class, + ComputePermissionCheckTest.class, + + DistributedClosureRemoteSecurityContextCheckTest.class, + ComputeTaskRemoteSecurityContextCheckTest.class, + ExecutorServiceRemoteSecurityContextCheckTest.class, + ScanQueryRemoteSecurityContextCheckTest.class, + EntryProcessorRemoteSecurityContextCheckTest.class, + DataStreamerRemoteSecurityContextCheckTest.class, + CacheLoadRemoteSecurityContextCheckTest.class, + ThinClientPermissionCheckTest.class, +}) +public class SecurityTestSuite { +} diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java index c71a5c29111d7..7b2254b21b0a3 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java @@ -407,10 +407,10 @@ else if (cmdH2 instanceof GridSqlDropIndex) { } } else if (cmdH2 instanceof GridSqlCreateTable) { - ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, null); - GridSqlCreateTable cmd = (GridSqlCreateTable)cmdH2; + ctx.security().authorize(cmd.cacheName(), SecurityPermission.CACHE_CREATE); + isDdlOnSchemaSupported(cmd.schemaName()); GridH2Table tbl = schemaMgr.dataTable(cmd.schemaName(), cmd.tableName()); @@ -452,8 +452,6 @@ else if (cmdH2 instanceof GridSqlCreateTable) { } } else if (cmdH2 instanceof GridSqlDropTable) { - ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, null); - GridSqlDropTable cmd = (GridSqlDropTable)cmdH2; isDdlOnSchemaSupported(cmd.schemaName()); @@ -465,8 +463,11 @@ else if (cmdH2 instanceof GridSqlDropTable) { throw new SchemaOperationException(SchemaOperationException.CODE_TABLE_NOT_FOUND, cmd.tableName()); } - else + else { + ctx.security().authorize(tbl.cacheName(), SecurityPermission.CACHE_DESTROY); + ctx.query().dynamicTableDrop(tbl.cacheName(), cmd.tableName(), cmd.ifExists()); + } } else if (cmdH2 instanceof GridSqlAlterTableAddColumn) { GridSqlAlterTableAddColumn cmd = (GridSqlAlterTableAddColumn)cmdH2; diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java index 467dd156fd4c1..1dbc6c78ad8b9 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java @@ -1506,7 +1506,7 @@ private void checkSecurity(Collection cacheIds) { DynamicCacheDescriptor desc = ctx.cache().cacheDescriptor(cacheId); if (desc != null) - ctx.security().authorize(desc.cacheName(), SecurityPermission.CACHE_READ, null); + ctx.security().authorize(desc.cacheName(), SecurityPermission.CACHE_READ); } } From a9632042e2fff4ae1e1797350241fd09e9526ced Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 29 Mar 2019 13:24:41 +0300 Subject: [PATCH 83/98] IGNITE-9560 renaming --- .../java/org/apache/ignite/internal/IgniteKernal.java | 8 ++++---- ...niteSecurityImpl.java => IgniteSecurityProcessor.java} | 4 ++-- ...niteSecurity.java => NoOpIgniteSecurityProcessor.java} | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{IgniteSecurityImpl.java => IgniteSecurityProcessor.java} (98%) rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{NoOpIgniteSecurity.java => NoOpIgniteSecurityProcessor.java} (97%) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index 8c7656d956fd0..fb9fdf134e1f6 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -166,9 +166,9 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.resource.GridSpringResourceContext; import org.apache.ignite.internal.processors.rest.GridRestProcessor; -import org.apache.ignite.internal.processors.security.IgniteSecurityImpl; +import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; -import org.apache.ignite.internal.processors.security.NoOpIgniteSecurity; +import org.apache.ignite.internal.processors.security.NoOpIgniteSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.service.IgniteServiceProcessor; @@ -1312,8 +1312,8 @@ private long checkPoolStarvation( */ private GridProcessor igniteSecurityProcessor(GridSecurityProcessor prc) { return prc != null && prc.enabled() - ? new IgniteSecurityImpl(ctx, prc) - : new NoOpIgniteSecurity(ctx); + ? new IgniteSecurityProcessor(ctx, prc) + : new NoOpIgniteSecurityProcessor(ctx); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java similarity index 98% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityImpl.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index 5af423fe4443f..4dbb927240d94 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -47,7 +47,7 @@ /** * Default Grid security Manager implementation. */ -public class IgniteSecurityImpl implements IgniteSecurity, GridProcessor { +public class IgniteSecurityProcessor implements IgniteSecurity, GridProcessor { /** */ private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's grid security processor class " + "is not equal to remote node's grid security processor class " + @@ -75,7 +75,7 @@ public class IgniteSecurityImpl implements IgniteSecurity, GridProcessor { * @param ctx Grid kernal context. * @param secPrc Security processor. */ - public IgniteSecurityImpl(GridKernalContext ctx, GridSecurityProcessor secPrc) { + public IgniteSecurityProcessor(GridKernalContext ctx, GridSecurityProcessor secPrc) { assert ctx != null; assert secPrc != null; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurity.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java similarity index 97% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurity.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java index 94666be00aa7d..00dabdf40e496 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurity.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -34,12 +34,12 @@ import org.apache.ignite.spi.discovery.DiscoveryDataBag; import org.jetbrains.annotations.Nullable; -import static org.apache.ignite.internal.processors.security.IgniteSecurityImpl.ATTR_GRID_SEC_PROC_CLASS; +import static org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.ATTR_GRID_SEC_PROC_CLASS; /** * No operation Ignite Security Processor. */ -public class NoOpIgniteSecurity implements IgniteSecurity, GridProcessor { +public class NoOpIgniteSecurityProcessor implements IgniteSecurity, GridProcessor { /** */ private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's ignite security processor class " + "is not equal to remote node's ignite security processor class " + @@ -54,7 +54,7 @@ public class NoOpIgniteSecurity implements IgniteSecurity, GridProcessor { /** * @param ctx Grid kernal context. */ - public NoOpIgniteSecurity(GridKernalContext ctx) { + public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { this.ctx = ctx; } From bc97109f3ea4b007cb9fee33fad7ac0c7287dd94 Mon Sep 17 00:00:00 2001 From: Denis Garus Date: Fri, 29 Mar 2019 13:26:38 +0300 Subject: [PATCH 84/98] Revert "Ignite 9560 rmv sec module (#9)" (#10) This reverts commit 2c49569888336e627ff526858c874e066bce7fee. --- .../internal/ComputeTaskInternalFuture.java | 2 +- .../ignite/internal/GridKernalContext.java | 8 +- .../internal/GridKernalContextImpl.java | 12 +- .../internal/GridMessageListenHandler.java | 2 +- .../apache/ignite/internal/IgniteKernal.java | 17 +- .../ignite/internal/IgniteNodeAttributes.java | 3 + .../managers/communication/GridIoManager.java | 67 +-- .../managers/communication/GridIoMessage.java | 42 +- .../eventstorage/GridEventStorageManager.java | 4 +- .../processors/cache/GridCacheContext.java | 2 +- .../processors/cache/GridCacheProcessor.java | 68 ++- .../reader/StandaloneGridKernalContext.java | 4 +- .../datastreamer/DataStreamerImpl.java | 2 +- .../datastreamer/DataStreamerUpdateJob.java | 2 +- .../odbc/ClientListenerNioListener.java | 8 +- .../processors/rest/GridRestProcessor.java | 10 +- .../top/GridTopologyCommandHandler.java | 2 + .../security/GridSecurityProcessor.java | 5 +- .../processors/security/IgniteSecurity.java | 123 ------ .../security/IgniteSecurityProcessor.java | 273 ------------ .../security/NoOpIgniteSecurityProcessor.java | 208 --------- ...ontext.java => SecurityContextHolder.java} | 46 +- .../processors/security/SecurityUtils.java | 28 -- .../security/os/GridOsSecurityProcessor.java | 88 ++++ .../service/GridServiceProcessor.java | 10 +- .../service/IgniteServiceProcessor.java | 8 +- .../processors/task/GridTaskProcessor.java | 2 +- .../ignite/spi/discovery/tcp/ServerImpl.java | 81 +++- .../org.apache.ignite.plugin.PluginProvider | 2 +- ...ridDiscoveryManagerAttributesSelfTest.java | 19 +- .../DataStreamerImplSelfTest.java | 2 - ...ractCacheOperationPermissionCheckTest.java | 79 ---- ...erationRemoteSecurityContextCheckTest.java | 72 ---- ...bstractRemoteSecurityContextCheckTest.java | 408 ------------------ .../security/AbstractSecurityTest.java | 245 ----------- .../security/TestSecurityContext.java | 124 ------ .../processors/security/TestSecurityData.java | 116 ----- .../TestSecurityPluginConfiguration.java | 33 -- .../security/TestSecurityProcessor.java | 150 ------- .../security/TestSecuritySubject.java | 146 ------- .../CacheOperationPermissionCheckTest.java | 94 ---- .../EntryProcessorPermissionCheckTest.java | 126 ------ .../cache/ScanQueryPermissionCheckTest.java | 83 ---- ...cheLoadRemoteSecurityContextCheckTest.java | 150 ------- ...ocessorRemoteSecurityContextCheckTest.java | 111 ----- ...anQueryRemoteSecurityContextCheckTest.java | 116 ----- .../client/ThinClientPermissionCheckTest.java | 253 ----------- .../compute/ComputePermissionCheckTest.java | 348 --------------- ...uteTaskRemoteSecurityContextCheckTest.java | 182 -------- ...ClosureRemoteSecurityContextCheckTest.java | 128 ------ ...ServiceRemoteSecurityContextCheckTest.java | 100 ----- .../DataStreamerPermissionCheckTest.java | 110 ----- ...treamerRemoteSecurityContextCheckTest.java | 99 ----- .../discovery/AuthenticationRestartTest.java | 15 +- ...ryNodeAttributesUpdateOnReconnectTest.java | 12 +- .../tcp/TestReconnectPluginProvider.java} | 94 ++-- .../discovery/tcp/TestReconnectProcessor.java | 67 +-- .../junits/common/GridCommonAbstractTest.java | 20 +- .../testsuites/IgniteBasicTestSuite.java | 2 - .../ignite/testsuites/SecurityTestSuite.java | 57 --- .../processors/query/h2/CommandProcessor.java | 11 +- .../processors/query/h2/IgniteH2Indexing.java | 2 +- 62 files changed, 371 insertions(+), 4332 deletions(-) delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java delete mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java rename modules/core/src/main/java/org/apache/ignite/internal/processors/security/{OperationSecurityContext.java => SecurityContextHolder.java} (52%) create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java delete mode 100644 modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java rename modules/core/src/test/java/org/apache/ignite/{internal/processors/security/TestSecurityProcessorProvider.java => spi/discovery/tcp/TestReconnectPluginProvider.java} (59%) delete mode 100644 modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java b/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java index 6ce9001138b1b..2cb3dfad5e487 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/ComputeTaskInternalFuture.java @@ -234,7 +234,7 @@ public ComputeTaskSession getTaskSession() { /** {@inheritDoc} */ @Override public boolean cancel() throws IgniteCheckedException { - ctx.security().authorize(ses.getTaskName(), SecurityPermission.TASK_CANCEL); + ctx.security().authorize(ses.getTaskName(), SecurityPermission.TASK_CANCEL, null); if (onCancelled()) { ctx.task().onCancelled(ses.getId()); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java index 6e4de9e36d01e..744f85857a203 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java @@ -65,7 +65,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.IgniteSecurity; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.ServiceProcessorAdapter; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -423,11 +423,11 @@ public interface GridKernalContext extends Iterable { public GridCollisionManager collision(); /** - * Gets instance of {@link IgniteSecurity}. + * Gets authentication processor. * - * @return Ignite security. + * @return Authentication processor. */ - public IgniteSecurity security(); + public GridSecurityProcessor security(); /** * Gets load balancing manager. diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java index db41f9c0272bd..85e02f93ce057 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java @@ -85,7 +85,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.IgniteSecurity; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; import org.apache.ignite.internal.processors.subscription.GridInternalSubscriptionProcessor; @@ -161,7 +161,7 @@ public class GridKernalContextImpl implements GridKernalContext, Externalizable /** */ @GridToStringExclude - private IgniteSecurity security; + private GridSecurityProcessor securityProc; /** */ @GridToStringExclude @@ -582,6 +582,8 @@ else if (comp instanceof GridFailoverManager) failoverMgr = (GridFailoverManager)comp; else if (comp instanceof GridCollisionManager) colMgr = (GridCollisionManager)comp; + else if (comp instanceof GridSecurityProcessor) + securityProc = (GridSecurityProcessor)comp; else if (comp instanceof GridLoadBalancerManager) loadMgr = (GridLoadBalancerManager)comp; else if (comp instanceof GridIndexingManager) @@ -664,8 +666,6 @@ else if (comp instanceof GridInternalSubscriptionProcessor) internalSubscriptionProc = (GridInternalSubscriptionProcessor)comp; else if (comp instanceof IgniteAuthenticationProcessor) authProc = (IgniteAuthenticationProcessor)comp; - else if (comp instanceof IgniteSecurity) - security = (IgniteSecurity)comp; else if (comp instanceof CompressionProcessor) compressProc = (CompressionProcessor)comp; else if (!(comp instanceof DiscoveryNodeValidationProcessor @@ -836,8 +836,8 @@ else if (helper instanceof HadoopHelper) } /** {@inheritDoc} */ - @Override public IgniteSecurity security() { - return security; + @Override public GridSecurityProcessor security() { + return securityProc; } /** {@inheritDoc} */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java index ea7d6466e4054..c6a2d0521655d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/GridMessageListenHandler.java @@ -140,7 +140,7 @@ public GridMessageListenHandler(GridMessageListenHandler orig) { /** {@inheritDoc} */ @Override public RegisterStatus register(UUID nodeId, UUID routineId, final GridKernalContext ctx) throws IgniteCheckedException { - ctx.io().addUserMessageListener(topic, pred, nodeId); + ctx.io().addUserMessageListener(topic, pred); return RegisterStatus.REGISTERED; } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index fb9fdf134e1f6..9462c50194bf7 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -166,9 +166,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.resource.GridSpringResourceContext; import org.apache.ignite.internal.processors.rest.GridRestProcessor; -import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; -import org.apache.ignite.internal.processors.security.NoOpIgniteSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.service.IgniteServiceProcessor; @@ -993,7 +991,7 @@ public void start( startProcessor(new GridTimeoutProcessor(ctx)); // Start security processors. - startProcessor(igniteSecurityProcessor(createComponent(GridSecurityProcessor.class, ctx))); + startProcessor(createComponent(GridSecurityProcessor.class, ctx)); // Start SPI managers. // NOTE: that order matters as there are dependencies between managers. @@ -1306,16 +1304,6 @@ private long checkPoolStarvation( EventType.EVT_NODE_JOINED, localNode()); } - /** - * @param prc GridSecurityProcessor from plugin context or null. - * @return IgniteSecurity. - */ - private GridProcessor igniteSecurityProcessor(GridSecurityProcessor prc) { - return prc != null && prc.enabled() - ? new IgniteSecurityProcessor(ctx, prc) - : new NoOpIgniteSecurityProcessor(ctx); - } - /** * Create description of an executor service for logging. * @@ -4168,9 +4156,6 @@ private static T createComponent(Class cls, GridKer if (cls.equals(IGridClusterStateProcessor.class)) return (T)new GridClusterStateProcessor(ctx); - if(cls.equals(GridSecurityProcessor.class)) - return null; - Class implCls = null; try { diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java index 1bd0dc8b9ff41..1740072d386aa 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java @@ -147,6 +147,9 @@ public final class IgniteNodeAttributes { /** Security credentials attribute name. Attribute is not available via public API. */ public static final String ATTR_SECURITY_CREDENTIALS = ATTR_PREFIX + ".security.cred"; + /** Security subject for authenticated node. */ + public static final String ATTR_SECURITY_SUBJECT = ATTR_PREFIX + ".security.subject"; + /** V2 security subject for authenticated node. */ public static final String ATTR_SECURITY_SUBJECT_V2 = ATTR_PREFIX + ".security.subject.v2"; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 041424c58f300..c1e1684c57604 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -70,7 +70,6 @@ import org.apache.ignite.internal.processors.cache.mvcc.msg.MvccMessage; import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter; import org.apache.ignite.internal.processors.pool.PoolProcessor; -import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet; import org.apache.ignite.internal.util.StripedCompositeReadWriteLock; @@ -1044,7 +1043,7 @@ private void processP2PMessage( assert obj != null; - invokeListener(msg.policy(), lsnr, nodeId, obj, msg.secSubjId()); + invokeListener(msg.policy(), lsnr, nodeId, obj); } finally { threadProcessingMessage(false, null); @@ -1187,7 +1186,7 @@ private void processRegularMessage0(GridIoMessage msg, UUID nodeId) { assert obj != null; - invokeListener(msg.policy(), lsnr, nodeId, obj, msg.secSubjId()); + invokeListener(msg.policy(), lsnr, nodeId, obj); } /** @@ -1549,9 +1548,8 @@ private void unwindMessageSet(GridCommunicationMessageSet msgSet, GridMessageLis * @param lsnr Listener. * @param nodeId Node ID. * @param msg Message. - * @param secSubjId Security subject that will be used to open a security session. */ - private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Object msg, UUID secSubjId) { + private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Object msg) { Byte oldPlc = CUR_PLC.get(); boolean change = !F.eq(oldPlc, plc); @@ -1559,9 +1557,7 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj if (change) CUR_PLC.set(plc); - UUID newSecSubjId = secSubjId != null ? secSubjId : nodeId; - - try(OperationSecurityContext s = ctx.security().withContext(newSecSubjId)) { + try { lsnr.onMessage(nodeId, msg, plc); } finally { @@ -1623,16 +1619,7 @@ private void send( assert !async || msg instanceof GridIoUserMessage : msg; // Async execution was added only for IgniteMessaging. assert topicOrd >= 0 || !(topic instanceof GridTopic) : msg; - UUID secSubjId = null; - - if(ctx.security().enabled()) { - UUID curSecSubjId = ctx.security().securityContext().subject().id(); - - if (!locNodeId.equals(curSecSubjId)) - secSubjId = curSecSubjId; - } - - GridIoMessage ioMsg = new GridIoMessage(secSubjId, plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); + GridIoMessage ioMsg = new GridIoMessage(plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); if (locNodeId.equals(node.id())) { assert plc != P2P_POOL; @@ -1983,16 +1970,11 @@ else if (loc) { } } - public void addUserMessageListener(final @Nullable Object topic, final @Nullable IgniteBiPredicate p) { - addUserMessageListener(topic, p, null); - } - /** * @param topic Topic to subscribe to. * @param p Message predicate. */ - public void addUserMessageListener(final @Nullable Object topic, - final @Nullable IgniteBiPredicate p, final @Nullable UUID nodeId) { + public void addUserMessageListener(@Nullable final Object topic, @Nullable final IgniteBiPredicate p) { if (p != null) { try { if (p instanceof PlatformMessageFilter) @@ -2001,7 +1983,7 @@ public void addUserMessageListener(final @Nullable Object topic, ctx.resource().injectGeneric(p); addMessageListener(TOPIC_COMM_USER, - new GridUserMessageListener(topic, (IgniteBiPredicate)p, nodeId)); + new GridUserMessageListener(topic, (IgniteBiPredicate)p)); } catch (IgniteCheckedException e) { throw new IgniteException(e); @@ -2014,8 +1996,13 @@ public void addUserMessageListener(final @Nullable Object topic, * @param p Message predicate. */ public void removeUserMessageListener(@Nullable Object topic, IgniteBiPredicate p) { - removeMessageListener(TOPIC_COMM_USER, - new GridUserMessageListener(topic, (IgniteBiPredicate)p)); + try { + removeMessageListener(TOPIC_COMM_USER, + new GridUserMessageListener(topic, (IgniteBiPredicate)p)); + } + catch (IgniteCheckedException e) { + throw new IgniteException(e); + } } /** @@ -2430,27 +2417,15 @@ private class GridUserMessageListener implements GridMessageListener { /** User message topic. */ private final Object topic; - /** Initial node id. */ - private final UUID initNodeId; - /** * @param topic User topic. * @param predLsnr Predicate listener. - * @param initNodeId Node id that registered given listener. + * @throws IgniteCheckedException If failed to inject resources to predicates. */ - GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr, - @Nullable UUID initNodeId) { + GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr) + throws IgniteCheckedException { this.topic = topic; this.predLsnr = predLsnr; - this.initNodeId = initNodeId; - } - - /** - * @param topic User topic. - * @param predLsnr Predicate listener. - */ - GridUserMessageListener(@Nullable Object topic, @Nullable IgniteBiPredicate predLsnr) { - this(topic, predLsnr, null); } /** {@inheritDoc} */ @@ -2547,10 +2522,8 @@ private class GridUserMessageListener implements GridMessageListener { if (msgBody != null) { if (predLsnr != null) { - try(OperationSecurityContext s = ctx.security().withContext(initNodeId)) { - if (!predLsnr.apply(nodeId, msgBody)) - removeMessageListener(TOPIC_COMM_USER, this); - } + if (!predLsnr.apply(nodeId, msgBody)) + removeMessageListener(TOPIC_COMM_USER, this); } } } @@ -2777,7 +2750,7 @@ void unwind(GridMessageListener lsnr) { for (GridTuple3 t = msgs.poll(); t != null; t = msgs.poll()) { try { - invokeListener(plc, lsnr, nodeId, t.get1().message(), t.get1().secSubjId()); + invokeListener(plc, lsnr, nodeId, t.get1().message()); } finally { if (t.get3() != null) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java index a93f45d5481ac..fe61aec834672 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java @@ -20,7 +20,6 @@ import java.io.Externalizable; import java.nio.ByteBuffer; -import java.util.UUID; import org.apache.ignite.internal.ExecutorAwareMessage; import org.apache.ignite.internal.GridDirectTransient; import org.apache.ignite.internal.processors.cache.GridCacheMessage; @@ -68,9 +67,6 @@ public class GridIoMessage implements Message { /** Message. */ private Message msg; - /** Security subject id that will be used during message processing on an remote node. */ - private UUID secSubjId; - /** * No-op constructor to support {@link Externalizable} interface. * This constructor is not meant to be used for other purposes. @@ -80,7 +76,6 @@ public GridIoMessage() { } /** - * @param secSubjId Security subject id. * @param plc Policy. * @param topic Communication topic. * @param topicOrd Topic ordinal value. @@ -90,7 +85,6 @@ public GridIoMessage() { * @param skipOnTimeout Whether message can be skipped on timeout. */ public GridIoMessage( - UUID secSubjId, byte plc, Object topic, int topicOrd, @@ -103,7 +97,6 @@ public GridIoMessage( assert topicOrd <= Byte.MAX_VALUE; assert msg != null; - this.secSubjId = secSubjId; this.plc = plc; this.msg = msg; this.topic = topic; @@ -120,13 +113,6 @@ byte policy() { return plc; } - /** - * @return Security subject id. - */ - UUID secSubjId() { - return secSubjId; - } - /** * @return Topic. */ @@ -236,30 +222,24 @@ boolean isOrdered() { writer.incrementState(); case 3: - if (!writer.writeUuid("secSubjId", secSubjId)) - return false; - - writer.incrementState(); - - case 4: if (!writer.writeBoolean("skipOnTimeout", skipOnTimeout)) return false; writer.incrementState(); - case 5: + case 4: if (!writer.writeLong("timeout", timeout)) return false; writer.incrementState(); - case 6: + case 5: if (!writer.writeByteArray("topicBytes", topicBytes)) return false; writer.incrementState(); - case 7: + case 6: if (!writer.writeInt("topicOrd", topicOrd)) return false; @@ -303,14 +283,6 @@ boolean isOrdered() { reader.incrementState(); case 3: - secSubjId = reader.readUuid("secSubjId"); - - if (!reader.isLastRead()) - return false; - - reader.incrementState(); - - case 4: skipOnTimeout = reader.readBoolean("skipOnTimeout"); if (!reader.isLastRead()) @@ -318,7 +290,7 @@ boolean isOrdered() { reader.incrementState(); - case 5: + case 4: timeout = reader.readLong("timeout"); if (!reader.isLastRead()) @@ -326,7 +298,7 @@ boolean isOrdered() { reader.incrementState(); - case 6: + case 5: topicBytes = reader.readByteArray("topicBytes"); if (!reader.isLastRead()) @@ -334,7 +306,7 @@ boolean isOrdered() { reader.incrementState(); - case 7: + case 6: topicOrd = reader.readInt("topicOrd"); if (!reader.isLastRead()) @@ -354,7 +326,7 @@ boolean isOrdered() { /** {@inheritDoc} */ @Override public byte fieldsCount() { - return 8; + return 7; } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java index 12c480a0a8e9e..5af3495fde2b3 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/eventstorage/GridEventStorageManager.java @@ -374,7 +374,7 @@ public int[] enabledEvents() { public synchronized void enableEvents(int[] types) { assert types != null; - ctx.security().authorize(SecurityPermission.EVENTS_ENABLE); + ctx.security().authorize(null, SecurityPermission.EVENTS_ENABLE, null); boolean[] userRecordableEvts0 = userRecordableEvts; boolean[] recordableEvts0 = recordableEvts; @@ -416,7 +416,7 @@ public synchronized void enableEvents(int[] types) { public synchronized void disableEvents(int[] types) { assert types != null; - ctx.security().authorize(SecurityPermission.EVENTS_DISABLE); + ctx.security().authorize(null, SecurityPermission.EVENTS_DISABLE, null); boolean[] userRecordableEvts0 = userRecordableEvts; boolean[] recordableEvts0 = recordableEvts; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java index 9d52c752c78ea..294393293cca0 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java @@ -821,7 +821,7 @@ public void checkSecurity(SecurityPermission op) throws SecurityException { if (CU.isSystemCache(name())) return; - ctx.security().authorize(name(), op); + ctx.security().authorize(name(), op, null); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java index 69c8f510e178c..7bed0f6e281ca 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java @@ -138,7 +138,6 @@ import org.apache.ignite.internal.processors.query.schema.SchemaNodeLeaveExchangeWorkerTask; import org.apache.ignite.internal.processors.query.schema.message.SchemaAbstractDiscoveryMessage; import org.apache.ignite.internal.processors.query.schema.message.SchemaProposeDiscoveryMessage; -import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.timeout.GridTimeoutObject; @@ -205,7 +204,6 @@ import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_TX_CONFIG; import static org.apache.ignite.internal.processors.cache.GridCacheUtils.isNearEnabled; import static org.apache.ignite.internal.processors.cache.GridCacheUtils.isPersistentCache; -import static org.apache.ignite.internal.processors.security.SecurityUtils.nodeSecurityContext; import static org.apache.ignite.internal.util.IgniteUtils.doInParallel; /** @@ -3350,7 +3348,7 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, } /** {@inheritDoc} */ - @Override public @Nullable IgniteNodeValidationResult validateNode( + @Nullable @Override public IgniteNodeValidationResult validateNode( ClusterNode node, JoiningNodeDiscoveryData discoData ) { if(!cachesInfo.isMergeConfigSupports(node)) @@ -3361,31 +3359,25 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, boolean isGridActive = ctx.state().clusterState().active(); - StringBuilder errorMsg = new StringBuilder(); + StringBuilder errorMessage = new StringBuilder(); - SecurityContext secCtx = null; - - if (ctx.security().enabled()) { + for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { try { - secCtx = nodeSecurityContext(marsh, U.resolveClassLoader(ctx.config()), node); - } - catch (SecurityException se) { - errorMsg.append(se.getMessage()); - } - } + byte[] secCtxBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - for (CacheJoinNodeDiscoveryData.CacheInfo cacheInfo : nodeData.caches().values()) { - if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) { - try (OperationSecurityContext s = ctx.security().withContext(secCtx)) { - authorizeCacheCreate(cacheInfo.cacheData().config()); - } - catch (SecurityException ex) { - if (errorMsg.length() > 0) - errorMsg.append("\n"); + if (secCtxBytes != null) { + SecurityContext secCtx = U.unmarshal(marsh, secCtxBytes, U.resolveClassLoader(ctx.config())); - errorMsg.append(ex.getMessage()); + if (secCtx != null && cacheInfo.cacheType() == CacheType.USER) + authorizeCacheCreate(cacheInfo.cacheData().config(), secCtx); } } + catch (SecurityException | IgniteCheckedException ex) { + if (errorMessage.length() > 0) + errorMessage.append("\n"); + + errorMessage.append(ex.getMessage()); + } DynamicCacheDescriptor localDesc = cacheDescriptor(cacheInfo.cacheData().config().getName()); @@ -3395,19 +3387,19 @@ private GridCacheSharedContext createSharedContext(GridKernalContext kernalCtx, QuerySchemaPatch schemaPatch = localDesc.makeSchemaPatch(cacheInfo.cacheData().queryEntities()); if (schemaPatch.hasConflicts() || (isGridActive && !schemaPatch.isEmpty())) { - if (errorMsg.length() > 0) - errorMsg.append("\n"); + if (errorMessage.length() > 0) + errorMessage.append("\n"); if (schemaPatch.hasConflicts()) - errorMsg.append(String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, + errorMessage.append(String.format(MERGE_OF_CONFIG_CONFLICTS_MESSAGE, localDesc.cacheName(), schemaPatch.getConflictsMessage())); else - errorMsg.append(String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, localDesc.cacheName())); + errorMessage.append(String.format(MERGE_OF_CONFIG_REQUIRED_MESSAGE, localDesc.cacheName())); } } - if (errorMsg.length() > 0) { - String msg = errorMsg.toString(); + if (errorMessage.length() > 0) { + String msg = errorMessage.toString(); return new IgniteNodeValidationResult(node.id(), msg, msg); } @@ -4368,28 +4360,28 @@ private Collection initiateCacheChanges( * Authorize creating cache. * * @param cfg Cache configuration. + * @param secCtx Optional security context. */ - private void authorizeCacheCreate(CacheConfiguration cfg) { - if(cfg != null) { - ctx.security().authorize(cfg.getName(), SecurityPermission.CACHE_CREATE); + private void authorizeCacheCreate(CacheConfiguration cfg, SecurityContext secCtx) { + ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, secCtx); - if (cfg.isOnheapCacheEnabled() && - IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DISABLE_ONHEAP_CACHE)) - throw new SecurityException("Authorization failed for enabling on-heap cache."); - } + if (cfg != null && cfg.isOnheapCacheEnabled() && + IgniteSystemProperties.getBoolean(IgniteSystemProperties.IGNITE_DISABLE_ONHEAP_CACHE)) + throw new SecurityException("Authorization failed for enabling on-heap cache."); } /** - * Authorize dynamic cache management. + * Authorize dynamic cache management for this node. * * @param req start/stop cache request. */ private void authorizeCacheChange(DynamicCacheChangeRequest req) { + // Null security context means authorize this node. if (req.cacheType() == null || req.cacheType() == CacheType.USER) { if (req.stop()) - ctx.security().authorize(req.cacheName(), SecurityPermission.CACHE_DESTROY); + ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, null); else - authorizeCacheCreate(req.startCacheConfiguration()); + authorizeCacheCreate(req.startCacheConfiguration(), null); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java index c1ca45dbceb31..0396c3e43a76a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/persistence/wal/reader/StandaloneGridKernalContext.java @@ -80,7 +80,7 @@ import org.apache.ignite.internal.processors.resource.GridResourceProcessor; import org.apache.ignite.internal.processors.rest.GridRestProcessor; import org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessorAdapter; -import org.apache.ignite.internal.processors.security.IgniteSecurity; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.internal.processors.segmentation.GridSegmentationProcessor; import org.apache.ignite.internal.processors.service.GridServiceProcessor; import org.apache.ignite.internal.processors.session.GridTaskSessionProcessor; @@ -458,7 +458,7 @@ protected IgniteConfiguration prepareIgniteConfiguration() { } /** {@inheritDoc} */ - @Override public IgniteSecurity security() { + @Override public GridSecurityProcessor security() { return null; } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java index 4f8ae3df399a3..5e3a0c825ffc3 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java @@ -1443,7 +1443,7 @@ private void checkSecurityPermission(SecurityPermission perm) if (!ctx.security().enabled()) return; - ctx.security().authorize(cacheName, perm); + ctx.security().authorize(cacheName, perm, null); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java index ef9ef2db5f23f..c2ab0c7cff679 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerUpdateJob.java @@ -166,6 +166,6 @@ private void checkSecurityPermission(SecurityPermission perm) if (!ctx.security().enabled()) return; - ctx.security().authorize(cacheName, perm); + ctx.security().authorize(cacheName, perm, null); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java index 7d58503467db3..defde3df5b0a8 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java @@ -33,7 +33,8 @@ import org.apache.ignite.internal.processors.odbc.odbc.OdbcConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext; import org.apache.ignite.internal.processors.platform.client.ClientStatus; -import org.apache.ignite.internal.processors.security.OperationSecurityContext; +import org.apache.ignite.internal.processors.security.SecurityContext; +import org.apache.ignite.internal.processors.security.SecurityContextHolder; import org.apache.ignite.internal.util.GridSpinBusyLock; import org.apache.ignite.internal.util.nio.GridNioServerListenerAdapter; import org.apache.ignite.internal.util.nio.GridNioSession; @@ -171,14 +172,17 @@ public ClientListenerNioListener(GridKernalContext ctx, GridSpinBusyLock busyLoc ClientListenerResponse resp; AuthorizationContext authCtx = connCtx.authorizationContext(); + SecurityContext oldSecCtx = SecurityContextHolder.push(connCtx.securityContext()); if (authCtx != null) AuthorizationContext.context(authCtx); - try(OperationSecurityContext s = ctx.security().withContext(connCtx.securityContext())) { + try { resp = handler.handle(req); } finally { + SecurityContextHolder.pop(oldSecCtx); + if (authCtx != null) AuthorizationContext.clear(); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index 2dd23a3dd5f0c..2b0faafda3ec9 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -64,7 +64,6 @@ import org.apache.ignite.internal.processors.rest.request.GridRestRequest; import org.apache.ignite.internal.processors.rest.request.GridRestTaskRequest; import org.apache.ignite.internal.processors.rest.request.RestQueryRequest; -import org.apache.ignite.internal.processors.security.OperationSecurityContext; import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.GridSpinReadWriteLock; import org.apache.ignite.internal.util.future.GridFinishedFuture; @@ -272,9 +271,7 @@ private IgniteInternalFuture handleRequest(final GridRestReque if (secCtx0 == null || ses.isTokenExpired(sesTokTtl)) ses.secCtx = secCtx0 = authenticate(req, ses); - try(OperationSecurityContext s = ctx.security().withContext(secCtx0)) { - authorize(req); - } + authorize(req, secCtx0); } catch (SecurityException e) { assert secCtx0 != null; @@ -824,9 +821,10 @@ private SecurityContext authenticate(GridRestRequest req, Session ses) throws Ig /** * @param req REST request. + * @param sCtx Security context. * @throws SecurityException If authorization failed. */ - private void authorize(GridRestRequest req) throws SecurityException { + private void authorize(GridRestRequest req, SecurityContext sCtx) throws SecurityException { SecurityPermission perm = null; String name = null; @@ -935,7 +933,7 @@ private void authorize(GridRestRequest req) throws SecurityException { } if (perm != null) - ctx.security().authorize(name, perm); + ctx.security().authorize(name, perm, sCtx); } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java index 52a5f375e310c..edcb3741bc331 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/handlers/top/GridTopologyCommandHandler.java @@ -57,6 +57,7 @@ import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_REST_TCP_HOST_NAMES; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_REST_TCP_PORT; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS; +import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_SECURITY_SUBJECT; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2; import static org.apache.ignite.internal.IgniteNodeAttributes.ATTR_TX_CONFIG; import static org.apache.ignite.internal.processors.rest.GridRestCommand.NODE; @@ -292,6 +293,7 @@ private GridClientNodeBean createNodeBean(ClusterNode node, boolean mtr, boolean attrs.remove(ATTR_CACHE); attrs.remove(ATTR_TX_CONFIG); + attrs.remove(ATTR_SECURITY_SUBJECT); attrs.remove(ATTR_SECURITY_SUBJECT_V2); attrs.remove(ATTR_SECURITY_CREDENTIALS); attrs.remove(ATTR_BINARY_CONFIGURATION); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java index 192cc3cd3a157..ef53566fd62bd 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java @@ -27,6 +27,7 @@ import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecuritySubject; +import org.jetbrains.annotations.Nullable; /** * This interface defines a grid authentication processor. @@ -83,7 +84,7 @@ public interface GridSecurityProcessor extends GridProcessor { * @param securityCtx Optional security context. * @throws SecurityException If security check failed. */ - public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) + public void authorize(String name, SecurityPermission perm, @Nullable SecurityContext securityCtx) throws SecurityException; /** @@ -95,8 +96,6 @@ public void authorize(String name, SecurityPermission perm, SecurityContext secu /** * @return GridSecurityProcessor is enable. - * @deprecated To determine the security mode use {@link IgniteSecurity#enabled()}. */ - @Deprecated public boolean enabled(); } \ No newline at end of file diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java deleted file mode 100644 index bfdd4e2b3701a..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.Collection; -import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.plugin.security.AuthenticationContext; -import org.apache.ignite.plugin.security.SecurityCredentials; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecuritySubject; - -/** - * Ignite Security Processor. - *

      - * The differences between {@code IgniteSecurity} and {@code GridSecurityProcessor} are: - *

        - *
      • {@code IgniteSecurity} allows to define a current security context by - * {@link #withContext(SecurityContext)} or {@link #withContext(UUID)} methods. - *
      • {@code IgniteSecurity} doesn't require to pass {@code SecurityContext} to authorize operations. - *
      • {@code IgniteSecurity} doesn't extend {@code GridProcessor} interface - * sequentially it doesn't have any methods of the lifecycle of {@code GridProcessor}. - *
      - */ -public interface IgniteSecurity { - /** - * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link - * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until - * holder {@link OperationSecurityContext} will be closed. - * - * @param secCtx Security Context. - * @return Security context holder. - */ - public OperationSecurityContext withContext(SecurityContext secCtx); - - /** - * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link - * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by - * node with given nodeId until holder {@link OperationSecurityContext} will be closed. - * - * @param nodeId Node id. - * @return Security context holder. - */ - public OperationSecurityContext withContext(UUID nodeId); - - /** - * @return SecurityContext of holder {@link OperationSecurityContext}. - */ - public SecurityContext securityContext(); - - /** - * Delegates call to {@link GridSecurityProcessor#authenticateNode(org.apache.ignite.cluster.ClusterNode, - * org.apache.ignite.plugin.security.SecurityCredentials)} - */ - public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException; - - /** - * Delegates call to {@link GridSecurityProcessor#isGlobalNodeAuthentication()} - */ - public boolean isGlobalNodeAuthentication(); - - /** - * Delegates call to {@link GridSecurityProcessor#authenticate(AuthenticationContext)} - */ - public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException; - - /** - * Delegates call to {@link GridSecurityProcessor#authenticatedSubjects()} - */ - public Collection authenticatedSubjects() throws IgniteCheckedException; - - /** - * Delegates call to {@link GridSecurityProcessor#authenticatedSubject(UUID)} - */ - public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException; - - /** - * Delegates call to {@link GridSecurityProcessor#onSessionExpired(UUID)} - */ - public void onSessionExpired(UUID subjId); - - /** - * Authorizes grid operation. - * - * @param name Cache name or task class name. - * @param perm Permission to authorize. - * @throws SecurityException If security check failed. - */ - public void authorize(String name, SecurityPermission perm) throws SecurityException; - - /** - * Authorizes grid system operation. - * - * @param perm Permission to authorize. - * @throws SecurityException If security check failed. - */ - public default void authorize(SecurityPermission perm) throws SecurityException { - authorize(null, perm); - } - - /** - * @return True if IgniteSecurity is a plugin implementation, - * false if it's used a default NoOp implementation. - */ - public boolean enabled(); -} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java deleted file mode 100644 index 4dbb927240d94..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.Collection; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteInternalFuture; -import org.apache.ignite.internal.processors.GridProcessor; -import org.apache.ignite.internal.util.typedef.F; -import org.apache.ignite.internal.util.typedef.internal.U; -import org.apache.ignite.lang.IgniteFuture; -import org.apache.ignite.marshaller.MarshallerUtils; -import org.apache.ignite.marshaller.jdk.JdkMarshaller; -import org.apache.ignite.plugin.security.AuthenticationContext; -import org.apache.ignite.plugin.security.SecurityCredentials; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecuritySubject; -import org.apache.ignite.spi.IgniteNodeValidationResult; -import org.apache.ignite.spi.discovery.DiscoveryDataBag; -import org.jetbrains.annotations.Nullable; - -import static org.apache.ignite.events.EventType.EVT_NODE_FAILED; -import static org.apache.ignite.events.EventType.EVT_NODE_LEFT; -import static org.apache.ignite.internal.processors.security.SecurityUtils.nodeSecurityContext; - -/** - * Default Grid security Manager implementation. - */ -public class IgniteSecurityProcessor implements IgniteSecurity, GridProcessor { - /** */ - private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's grid security processor class " + - "is not equal to remote node's grid security processor class " + - "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; - - /** Internal attribute name constant. */ - public static final String ATTR_GRID_SEC_PROC_CLASS = "grid.security.processor.class"; - - /** Current security context. */ - private final ThreadLocal curSecCtx = ThreadLocal.withInitial(this::localSecurityContext); - - /** Grid kernal context. */ - private final GridKernalContext ctx; - - /** Security processor. */ - private final GridSecurityProcessor secPrc; - - /** Must use JDK marshaller for Security Subject. */ - private final JdkMarshaller marsh; - - /** Map of security contexts. Key is node's id. */ - private final Map secCtxs = new ConcurrentHashMap<>(); - - /** - * @param ctx Grid kernal context. - * @param secPrc Security processor. - */ - public IgniteSecurityProcessor(GridKernalContext ctx, GridSecurityProcessor secPrc) { - assert ctx != null; - assert secPrc != null; - - this.ctx = ctx; - this.secPrc = secPrc; - - marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName()); - } - - /** {@inheritDoc} */ - @Override public OperationSecurityContext withContext(SecurityContext secCtx) { - assert secCtx != null; - - SecurityContext old = curSecCtx.get(); - - curSecCtx.set(secCtx); - - return new OperationSecurityContext(this, old); - } - - /** {@inheritDoc} */ - @Override public OperationSecurityContext withContext(UUID nodeId) { - return withContext( - secCtxs.computeIfAbsent(nodeId, - uuid -> nodeSecurityContext( - marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().node(uuid) - ) - ) - ); - } - - /** {@inheritDoc} */ - @Override public SecurityContext securityContext() { - SecurityContext res = curSecCtx.get(); - - assert res != null; - - return res; - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) - throws IgniteCheckedException { - return secPrc.authenticateNode(node, cred); - } - - /** {@inheritDoc} */ - @Override public boolean isGlobalNodeAuthentication() { - return secPrc.isGlobalNodeAuthentication(); - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException { - return secPrc.authenticate(ctx); - } - - /** {@inheritDoc} */ - @Override public Collection authenticatedSubjects() throws IgniteCheckedException { - return secPrc.authenticatedSubjects(); - } - - /** {@inheritDoc} */ - @Override public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException { - return secPrc.authenticatedSubject(subjId); - } - - /** {@inheritDoc} */ - @Override public void onSessionExpired(UUID subjId) { - secPrc.onSessionExpired(subjId); - } - - /** {@inheritDoc} */ - @Override public void authorize(String name, SecurityPermission perm) throws SecurityException { - SecurityContext secCtx = curSecCtx.get(); - - assert secCtx != null; - - secPrc.authorize(name, perm, secCtx); - } - - /** {@inheritDoc} */ - @Override public boolean enabled() { - return true; - } - - /** {@inheritDoc} */ - @Override public void start() throws IgniteCheckedException { - ctx.addNodeAttribute(ATTR_GRID_SEC_PROC_CLASS, secPrc.getClass().getName()); - - secPrc.start(); - } - - /** {@inheritDoc} */ - @Override public void stop(boolean cancel) throws IgniteCheckedException { - secPrc.stop(cancel); - } - - /** {@inheritDoc} */ - @Override public void onKernalStart(boolean active) throws IgniteCheckedException { - ctx.event().addDiscoveryEventListener( - (evt, discoCache) -> secCtxs.remove(evt.eventNode().id()), EVT_NODE_FAILED, EVT_NODE_LEFT - ); - - secPrc.onKernalStart(active); - } - - /** {@inheritDoc} */ - @Override public void onKernalStop(boolean cancel) { - secPrc.onKernalStop(cancel); - } - - /** {@inheritDoc} */ - @Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) { - secPrc.collectJoiningNodeData(dataBag); - } - - /** {@inheritDoc} */ - @Override public void collectGridNodeData(DiscoveryDataBag dataBag) { - secPrc.collectGridNodeData(dataBag); - } - - /** {@inheritDoc} */ - @Override public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) { - secPrc.onGridDataReceived(data); - } - - /** {@inheritDoc} */ - @Override public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) { - secPrc.onJoiningNodeDataReceived(data); - } - - /** {@inheritDoc} */ - @Override public void printMemoryStats() { - secPrc.printMemoryStats(); - } - - /** {@inheritDoc} */ - @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node) { - IgniteNodeValidationResult res = validateSecProcClass(node); - - return res != null ? res : secPrc.validateNode(node); - } - - /** {@inheritDoc} */ - @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node, - DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { - IgniteNodeValidationResult res = validateSecProcClass(node); - - return res != null ? res : secPrc.validateNode(node, discoData); - } - - /** {@inheritDoc} */ - @Override public @Nullable DiscoveryDataExchangeType discoveryDataType() { - return secPrc.discoveryDataType(); - } - - /** {@inheritDoc} */ - @Override public void onDisconnected(IgniteFuture reconnectFut) throws IgniteCheckedException { - secPrc.onDisconnected(reconnectFut); - } - - /** {@inheritDoc} */ - @Override public @Nullable IgniteInternalFuture onReconnected( - boolean clusterRestarted) throws IgniteCheckedException { - return secPrc.onReconnected(clusterRestarted); - } - - /** - * Getting local node's security context. - * - * @return Security context of local node. - */ - private SecurityContext localSecurityContext() { - return nodeSecurityContext(marsh, U.resolveClassLoader(ctx.config()), ctx.discovery().localNode()); - } - - /** - * Validates that remote node's grid security processor class is the same as local one. - * - * @param node Joining node. - * @return Validation result or {@code null} in case of success. - */ - private IgniteNodeValidationResult validateSecProcClass(ClusterNode node) { - String rmtCls = node.attribute(ATTR_GRID_SEC_PROC_CLASS); - String locCls = secPrc.getClass().getName(); - - if (!F.eq(locCls, rmtCls)) { - return new IgniteNodeValidationResult(node.id(), - String.format(MSG_SEC_PROC_CLS_IS_INVALID, ctx.localNodeId(), node.id(), locCls, rmtCls), - String.format(MSG_SEC_PROC_CLS_IS_INVALID, node.id(), ctx.localNodeId(), rmtCls, locCls)); - } - - return null; - } -} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java deleted file mode 100644 index 00dabdf40e496..0000000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.Collection; -import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteInternalFuture; -import org.apache.ignite.internal.processors.GridProcessor; -import org.apache.ignite.lang.IgniteFuture; -import org.apache.ignite.plugin.security.AuthenticationContext; -import org.apache.ignite.plugin.security.SecurityCredentials; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecuritySubject; -import org.apache.ignite.spi.IgniteNodeValidationResult; -import org.apache.ignite.spi.discovery.DiscoveryDataBag; -import org.jetbrains.annotations.Nullable; - -import static org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.ATTR_GRID_SEC_PROC_CLASS; - -/** - * No operation Ignite Security Processor. - */ -public class NoOpIgniteSecurityProcessor implements IgniteSecurity, GridProcessor { - /** */ - private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's ignite security processor class " + - "is not equal to remote node's ignite security processor class " + - "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; - - /** No operation security context. */ - private final OperationSecurityContext opSecCtx = new OperationSecurityContext(this, null); - - /** Grid kernal context. */ - private final GridKernalContext ctx; - - /** - * @param ctx Grid kernal context. - */ - public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { - this.ctx = ctx; - } - - /** {@inheritDoc} */ - @Override public OperationSecurityContext withContext(SecurityContext secCtx) { - return opSecCtx; - } - - /** {@inheritDoc} */ - @Override public OperationSecurityContext withContext(UUID nodeId) { - return opSecCtx; - } - - /** {@inheritDoc} */ - @Override public SecurityContext securityContext() { - return null; - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) { - return null; - } - - /** {@inheritDoc} */ - @Override public boolean isGlobalNodeAuthentication() { - return false; - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticate(AuthenticationContext ctx) { - return null; - } - - /** {@inheritDoc} */ - @Override public Collection authenticatedSubjects() { - return null; - } - - /** {@inheritDoc} */ - @Override public SecuritySubject authenticatedSubject(UUID subjId) { - return null; - } - - /** {@inheritDoc} */ - @Override public void onSessionExpired(UUID subjId) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void authorize(String name, SecurityPermission perm) throws SecurityException { - // No-op. - } - - /** {@inheritDoc} */ - @Override public boolean enabled() { - return false; - } - - /** {@inheritDoc} */ - @Override public void start() throws IgniteCheckedException { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void stop(boolean cancel) throws IgniteCheckedException { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onKernalStart(boolean active) throws IgniteCheckedException { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onKernalStop(boolean cancel) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void collectGridNodeData(DiscoveryDataBag dataBag) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void printMemoryStats() { - // No-op. - } - - /** {@inheritDoc} */ - @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node) { - return validateSecProcClass(node); - } - - /** {@inheritDoc} */ - @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node, - DiscoveryDataBag.JoiningNodeDiscoveryData discoData) { - return validateSecProcClass(node); - } - - /** {@inheritDoc} */ - @Override public @Nullable DiscoveryDataExchangeType discoveryDataType() { - return null; - } - - /** {@inheritDoc} */ - @Override public void onDisconnected(IgniteFuture reconnectFut) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public @Nullable IgniteInternalFuture onReconnected(boolean clusterRestarted) { - return null; - } - - /** - * Validates that remote node's grid security processor class is undefined. - * - * @param node Joining node. - * @return Validation result or {@code null} in case of success. - */ - private IgniteNodeValidationResult validateSecProcClass(ClusterNode node){ - String rmtCls = node.attribute(ATTR_GRID_SEC_PROC_CLASS); - - if (rmtCls != null) { - ClusterNode locNode = ctx.discovery().localNode(); - - return new IgniteNodeValidationResult( - node.id(), - String.format(MSG_SEC_PROC_CLS_IS_INVALID, locNode.id(), node.id(), "undefined", rmtCls), - String.format(MSG_SEC_PROC_CLS_IS_INVALID, node.id(), locNode.id(), rmtCls, "undefined") - ); - } - - return null; - } -} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java similarity index 52% rename from modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java rename to modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java index 3fdac47dc89d2..d01071166ea73 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/OperationSecurityContext.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java @@ -17,30 +17,44 @@ package org.apache.ignite.internal.processors.security; +import org.jetbrains.annotations.Nullable; + /** - * + * Thread-local security context. */ -public class OperationSecurityContext implements AutoCloseable { - /** Ignite Security. */ - private final IgniteSecurity proc; +public class SecurityContextHolder { + /** Context. */ + private static final ThreadLocal CTX = new ThreadLocal<>(); - /** Security context. */ - private final SecurityContext secCtx; + /** + * Get security context. + * + * @return Security context. + */ + @Nullable public static SecurityContext get() { + return CTX.get(); + } /** - * @param proc Ignite Security. - * @param secCtx Security context. + * Set security context. + * + * @param ctx Context. + * @return Old context. */ - OperationSecurityContext(IgniteSecurity proc, SecurityContext secCtx) { - assert proc != null; - assert secCtx != null || !proc.enabled(); + public static SecurityContext push(@Nullable SecurityContext ctx) { + SecurityContext oldCtx = CTX.get(); + + CTX.set(ctx); - this.proc = proc; - this.secCtx = secCtx; + return oldCtx; } - /** {@inheritDoc} */ - @Override public void close() { - proc.withContext(secCtx); + /** + * Pop security context. + * + * @param oldCtx Old context. + */ + public static void pop(@Nullable SecurityContext oldCtx) { + CTX.set(oldCtx); } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java index 41d2ce9ea07d4..fbc3158ab1cb9 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java @@ -21,13 +21,7 @@ import java.util.Collection; import java.util.HashMap; import java.util.Map; -import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteSystemProperties; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.IgniteNodeAttributes; -import org.apache.ignite.internal.util.typedef.internal.U; -import org.apache.ignite.marshaller.Marshaller; -import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; /** @@ -91,26 +85,4 @@ public static Map> compatibleServicePermi return srvcPerms; } - - /** - * Getting node's security context. - * - * @param marsh Marshaller. - * @param ldr Class loader. - * @param node Node. - * @return Node's security context. - */ - public static SecurityContext nodeSecurityContext(Marshaller marsh, ClassLoader ldr, ClusterNode node) { - byte[] subjBytes = node.attribute(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT_V2); - - if (subjBytes == null) - throw new SecurityException("Security context isn't certain."); - - try { - return U.unmarshal(marsh, subjBytes, ldr); - } - catch (IgniteCheckedException e) { - throw new SecurityException("Failed to get security context.", e); - } - } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java new file mode 100644 index 0000000000000..42f9661cc005d --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.processors.security.os; + +import java.util.Collection; +import java.util.Collections; +import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.processors.GridProcessorAdapter; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.SecurityContext; +import org.apache.ignite.plugin.security.AuthenticationContext; +import org.apache.ignite.plugin.security.SecurityCredentials; +import org.apache.ignite.plugin.security.SecurityException; +import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecuritySubject; +import org.jetbrains.annotations.Nullable; + +/** + * No-op implementation for {@link GridSecurityProcessor}. + */ +public class GridOsSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { + /** + * @param ctx Kernal context. + */ + public GridOsSecurityProcessor(GridKernalContext ctx) { + super(ctx); + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) + throws IgniteCheckedException { + return null; + } + + /** {@inheritDoc} */ + @Override public boolean isGlobalNodeAuthentication() { + return false; + } + + /** {@inheritDoc} */ + @Override public SecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException { + return null; + } + + /** {@inheritDoc} */ + @Override public Collection authenticatedSubjects() { + return Collections.emptyList(); + } + + /** {@inheritDoc} */ + @Override public SecuritySubject authenticatedSubject(UUID nodeId) { + return null; + } + + /** {@inheritDoc} */ + @Override public void authorize(String name, SecurityPermission perm, @Nullable SecurityContext securityCtx) + throws SecurityException { + // No-op. + } + + /** {@inheritDoc} */ + @Override public void onSessionExpired(UUID subjId) { + // No-op. + } + + /** {@inheritDoc} */ + @Override public boolean enabled() { + return false; + } +} \ No newline at end of file diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java index 602bf627775ad..2b6e05098824d 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/service/GridServiceProcessor.java @@ -538,7 +538,7 @@ private PreparedConfigurations prepareServiceConfigurations(CollectiongetFieldValue(ioMsg, "plc"), GridTestUtils.getFieldValue(ioMsg, "topic"), GridTestUtils.getFieldValue(ioMsg, "topicOrd"), diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java deleted file mode 100644 index 8050897efeedd..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.concurrent.atomic.AtomicInteger; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.util.typedef.T2; - -/** - * - */ -public abstract class AbstractCacheOperationPermissionCheckTest extends AbstractSecurityTest { - /** Cache name for tests. */ - protected static final String CACHE_NAME = "TEST_CACHE"; - - /** Forbidden cache. */ - protected static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; - - /** Values. */ - protected AtomicInteger values = new AtomicInteger(0); - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid("server", allowAllPermissionSet()).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { - return super.getConfiguration(igniteInstanceName) - .setCacheConfiguration(getCacheConfigurations()); - } - - /** - * @return Array of cache configurations. - */ - protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration().setName(CACHE_NAME), - new CacheConfiguration().setName(FORBIDDEN_CACHE) - }; - } - - /** - * Getting login prefix. - * - * @param isClient True if is client mode. - * @return Prefix. - */ - protected String loginPrefix(boolean isClient) { - return isClient ? "client" : "server"; - } - - /** - * @return Cache entry for test. - */ - protected T2 entry() { - int val = values.incrementAndGet(); - - return new T2<>("key_" + val, -1 * val); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java deleted file mode 100644 index f7380c2d513c5..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.util.typedef.G; - -/** - * - */ -public abstract class AbstractCacheOperationRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** Cache name for tests. */ - protected static final String CACHE_NAME = "TEST_CACHE"; - - /** {@inheritDoc} */ - @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception { - return super.getConfiguration(igniteInstanceName) - .setCacheConfiguration(getCacheConfigurations()); - } - - /** - * Getting array of cache configurations. - */ - protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration<>() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - }; - } - - /** - * Getting the key that is contained on primary partition on passed node for {@link #CACHE_NAME} cache. - * - * @param ignite Node. - * @return Key. - */ - protected Integer prmKey(IgniteEx ignite) { - return findKeys(ignite.localNode(), ignite.cache(CACHE_NAME), 1, 0, 0) - .stream() - .findFirst() - .orElseThrow(() -> new IllegalStateException(ignite.name() + " isn't primary node for any key.")); - } - - /** - * Getting the key that is contained on primary partition on passed node for {@link #CACHE_NAME} cache. - * - * @param nodeName Node name. - * @return Key. - */ - protected Integer prmKey(String nodeName) { - return prmKey((IgniteEx)G.ignite(nodeName)); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java deleted file mode 100644 index 4181eefe40e6a..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,408 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.List; -import java.util.Objects; -import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; -import java.util.stream.Stream; -import javax.cache.Cache; -import javax.cache.processor.EntryProcessor; -import javax.cache.processor.MutableEntry; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteCompute; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.util.typedef.T2; -import org.apache.ignite.internal.util.typedef.X; -import org.apache.ignite.lang.IgniteBiInClosure; -import org.apache.ignite.lang.IgniteBiPredicate; -import org.apache.ignite.lang.IgniteCallable; -import org.apache.ignite.lang.IgniteClosure; -import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.plugin.security.SecurityException; - -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.core.Is.is; -import static org.junit.Assert.assertThat; - -/** - * - */ -public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSecurityTest { - /** Transition load cache. */ - protected static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; - - /** Name of server initiator node. */ - protected static final String SRV_INITIATOR = "srv_initiator"; - - /** Name of client initiator node. */ - protected static final String CLNT_INITIATOR = "clnt_initiator"; - - /** Name of server feature call node. */ - protected static final String SRV_RUN = "srv_run"; - - /** Name of client feature call node. */ - protected static final String CLNT_RUN = "clnt_run"; - - /** Name of server feature transit node. */ - protected static final String SRV_CHECK = "srv_check"; - - /** Name of client feature transit node. */ - protected static final String CLNT_CHECK = "clnt_check"; - - /** Name of server endpoint node. */ - protected static final String SRV_ENDPOINT = "srv_endpoint"; - - /** Name of client endpoint node. */ - protected static final String CLNT_ENDPOINT = "clnt_endpoint"; - - /** Verifier to check results of tests. */ - private static final Verifier VERIFIER = new Verifier(); - - /** - * Registers current security context and increments invoke's counter. - */ - protected static void register() { - VERIFIER.register((IgniteEx)Ignition.localIgnite()); - } - - /** - * @return IgniteCompute is produced by passed node for cluster group that contains nodes with ids from collection. - */ - protected static IgniteCompute compute(Ignite ignite, Collection ids) { - return ignite.compute(ignite.cluster().forNodeIds(ids)); - } - - /** - * @return IgniteCompute is produced by passed node for cluster group that contains node with id. - */ - protected static IgniteCompute compute(Ignite ignite, UUID id) { - return ignite.compute(ignite.cluster().forNodeId(id)); - } - - /** - * @param ign Node. - * @return Security subject id of passed node. - */ - protected static UUID secSubjectId(IgniteEx ign) { - return ign.context().security().securityContext().subject().id(); - } - - /** - * @param name Security subject id of passed node. - * @return Security subject id of passed node. - */ - protected UUID secSubjectId(String name) { - return secSubjectId(grid(name)); - } - - /** - * @return Collection of feature call nodes ids. - */ - protected Collection nodesToRun() { - return Arrays.asList( - nodeId(SRV_RUN), - nodeId(CLNT_RUN) - ); - } - - /** - * @return Collection of feature transit nodes ids. - */ - protected Collection nodesToCheck() { - return Arrays.asList( - nodeId(SRV_CHECK), - nodeId(CLNT_CHECK) - ); - } - - /** - * @return Collection of endpont nodes ids. - */ - protected Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); - } - - /** - * @param name Node name. - * @return Node id. - */ - protected UUID nodeId(String name) { - return grid(name).context().discovery().localNode().id(); - } - - /** - * Assert that the passed throwable contains a cause exception with given type. - * - * @param throwable Throwable. - */ - protected void assertCauseSecurityException(Throwable throwable) { - assertThat(X.cause(throwable, SecurityException.class), notNullValue()); - } - - /** - * Setups expected behavior to passed verifier. - */ - protected abstract void setupVerifier(Verifier verifier); - - /** - * @param initiator Node that initiates an execution. - * @param runnable Check case. - */ - protected void runAndCheck(IgniteEx initiator, IgniteRunnable runnable) { - runAndCheck(initiator, Stream.of(runnable)); - } - - /** - * Sets up VERIFIER, performs the runnable and checks the result. - * - * @param initiator Node that initiates an execution. - * @param runnables Stream of check cases. - */ - protected void runAndCheck(IgniteEx initiator, Stream runnables) { - runnables.forEach( - r -> { - setupVerifier(VERIFIER.start(secSubjectId(initiator))); - - compute(initiator, nodesToRun()).broadcast(r); - - VERIFIER.checkResult(); - } - ); - } - - /** - * Responsible for verifying of tests results. - */ - public static class Verifier { - /** - * Map that contains an expected behaviour. - */ - private final ConcurrentHashMap> map = new ConcurrentHashMap<>(); - - /** - * List of registered security subjects. - */ - private final List> list = Collections.synchronizedList(new ArrayList<>()); - - /** - * Expected security subject id. - */ - private UUID expSecSubjId; - - /** - * Prepare for test. - * - * @param expSecSubjId Expected security subject id. - */ - private Verifier start(UUID expSecSubjId) { - this.expSecSubjId = expSecSubjId; - - list.clear(); - map.clear(); - - return this; - } - - /** - * Adds expected behaivior the method {@link #register(IgniteEx)} will be invoke exp times on the node with - * passed name. - * - * @param nodeName Node name. - * @param num Expected number of invokes. - */ - public Verifier expect(String nodeName, int num) { - map.put(nodeName, new T2<>(num, 0)); - - return this; - } - - /** - * Registers current security context and increments invoke's counter. - * - * @param ignite Local node. - */ - private void register(IgniteEx ignite) { - assert expSecSubjId != null; - assert ignite != null; - - list.add(new T2<>(secSubjectId(ignite), ignite.name())); - - map.computeIfPresent(ignite.name(), (name, t2) -> { - Integer val = t2.getValue(); - - t2.setValue(++val); - - return t2; - }); - } - - /** - * Checks result of test and clears expected behavior. - */ - private void checkResult() { - assert !map.isEmpty(); - - list.forEach(t -> - assertThat("Invalide security context on node " + t.get2(), - t.get1(), is(expSecSubjId)) - ); - - map.forEach((key, value) -> - assertThat("Node " + key + ". Execution of register: ", - value.get2(), is(value.get1()))); - - list.clear(); - map.clear(); - - expSecSubjId = null; - } - } - - /** */ - protected static class ExecRegisterAndForwardAdapter implements IgniteBiInClosure { - /** RegisterExecAndForward. */ - private RegisterExecAndForward instance; - - /** - * @param runnable Runnable. - */ - public ExecRegisterAndForwardAdapter(IgniteRunnable runnable) { - instance = new RegisterExecAndForward<>(runnable); - } - - /** - * @param node Expected local node name. - * @param endpoints Collection of endpont nodes ids. - */ - public ExecRegisterAndForwardAdapter(String node, Collection endpoints) { - instance = new RegisterExecAndForward<>(node, endpoints); - } - - /** - * @param endpoints Collection of endpont nodes ids. - */ - public ExecRegisterAndForwardAdapter(Collection endpoints) { - instance = new RegisterExecAndForward<>(endpoints); - } - - /** {@inheritDoc} */ - @Override public void apply(K k, V v) { - instance.run(); - } - } - - /** */ - protected static class RegisterExecAndForward implements IgniteBiPredicate, IgniteRunnable, - IgniteCallable, EntryProcessor, IgniteClosure { - /** Runnable. */ - private final IgniteRunnable runnable; - - /** Expected local node name. */ - private final String node; - - /** Collection of endpoint node ids. */ - private final Collection endpoints; - - /** - * @param runnable Runnable. - */ - public RegisterExecAndForward(IgniteRunnable runnable) { - this.runnable = Objects.requireNonNull(runnable); - node = null; - endpoints = Collections.emptyList(); - } - - /** - * @param node Expected local node name. - * @param endpoints Collection of endpont nodes ids. - */ - public RegisterExecAndForward(String node, Collection endpoints) { - this.node = node; - this.endpoints = endpoints; - runnable = null; - } - - /** - * @param endpoints Collection of endpont nodes ids. - */ - public RegisterExecAndForward(Collection endpoints) { - this.endpoints = endpoints; - runnable = null; - node = null; - } - - /** {@inheritDoc} */ - @Override public boolean apply(K k, V v) { - run(); - - return false; - } - - /** {@inheritDoc} */ - @Override public void run() { - Ignite loc = Ignition.localIgnite(); - - if (node == null || node.equals(loc.name())) { - register(); - - Ignite ignite = Ignition.localIgnite(); - - if (runnable != null) - runnable.run(); - else { - compute(ignite, endpoints) - .broadcast(() -> register()); - } - } - } - - /** {@inheritDoc} */ - @Override public Object process(MutableEntry mutableEntry, Object... objects) { - run(); - - return null; - } - - /** {@inheritDoc} */ - @Override public V apply(K k) { - run(); - - if (k instanceof Cache.Entry) - return (V) ((Cache.Entry)k).getValue(); - - return null; - } - - /** {@inheritDoc} */ - @Override public V call() { - run(); - - return null; - } - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java deleted file mode 100644 index 52687771dea4c..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java +++ /dev/null @@ -1,245 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.util.Arrays; -import org.apache.ignite.configuration.DataRegionConfiguration; -import org.apache.ignite.configuration.DataStorageConfiguration; -import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSet; -import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; -import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; - -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.junit.Assert.assertThat; - -/** - * Common class for security tests. - */ -public class AbstractSecurityTest extends GridCommonAbstractTest { - /** Empty array of permissions. */ - protected static final SecurityPermission[] EMPTY_PERMS = new SecurityPermission[0]; - - /** {@inheritDoc} */ - @Override protected void afterTestsStopped() throws Exception { - super.afterTestsStopped(); - - stopAllGrids(); - - cleanPersistenceDir(); - } - - /** - * @param instanceName Instance name. - * @param secCfg Security plugin configuration. - */ - protected IgniteConfiguration getConfiguration(String instanceName, - TestSecurityPluginConfiguration secCfg) throws Exception { - - return getConfiguration(instanceName) - .setDataStorageConfiguration( - new DataStorageConfiguration() - .setDefaultDataRegionConfiguration( - new DataRegionConfiguration().setPersistenceEnabled(true) - ) - ) - .setAuthenticationEnabled(true) - .setPluginConfigurations(secCfg); - } - - /** - * @param idx Index. - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - */ - protected IgniteConfiguration getConfiguration(int idx, String login, String pwd, - SecurityPermissionSet prmSet) throws Exception { - return getConfiguration(getTestIgniteInstanceName(idx), secPluginCfg(login, pwd, prmSet)); - } - - /** - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - * @return Security plaugin configuration. - */ - protected TestSecurityPluginConfiguration secPluginCfg(String login, String pwd, SecurityPermissionSet prmSet, - TestSecurityData... clientData) { - return ctx -> new TestSecurityProcessor(ctx, - new TestSecurityData(login, pwd, prmSet), - Arrays.asList(clientData)); - } - - /** - * @param login Login. - * @param prmSet Security permission set. - */ - protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet) throws Exception { - return startGrid(login, "", prmSet, false); - } - - /** - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - */ - protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet) throws Exception { - return startGrid(login, pwd, prmSet, false); - } - - /** - * @param login Login. - * @param prmSet Security permission set. - * @param isClient Is client. - */ - protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, - boolean isClient) throws Exception { - return startGrid( - getConfiguration(login, secPluginCfg(login, "", prmSet)) - .setClientMode(isClient) - ); - } - - /** - * @param login Login. - * @param prmSet Security permission set. - */ - protected IgniteEx startClient(String login, SecurityPermissionSet prmSet) throws Exception { - return startGrid(login, prmSet, true); - } - - /** - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - * @param isClient Is client. - */ - protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet, - boolean isClient) throws Exception { - return startGrid( - getConfiguration(login, secPluginCfg(login, pwd, prmSet)) - .setClientMode(isClient) - ); - } - - /** - * @param instanceName Instance name. - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - */ - protected IgniteEx startGrid(String instanceName, String login, String pwd, - SecurityPermissionSet prmSet) throws Exception { - return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet))); - } - - /** - * @param instanceName Instance name. - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - * @param isClient If true then client mode. - */ - protected IgniteEx startGrid(String instanceName, String login, String pwd, - SecurityPermissionSet prmSet, boolean isClient) throws Exception { - return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet)) - .setClientMode(isClient)); - } - - /** - * Getting security permission set builder. - */ - protected SecurityPermissionSetBuilder builder() { - return SecurityPermissionSetBuilder.create().defaultAllowAll(true); - } - - /** - * Getting allow all security permission set. - */ - protected SecurityPermissionSet allowAllPermissionSet() { - return builder().build(); - } - - /** - * Method {@link TestRunnable#run()} should throw {@link SecurityException}. - * - * @param r Runnable. - */ - protected void assertForbidden(TestRunnable r) { - assertForbidden(r, SecurityException.class); - } - - /** - * @param r Runnable. - * @param types Array of expected exception types. - */ - protected void assertForbidden(TestRunnable r, Class... types) { - try { - r.run(); - - fail("Test should throw one of the following exceptions " + Arrays.toString(types)); - } - catch (Throwable e) { - assertThat(cause(e, types), notNullValue()); - } - } - - /** - * Gets first cause if passed in {@code 'Throwable'} has one of given classes in {@code 'cause'} hierarchy. - *

      - * Note that this method follows includes {@link Throwable#getSuppressed()} into check. - * - * @param t Throwable to check (if {@code null}, {@code null} is returned). - * @param types Array of cause classes to get cause (if {@code null}, {@code null} is returned). - * @return First causing exception of passed in class, {@code null} otherwise. - */ - private Throwable cause(Throwable t, Class... types) { - for (Throwable th = t; th != null; th = th.getCause()) { - for (Class cls : types) { - if (cls.isAssignableFrom(th.getClass())) - return th; - - for (Throwable n : th.getSuppressed()) { - Throwable found = cause(n, cls); - - if (found != null) - return found; - } - } - - if (th.getCause() == th) - break; - } - - return null; - } - - /** - * - */ - public interface TestRunnable { - /** - * - */ - void run() throws Exception; - } -} \ No newline at end of file diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java deleted file mode 100644 index c5fa46c03bca1..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.io.Serializable; -import java.util.Collection; -import org.apache.ignite.internal.util.typedef.F; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecuritySubject; - -/** - * Security context for tests. - */ -public class TestSecurityContext implements SecurityContext, Serializable { - /** Subject. */ - private final SecuritySubject subject; - - /** - * @param subject Subject. - */ - public TestSecurityContext(SecuritySubject subject) { - this.subject = subject; - } - - /** - * @param opName Op name. - * @param perm Permission. - */ - public boolean operationAllowed(String opName, SecurityPermission perm) { - switch (perm) { - case CACHE_PUT: - case CACHE_READ: - case CACHE_REMOVE: - - return cacheOperationAllowed(opName, perm); - - case TASK_CANCEL: - case TASK_EXECUTE: - return taskOperationAllowed(opName, perm); - - case SERVICE_DEPLOY: - case SERVICE_INVOKE: - case SERVICE_CANCEL: - return serviceOperationAllowed(opName, perm); - - case EVENTS_DISABLE: - case EVENTS_ENABLE: - case ADMIN_VIEW: - case ADMIN_CACHE: - case ADMIN_QUERY: - case ADMIN_OPS: - case CACHE_CREATE: - case CACHE_DESTROY: - case JOIN_AS_SERVER: - return systemOperationAllowed(perm); - - default: - throw new IllegalStateException("Invalid security permission: " + perm); - } - } - - /** {@inheritDoc} */ - @Override public SecuritySubject subject() { - return subject; - } - - /** {@inheritDoc} */ - @Override public boolean taskOperationAllowed(String taskClsName, SecurityPermission perm) { - return hasPermission(subject.permissions().taskPermissions().get(taskClsName), perm); - } - - /** {@inheritDoc} */ - @Override public boolean cacheOperationAllowed(String cacheName, SecurityPermission perm) { - return hasPermission(subject.permissions().cachePermissions().get(cacheName), perm); - } - - /** {@inheritDoc} */ - @Override public boolean serviceOperationAllowed(String srvcName, SecurityPermission perm) { - return hasPermission(subject.permissions().servicePermissions().get(srvcName), perm); - } - - /** {@inheritDoc} */ - @Override public boolean systemOperationAllowed(SecurityPermission perm) { - Collection perms = subject.permissions().systemPermissions(); - - if (F.isEmpty(perms)) - return subject.permissions().defaultAllowAll(); - - return perms.stream().anyMatch(p -> perm == p); - } - - /** - * @param perms Permissions. - * @param perm Permission. - */ - private boolean hasPermission(Collection perms, SecurityPermission perm) { - if (perms == null) - return subject.permissions().defaultAllowAll(); - - return perms.stream().anyMatch(p -> perm == p); - } - - /** {@inheritDoc} */ - @Override public String toString() { - return "TestSecurityContext{" + - "subject=" + subject + - '}'; - } -} \ No newline at end of file diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java deleted file mode 100644 index 91e225c2e8efe..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import org.apache.ignite.plugin.security.SecurityCredentials; -import org.apache.ignite.plugin.security.SecurityPermissionSet; - -/** - * Test security data for subject configuration. - */ -public class TestSecurityData { - /** Login. */ - private String login; - - /** Password. */ - private String pwd; - - /** Security permission set. */ - private SecurityPermissionSet prmSet; - - /** - * Default constructor. - */ - public TestSecurityData() { - // No-op. - } - - /** - * @param login Login. - * @param pwd Password. - * @param prmSet Permissions. - */ - public TestSecurityData(String login, String pwd, SecurityPermissionSet prmSet) { - this.login = login; - this.pwd = pwd; - this.prmSet = prmSet; - } - - /** - * @param login Login. - * @param prmSet Permissions. - */ - public TestSecurityData(String login, SecurityPermissionSet prmSet) { - this(login, "", prmSet); - } - - /** - * Getting security permission set. - */ - public SecurityPermissionSet getPermissions() { - return prmSet; - } - - /** - * @param prmSet Security permission set. - */ - public TestSecurityData setPermissions(SecurityPermissionSet prmSet) { - this.prmSet = prmSet; - - return this; - } - - /** - * Login. - */ - public String getLogin() { - return login; - } - - /** - * @param login Login. - */ - public TestSecurityData setLogin(String login) { - this.login = login; - - return this; - } - - /** - * Password. - */ - public String getPwd() { - return pwd; - } - - /** - * @param pwd Password. - */ - public TestSecurityData setPwd(String pwd) { - this.pwd = pwd; - - return this; - } - - /** - * @return Security credentials. - */ - public SecurityCredentials credentials() { - return new SecurityCredentials(getLogin(), getPwd(), null); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java deleted file mode 100644 index 9239509b0052a..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.plugin.PluginConfiguration; - -/** - * Grid security configuration for tests. - */ -@FunctionalInterface -public interface TestSecurityPluginConfiguration extends PluginConfiguration { - /** - * @param ctx GridKernalContext. - * @return GridSecurityProcessor. - */ - public GridSecurityProcessor build(GridKernalContext ctx); -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java deleted file mode 100644 index e20a5d147a4b7..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.net.InetSocketAddress; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; -import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteNodeAttributes; -import org.apache.ignite.internal.processors.GridProcessorAdapter; -import org.apache.ignite.internal.util.typedef.F; -import org.apache.ignite.plugin.security.AuthenticationContext; -import org.apache.ignite.plugin.security.SecurityCredentials; -import org.apache.ignite.plugin.security.SecurityException; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSet; -import org.apache.ignite.plugin.security.SecuritySubject; - -import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_NODE; - -/** - * Security processor for test. - */ -public class TestSecurityProcessor extends GridProcessorAdapter implements GridSecurityProcessor { - /** Permissions. */ - private static final Map PERMS = new ConcurrentHashMap<>(); - - /** Node security data. */ - private final TestSecurityData nodeSecData; - - /** Users security data. */ - private final Collection predefinedAuthData; - - /** - * Constructor. - */ - public TestSecurityProcessor(GridKernalContext ctx, TestSecurityData nodeSecData, - Collection predefinedAuthData) { - super(ctx); - - this.nodeSecData = nodeSecData; - this.predefinedAuthData = predefinedAuthData.isEmpty() - ? Collections.emptyList() - : new ArrayList<>(predefinedAuthData); - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) { - return new TestSecurityContext( - new TestSecuritySubject() - .setType(REMOTE_NODE) - .setId(node.id()) - .setAddr(new InetSocketAddress(F.first(node.addresses()), 0)) - .setLogin(cred.getLogin()) - .setPerms(PERMS.get(cred)) - ); - } - - /** {@inheritDoc} */ - @Override public boolean isGlobalNodeAuthentication() { - return false; - } - - /** {@inheritDoc} */ - @Override public SecurityContext authenticate(AuthenticationContext ctx) { - return new TestSecurityContext( - new TestSecuritySubject() - .setType(ctx.subjectType()) - .setId(ctx.subjectId()) - .setAddr(ctx.address()) - .setLogin(ctx.credentials().getLogin()) - .setPerms(PERMS.get(ctx.credentials())) - ); - } - - /** {@inheritDoc} */ - @Override public Collection authenticatedSubjects() { - return Collections.emptyList(); - } - - /** {@inheritDoc} */ - @Override public SecuritySubject authenticatedSubject(UUID subjId) { - return null; - } - - /** {@inheritDoc} */ - @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) - throws SecurityException { - - assert securityCtx instanceof TestSecurityContext; - - if (!((TestSecurityContext)securityCtx).operationAllowed(name, perm)) - throw new SecurityException("Authorization failed [perm=" + perm + - ", name=" + name + - ", subject=" + securityCtx.subject() + ']'); - } - - /** {@inheritDoc} */ - @Override public void onSessionExpired(UUID subjId) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public boolean enabled() { - return true; - } - - /** {@inheritDoc} */ - @Override public void start() throws IgniteCheckedException { - super.start(); - - PERMS.put(nodeSecData.credentials(), nodeSecData.getPermissions()); - - ctx.addNodeAttribute(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS, nodeSecData.credentials()); - - for (TestSecurityData data : predefinedAuthData) - PERMS.put(data.credentials(), data.getPermissions()); - } - - /** {@inheritDoc} */ - @Override public void stop(boolean cancel) throws IgniteCheckedException { - super.stop(cancel); - - PERMS.remove(nodeSecData.credentials()); - - for (TestSecurityData data : predefinedAuthData) - PERMS.remove(data.credentials()); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java deleted file mode 100644 index c26af70e116ce..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security; - -import java.net.InetSocketAddress; -import java.util.UUID; -import org.apache.ignite.plugin.security.SecurityPermissionSet; -import org.apache.ignite.plugin.security.SecuritySubject; -import org.apache.ignite.plugin.security.SecuritySubjectType; - -/** - * Security subject for tests. - */ -public class TestSecuritySubject implements SecuritySubject { - /** Id. */ - private UUID id; - - /** Type. */ - private SecuritySubjectType type = SecuritySubjectType.REMOTE_NODE; - - /** Login. */ - private Object login; - - /** Address. */ - private InetSocketAddress addr; - - /** Permissions. */ - private SecurityPermissionSet perms; - - /** - * Default constructor. - */ - public TestSecuritySubject() { - // No-op. - } - - /** - * @param id Id. - * @param login Login. - * @param addr Address. - * @param perms Permissions. - */ - public TestSecuritySubject(UUID id, - Object login, - InetSocketAddress addr, - SecurityPermissionSet perms) { - this.id = id; - this.login = login; - this.addr = addr; - this.perms = perms; - } - - /** {@inheritDoc} */ - @Override public UUID id() { - return id; - } - - /** - * @param id Id. - */ - public TestSecuritySubject setId(UUID id) { - this.id = id; - - return this; - } - - /** {@inheritDoc} */ - @Override public SecuritySubjectType type() { - return type; - } - - /** - * @param type Type. - */ - public TestSecuritySubject setType(SecuritySubjectType type) { - this.type = type; - - return this; - } - - /** {@inheritDoc} */ - @Override public Object login() { - return login; - } - - /** - * @param login Login. - */ - public TestSecuritySubject setLogin(Object login) { - this.login = login; - - return this; - } - - /** {@inheritDoc} */ - @Override public InetSocketAddress address() { - return addr; - } - - /** - * @param addr Address. - */ - public TestSecuritySubject setAddr(InetSocketAddress addr) { - this.addr = addr; - - return this; - } - - /** {@inheritDoc} */ - @Override public SecurityPermissionSet permissions() { - return perms; - } - - /** - * @param perms Permissions. - */ - public TestSecuritySubject setPerms(SecurityPermissionSet perms) { - this.perms = perms; - - return this; - } - - /** {@inheritDoc} */ - @Override public String toString() { - return "TestSecuritySubject{" + - "id=" + id + - ", type=" + type + - ", login=" + login + - '}'; - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java deleted file mode 100644 index cde739de6a7da..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.cache; - -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.function.Consumer; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteCache; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static java.util.Collections.singletonMap; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; - -/** - * Test CRUD cache permissions. - */ -@RunWith(JUnit4.class) -public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** - * @throws Exception If fail. - */ - @Test - public void testServerNode() throws Exception { - testCrudCachePermissions(false); - } - - /** - * @throws Exception If fail. - */ - @Test - public void testClientNode() throws Exception { - testCrudCachePermissions(true); - } - - /** - * @param isClient True if is client mode. - * @throws Exception If failed. - */ - private void testCrudCachePermissions(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder() - .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); - - for (Consumer> c : consumers()) { - c.accept(node.cache(CACHE_NAME)); - - assertForbidden(() -> c.accept(node.cache(FORBIDDEN_CACHE))); - } - } - - /** - * @return Collection of consumers to invoke a cache operation. - */ - private List>> consumers() { - return Arrays.asList( - c -> c.put("key", "value"), - c -> c.putAll(singletonMap("key", "value")), - c -> c.get("key"), - c -> c.getAll(Collections.singleton("key")), - c -> c.containsKey("key"), - c -> c.remove("key"), - c -> c.removeAll(Collections.singleton("key")), - IgniteCache::clear, - c -> c.replace("key", "value"), - c -> c.putIfAbsent("key", "value"), - c -> c.getAndPut("key", "value"), - c -> c.getAndRemove("key"), - c -> c.getAndReplace("key", "value") - ); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java deleted file mode 100644 index 4baa4ec81272d..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.cache; - -import java.util.Arrays; -import java.util.List; -import java.util.function.BiConsumer; -import java.util.stream.Stream; -import org.apache.ignite.Ignite; -import org.apache.ignite.cache.CacheEntryProcessor; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; -import org.apache.ignite.internal.util.typedef.T2; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static java.util.Collections.singleton; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; -import static org.hamcrest.core.Is.is; -import static org.hamcrest.core.IsNull.nullValue; -import static org.junit.Assert.assertThat; - -/** - * Test cache permission for Entry processor. - */ -@RunWith(JUnit4.class) -public class EntryProcessorPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** - * - */ - @Test - public void test() throws Exception { - IgniteEx srvNode = startGrid("server_node", - builder() - .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); - - IgniteEx clientNode = startGrid("client_node", - builder() - .appendCachePermissions(CACHE_NAME, CACHE_PUT, CACHE_READ) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); - - srvNode.cluster().active(true); - - Stream.of(srvNode, clientNode) - .forEach( - n -> consumers(n).forEach( - c -> { - assertAllowed(n, c); - - assertForbidden(n, c); - } - ) - ); - } - - /** - * @return Collection of consumers to invoke entry processor. - */ - private List>> consumers(final Ignite node) { - return Arrays.asList( - (cacheName, t) -> node.cache(cacheName).invoke( - t.getKey(), processor(t) - ), - (cacheName, t) -> node.cache(cacheName).invokeAll( - singleton(t.getKey()), processor(t) - ), - (cacheName, t) -> node.cache(cacheName).invokeAsync( - t.getKey(), processor(t) - ).get(), - (cacheName, t) -> node.cache(cacheName).invokeAllAsync( - singleton(t.getKey()), processor(t) - ).get() - ); - } - - /** - * @param t T2. - */ - private static CacheEntryProcessor processor(T2 t) { - return (entry, o) -> { - entry.setValue(t.getValue()); - - return null; - }; - } - - /** - * @param c Consumer. - */ - private void assertAllowed(Ignite node, BiConsumer> c) { - T2 entry = entry(); - - c.accept(CACHE_NAME, entry); - - assertThat(node.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); - } - - /** - * @param c Consumer. - */ - private void assertForbidden(Ignite node, BiConsumer> c) { - T2 entry = entry(); - - assertForbidden(() -> c.accept(FORBIDDEN_CACHE, entry)); - - assertThat(node.cache(CACHE_NAME).get(entry.getKey()), nullValue()); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java deleted file mode 100644 index 4813a63b3898f..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.cache; - -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteDataStreamer; -import org.apache.ignite.cache.query.ScanQuery; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; - -/** - * Test cache permission for invoking of Scan Query. - */ -@RunWith(JUnit4.class) -public class ScanQueryPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** - * @throws Exception If fail. - */ - @Test - public void testServerNode() throws Exception { - testScanQuery(false); - } - - /** - * @throws Exception If fail. - */ - @Test - public void testClientNode() throws Exception { - testScanQuery(true); - } - - /** - * @param isClient True if is client mode. - * @throws Exception If failed. - */ - private void testScanQuery(boolean isClient) throws Exception { - putTestData(); - - Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder() - .appendCachePermissions(CACHE_NAME, CACHE_READ) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); - - assertFalse(node.cache(CACHE_NAME).query(new ScanQuery()).getAll().isEmpty()); - - assertForbidden(() -> node.cache(FORBIDDEN_CACHE).query(new ScanQuery()).getAll()); - } - - /** - * - */ - private void putTestData() { - Ignite ignite = G.allGrids().stream().findFirst().get(); - - try (IgniteDataStreamer strAllowedCache = ignite.dataStreamer(CACHE_NAME); - IgniteDataStreamer strForbiddenCache = ignite.dataStreamer(FORBIDDEN_CACHE)) { - for (int i = 1; i <= 10; i++) { - strAllowedCache.addData(Integer.toString(i), i); - strForbiddenCache.addData(Integer.toString(i), i); - } - } - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java deleted file mode 100644 index 6adca670da11c..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.cache.closure; - -import java.util.Collection; -import java.util.Collections; -import java.util.UUID; -import javax.cache.Cache; -import javax.cache.configuration.Factory; -import org.apache.ignite.Ignition; -import org.apache.ignite.cache.CacheMode; -import org.apache.ignite.cache.store.CacheStoreAdapter; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteBiInClosure; -import org.apache.ignite.lang.IgniteRunnable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing operation security context when the filter of Load cache is executed on remote node. - *

      - * The initiator node broadcasts a task to 'run' node that starts load cache with filter. That filter is - * executed on 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed - * verification that operation security context is the initiator context. - */ -@RunWith(JUnit4.class) -public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startClient(CLNT_INITIATOR, allowAllPermissionSet()); - - startGrid(SRV_RUN, allowAllPermissionSet()); - - startGrid(SRV_CHECK, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected CacheConfiguration[] getCacheConfigurations() { - return new CacheConfiguration[] { - new CacheConfiguration() - .setName(CACHE_NAME) - .setCacheMode(CacheMode.PARTITIONED) - .setCacheStoreFactory(new TestStoreFactory()), - new CacheConfiguration() - .setName(TRANSITION_LOAD_CACHE) - .setCacheMode(CacheMode.PARTITIONED) - .setCacheStoreFactory(new TestStoreFactory()) - }; - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .expect(SRV_RUN, 1) - .expect(SRV_CHECK, 1) - .expect(SRV_ENDPOINT, 1) - .expect(CLNT_ENDPOINT, 1); - } - - /** - * - */ - @Test - public void test() { - IgniteRunnable checkCase = () -> { - register(); - - Ignition.localIgnite() - .cache(CACHE_NAME).loadCache( - new RegisterExecAndForward(SRV_CHECK, endpoints()) - ); - }; - - runAndCheck(grid(SRV_INITIATOR), checkCase); - runAndCheck(grid(CLNT_INITIATOR), checkCase); - } - - /** {@inheritDoc} */ - @Override protected Collection nodesToRun() { - return Collections.singletonList(nodeId(SRV_RUN)); - } - - /** {@inheritDoc} */ - @Override protected Collection nodesToCheck() { - return Collections.singletonList(nodeId(SRV_CHECK)); - } - - /** - * Test store factory. - */ - private static class TestStoreFactory implements Factory { - /** {@inheritDoc} */ - @Override public TestCacheStore create() { - return new TestCacheStore(); - } - } - - /** - * Test cache store. - */ - private static class TestCacheStore extends CacheStoreAdapter { - /** {@inheritDoc} */ - @Override public void loadCache(IgniteBiInClosure clo, Object... args) { - clo.apply(1, 1); - } - - /** {@inheritDoc} */ - @Override public Integer load(Integer key) { - return key; - } - - /** {@inheritDoc} */ - @Override public void write(Cache.Entry entry) { - throw new UnsupportedOperationException(); - } - - /** {@inheritDoc} */ - @Override public void delete(Object key) { - // No-op. - } - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java deleted file mode 100644 index bb9caa1784b85..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.cache.closure; - -import java.util.Collection; -import java.util.Collections; -import java.util.UUID; -import java.util.stream.Stream; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; - -import org.apache.ignite.lang.IgniteRunnable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing operation security context when EntryProcessor closure is executed on remote node. - *

      - * The initiator node broadcasts a task to 'run' node that starts EntryProcessor closure. That closure is executed on - * 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation - * security context is the initiator context. - */ -@RunWith(JUnit4.class) -public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startClient(CLNT_INITIATOR, allowAllPermissionSet()); - - startGrid(SRV_RUN, allowAllPermissionSet()); - - startGrid(SRV_CHECK, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .expect(SRV_RUN, 1) - .expect(SRV_CHECK, 1) - .expect(SRV_ENDPOINT, 1) - .expect(CLNT_ENDPOINT, 1); - } - - /** - * - */ - @Test - public void test() { - runAndCheck(grid(SRV_INITIATOR), checkCases()); - runAndCheck(grid(CLNT_INITIATOR), checkCases()); - } - - /** {@inheritDoc} */ - @Override protected Collection nodesToRun() { - return Collections.singletonList(nodeId(SRV_RUN)); - } - - /** {@inheritDoc} */ - @Override protected Collection nodesToCheck() { - return Collections.singletonList(nodeId(SRV_CHECK)); - } - - /** - * @return Stream of runnables to call invoke methods. - */ - private Stream checkCases() { - final Integer key = prmKey(grid(SRV_CHECK)); - - return Stream.of( - () -> Ignition.localIgnite().cache(CACHE_NAME) - .invoke(key, new RegisterExecAndForward(endpoints())), - - () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAll(Collections.singleton(key), new RegisterExecAndForward(endpoints())), - - () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAsync(key, new RegisterExecAndForward<>(endpoints())) - .get(), - - () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), new RegisterExecAndForward<>(endpoints())) - .get() - ).map(RegisterExecAndForward::new); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java deleted file mode 100644 index dd9d296678ce2..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.cache.closure; - -import java.util.Collection; -import java.util.Collections; -import java.util.UUID; -import java.util.stream.Stream; -import org.apache.ignite.Ignition; -import org.apache.ignite.cache.query.ScanQuery; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing operation security context when the filter of ScanQuery is executed on remote node. - *

      - * The initiator node broadcasts a task to 'run' node that starts ScanQuery's filter. That filter is executed on - * 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that - * operation security context is the initiator context. - */ -@RunWith(JUnit4.class) -public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startClient(CLNT_INITIATOR, allowAllPermissionSet()); - - startGrid(SRV_RUN, allowAllPermissionSet()); - - startClient(CLNT_RUN, allowAllPermissionSet()); - - startGrid(SRV_CHECK, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .expect(SRV_RUN, 1) - .expect(CLNT_RUN, 1) - .expect(SRV_CHECK, 2) - .expect(SRV_ENDPOINT, 2) - .expect(CLNT_ENDPOINT, 2); - } - - /** - * - */ - @Test - public void test() throws Exception { - grid(SRV_INITIATOR).cache(CACHE_NAME) - .put(prmKey(grid(SRV_CHECK)), 1); - - awaitPartitionMapExchange(); - - runAndCheck(grid(SRV_INITIATOR), checkCases()); - runAndCheck(grid(CLNT_INITIATOR), checkCases()); - } - - /** {@inheritDoc} */ - @Override protected Collection nodesToCheck() { - return Collections.singletonList(nodeId(SRV_CHECK)); - } - - /** - * Stream of runnables to call query methods. - */ - private Stream checkCases() { - return Stream.of( - () -> { - register(); - - Ignition.localIgnite().cache(CACHE_NAME).query( - new ScanQuery<>( - new RegisterExecAndForward<>(SRV_CHECK, endpoints()) - ) - ).getAll(); - }, - () -> { - register(); - - Ignition.localIgnite().cache(CACHE_NAME).query( - new ScanQuery<>((k, v) -> true), - new RegisterExecAndForward<>(SRV_CHECK, endpoints()) - ).getAll(); - } - ); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java deleted file mode 100644 index fbfa7f1a5faea..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.client; - -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.function.Consumer; -import org.apache.ignite.Ignition; -import org.apache.ignite.client.ClientAuthorizationException; -import org.apache.ignite.client.Config; -import org.apache.ignite.client.IgniteClient; -import org.apache.ignite.configuration.CacheConfiguration; -import org.apache.ignite.configuration.ClientConfiguration; -import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processors.security.AbstractSecurityTest; -import org.apache.ignite.internal.processors.security.TestSecurityData; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteBiTuple; -import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static java.util.Collections.singletonMap; -import static org.apache.ignite.internal.util.lang.GridFunc.t; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; -import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; -import static org.hamcrest.core.Is.is; -import static org.junit.Assert.assertThat; - -/** - * Security tests for thin client. - */ -@RunWith(JUnit4.class) -public class ThinClientPermissionCheckTest extends AbstractSecurityTest { - /** Client. */ - private static final String CLIENT = "client"; - - /** Client that has system permissions. */ - private static final String CLIENT_SYS_PERM = "client_sys_perm"; - - /** Client that has system permissions. */ - private static final String CLIENT_CACHE_TASK_OPER = "client_task_oper"; - - /** Cache. */ - private static final String CACHE = "TEST_CACHE"; - - /** Forbidden cache. */ - private static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE"; - - /** Cache to test system oper permissions. */ - private static final String DYNAMIC_CACHE = "DYNAMIC_TEST_CACHE"; - - /** Remove all task name. */ - public static final String REMOVE_ALL_TASK = - "org.apache.ignite.internal.processors.cache.distributed.GridDistributedCacheAdapter$RemoveAllTask"; - - /** Clear task name. */ - public static final String CLEAR_TASK = - "org.apache.ignite.internal.processors.cache.GridCacheAdapter$ClearTask"; - - /** - * @param clientData Array of client security data. - */ - private IgniteConfiguration getConfiguration(TestSecurityData... clientData) throws Exception { - return getConfiguration(G.allGrids().size(), clientData); - } - - /** - * @param idx Index. - * @param clientData Array of client security data. - */ - private IgniteConfiguration getConfiguration(int idx, - TestSecurityData... clientData) throws Exception { - - String instanceName = getTestIgniteInstanceName(idx); - - return getConfiguration( - instanceName, - secPluginCfg("srv_" + instanceName, null, allowAllPermissionSet(), clientData) - ).setCacheConfiguration( - new CacheConfiguration().setName(CACHE), - new CacheConfiguration().setName(FORBIDDEN_CACHE) - ); - } - - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - IgniteEx ignite = startGrid( - getConfiguration( - new TestSecurityData( - CLIENT, - builder() - .appendCachePermissions(CACHE, CACHE_READ, CACHE_PUT, CACHE_REMOVE) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS) - .build() - ), - new TestSecurityData( - CLIENT_SYS_PERM, - builder() - .appendSystemPermissions(CACHE_CREATE, CACHE_DESTROY) - .build() - ), - new TestSecurityData( - CLIENT_CACHE_TASK_OPER, - builder() - .appendCachePermissions(CACHE, CACHE_REMOVE) - .appendTaskPermissions(REMOVE_ALL_TASK, TASK_EXECUTE) - .appendTaskPermissions(CLEAR_TASK, TASK_EXECUTE) - .build() - ) - ) - ); - - ignite.cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected SecurityPermissionSetBuilder builder() { - return super.builder().defaultAllowAll(false); - } - - /** - * @throws Exception If error occurs. - */ - @Test - public void testCacheSinglePermOperations() throws Exception { - for (IgniteBiTuple, String> t : consumers(CACHE)) - executeOperation(CLIENT, t.get1()); - - for (IgniteBiTuple, String> t : consumers(FORBIDDEN_CACHE)) - executeForbiddenOperation(t); - } - - /** - * That test shows the wrong case when a client has permission for a remove operation - * but a removeAll operation is forbidden for it. To have permission for the removeAll (clear) operation - * a client need to have the permission to execute {@link #REMOVE_ALL_TASK} ({@link #CLEAR_TASK}) task. - * - * @throws Exception If error occurs. - */ - @Test - public void testCacheTaskPermOperations() throws Exception { - executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).removeAll()); - executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).clear()); - - executeForbiddenOperation(t(c -> c.cache(CACHE).removeAll(), "removeAll")); - executeForbiddenOperation(t(c -> c.cache(CACHE).clear(), "clear")); - } - - /** - * @throws Exception If error occurs. - */ - @Test - public void testSysOperation() throws Exception { - try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { - sysPrmClnt.createCache(DYNAMIC_CACHE); - - assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(true)); - - sysPrmClnt.destroyCache(DYNAMIC_CACHE); - - assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(false)); - } - - executeForbiddenOperation(t(c -> c.createCache(DYNAMIC_CACHE), "createCache")); - executeForbiddenOperation(t(c -> c.destroyCache(CACHE), "destroyCache")); - } - - /** - * @param cacheName Cache name. - */ - private Collection, String>> consumers(final String cacheName) { - return Arrays.asList( - t(c -> c.cache(cacheName).put("key", "value"), "put"), - t(c -> c.cache(cacheName).putAll(singletonMap("key", "value")), "putAll"), - t(c -> c.cache(cacheName).get("key"), "get)"), - t(c -> c.cache(cacheName).getAll(Collections.singleton("key")), "getAll"), - t(c -> c.cache(cacheName).containsKey("key"), "containsKey"), - t(c -> c.cache(cacheName).remove("key"), "remove"), - t(c -> c.cache(cacheName).replace("key", "value"), "replace"), - t(c -> c.cache(cacheName).putIfAbsent("key", "value"), "putIfAbsent"), - t(c -> c.cache(cacheName).getAndPut("key", "value"), "getAndPut"), - t(c -> c.cache(cacheName).getAndRemove("key"), "getAndRemove"), - t(c -> c.cache(cacheName).getAndReplace("key", "value"), "getAndReplace") - ); - } - - /** - * @param cons Consumer. - */ - private void executeOperation(String clientName, Consumer cons) throws Exception { - try (IgniteClient client = startClient(clientName)) { - cons.accept(client); - } - } - - /** - * @param t Contains consumer that executes an operation and the name of this operation. - */ - private void executeForbiddenOperation(IgniteBiTuple, String> t) { - try (IgniteClient client = startClient(CLIENT)) { - t.get1().accept(client); - - fail("The operation " + t.get2() + " has to be forbidden."); - - } - catch (Exception e) { - assertThrowable(e); - } - } - - /** - * @param throwable Throwable. - */ - private void assertThrowable(Throwable throwable) { - assertThat(throwable instanceof ClientAuthorizationException, is(true)); - } - - /** - * @param userName User name. - */ - private IgniteClient startClient(String userName) { - return Ignition.startClient( - new ClientConfiguration().setAddresses(Config.SERVER) - .setUserName(userName) - .setUserPassword("") - ); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java deleted file mode 100644 index cfcb53ee83b52..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java +++ /dev/null @@ -1,348 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.compute; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.List; -import java.util.Map; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.Future; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicBoolean; -import java.util.concurrent.locks.ReentrantLock; -import java.util.function.Function; -import java.util.function.Supplier; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteException; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.compute.ComputeJob; -import org.apache.ignite.compute.ComputeJobResult; -import org.apache.ignite.compute.ComputeJobResultPolicy; -import org.apache.ignite.compute.ComputeTask; -import org.apache.ignite.internal.processors.security.AbstractSecurityTest; -import org.apache.ignite.lang.IgniteCallable; -import org.apache.ignite.lang.IgniteClosure; -import org.apache.ignite.lang.IgniteFuture; -import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSet; -import org.jetbrains.annotations.Nullable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static java.util.Collections.singletonList; -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; -import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; -import static org.hamcrest.core.Is.is; -import static org.junit.Assert.assertThat; - -/** - * Task execute permission tests. - */ -@RunWith(JUnit4.class) -public class ComputePermissionCheckTest extends AbstractSecurityTest { - /** Flag that shows task was executed. */ - private static final AtomicBoolean IS_EXECUTED = new AtomicBoolean(false); - - /** Reentrant lock. */ - private static final ReentrantLock RNT_LOCK = new ReentrantLock(); - - /** Reentrant lock timeout. */ - private static final int RNT_LOCK_TIMEOUT = 20_000; - - /** Test compute task. */ - private static final TestComputeTask TEST_COMPUTE_TASK = new TestComputeTask(); - - /** Test callable. */ - private static final IgniteCallable TEST_CALLABLE = () -> { - IS_EXECUTED.set(true); - - syncForCancel(); - - return null; - }; - - /** Test runnable. */ - private static final IgniteRunnable TEST_RUNNABLE = () -> { - IS_EXECUTED.set(true); - - syncForCancel(); - }; - - /** Test closure. */ - private static final IgniteClosure TEST_CLOSURE = a -> { - IS_EXECUTED.set(true); - - syncForCancel(); - - return null; - }; - - /** Synchronization for tests TASK_CANCEL. */ - private static void syncForCancel() { - boolean isLocked = false; - - try { - isLocked = RNT_LOCK.tryLock(RNT_LOCK_TIMEOUT, TimeUnit.MILLISECONDS); - } - catch (InterruptedException e) { - throw new IgniteException(e); - } - finally { - if (isLocked) - RNT_LOCK.unlock(); - } - } - - /** - * - */ - @Test - public void test() throws Exception { - Ignite srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); - - Ignite srvForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS)); - - Ignite srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); - - Ignite clntAllowed = startClient("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); - - Ignite clntForbidden = startClient("clnt_forbidden", permissions(EMPTY_PERMS)); - - Ignite clntForbiddenCancel = startClient("clnt_forbidden_cnl", permissions(TASK_EXECUTE)); - - srvAllowed.cluster().active(true); - - for (TestRunnable r : runnables(srvAllowed, clntAllowed)) - allowedRun(r); - - for (TestRunnable r : runnables(srvForbidden, clntForbidden)) - assertForbidden(r); - - for (Supplier s : suppliers(srvAllowed, clntAllowed)) - allowedCancel(s); - - for (Supplier s : suppliers(srvForbiddenCancel, clntForbiddenCancel)) - forbiddenCancel(s); - } - - /** - * @param nodes Array of nodes. - */ - private Collection runnables(Ignite... nodes) { - Function f = (node) -> new TestRunnable[] { - () -> node.compute().execute(TEST_COMPUTE_TASK, 0), - () -> node.compute().executeAsync(TEST_COMPUTE_TASK, 0).get(), - () -> node.compute().broadcast(TEST_CALLABLE), - () -> node.compute().broadcastAsync(TEST_CALLABLE).get(), - () -> node.compute().call(TEST_CALLABLE), - () -> node.compute().callAsync(TEST_CALLABLE).get(), - () -> node.compute().run(TEST_RUNNABLE), - () -> node.compute().runAsync(TEST_RUNNABLE).get(), - () -> node.compute().apply(TEST_CLOSURE, new Object()), - () -> node.compute().applyAsync(TEST_CLOSURE, new Object()).get(), - () -> node.executorService().submit(TEST_CALLABLE).get(), - () -> node.executorService().invokeAll(singletonList(TEST_CALLABLE)), - () -> node.executorService().invokeAny(singletonList(TEST_CALLABLE)) - }; - - List res = new ArrayList<>(); - - for (Ignite node : nodes) - res.addAll(Arrays.asList(f.apply(node))); - - return res; - } - - /** - * - */ - private List> suppliers(Ignite... nodes) { - List> res = new ArrayList<>(); - - for (Ignite node : nodes) { - res.add(() -> new FutureAdapter(node.compute().broadcastAsync(TEST_CALLABLE))); - res.add(() -> new FutureAdapter(node.compute().callAsync(TEST_CALLABLE))); - res.add(() -> new FutureAdapter(node.compute().runAsync(TEST_RUNNABLE))); - res.add(() -> new FutureAdapter(node.compute().applyAsync(TEST_CLOSURE, new Object()))); - res.add(() -> new FutureAdapter(node.compute().executeAsync(TEST_COMPUTE_TASK, 0))); - res.add(() -> new FutureAdapter(node.executorService().submit(TEST_CALLABLE))); - } - - return res; - } - - /** - * @param perms Permissions. - */ - private SecurityPermissionSet permissions(SecurityPermission... perms) { - return builder() - .appendTaskPermissions(TEST_COMPUTE_TASK.getClass().getName(), perms) - .appendTaskPermissions(TEST_CALLABLE.getClass().getName(), perms) - .appendTaskPermissions(TEST_RUNNABLE.getClass().getName(), perms) - .appendTaskPermissions(TEST_CLOSURE.getClass().getName(), perms) - .build(); - } - - /** - * @param r TestRunnable. - */ - private void allowedRun(TestRunnable r) { - IS_EXECUTED.set(false); - - try { - r.run(); - } - catch (Exception e) { - throw new RuntimeException(e); - } - - assertTrue(IS_EXECUTED.get()); - } - - /** - * @param s Supplier. - */ - private void forbiddenCancel(Supplier s) { - RNT_LOCK.lock(); - - try { - FutureAdapter f = s.get(); - - assertForbidden(f::cancel); - } - finally { - RNT_LOCK.unlock(); - } - } - - /** - * @param s Supplier. - */ - private void allowedCancel(Supplier s) { - RNT_LOCK.lock(); - - try { - FutureAdapter f = s.get(); - - f.cancel(); - - assertThat(f.isCancelled(), is(true)); - } - finally { - RNT_LOCK.unlock(); - } - } - - /** - * - */ - private static class FutureAdapter { - /** Ignite future. */ - private final IgniteFuture igniteFut; - - /** Future. */ - private final Future fut; - - /** - * @param igniteFut Ignite future. - */ - public FutureAdapter(IgniteFuture igniteFut) { - assert igniteFut != null; - - this.igniteFut = igniteFut; - fut = null; - } - - /** - * @param fut Future. - */ - public FutureAdapter(Future fut) { - assert fut != null; - - this.fut = fut; - igniteFut = null; - } - - /** - * - */ - public void cancel() { - if (igniteFut != null) - igniteFut.cancel(); - else - fut.cancel(true); - } - - /** - * - */ - public Object get() throws ExecutionException, InterruptedException { - return igniteFut != null ? igniteFut.get() : fut.get(); - } - - /** - * - */ - public boolean isCancelled() { - return igniteFut != null ? igniteFut.isCancelled() : fut.isCancelled(); - } - } - - /** - * Abstract test compute task. - */ - private static class TestComputeTask implements ComputeTask { - /** {@inheritDoc} */ - @Override public @Nullable Map map(List subgrid, - @Nullable Object arg) { - IS_EXECUTED.set(true); - - return Collections.singletonMap( - new ComputeJob() { - @Override public void cancel() { - // no-op - } - - @Override public Object execute() { - syncForCancel(); - - return null; - } - }, subgrid.stream().findFirst().get() - ); - } - - /** {@inheritDoc} */ - @Override public ComputeJobResultPolicy result(ComputeJobResult res, List rcvd) { - if (res.getException() != null) - throw res.getException(); - - return ComputeJobResultPolicy.REDUCE; - } - - /** {@inheritDoc} */ - @Override public @Nullable Integer reduce(List results) { - return null; - } - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java deleted file mode 100644 index 71070aacf2a66..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,182 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.compute.closure; - -import java.util.Collection; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import java.util.stream.Stream; -import org.apache.ignite.Ignite; -import org.apache.ignite.Ignition; -import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.compute.ComputeJob; -import org.apache.ignite.compute.ComputeJobResult; -import org.apache.ignite.compute.ComputeJobResultPolicy; -import org.apache.ignite.compute.ComputeTask; -import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.resources.IgniteInstanceResource; -import org.jetbrains.annotations.Nullable; -import org.junit.Test; - -/** - * Testing operation security context when the compute task is executed on remote nodes. - *

      - * The initiator node broadcasts a task to 'run' nodes that starts compute task. That compute task is executed on - * 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that - * operation security context is the initiator context. - */ -public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startClient(CLNT_INITIATOR, allowAllPermissionSet()); - - startGrid(SRV_RUN, allowAllPermissionSet()); - - startClient(CLNT_RUN, allowAllPermissionSet()); - - startGrid(SRV_CHECK, allowAllPermissionSet()); - - startClient(CLNT_CHECK, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .expect(SRV_RUN, 1) - .expect(CLNT_RUN, 1) - .expect(SRV_CHECK, 2) - .expect(CLNT_CHECK, 2) - .expect(SRV_ENDPOINT, 4) - .expect(CLNT_ENDPOINT, 4); - } - - /** - * - */ - @Test - public void test() { - runAndCheck(grid(SRV_INITIATOR), checkCases()); - runAndCheck(grid(CLNT_INITIATOR), checkCases()); - } - - /** - * @return Stream of check cases. - */ - private Stream checkCases() { - return Stream.of( - () -> { - register(); - - Ignition.localIgnite().compute().execute( - new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 - ); - }, - () -> { - register(); - - Ignition.localIgnite().compute().executeAsync( - new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 - ).get(); - } - ); - } - - /** - * Compute task for tests. - */ - static class ComputeTaskClosure implements ComputeTask { - /** Collection of transition node ids. */ - private final Collection remotes; - - /** Collection of endpoint node ids. */ - private final Collection endpoints; - - /** Local ignite. */ - @IgniteInstanceResource - protected transient Ignite loc; - - /** - * @param remotes Collection of transition node ids. - * @param endpoints Collection of endpoint node ids. - */ - public ComputeTaskClosure(Collection remotes, Collection endpoints) { - assert !remotes.isEmpty(); - assert !endpoints.isEmpty(); - - this.remotes = remotes; - this.endpoints = endpoints; - } - - /** {@inheritDoc} */ - @Override public @Nullable Map map(List subgrid, - @Nullable Integer arg) { - Map res = new HashMap<>(); - - for (UUID id : remotes) { - res.put( - new ComputeJob() { - @IgniteInstanceResource - private Ignite loc; - - @Override public void cancel() { - // no-op - } - - @Override public Object execute() { - register(); - - compute(loc, endpoints) - .broadcast(() -> register()); - - return null; - } - }, loc.cluster().node(id) - ); - } - - return res; - } - - /** {@inheritDoc} */ - @Override public ComputeJobResultPolicy result(ComputeJobResult res, List rcvd) { - if (res.getException() != null) - throw res.getException(); - - return ComputeJobResultPolicy.WAIT; - } - - /** {@inheritDoc} */ - @Override public @Nullable Integer reduce(List results) { - return null; - } - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java deleted file mode 100644 index 1b3b5ad562c5e..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.compute.closure; - -import java.util.UUID; -import java.util.stream.Stream; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; -import org.junit.Test; - -/** - * Testing operation security context when the compute closure is executed on remote nodes. - *

      - * The initiator node broadcasts a task to 'run' nodes that starts compute operation. That operation is executed on - * 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation - * security context is the initiator context. - */ -public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startClient(CLNT_INITIATOR, allowAllPermissionSet()); - - startGrid(SRV_RUN, allowAllPermissionSet()); - - startClient(CLNT_RUN, allowAllPermissionSet()); - - startGrid(SRV_CHECK, allowAllPermissionSet()); - - startClient(CLNT_CHECK, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .expect(SRV_RUN, 1) - .expect(CLNT_RUN, 1) - .expect(SRV_CHECK, 2) - .expect(CLNT_CHECK, 2) - .expect(SRV_ENDPOINT, 4) - .expect(CLNT_ENDPOINT, 4); - } - - /** - * - */ - @Test - public void test() { - runAndCheck(grid(SRV_INITIATOR), checkCases()); - runAndCheck(grid(CLNT_INITIATOR), checkCases()); - } - - /** - * @return Stream of check cases. - */ - private Stream checkCases() { - return Stream.of( - () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcast((IgniteRunnable)new RegisterExecAndForward<>(endpoints())), - - () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcastAsync((IgniteRunnable)new RegisterExecAndForward<>(endpoints())) - .get(), - () -> { - for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .call(new RegisterExecAndForward<>(endpoints())); - } - }, - () -> { - for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .callAsync(new RegisterExecAndForward<>(endpoints())).get(); - } - }, - () -> { - for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .run(new RegisterExecAndForward<>(endpoints())); - } - }, - () -> { - for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .runAsync(new RegisterExecAndForward<>(endpoints())).get(); - } - }, - () -> { - for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .apply(new RegisterExecAndForward<>(endpoints()), new Object()); - } - }, - () -> { - for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .applyAsync(new RegisterExecAndForward<>(endpoints()), new Object()).get(); - } - } - ).map(RegisterExecAndForward::new); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java deleted file mode 100644 index fbf3402e4d0a6..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.compute.closure; - -import java.util.UUID; -import java.util.concurrent.ExecutorService; -import org.apache.ignite.Ignite; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing operation security context when the service task is executed on remote nodes. - *

      - * The initiator node broadcasts a task to 'run' nodes that starts service task. That service task is executed - * on 'check' nodes and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that - * operation security context is the initiator context. - */ -@RunWith(JUnit4.class) -public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startClient(CLNT_INITIATOR, allowAllPermissionSet()); - - startGrid(SRV_RUN, allowAllPermissionSet()); - - startClient(CLNT_RUN, allowAllPermissionSet()); - - startGrid(SRV_CHECK, allowAllPermissionSet()); - - startClient(CLNT_CHECK, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .expect(SRV_RUN, 1) - .expect(CLNT_RUN, 1) - .expect(SRV_CHECK, 2) - .expect(CLNT_CHECK, 2) - .expect(SRV_ENDPOINT, 4) - .expect(CLNT_ENDPOINT, 4); - } - - /** - * - */ - @Test - public void test() { - IgniteRunnable checkCase = () -> { - register(); - - Ignite loc = Ignition.localIgnite(); - - for (UUID nodeId : nodesToCheck()) { - ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); - - try { - svc.submit((Runnable) new RegisterExecAndForward<>(endpoints())).get(); - } - catch (Exception e) { - throw new RuntimeException(e); - } - } - }; - - - runAndCheck(grid(SRV_INITIATOR), checkCase); - runAndCheck(grid(CLNT_INITIATOR), checkCase); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java deleted file mode 100644 index 0442df8b7e9ea..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.datastreamer; - -import java.util.Arrays; -import java.util.List; -import java.util.Map; -import java.util.function.Consumer; -import org.apache.ignite.Ignite; -import org.apache.ignite.IgniteDataStreamer; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; -import org.apache.ignite.plugin.security.SecurityPermission; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import static java.util.Collections.singletonList; -import static java.util.Collections.singletonMap; - -/** - * Test cache permissions for Data Streamer. - */ -@RunWith(JUnit4.class) -public class DataStreamerPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** - * @throws Exception If fail. - */ - @Test - public void testServerNode() throws Exception { - testDataStreamer(false); - } - - /** - * @throws Exception If fail. - */ - @Test - public void testClientNode() throws Exception { - testDataStreamer(true); - } - - /** - * @param isClient True if is client mode. - * @throws Exception If fail. - */ - private void testDataStreamer(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder() - .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_PUT) - .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) - .build(), isClient); - - consumers().forEach( - (c) -> { - assertAllowed(node, c); - - assertForbidden(node, c); - } - ); - } - - /** - * @return Collections of consumers to invoke data streamer addData method. - */ - private List>> consumers() { - return Arrays.asList( - s -> s.addData("k", 1), - s -> s.addData(singletonMap("key", 2)), - s -> s.addData((Map.Entry)entry()), - s -> s.addData(singletonList(entry())) - ); - } - - /** - * @param node Node. - * @param c Consumer. - */ - private void assertAllowed(Ignite node, Consumer> c) { - try (IgniteDataStreamer s = node.dataStreamer(CACHE_NAME)) { - c.accept(s); - } - } - - /** - * @param node Node. - * @param c Consumer. - */ - private void assertForbidden(Ignite node, Consumer> c) { - assertForbidden(() -> { - try (IgniteDataStreamer s = node.dataStreamer(FORBIDDEN_CACHE)) { - c.accept(s); - } - } - ); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java deleted file mode 100644 index 399b259434aa5..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.datastreamer.closure; - -import java.util.Collection; -import java.util.Collections; -import java.util.UUID; -import org.apache.ignite.IgniteDataStreamer; -import org.apache.ignite.Ignition; -import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.stream.StreamVisitor; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -/** - * Testing operation security context when the closure of DataStreamer is executed on remote node. - *

      - * The initiator node broadcasts a task to 'run' node that starts DataStreamer's closure. That closure is executed on - * 'check' node and broadcasts a task to 'endpoint' nodes. On every step, it is performed verification that operation - * security context is the initiator context. - */ -@RunWith(JUnit4.class) -public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { - /** {@inheritDoc} */ - @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - - startGrid(SRV_INITIATOR, allowAllPermissionSet()); - - startClient(CLNT_INITIATOR, allowAllPermissionSet()); - - startGrid(SRV_RUN, allowAllPermissionSet()); - - startGrid(SRV_CHECK, allowAllPermissionSet()); - - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); - - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); - - G.allGrids().get(0).cluster().active(true); - } - - /** {@inheritDoc} */ - @Override protected void setupVerifier(Verifier verifier) { - verifier - .expect(SRV_RUN, 1) - .expect(SRV_CHECK, 1) - .expect(SRV_ENDPOINT, 1) - .expect(CLNT_ENDPOINT, 1); - } - - /** - * - */ - @Test - public void testDataStreamer() { - IgniteRunnable checkCase = () -> { - register(); - - try (IgniteDataStreamer strm = Ignition.localIgnite().dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor - .from(new ExecRegisterAndForwardAdapter<>(endpoints()))); - - strm.addData(prmKey(grid(SRV_CHECK)), 100); - } - }; - - runAndCheck(grid(SRV_INITIATOR), checkCase); - runAndCheck(grid(CLNT_INITIATOR), checkCase); - } - - /** {@inheritDoc} */ - @Override protected Collection nodesToRun() { - return Collections.singletonList(nodeId(SRV_RUN)); - } - - /** {@inheritDoc} */ - @Override protected Collection nodesToCheck() { - return Collections.singletonList(nodeId(SRV_CHECK)); - } -} diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java index ddfa4a0f47aaa..ad76174e6073b 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java @@ -19,10 +19,10 @@ import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.lang.GridAbsPredicate; import org.apache.ignite.lang.IgniteFuture; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi; +import org.apache.ignite.spi.discovery.tcp.TestReconnectPluginProvider; import org.apache.ignite.spi.discovery.tcp.TestReconnectProcessor; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.junit.Test; @@ -42,19 +42,24 @@ public class AuthenticationRestartTest extends GridCommonAbstractTest { ((TcpDiscoverySpi)cfg.getDiscoverySpi()).setJoinTimeout(1120_000); - cfg.setPluginConfigurations( - (TestSecurityPluginConfiguration)TestReconnectProcessor::new - ); - return cfg; } /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { + TestReconnectPluginProvider.enabled = true; + TestReconnectProcessor.enabled = true; + startGrid("server"); startGrid("client"); } + /** {@inheritDoc} */ + @Override protected void afterTestsStopped() throws Exception { + TestReconnectPluginProvider.enabled = false; + TestReconnectProcessor.enabled = false; + } + /** * @throws Exception If failed. */ diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java index 888e1f2bda57e..b61696e09b35a 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java @@ -28,7 +28,6 @@ import org.apache.ignite.events.Event; import org.apache.ignite.events.EventType; import org.apache.ignite.internal.IgniteClientReconnectAbstractTest; -import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; import org.apache.ignite.lang.IgnitePredicate; import org.apache.ignite.resources.LoggerResource; import org.apache.ignite.spi.discovery.tcp.ipfinder.TcpDiscoveryIpFinder; @@ -69,18 +68,21 @@ public class TcpDiscoveryNodeAttributesUpdateOnReconnectTest extends GridCommonA cfg.setDiscoverySpi(spi); - cfg.setPluginConfigurations( - (TestSecurityPluginConfiguration)TestReconnectProcessor::new - ); - return cfg; } /** {@inheritDoc} */ @Override protected void afterTest() throws Exception { + TestReconnectPluginProvider.enabled = false; + stopAllGrids(); } + /** {@inheritDoc} */ + @Override protected void beforeTest() throws Exception { + TestReconnectPluginProvider.enabled = true; + } + /** * @throws Exception If failed. */ diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java similarity index 59% rename from modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java rename to modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java index fef1d51868160..ccbf24340e631 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectPluginProvider.java @@ -15,30 +15,37 @@ * limitations under the License. */ -package org.apache.ignite.internal.processors.security; +package org.apache.ignite.spi.discovery.tcp; import java.io.Serializable; import java.util.UUID; +import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.IgniteKernal; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.plugin.CachePluginContext; import org.apache.ignite.plugin.CachePluginProvider; import org.apache.ignite.plugin.ExtensionRegistry; import org.apache.ignite.plugin.IgnitePlugin; -import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.PluginContext; import org.apache.ignite.plugin.PluginProvider; import org.apache.ignite.plugin.PluginValidationException; import org.jetbrains.annotations.Nullable; /** - * Security processor provider for tests. + * Creates TestReconnectProcessor. */ -public class TestSecurityProcessorProvider implements PluginProvider { +public class TestReconnectPluginProvider implements PluginProvider { + /** */ + private GridKernalContext igniteCtx; + + /** */ + public static volatile boolean enabled; + /** {@inheritDoc} */ @Override public String name() { - return "TestSecurityProcessorProvider"; + return "TestReconnectPlugin"; } /** {@inheritDoc} */ @@ -48,87 +55,64 @@ public class TestSecurityProcessorProvider implements PluginProvider { /** {@inheritDoc} */ @Override public String copyright() { - return null; - } - - /** {@inheritDoc} */ - @Override public IgnitePlugin plugin() { - return new IgnitePlugin() { - }; + return ""; } /** {@inheritDoc} */ @Override public void initExtensions(PluginContext ctx, ExtensionRegistry registry) { - // No-op. + igniteCtx = ((IgniteKernal)ctx.grid()).context(); } /** {@inheritDoc} */ - @SuppressWarnings("unchecked") - @Override public @Nullable Object createComponent(PluginContext ctx, Class cls) { - if (cls.isAssignableFrom(GridSecurityProcessor.class)) { - TestSecurityPluginConfiguration cfg = secProcBuilder(ctx); - - return cfg != null ? cfg.build(((IgniteEx)ctx.grid()).context()) : null; - } - - return null; + @Override public void start(PluginContext ctx) throws IgniteCheckedException { + // No-op } - /** - * Gets security processor builder. - * - * @param ctx Context. - */ - private TestSecurityPluginConfiguration secProcBuilder(PluginContext ctx){ - IgniteConfiguration igniteCfg = ctx.igniteConfiguration(); - - if (igniteCfg.getPluginConfigurations() != null) { - for (PluginConfiguration pluginCfg : igniteCfg.getPluginConfigurations()) { - if (pluginCfg instanceof TestSecurityPluginConfiguration) - return (TestSecurityPluginConfiguration)pluginCfg; - } - } - - return null; + /** {@inheritDoc} */ + @Override public void stop(boolean cancel) throws IgniteCheckedException { + // No-op } /** {@inheritDoc} */ - @Override public CachePluginProvider createCacheProvider(CachePluginContext ctx) { - return null; + @Override public void onIgniteStart() throws IgniteCheckedException { + // No-op } /** {@inheritDoc} */ - @Override public void start(PluginContext ctx) { - // No-op. + @Override public void onIgniteStop(boolean cancel) { + // No-op } /** {@inheritDoc} */ - @Override public void stop(boolean cancel) { - // No-op. + @Nullable @Override public Serializable provideDiscoveryData(UUID nodeId) { + return null; } /** {@inheritDoc} */ - @Override public void onIgniteStart() { - // No-op. + @Override public void receiveDiscoveryData(UUID nodeId, Serializable data) { + // No-op } /** {@inheritDoc} */ - @Override public void onIgniteStop(boolean cancel) { - // No-op. + @Override public void validateNewNode(ClusterNode node) throws PluginValidationException { + // No-op } /** {@inheritDoc} */ - @Override public @Nullable Serializable provideDiscoveryData(UUID nodeId) { + @Nullable @Override public Object createComponent(PluginContext ctx, Class cls) { + if (enabled && GridSecurityProcessor.class.equals(cls)) + return new TestReconnectProcessor(igniteCtx); + return null; } /** {@inheritDoc} */ - @Override public void receiveDiscoveryData(UUID nodeId, Serializable data) { - // No-op. + @Override public IgnitePlugin plugin() { + return new IgnitePlugin() {}; } /** {@inheritDoc} */ - @Override public void validateNewNode(ClusterNode node) throws PluginValidationException { - // No-op. + @Override public CachePluginProvider createCacheProvider(CachePluginContext ctx) { + return null; } } diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java index 8af664fa2b4c3..2476bd3d787bf 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TestReconnectProcessor.java @@ -18,7 +18,6 @@ package org.apache.ignite.spi.discovery.tcp; import java.io.Serializable; -import java.net.InetSocketAddress; import java.util.Collection; import java.util.UUID; import org.apache.ignite.IgniteCheckedException; @@ -33,19 +32,20 @@ import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; -import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecuritySubject; -import org.apache.ignite.plugin.security.SecuritySubjectType; import org.jetbrains.annotations.Nullable; /** * Updates node attributes on disconnect. */ public class TestReconnectProcessor extends GridProcessorAdapter implements GridSecurityProcessor { + /** Enabled flag. */ + public static boolean enabled; + /** * @param ctx Kernal context. */ - public TestReconnectProcessor(GridKernalContext ctx) { + protected TestReconnectProcessor(GridKernalContext ctx) { super(ctx); } @@ -57,7 +57,7 @@ public TestReconnectProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException { - return new TestSecurityContext(new TestSecuritySubject(ctx.localNodeId())); + return new TestSecurityContext(); } /** {@inheritDoc} */ @@ -93,7 +93,7 @@ public TestReconnectProcessor(GridKernalContext ctx) { /** {@inheritDoc} */ @Override public boolean enabled() { - return true; + return enabled; } /** {@inheritDoc} */ @@ -101,47 +101,6 @@ public TestReconnectProcessor(GridKernalContext ctx) { ctx.addNodeAttribute("test", "2"); } - /** - * - */ - private static class TestSecuritySubject implements SecuritySubject { - - /** Id. */ - private final UUID id; - - /** - * @param id Id. - */ - public TestSecuritySubject(UUID id) { - this.id = id; - } - - /** {@inheritDoc} */ - @Override public UUID id() { - return id; - } - - /** {@inheritDoc} */ - @Override public SecuritySubjectType type() { - return SecuritySubjectType.REMOTE_NODE; - } - - /** {@inheritDoc} */ - @Override public Object login() { - return null; - } - - /** {@inheritDoc} */ - @Override public InetSocketAddress address() { - return null; - } - - /** {@inheritDoc} */ - @Override public SecurityPermissionSet permissions() { - return null; - } - } - /** * */ @@ -149,19 +108,9 @@ private static class TestSecurityContext implements SecurityContext, Serializabl /** Serial version uid. */ private static final long serialVersionUID = 0L; - /** Subj. */ - final SecuritySubject subj; - - /** - * @param subj Subj. - */ - public TestSecurityContext(SecuritySubject subj) { - this.subj = subj; - } - /** {@inheritDoc} */ @Override public SecuritySubject subject() { - return subj; + return null; } /** {@inheritDoc} */ @@ -184,4 +133,4 @@ public TestSecurityContext(SecuritySubject subj) { return true; } } -} \ No newline at end of file +} diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java b/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java index c00e35d185086..58f8712465c17 100755 --- a/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java +++ b/modules/core/src/test/java/org/apache/ignite/testframework/junits/common/GridCommonAbstractTest.java @@ -1090,23 +1090,11 @@ protected List primaryKeys(IgniteCache cache, final int cnt, fina * @return Collection of keys for which given cache is primary. */ protected List findKeys(IgniteCache cache, final int cnt, final int startFrom, final int type) { - return findKeys(null, cache, cnt, startFrom, type); - } - - /** - * @param node Node. - * @param cache Cache. - * @param cnt Keys count. - * @param startFrom Start value for keys search. - * @return Collection of keys for which given cache is primary. - */ - protected List findKeys(@Nullable ClusterNode node, IgniteCache cache, - final int cnt, final int startFrom, final int type) { assert cnt > 0 : cnt; final List found = new ArrayList<>(cnt); - final ClusterNode node0 = node != null ? node : localNode(cache); + final ClusterNode locNode = localNode(cache); final Affinity aff = (Affinity)affinity(cache); @@ -1119,11 +1107,11 @@ protected List findKeys(@Nullable ClusterNode node, IgniteCache c boolean ok; if (type == 0) - ok = aff.isPrimary(node0, key); + ok = aff.isPrimary(locNode, key); else if (type == 1) - ok = aff.isBackup(node0, key); + ok = aff.isBackup(locNode, key); else if (type == 2) - ok = !aff.isPrimaryOrBackup(node0, key); + ok = !aff.isPrimaryOrBackup(locNode, key); else { fail(); diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java index 7fc845c773da4..40b3f2255346e 100644 --- a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java +++ b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteBasicTestSuite.java @@ -119,8 +119,6 @@ IgnitePlatformsTestSuite.class, - SecurityTestSuite.class, - GridSelfTest.class, ClusterGroupHostsSelfTest.class, IgniteMessagingWithClientTest.class, diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java deleted file mode 100644 index f48ee4878d540..0000000000000 --- a/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.testsuites; - -import org.apache.ignite.internal.processors.security.cache.CacheOperationPermissionCheckTest; -import org.apache.ignite.internal.processors.security.cache.EntryProcessorPermissionCheckTest; -import org.apache.ignite.internal.processors.security.cache.ScanQueryPermissionCheckTest; -import org.apache.ignite.internal.processors.security.cache.closure.CacheLoadRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processors.security.cache.closure.EntryProcessorRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processors.security.cache.closure.ScanQueryRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processors.security.client.ThinClientPermissionCheckTest; -import org.apache.ignite.internal.processors.security.compute.ComputePermissionCheckTest; -import org.apache.ignite.internal.processors.security.compute.closure.ComputeTaskRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processors.security.compute.closure.DistributedClosureRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processors.security.compute.closure.ExecutorServiceRemoteSecurityContextCheckTest; -import org.apache.ignite.internal.processors.security.datastreamer.DataStreamerPermissionCheckTest; -import org.apache.ignite.internal.processors.security.datastreamer.closure.DataStreamerRemoteSecurityContextCheckTest; -import org.junit.runner.RunWith; -import org.junit.runners.Suite; - -/** - * Security test suite. - */ -@RunWith(Suite.class) -@Suite.SuiteClasses({ - CacheOperationPermissionCheckTest.class, - DataStreamerPermissionCheckTest.class, - ScanQueryPermissionCheckTest.class, - EntryProcessorPermissionCheckTest.class, - ComputePermissionCheckTest.class, - - DistributedClosureRemoteSecurityContextCheckTest.class, - ComputeTaskRemoteSecurityContextCheckTest.class, - ExecutorServiceRemoteSecurityContextCheckTest.class, - ScanQueryRemoteSecurityContextCheckTest.class, - EntryProcessorRemoteSecurityContextCheckTest.class, - DataStreamerRemoteSecurityContextCheckTest.class, - CacheLoadRemoteSecurityContextCheckTest.class, - ThinClientPermissionCheckTest.class, -}) -public class SecurityTestSuite { -} diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java index 7b2254b21b0a3..c71a5c29111d7 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/CommandProcessor.java @@ -407,9 +407,9 @@ else if (cmdH2 instanceof GridSqlDropIndex) { } } else if (cmdH2 instanceof GridSqlCreateTable) { - GridSqlCreateTable cmd = (GridSqlCreateTable)cmdH2; + ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, null); - ctx.security().authorize(cmd.cacheName(), SecurityPermission.CACHE_CREATE); + GridSqlCreateTable cmd = (GridSqlCreateTable)cmdH2; isDdlOnSchemaSupported(cmd.schemaName()); @@ -452,6 +452,8 @@ else if (cmdH2 instanceof GridSqlCreateTable) { } } else if (cmdH2 instanceof GridSqlDropTable) { + ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, null); + GridSqlDropTable cmd = (GridSqlDropTable)cmdH2; isDdlOnSchemaSupported(cmd.schemaName()); @@ -463,11 +465,8 @@ else if (cmdH2 instanceof GridSqlDropTable) { throw new SchemaOperationException(SchemaOperationException.CODE_TABLE_NOT_FOUND, cmd.tableName()); } - else { - ctx.security().authorize(tbl.cacheName(), SecurityPermission.CACHE_DESTROY); - + else ctx.query().dynamicTableDrop(tbl.cacheName(), cmd.tableName(), cmd.ifExists()); - } } else if (cmdH2 instanceof GridSqlAlterTableAddColumn) { GridSqlAlterTableAddColumn cmd = (GridSqlAlterTableAddColumn)cmdH2; diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java index 1dbc6c78ad8b9..467dd156fd4c1 100644 --- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java +++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/IgniteH2Indexing.java @@ -1506,7 +1506,7 @@ private void checkSecurity(Collection cacheIds) { DynamicCacheDescriptor desc = ctx.cache().cacheDescriptor(cacheId); if (desc != null) - ctx.security().authorize(desc.cacheName(), SecurityPermission.CACHE_READ); + ctx.security().authorize(desc.cacheName(), SecurityPermission.CACHE_READ, null); } } From 18ca3e5ef959d4b65ebec5cd0ebb195d225efac3 Mon Sep 17 00:00:00 2001 From: Denis Garus Date: Mon, 15 Apr 2019 13:55:02 +0300 Subject: [PATCH 85/98] IGNITE-9560 (#11) * IGNITE-9560 fix comments * IGNITE-9560 add license info * IGNITE-9560 fix comments * IGNITE-9560 fix comments --- .../apache/ignite/internal/IgniteKernal.java | 7 +- .../managers/communication/GridIoManager.java | 54 +++++-- .../managers/communication/GridIoMessage.java | 42 +----- .../communication/GridIoMessageFactory.java | 5 + .../GridIoSecurityAwareMessage.java | 135 ++++++++++++++++++ .../processors/security/IgniteSecurity.java | 5 + .../security/IgniteSecurityProcessor.java | 5 - .../security/NoOpIgniteSecurityProcessor.java | 77 +--------- .../DataStreamerImplSelfTest.java | 2 - 9 files changed, 200 insertions(+), 132 deletions(-) create mode 100644 modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoSecurityAwareMessage.java diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index fe23f155b9fbb..f477c91cbe642 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -979,7 +979,7 @@ public void start( startProcessor(new GridTimeoutProcessor(ctx)); // Start security processors. - startProcessor(igniteSecurityProcessor(createComponent(GridSecurityProcessor.class, ctx))); + startProcessor(securityProcessor()); // Start SPI managers. // NOTE: that order matters as there are dependencies between managers. @@ -1293,10 +1293,11 @@ private long checkPoolStarvation( } /** - * @param prc GridSecurityProcessor from plugin context or null. * @return IgniteSecurity. */ - private GridProcessor igniteSecurityProcessor(GridSecurityProcessor prc) { + private GridProcessor securityProcessor() throws IgniteCheckedException { + GridSecurityProcessor prc = createComponent(GridSecurityProcessor.class, ctx); + return prc != null && prc.enabled() ? new IgniteSecurityProcessor(ctx, prc) : new NoOpIgniteSecurityProcessor(ctx); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java index 041424c58f300..83ad60f8b2c89 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoManager.java @@ -98,6 +98,7 @@ import org.apache.ignite.spi.communication.CommunicationListener; import org.apache.ignite.spi.communication.CommunicationSpi; import org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi; +import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import static org.apache.ignite.events.EventType.EVT_NODE_FAILED; @@ -1044,7 +1045,7 @@ private void processP2PMessage( assert obj != null; - invokeListener(msg.policy(), lsnr, nodeId, obj, msg.secSubjId()); + invokeListener(msg.policy(), lsnr, nodeId, obj, secSubjId(msg)); } finally { threadProcessingMessage(false, null); @@ -1187,7 +1188,7 @@ private void processRegularMessage0(GridIoMessage msg, UUID nodeId) { assert obj != null; - invokeListener(msg.policy(), lsnr, nodeId, obj, msg.secSubjId()); + invokeListener(msg.policy(), lsnr, nodeId, obj, secSubjId(msg)); } /** @@ -1623,16 +1624,7 @@ private void send( assert !async || msg instanceof GridIoUserMessage : msg; // Async execution was added only for IgniteMessaging. assert topicOrd >= 0 || !(topic instanceof GridTopic) : msg; - UUID secSubjId = null; - - if(ctx.security().enabled()) { - UUID curSecSubjId = ctx.security().securityContext().subject().id(); - - if (!locNodeId.equals(curSecSubjId)) - secSubjId = curSecSubjId; - } - - GridIoMessage ioMsg = new GridIoMessage(secSubjId, plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); + GridIoMessage ioMsg = createGridIoMessage(topic, topicOrd, msg, plc, ordered, timeout, skipOnTimeout); if (locNodeId.equals(node.id())) { assert plc != P2P_POOL; @@ -1677,6 +1669,29 @@ else if (async) } } + /** */ + private @NotNull GridIoMessage createGridIoMessage( + Object topic, + int topicOrd, + Message msg, + byte plc, + boolean ordered, + long timeout, + boolean skipOnTimeout) { + if (ctx.security().enabled()) { + UUID secSubjId = null; + + UUID curSecSubjId = ctx.security().securityContext().subject().id(); + + if (!locNodeId.equals(curSecSubjId)) + secSubjId = curSecSubjId; + + return new GridIoSecurityAwareMessage(secSubjId, plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); + } + + return new GridIoMessage(plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); + } + /** * @param nodeId Id of destination node. * @param topic Topic to send the message to. @@ -2777,7 +2792,7 @@ void unwind(GridMessageListener lsnr) { for (GridTuple3 t = msgs.poll(); t != null; t = msgs.poll()) { try { - invokeListener(plc, lsnr, nodeId, t.get1().message(), t.get1().secSubjId()); + invokeListener(plc, lsnr, nodeId, t.get1().message(), secSubjId(t.get1())); } finally { if (t.get3() != null) @@ -3173,4 +3188,17 @@ public long binLatencyMcs() { return latencyLimit / (1000 * (resLatency.length - 1)); } } + + /** + * @return Security subject id. + */ + private UUID secSubjId(GridIoMessage msg){ + if(ctx.security().enabled()) { + assert msg instanceof GridIoSecurityAwareMessage; + + return ((GridIoSecurityAwareMessage) msg).secSubjId(); + } + + return null; + } } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java index a93f45d5481ac..fe61aec834672 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessage.java @@ -20,7 +20,6 @@ import java.io.Externalizable; import java.nio.ByteBuffer; -import java.util.UUID; import org.apache.ignite.internal.ExecutorAwareMessage; import org.apache.ignite.internal.GridDirectTransient; import org.apache.ignite.internal.processors.cache.GridCacheMessage; @@ -68,9 +67,6 @@ public class GridIoMessage implements Message { /** Message. */ private Message msg; - /** Security subject id that will be used during message processing on an remote node. */ - private UUID secSubjId; - /** * No-op constructor to support {@link Externalizable} interface. * This constructor is not meant to be used for other purposes. @@ -80,7 +76,6 @@ public GridIoMessage() { } /** - * @param secSubjId Security subject id. * @param plc Policy. * @param topic Communication topic. * @param topicOrd Topic ordinal value. @@ -90,7 +85,6 @@ public GridIoMessage() { * @param skipOnTimeout Whether message can be skipped on timeout. */ public GridIoMessage( - UUID secSubjId, byte plc, Object topic, int topicOrd, @@ -103,7 +97,6 @@ public GridIoMessage( assert topicOrd <= Byte.MAX_VALUE; assert msg != null; - this.secSubjId = secSubjId; this.plc = plc; this.msg = msg; this.topic = topic; @@ -120,13 +113,6 @@ byte policy() { return plc; } - /** - * @return Security subject id. - */ - UUID secSubjId() { - return secSubjId; - } - /** * @return Topic. */ @@ -236,30 +222,24 @@ boolean isOrdered() { writer.incrementState(); case 3: - if (!writer.writeUuid("secSubjId", secSubjId)) - return false; - - writer.incrementState(); - - case 4: if (!writer.writeBoolean("skipOnTimeout", skipOnTimeout)) return false; writer.incrementState(); - case 5: + case 4: if (!writer.writeLong("timeout", timeout)) return false; writer.incrementState(); - case 6: + case 5: if (!writer.writeByteArray("topicBytes", topicBytes)) return false; writer.incrementState(); - case 7: + case 6: if (!writer.writeInt("topicOrd", topicOrd)) return false; @@ -303,14 +283,6 @@ boolean isOrdered() { reader.incrementState(); case 3: - secSubjId = reader.readUuid("secSubjId"); - - if (!reader.isLastRead()) - return false; - - reader.incrementState(); - - case 4: skipOnTimeout = reader.readBoolean("skipOnTimeout"); if (!reader.isLastRead()) @@ -318,7 +290,7 @@ boolean isOrdered() { reader.incrementState(); - case 5: + case 4: timeout = reader.readLong("timeout"); if (!reader.isLastRead()) @@ -326,7 +298,7 @@ boolean isOrdered() { reader.incrementState(); - case 6: + case 5: topicBytes = reader.readByteArray("topicBytes"); if (!reader.isLastRead()) @@ -334,7 +306,7 @@ boolean isOrdered() { reader.incrementState(); - case 7: + case 6: topicOrd = reader.readInt("topicOrd"); if (!reader.isLastRead()) @@ -354,7 +326,7 @@ boolean isOrdered() { /** {@inheritDoc} */ @Override public byte fieldsCount() { - return 8; + return 7; } /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessageFactory.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessageFactory.java index b3772705bf613..0d4cf16ce0080 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessageFactory.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoMessageFactory.java @@ -1144,6 +1144,11 @@ public GridIoMessageFactory(MessageFactory[] ext) { break; + case 172: + msg = new GridIoSecurityAwareMessage(); + + break; + // [-3..119] [124..129] [-23..-28] [-36..-55] - this // [120..123] - DR // [-4..-22, -30..-35] - SQL diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoSecurityAwareMessage.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoSecurityAwareMessage.java new file mode 100644 index 0000000000000..823474db79e1b --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/communication/GridIoSecurityAwareMessage.java @@ -0,0 +1,135 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.managers.communication; + +import java.io.Externalizable; +import java.nio.ByteBuffer; +import java.util.UUID; +import org.apache.ignite.plugin.extensions.communication.Message; +import org.apache.ignite.plugin.extensions.communication.MessageReader; +import org.apache.ignite.plugin.extensions.communication.MessageWriter; + +/** + * + */ +public class GridIoSecurityAwareMessage extends GridIoMessage { + /** */ + private static final long serialVersionUID = 0L; + + /** Security subject id that will be used during message processing on an remote node. */ + private UUID secSubjId; + + /** + * No-op constructor to support {@link Externalizable} interface. + * This constructor is not meant to be used for other purposes. + */ + public GridIoSecurityAwareMessage() { + // No-op. + } + + /** + * @param secSubjId Security subject id. + * @param plc Policy. + * @param topic Communication topic. + * @param topicOrd Topic ordinal value. + * @param msg Message. + * @param ordered Message ordered flag. + * @param timeout Timeout. + * @param skipOnTimeout Whether message can be skipped on timeout. + */ + public GridIoSecurityAwareMessage( + UUID secSubjId, + byte plc, + Object topic, + int topicOrd, + Message msg, + boolean ordered, + long timeout, + boolean skipOnTimeout) { + super(plc, topic, topicOrd, msg, ordered, timeout, skipOnTimeout); + + this.secSubjId = secSubjId; + } + + /** + * @return Security subject id. + */ + UUID secSubjId() { + return secSubjId; + } + + /** {@inheritDoc} */ + @Override public short directType() { + return 172; + } + + /** {@inheritDoc} */ + @Override public byte fieldsCount() { + return 8; + } + + /** {@inheritDoc} */ + @Override public boolean writeTo(ByteBuffer buf, MessageWriter writer) { + writer.setBuffer(buf); + + if (!super.writeTo(buf, writer)) + return false; + + if (!writer.isHeaderWritten()) { + if (!writer.writeHeader(directType(), fieldsCount())) + return false; + + writer.onHeaderWritten(); + } + + switch (writer.state()) { + case 7: + if (!writer.writeUuid("secSubjId", secSubjId)) + return false; + + writer.incrementState(); + + } + + return true; + } + + /** {@inheritDoc} */ + @Override public boolean readFrom(ByteBuffer buf, MessageReader reader) { + reader.setBuffer(buf); + + if (!reader.beforeMessageRead()) + return false; + + if (!super.readFrom(buf, reader)) + return false; + + switch (reader.state()) { + case 7: + secSubjId = reader.readUuid("secSubjId"); + + if (!reader.isLastRead()) + return false; + + reader.incrementState(); + + } + + return reader.afterMessageRead(GridIoSecurityAwareMessage.class); + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java index bfdd4e2b3701a..14764ab1657ab 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java @@ -40,6 +40,11 @@ * */ public interface IgniteSecurity { + /** */ + static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's grid security processor class " + + "is not equal to remote node's grid security processor class " + + "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; + /** * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index 4dbb927240d94..aa3256b0f974a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -48,11 +48,6 @@ * Default Grid security Manager implementation. */ public class IgniteSecurityProcessor implements IgniteSecurity, GridProcessor { - /** */ - private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's grid security processor class " + - "is not equal to remote node's grid security processor class " + - "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; - /** Internal attribute name constant. */ public static final String ATTR_GRID_SEC_PROC_CLASS = "grid.security.processor.class"; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java index 00dabdf40e496..0615ac044a5ea 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -19,12 +19,9 @@ import java.util.Collection; import java.util.UUID; -import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.internal.GridKernalContext; -import org.apache.ignite.internal.IgniteInternalFuture; -import org.apache.ignite.internal.processors.GridProcessor; -import org.apache.ignite.lang.IgniteFuture; +import org.apache.ignite.internal.processors.GridProcessorAdapter; import org.apache.ignite.plugin.security.AuthenticationContext; import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityException; @@ -39,23 +36,15 @@ /** * No operation Ignite Security Processor. */ -public class NoOpIgniteSecurityProcessor implements IgniteSecurity, GridProcessor { - /** */ - private static final String MSG_SEC_PROC_CLS_IS_INVALID = "Local node's ignite security processor class " + - "is not equal to remote node's ignite security processor class " + - "[locNodeId=%s, rmtNodeId=%s, locCls=%s, rmtCls=%s]"; - +public class NoOpIgniteSecurityProcessor extends GridProcessorAdapter implements IgniteSecurity { /** No operation security context. */ private final OperationSecurityContext opSecCtx = new OperationSecurityContext(this, null); - /** Grid kernal context. */ - private final GridKernalContext ctx; - /** * @param ctx Grid kernal context. */ public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { - this.ctx = ctx; + super(ctx); } /** {@inheritDoc} */ @@ -113,51 +102,6 @@ public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { return false; } - /** {@inheritDoc} */ - @Override public void start() throws IgniteCheckedException { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void stop(boolean cancel) throws IgniteCheckedException { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onKernalStart(boolean active) throws IgniteCheckedException { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onKernalStop(boolean cancel) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void collectJoiningNodeData(DiscoveryDataBag dataBag) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void collectGridNodeData(DiscoveryDataBag dataBag) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onGridDataReceived(DiscoveryDataBag.GridDiscoveryData data) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void onJoiningNodeDataReceived(DiscoveryDataBag.JoiningNodeDiscoveryData data) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public void printMemoryStats() { - // No-op. - } - /** {@inheritDoc} */ @Override public @Nullable IgniteNodeValidationResult validateNode(ClusterNode node) { return validateSecProcClass(node); @@ -169,21 +113,6 @@ public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { return validateSecProcClass(node); } - /** {@inheritDoc} */ - @Override public @Nullable DiscoveryDataExchangeType discoveryDataType() { - return null; - } - - /** {@inheritDoc} */ - @Override public void onDisconnected(IgniteFuture reconnectFut) { - // No-op. - } - - /** {@inheritDoc} */ - @Override public @Nullable IgniteInternalFuture onReconnected(boolean clusterRestarted) { - return null; - } - /** * Validates that remote node's grid security processor class is undefined. * diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java index 4ba4f210143d9..3882573df02b4 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImplSelfTest.java @@ -23,7 +23,6 @@ import java.util.List; import java.util.Map; import java.util.Random; -import java.util.UUID; import java.util.concurrent.Callable; import java.util.concurrent.CountDownLatch; import java.util.concurrent.CyclicBarrier; @@ -604,7 +603,6 @@ private static class StaleTopologyCommunicationSpi extends TcpCommunicationSpi { -1); msg = new GridIoMessage( - GridTestUtils.getFieldValue(ioMsg, "secSubjId"), GridTestUtils.getFieldValue(ioMsg, "plc"), GridTestUtils.getFieldValue(ioMsg, "topic"), GridTestUtils.getFieldValue(ioMsg, "topicOrd"), From e84502cf8f1e5799dcb42e12c7cb287577683259 Mon Sep 17 00:00:00 2001 From: Nikolay Date: Mon, 15 Apr 2019 16:10:29 +0300 Subject: [PATCH 86/98] IGNITE-9560: Tests reducing (#13) --- .../JdbcDynamicIndexAbstractSelfTest.java | 19 +---- .../jdbc/thin/JdbcThinAbstractSelfTest.java | 11 +-- .../CacheBlockOnReadAbstractTest.java | 24 +----- .../IgniteOptimisticTxSuspendResumeTest.java | 23 +---- .../security/AbstractSecurityTest.java | 83 +++---------------- .../compute/ComputePermissionCheckTest.java | 37 +++------ .../DataStreamerPermissionCheckTest.java | 22 ++--- .../ignite/testframework/GridTestUtils.java | 23 +++++ .../cache/index/AbstractSchemaSelfTest.java | 15 +--- ...amicColumnsAbstractConcurrentSelfTest.java | 17 +--- .../index/DynamicIndexAbstractSelfTest.java | 2 +- 11 files changed, 64 insertions(+), 212 deletions(-) diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/jdbc2/JdbcDynamicIndexAbstractSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/jdbc2/JdbcDynamicIndexAbstractSelfTest.java index 6231fcb4aaf85..3c1aae3405eea 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/jdbc2/JdbcDynamicIndexAbstractSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/jdbc2/JdbcDynamicIndexAbstractSelfTest.java @@ -31,6 +31,7 @@ import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.NearCacheConfiguration; import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.junit.Test; /** @@ -173,7 +174,7 @@ public void testCreateIndexWithDuplicateName() throws SQLException { assertSqlException(new RunnableX() { /** {@inheritDoc} */ - @Override public void run() throws Exception { + @Override public void runx() throws Exception { jdbcRun(CREATE_INDEX); } }); @@ -227,7 +228,7 @@ public void testDropIndex() throws SQLException { public void testDropMissingIndex() { assertSqlException(new RunnableX() { /** {@inheritDoc} */ - @Override public void run() throws Exception { + @Override public void runx() throws Exception { jdbcRun(DROP_INDEX); } }); @@ -322,7 +323,7 @@ private static void assertSqlException(RunnableX r) { // We expect IgniteSQLException with given code inside CacheException inside JDBC SQLException. try { - r.run(); + r.runx(); } catch (SQLException e) { return; @@ -333,16 +334,4 @@ private static void assertSqlException(RunnableX r) { fail(SQLException.class.getSimpleName() + " is not thrown."); } - - /** - * Runnable which can throw checked exceptions. - */ - private interface RunnableX { - /** - * Do run. - * - * @throws Exception If failed. - */ - public void run() throws Exception; - } } diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAbstractSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAbstractSelfTest.java index 37f7f2187a397..23cd6a6794294 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAbstractSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAbstractSelfTest.java @@ -34,6 +34,7 @@ import org.apache.ignite.internal.processors.port.GridPortRecord; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.testframework.GridTestUtils; +import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; /** @@ -97,16 +98,6 @@ protected void checkResultSetClosed(final RunnableX r) { }, SQLException.class, "Result set is closed"); } - /** - * Runnable that can throw an exception. - */ - interface RunnableX { - /** - * @throws Exception On error. - */ - void run() throws Exception; - } - /** * @param node Node to connect to. * @param params Connection parameters. diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/distributed/CacheBlockOnReadAbstractTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/distributed/CacheBlockOnReadAbstractTest.java index 2e33c06d21111..471ca58bc2e52 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/distributed/CacheBlockOnReadAbstractTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/distributed/CacheBlockOnReadAbstractTest.java @@ -77,6 +77,7 @@ import org.apache.ignite.spi.discovery.tcp.messages.TcpDiscoveryNodeAddFinishedMessage; import org.apache.ignite.spi.discovery.tcp.messages.TcpDiscoveryNodeLeftMessage; import org.apache.ignite.testframework.GridTestUtils; +import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.jetbrains.annotations.NotNull; import org.junit.Test; @@ -1241,29 +1242,6 @@ private void processMessage(TcpDiscoveryAbstractMessage msg, String receiverCons } } - /** - * Runnable that can throw exceptions. - */ - @FunctionalInterface - public interface RunnableX extends Runnable { - /** - * Closure body. - * - * @throws Exception If failed. - */ - void runx() throws Exception; - - /** {@inheritdoc} */ - @Override default void run() { - try { - runx(); - } - catch (Exception e) { - throw new IgniteException(e); - } - } - } - /** * {@link BackgroundOperation} implementation for cache reading operations. */ diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/distributed/IgniteOptimisticTxSuspendResumeTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/distributed/IgniteOptimisticTxSuspendResumeTest.java index f63f28a9f8a90..a1731cd3a0a90 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/distributed/IgniteOptimisticTxSuspendResumeTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/cache/distributed/IgniteOptimisticTxSuspendResumeTest.java @@ -40,6 +40,7 @@ import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.testframework.GridTestUtils; +import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.apache.ignite.transactions.Transaction; import org.apache.ignite.transactions.TransactionIsolation; @@ -893,26 +894,4 @@ public abstract static class CI1Exc implements CI1 { } } } - - /** - * Runnable that can throw any exception. - */ - public abstract static class RunnableX implements Runnable { - /** - * Closure body. - * - * @throws Exception If failed. - */ - public abstract void runx() throws Exception; - - /** {@inheritDoc} */ - @Override public void run() { - try { - runx(); - } - catch (Exception e) { - throw new RuntimeException(e); - } - } - } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java index 52687771dea4c..1e9d9458ed660 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -26,11 +26,9 @@ import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; +import org.apache.ignite.testframework.GridTestUtils; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.junit.Assert.assertThat; - /** * Common class for security tests. */ @@ -111,11 +109,8 @@ protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prm * @param prmSet Security permission set. * @param isClient Is client. */ - protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, - boolean isClient) throws Exception { - return startGrid( - getConfiguration(login, secPluginCfg(login, "", prmSet)) - .setClientMode(isClient) + protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, boolean isClient) throws Exception { + return startGrid(getConfiguration(login, secPluginCfg(login, "", prmSet)).setClientMode(isClient) ); } @@ -135,9 +130,7 @@ protected IgniteEx startClient(String login, SecurityPermissionSet prmSet) throw */ protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet, boolean isClient) throws Exception { - return startGrid( - getConfiguration(login, secPluginCfg(login, pwd, prmSet)) - .setClientMode(isClient) + return startGrid(getConfiguration(login, secPluginCfg(login, pwd, prmSet)).setClientMode(isClient) ); } @@ -159,10 +152,9 @@ protected IgniteEx startGrid(String instanceName, String login, String pwd, * @param prmSet Security permission set. * @param isClient If true then client mode. */ - protected IgniteEx startGrid(String instanceName, String login, String pwd, - SecurityPermissionSet prmSet, boolean isClient) throws Exception { - return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet)) - .setClientMode(isClient)); + protected IgniteEx startGrid(String instanceName, String login, String pwd, SecurityPermissionSet prmSet, + boolean isClient) throws Exception { + return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet)).setClientMode(isClient)); } /** @@ -184,62 +176,7 @@ protected SecurityPermissionSet allowAllPermissionSet() { * * @param r Runnable. */ - protected void assertForbidden(TestRunnable r) { - assertForbidden(r, SecurityException.class); - } - - /** - * @param r Runnable. - * @param types Array of expected exception types. - */ - protected void assertForbidden(TestRunnable r, Class... types) { - try { - r.run(); - - fail("Test should throw one of the following exceptions " + Arrays.toString(types)); - } - catch (Throwable e) { - assertThat(cause(e, types), notNullValue()); - } - } - - /** - * Gets first cause if passed in {@code 'Throwable'} has one of given classes in {@code 'cause'} hierarchy. - *

      - * Note that this method follows includes {@link Throwable#getSuppressed()} into check. - * - * @param t Throwable to check (if {@code null}, {@code null} is returned). - * @param types Array of cause classes to get cause (if {@code null}, {@code null} is returned). - * @return First causing exception of passed in class, {@code null} otherwise. - */ - private Throwable cause(Throwable t, Class... types) { - for (Throwable th = t; th != null; th = th.getCause()) { - for (Class cls : types) { - if (cls.isAssignableFrom(th.getClass())) - return th; - - for (Throwable n : th.getSuppressed()) { - Throwable found = cause(n, cls); - - if (found != null) - return found; - } - } - - if (th.getCause() == th) - break; - } - - return null; - } - - /** - * - */ - public interface TestRunnable { - /** - * - */ - void run() throws Exception; + protected void assertForbidden(Runnable r) { + GridTestUtils.assertThrowsWithCause(r, SecurityException.class); } -} \ No newline at end of file +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java index cfcb53ee83b52..7e1eb1ecaafb3 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java @@ -44,6 +44,7 @@ import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.jetbrains.annotations.Nullable; import org.junit.Test; import org.junit.runner.RunWith; @@ -113,9 +114,7 @@ private static void syncForCancel() { } } - /** - * - */ + /** */ @Test public void test() throws Exception { Ignite srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); @@ -132,10 +131,10 @@ public void test() throws Exception { srvAllowed.cluster().active(true); - for (TestRunnable r : runnables(srvAllowed, clntAllowed)) + for (Runnable r : runnables(srvAllowed, clntAllowed)) allowedRun(r); - for (TestRunnable r : runnables(srvForbidden, clntForbidden)) + for (Runnable r : runnables(srvForbidden, clntForbidden)) assertForbidden(r); for (Supplier s : suppliers(srvAllowed, clntAllowed)) @@ -148,8 +147,8 @@ public void test() throws Exception { /** * @param nodes Array of nodes. */ - private Collection runnables(Ignite... nodes) { - Function f = (node) -> new TestRunnable[] { + private Collection runnables(Ignite... nodes) { + Function f = (node) -> new RunnableX[] { () -> node.compute().execute(TEST_COMPUTE_TASK, 0), () -> node.compute().executeAsync(TEST_COMPUTE_TASK, 0).get(), () -> node.compute().broadcast(TEST_CALLABLE), @@ -165,7 +164,7 @@ private Collection runnables(Ignite... nodes) { () -> node.executorService().invokeAny(singletonList(TEST_CALLABLE)) }; - List res = new ArrayList<>(); + List res = new ArrayList<>(); for (Ignite node : nodes) res.addAll(Arrays.asList(f.apply(node))); @@ -173,9 +172,7 @@ private Collection runnables(Ignite... nodes) { return res; } - /** - * - */ + /** */ private List> suppliers(Ignite... nodes) { List> res = new ArrayList<>(); @@ -206,7 +203,7 @@ private SecurityPermissionSet permissions(SecurityPermission... perms) { /** * @param r TestRunnable. */ - private void allowedRun(TestRunnable r) { + private void allowedRun(Runnable r) { IS_EXECUTED.set(false); try { @@ -253,9 +250,7 @@ private void allowedCancel(Supplier s) { } } - /** - * - */ + /** */ private static class FutureAdapter { /** Ignite future. */ private final IgniteFuture igniteFut; @@ -283,9 +278,7 @@ public FutureAdapter(Future fut) { igniteFut = null; } - /** - * - */ + /** */ public void cancel() { if (igniteFut != null) igniteFut.cancel(); @@ -293,16 +286,12 @@ public void cancel() { fut.cancel(true); } - /** - * - */ + /** */ public Object get() throws ExecutionException, InterruptedException { return igniteFut != null ? igniteFut.get() : fut.get(); } - /** - * - */ + /** */ public boolean isCancelled() { return igniteFut != null ? igniteFut.isCancelled() : fut.isCancelled(); } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java index 0442df8b7e9ea..0366447be5e2b 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -64,25 +64,15 @@ private void testDataStreamer(boolean isClient) throws Exception { .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) .build(), isClient); - consumers().forEach( - (c) -> { - assertAllowed(node, c); - - assertForbidden(node, c); - } - ); - } - - /** - * @return Collections of consumers to invoke data streamer addData method. - */ - private List>> consumers() { - return Arrays.asList( + List>> operations = Arrays.asList( s -> s.addData("k", 1), s -> s.addData(singletonMap("key", 2)), s -> s.addData((Map.Entry)entry()), - s -> s.addData(singletonList(entry())) - ); + s -> s.addData(singletonList(entry()))); + + operations.forEach(c -> assertAllowed(node, c)); + + operations.forEach(c -> assertForbidden(node, c)); } /** diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java index b763b8f2f1c3d..74bc04d57d543 100644 --- a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java +++ b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java @@ -2145,4 +2145,27 @@ public static long sleep_and_can_fail() { return sleep; } } + + /** + * Runnable that can throw exceptions. + */ + @FunctionalInterface + public interface RunnableX extends Runnable { + /** + * Closure body. + * + * @throws Exception If failed. + */ + void runx() throws Exception; + + /** {@inheritdoc} */ + @Override default void run() { + try { + runx(); + } + catch (Exception e) { + throw new IgniteException(e); + } + } + } } diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/AbstractSchemaSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/AbstractSchemaSelfTest.java index fdda9068a5fe4..7458087b804f6 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/AbstractSchemaSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/AbstractSchemaSelfTest.java @@ -59,6 +59,7 @@ import org.apache.ignite.internal.util.typedef.internal.SB; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.lang.IgniteBiTuple; +import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.jetbrains.annotations.Nullable; /** @@ -134,7 +135,7 @@ protected IgniteConfiguration commonConfiguration(int idx) throws Exception { * @param r Runnable. * @param expCode Error code. */ - static void assertSqlException(DynamicIndexAbstractBasicSelfTest.RunnableX r, int expCode) { + static void assertSqlException(RunnableX r, int expCode) { try { try { r.run(); @@ -663,16 +664,4 @@ public String field() { return field; } } - - /** - * Runnable which can throw checked exceptions. - */ - protected interface RunnableX { - /** - * Do run. - * - * @throws Exception If failed. - */ - public void run() throws Exception; - } } diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicColumnsAbstractConcurrentSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicColumnsAbstractConcurrentSelfTest.java index 691cf5cf10750..6482f26946fbe 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicColumnsAbstractConcurrentSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicColumnsAbstractConcurrentSelfTest.java @@ -30,7 +30,6 @@ import java.util.concurrent.ThreadLocalRandom; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; -import java.util.concurrent.locks.StampedLock; import javax.cache.Cache; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; @@ -62,6 +61,7 @@ import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.lang.IgnitePredicate; +import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.junit.Test; import static org.apache.ignite.internal.IgniteClientReconnectAbstractTest.TestTcpDiscoverySpi; @@ -805,7 +805,7 @@ private void checkClientReconnect(final boolean restartCache, boolean dynamicCac // Check index create. reconnectClientNode(srv, cli, restartCache, dynamicCache, new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { addCols(srv, schemaName, cols).get(); dropCols(srv, schemaName, "NAME").get(); @@ -1228,19 +1228,6 @@ private IgniteConfiguration serverConfiguration(int nodeIdx, boolean filtered) t return cfg; } - /** - * Runnable which can throw checked exceptions. - */ - interface RunnableX { - /** - * Do run. - * - * @throws Exception If failed. - */ - @SuppressWarnings("UnnecessaryInterfaceModifier") - public void run() throws Exception; - } - /** * Node filter. */ diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractSelfTest.java index 4356383607391..6d0d30da12125 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractSelfTest.java @@ -126,7 +126,7 @@ protected IgniteConfiguration clientConfiguration(int idx) throws Exception { * @return Configuration. * @throws Exception If failed. */ - protected IgniteConfiguration commonConfiguration(int idx) throws Exception { + @Override protected IgniteConfiguration commonConfiguration(int idx) throws Exception { IgniteConfiguration cfg = super.getConfiguration(getTestIgniteInstanceName(idx)); cfg.setFailureHandler(new StopNodeFailureHandler()); From 0a1b1cd6444144cb7c199fecf3890bbf915c7232 Mon Sep 17 00:00:00 2001 From: Nikolay Date: Mon, 15 Apr 2019 22:58:23 +0300 Subject: [PATCH 87/98] Ignite 9560 (#14) * IGNITE-9560: Tests reducing * IGNITE-9560: Tests reducing * IGNITE-9560: Tests reducing * IGNITE-9560: Tests reducing * IGNITE-9560: Tests reducing * IGNITE-9560: Tests reducing * IGNITE-9560: Tests reducing * IGNITE-9560: Tests reducing * IGNITE-9560: Tests reducing --- .../SecurityPermissionSetBuilder.java | 7 +- ...ractCacheOperationPermissionCheckTest.java | 2 +- ...bstractRemoteSecurityContextCheckTest.java | 54 +++--- .../security/AbstractSecurityTest.java | 82 +-------- .../CacheOperationPermissionCheckTest.java | 17 +- .../EntryProcessorPermissionCheckTest.java | 20 +-- .../cache/ScanQueryPermissionCheckTest.java | 46 +++-- ...cheLoadRemoteSecurityContextCheckTest.java | 27 ++- ...ocessorRemoteSecurityContextCheckTest.java | 40 ++--- ...anQueryRemoteSecurityContextCheckTest.java | 36 ++-- .../client/ThinClientPermissionCheckTest.java | 49 ++---- .../compute/ComputePermissionCheckTest.java | 162 ++++++++---------- ...uteTaskRemoteSecurityContextCheckTest.java | 32 ++-- ...ClosureRemoteSecurityContextCheckTest.java | 54 +++--- ...ServiceRemoteSecurityContextCheckTest.java | 36 ++-- .../DataStreamerPermissionCheckTest.java | 41 ++--- ...treamerRemoteSecurityContextCheckTest.java | 25 ++- .../ignite/testframework/GridTestUtils.java | 26 ++- 18 files changed, 309 insertions(+), 447 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java index 659613aa0e8c5..2eca640e4fa5b 100644 --- a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java +++ b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java @@ -67,13 +67,16 @@ public class SecurityPermissionSetBuilder { /** Default allow all.*/ private boolean dfltAllowAll; + /** */ + public static final SecurityPermissionSet ALLOW_ALL = create().defaultAllowAll(true).build(); + /** * Static factory method for create new permission builder. * * @return SecurityPermissionSetBuilder */ - public static SecurityPermissionSetBuilder create(){ - return new SecurityPermissionSetBuilder(); + public static SecurityPermissionSetBuilder create() { + return new SecurityPermissionSetBuilder().defaultAllowAll(true); } /** diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java index 8050897efeedd..8455ff9289524 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java @@ -39,7 +39,7 @@ public abstract class AbstractCacheOperationPermissionCheckTest extends Abstract @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - startGrid("server", allowAllPermissionSet()).cluster().active(true); + startGridAllowAll("server").cluster().active(true); } /** {@inheritDoc} */ diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java index 4181eefe40e6a..66c8fad07107c 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java @@ -121,30 +121,21 @@ protected UUID secSubjectId(String name) { * @return Collection of feature call nodes ids. */ protected Collection nodesToRun() { - return Arrays.asList( - nodeId(SRV_RUN), - nodeId(CLNT_RUN) - ); + return Arrays.asList(nodeId(SRV_RUN), nodeId(CLNT_RUN)); } /** * @return Collection of feature transit nodes ids. */ protected Collection nodesToCheck() { - return Arrays.asList( - nodeId(SRV_CHECK), - nodeId(CLNT_CHECK) - ); + return Arrays.asList(nodeId(SRV_CHECK), nodeId(CLNT_CHECK)); } /** * @return Collection of endpont nodes ids. */ protected Collection endpoints() { - return Arrays.asList( - nodeId(SRV_ENDPOINT), - nodeId(CLNT_ENDPOINT) - ); + return Arrays.asList(nodeId(SRV_ENDPOINT), nodeId(CLNT_ENDPOINT)); } /** @@ -155,15 +146,6 @@ protected UUID nodeId(String name) { return grid(name).context().discovery().localNode().id(); } - /** - * Assert that the passed throwable contains a cause exception with given type. - * - * @param throwable Throwable. - */ - protected void assertCauseSecurityException(Throwable throwable) { - assertThat(X.cause(throwable, SecurityException.class), notNullValue()); - } - /** * Setups expected behavior to passed verifier. */ @@ -171,28 +153,26 @@ protected void assertCauseSecurityException(Throwable throwable) { /** * @param initiator Node that initiates an execution. - * @param runnable Check case. + * @param op Operation. */ - protected void runAndCheck(IgniteEx initiator, IgniteRunnable runnable) { - runAndCheck(initiator, Stream.of(runnable)); + protected void runAndCheck(IgniteEx initiator, IgniteRunnable op) { + runAndCheck(initiator, Stream.of(op)); } /** * Sets up VERIFIER, performs the runnable and checks the result. * * @param initiator Node that initiates an execution. - * @param runnables Stream of check cases. + * @param ops Operations. */ - protected void runAndCheck(IgniteEx initiator, Stream runnables) { - runnables.forEach( - r -> { - setupVerifier(VERIFIER.start(secSubjectId(initiator))); + protected void runAndCheck(IgniteEx initiator, Stream ops) { + ops.forEach(r -> { + setupVerifier(VERIFIER.start(secSubjectId(initiator))); - compute(initiator, nodesToRun()).broadcast(r); + compute(initiator, nodesToRun()).broadcast(r); - VERIFIER.checkResult(); - } - ); + VERIFIER.checkResult(); + }); } /** @@ -316,6 +296,14 @@ public ExecRegisterAndForwardAdapter(Collection endpoints) { } } + protected RegisterExecAndForward createRunner(String srvName) { + return new RegisterExecAndForward<>(srvName, endpoints()); + } + + protected RegisterExecAndForward createRunner() { + return new RegisterExecAndForward<>(endpoints()); + } + /** */ protected static class RegisterExecAndForward implements IgniteBiPredicate, IgniteRunnable, IgniteCallable, EntryProcessor, IgniteClosure { diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java index 1e9d9458ed660..583c3ae2421cb 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -25,10 +25,11 @@ import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; -import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.apache.ignite.testframework.GridTestUtils; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; +import static org.apache.ignite.plugin.security.SecurityPermissionSetBuilder.ALLOW_ALL; + /** * Common class for security tests. */ @@ -87,21 +88,14 @@ protected TestSecurityPluginConfiguration secPluginCfg(String login, String pwd, Arrays.asList(clientData)); } - /** - * @param login Login. - * @param prmSet Security permission set. - */ - protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet) throws Exception { - return startGrid(login, "", prmSet, false); + /** */ + protected IgniteEx startGridAllowAll(String login) throws Exception { + return startGrid(login, ALLOW_ALL, false); } - /** - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - */ - protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet) throws Exception { - return startGrid(login, pwd, prmSet, false); + /** */ + protected IgniteEx startClientAllowAll(String login) throws Exception { + return startGrid(login, ALLOW_ALL, true); } /** @@ -110,65 +104,7 @@ protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prm * @param isClient Is client. */ protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, boolean isClient) throws Exception { - return startGrid(getConfiguration(login, secPluginCfg(login, "", prmSet)).setClientMode(isClient) - ); - } - - /** - * @param login Login. - * @param prmSet Security permission set. - */ - protected IgniteEx startClient(String login, SecurityPermissionSet prmSet) throws Exception { - return startGrid(login, prmSet, true); - } - - /** - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - * @param isClient Is client. - */ - protected IgniteEx startGrid(String login, String pwd, SecurityPermissionSet prmSet, - boolean isClient) throws Exception { - return startGrid(getConfiguration(login, secPluginCfg(login, pwd, prmSet)).setClientMode(isClient) - ); - } - - /** - * @param instanceName Instance name. - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - */ - protected IgniteEx startGrid(String instanceName, String login, String pwd, - SecurityPermissionSet prmSet) throws Exception { - return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet))); - } - - /** - * @param instanceName Instance name. - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - * @param isClient If true then client mode. - */ - protected IgniteEx startGrid(String instanceName, String login, String pwd, SecurityPermissionSet prmSet, - boolean isClient) throws Exception { - return startGrid(getConfiguration(instanceName, secPluginCfg(login, pwd, prmSet)).setClientMode(isClient)); - } - - /** - * Getting security permission set builder. - */ - protected SecurityPermissionSetBuilder builder() { - return SecurityPermissionSetBuilder.create().defaultAllowAll(true); - } - - /** - * Getting allow all security permission set. - */ - protected SecurityPermissionSet allowAllPermissionSet() { - return builder().build(); + return startGrid(getConfiguration(login, secPluginCfg(login, "", prmSet)).setClientMode(isClient)); } /** diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java index cde739de6a7da..dc0a77d73f4b5 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java @@ -24,6 +24,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -38,17 +39,13 @@ */ @RunWith(JUnit4.class) public class CacheOperationPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** - * @throws Exception If fail. - */ + /** */ @Test public void testServerNode() throws Exception { testCrudCachePermissions(false); } - /** - * @throws Exception If fail. - */ + /** */ @Test public void testClientNode() throws Exception { testCrudCachePermissions(true); @@ -60,11 +57,11 @@ public void testClientNode() throws Exception { */ private void testCrudCachePermissions(boolean isClient) throws Exception { Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder() + SecurityPermissionSetBuilder.create() .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); - for (Consumer> c : consumers()) { + for (Consumer> c : operations()) { c.accept(node.cache(CACHE_NAME)); assertForbidden(() -> c.accept(node.cache(FORBIDDEN_CACHE))); @@ -72,9 +69,9 @@ private void testCrudCachePermissions(boolean isClient) throws Exception { } /** - * @return Collection of consumers to invoke a cache operation. + * @return Collection of operations to invoke a cache operation. */ - private List>> consumers() { + private List>> operations() { return Arrays.asList( c -> c.put("key", "value"), c -> c.putAll(singletonMap("key", "value")), diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java index 4baa4ec81272d..21671141c2703 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java @@ -26,6 +26,7 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.T2; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -34,7 +35,6 @@ import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.hamcrest.core.Is.is; -import static org.hamcrest.core.IsNull.nullValue; import static org.junit.Assert.assertThat; /** @@ -42,18 +42,16 @@ */ @RunWith(JUnit4.class) public class EntryProcessorPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** - * - */ + /** */ @Test public void test() throws Exception { IgniteEx srvNode = startGrid("server_node", - builder() + SecurityPermissionSetBuilder.create() .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()); + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), false); IgniteEx clientNode = startGrid("client_node", - builder() + SecurityPermissionSetBuilder.create() .appendCachePermissions(CACHE_NAME, CACHE_PUT, CACHE_READ) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), true); @@ -61,7 +59,7 @@ public void test() throws Exception { Stream.of(srvNode, clientNode) .forEach( - n -> consumers(n).forEach( + n -> operations(n).forEach( c -> { assertAllowed(n, c); @@ -72,9 +70,9 @@ public void test() throws Exception { } /** - * @return Collection of consumers to invoke entry processor. + * @return Collection of operations to invoke entry processor. */ - private List>> consumers(final Ignite node) { + private List>> operations(final Ignite node) { return Arrays.asList( (cacheName, t) -> node.cache(cacheName).invoke( t.getKey(), processor(t) @@ -121,6 +119,6 @@ private void assertForbidden(Ignite node, BiConsumer assertForbidden(() -> c.accept(FORBIDDEN_CACHE, entry)); - assertThat(node.cache(CACHE_NAME).get(entry.getKey()), nullValue()); + assertNull(node.cache(CACHE_NAME).get(entry.getKey())); } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java index 4813a63b3898f..f2fc4c2439a27 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java @@ -17,58 +17,52 @@ package org.apache.ignite.internal.processors.security.cache; +import java.util.Arrays; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameter; +import org.junit.runners.Parameterized.Parameters; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; /** * Test cache permission for invoking of Scan Query. */ -@RunWith(JUnit4.class) +@RunWith(Parameterized.class) public class ScanQueryPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** - * @throws Exception If fail. - */ - @Test - public void testServerNode() throws Exception { - testScanQuery(false); + /** Parameters. */ + @Parameters(name = "clientMode={0}") + public static Iterable data() { + return Arrays.asList(new Boolean[] {true}, new Boolean[] {false}); } - /** - * @throws Exception If fail. - */ - @Test - public void testClientNode() throws Exception { - testScanQuery(true); - } + /** Client mode. */ + @Parameter(0) + public boolean clientMode; - /** - * @param isClient True if is client mode. - * @throws Exception If failed. - */ - private void testScanQuery(boolean isClient) throws Exception { + /** */ + @Test + public void testScanQuery() throws Exception { putTestData(); - Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder() + Ignite node = startGrid(loginPrefix(clientMode) + "_test_node", + SecurityPermissionSetBuilder.create() .appendCachePermissions(CACHE_NAME, CACHE_READ) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), isClient); + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), clientMode); assertFalse(node.cache(CACHE_NAME).query(new ScanQuery()).getAll().isEmpty()); assertForbidden(() -> node.cache(FORBIDDEN_CACHE).query(new ScanQuery()).getAll()); } - /** - * - */ + /** */ private void putTestData() { Ignite ignite = G.allGrids().stream().findFirst().get(); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 6adca670da11c..4121905c04a08 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -34,6 +34,8 @@ import org.junit.runner.RunWith; import org.junit.runners.JUnit4; +import static org.apache.ignite.Ignition.localIgnite; + /** * Testing operation security context when the filter of Load cache is executed on remote node. *

      @@ -47,17 +49,17 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - startGrid(SRV_INITIATOR, allowAllPermissionSet()); + startGridAllowAll(SRV_INITIATOR); - startClient(CLNT_INITIATOR, allowAllPermissionSet()); + startClientAllowAll(CLNT_INITIATOR); - startGrid(SRV_RUN, allowAllPermissionSet()); + startGridAllowAll(SRV_RUN); - startGrid(SRV_CHECK, allowAllPermissionSet()); + startGridAllowAll(SRV_CHECK); - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGridAllowAll(SRV_ENDPOINT); - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + startClientAllowAll(CLNT_ENDPOINT); G.allGrids().get(0).cluster().active(true); } @@ -85,22 +87,19 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat .expect(CLNT_ENDPOINT, 1); } - /** - * - */ + /** */ @Test public void test() { - IgniteRunnable checkCase = () -> { + IgniteRunnable operation = () -> { register(); - Ignition.localIgnite() - .cache(CACHE_NAME).loadCache( + localIgnite().cache(CACHE_NAME).loadCache( new RegisterExecAndForward(SRV_CHECK, endpoints()) ); }; - runAndCheck(grid(SRV_INITIATOR), checkCase); - runAndCheck(grid(CLNT_INITIATOR), checkCase); + runAndCheck(grid(SRV_INITIATOR), operation); + runAndCheck(grid(CLNT_INITIATOR), operation); } /** {@inheritDoc} */ diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index bb9caa1784b85..1ae5fa5f50356 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -30,6 +30,9 @@ import org.junit.runner.RunWith; import org.junit.runners.JUnit4; +import static java.util.Collections.singleton; +import static org.apache.ignite.Ignition.localIgnite; + /** * Testing operation security context when EntryProcessor closure is executed on remote node. *

      @@ -43,17 +46,17 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - startGrid(SRV_INITIATOR, allowAllPermissionSet()); + startGridAllowAll(SRV_INITIATOR); - startClient(CLNT_INITIATOR, allowAllPermissionSet()); + startClientAllowAll(CLNT_INITIATOR); - startGrid(SRV_RUN, allowAllPermissionSet()); + startGridAllowAll(SRV_RUN); - startGrid(SRV_CHECK, allowAllPermissionSet()); + startGridAllowAll(SRV_CHECK); - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGridAllowAll(SRV_ENDPOINT); - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + startClientAllowAll(CLNT_ENDPOINT); G.allGrids().get(0).cluster().active(true); } @@ -67,13 +70,11 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheO .expect(CLNT_ENDPOINT, 1); } - /** - * - */ + /** */ @Test public void test() { - runAndCheck(grid(SRV_INITIATOR), checkCases()); - runAndCheck(grid(CLNT_INITIATOR), checkCases()); + runAndCheck(grid(SRV_INITIATOR), operations()); + runAndCheck(grid(CLNT_INITIATOR), operations()); } /** {@inheritDoc} */ @@ -89,23 +90,18 @@ public void test() { /** * @return Stream of runnables to call invoke methods. */ - private Stream checkCases() { + private Stream operations() { final Integer key = prmKey(grid(SRV_CHECK)); return Stream.of( - () -> Ignition.localIgnite().cache(CACHE_NAME) - .invoke(key, new RegisterExecAndForward(endpoints())), + () -> localIgnite().cache(CACHE_NAME).invoke(key, createRunner()), - () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAll(Collections.singleton(key), new RegisterExecAndForward(endpoints())), + () -> localIgnite().cache(CACHE_NAME).invokeAll(singleton(key), createRunner()), - () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAsync(key, new RegisterExecAndForward<>(endpoints())) - .get(), + () -> localIgnite().cache(CACHE_NAME).invokeAsync(key, createRunner()).get(), - () -> Ignition.localIgnite().cache(CACHE_NAME) - .invokeAllAsync(Collections.singleton(key), new RegisterExecAndForward<>(endpoints())) - .get() + () -> localIgnite().cache(CACHE_NAME) + .invokeAllAsync(singleton(key), createRunner()).get() ).map(RegisterExecAndForward::new); } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index dd9d296678ce2..f60077b5bcd06 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -30,6 +30,8 @@ import org.junit.runner.RunWith; import org.junit.runners.JUnit4; +import static org.apache.ignite.Ignition.localIgnite; + /** * Testing operation security context when the filter of ScanQuery is executed on remote node. *

      @@ -43,19 +45,19 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - startGrid(SRV_INITIATOR, allowAllPermissionSet()); + startGridAllowAll(SRV_INITIATOR); - startClient(CLNT_INITIATOR, allowAllPermissionSet()); + startClientAllowAll(CLNT_INITIATOR); - startGrid(SRV_RUN, allowAllPermissionSet()); + startGridAllowAll(SRV_RUN); - startClient(CLNT_RUN, allowAllPermissionSet()); + startClientAllowAll(CLNT_RUN); - startGrid(SRV_CHECK, allowAllPermissionSet()); + startGridAllowAll(SRV_CHECK); - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGridAllowAll(SRV_ENDPOINT); - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + startClientAllowAll(CLNT_ENDPOINT); G.allGrids().get(0).cluster().active(true); } @@ -70,9 +72,7 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperat .expect(CLNT_ENDPOINT, 2); } - /** - * - */ + /** */ @Test public void test() throws Exception { grid(SRV_INITIATOR).cache(CACHE_NAME) @@ -80,8 +80,8 @@ public void test() throws Exception { awaitPartitionMapExchange(); - runAndCheck(grid(SRV_INITIATOR), checkCases()); - runAndCheck(grid(CLNT_INITIATOR), checkCases()); + runAndCheck(grid(SRV_INITIATOR), operations()); + runAndCheck(grid(CLNT_INITIATOR), operations()); } /** {@inheritDoc} */ @@ -92,23 +92,19 @@ public void test() throws Exception { /** * Stream of runnables to call query methods. */ - private Stream checkCases() { + private Stream operations() { return Stream.of( () -> { register(); - Ignition.localIgnite().cache(CACHE_NAME).query( - new ScanQuery<>( - new RegisterExecAndForward<>(SRV_CHECK, endpoints()) - ) - ).getAll(); + localIgnite().cache(CACHE_NAME).query(new ScanQuery<>(createRunner(SRV_CHECK))).getAll(); }, () -> { register(); - Ignition.localIgnite().cache(CACHE_NAME).query( + localIgnite().cache(CACHE_NAME).query( new ScanQuery<>((k, v) -> true), - new RegisterExecAndForward<>(SRV_CHECK, endpoints()) + createRunner(SRV_CHECK) ).getAll(); } ); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java index fbfa7f1a5faea..ba5e5b8725456 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java @@ -32,6 +32,7 @@ import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.internal.processors.security.TestSecurityData; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.lang.IgniteBiTuple; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; @@ -46,8 +47,7 @@ import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; -import static org.hamcrest.core.Is.is; -import static org.junit.Assert.assertThat; +import static org.apache.ignite.plugin.security.SecurityPermissionSetBuilder.ALLOW_ALL; /** * Security tests for thin client. @@ -91,14 +91,12 @@ private IgniteConfiguration getConfiguration(TestSecurityData... clientData) thr * @param idx Index. * @param clientData Array of client security data. */ - private IgniteConfiguration getConfiguration(int idx, - TestSecurityData... clientData) throws Exception { - + private IgniteConfiguration getConfiguration(int idx, TestSecurityData... clientData) throws Exception { String instanceName = getTestIgniteInstanceName(idx); return getConfiguration( instanceName, - secPluginCfg("srv_" + instanceName, null, allowAllPermissionSet(), clientData) + secPluginCfg("srv_" + instanceName, null, ALLOW_ALL, clientData) ).setCacheConfiguration( new CacheConfiguration().setName(CACHE), new CacheConfiguration().setName(FORBIDDEN_CACHE) @@ -111,22 +109,19 @@ private IgniteConfiguration getConfiguration(int idx, IgniteEx ignite = startGrid( getConfiguration( - new TestSecurityData( - CLIENT, - builder() + new TestSecurityData(CLIENT, + SecurityPermissionSetBuilder.create().defaultAllowAll(false) .appendCachePermissions(CACHE, CACHE_READ, CACHE_PUT, CACHE_REMOVE) .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS) .build() ), - new TestSecurityData( - CLIENT_SYS_PERM, - builder() + new TestSecurityData(CLIENT_SYS_PERM, + SecurityPermissionSetBuilder.create().defaultAllowAll(false) .appendSystemPermissions(CACHE_CREATE, CACHE_DESTROY) .build() ), - new TestSecurityData( - CLIENT_CACHE_TASK_OPER, - builder() + new TestSecurityData(CLIENT_CACHE_TASK_OPER, + SecurityPermissionSetBuilder.create().defaultAllowAll(false) .appendCachePermissions(CACHE, CACHE_REMOVE) .appendTaskPermissions(REMOVE_ALL_TASK, TASK_EXECUTE) .appendTaskPermissions(CLEAR_TASK, TASK_EXECUTE) @@ -138,20 +133,15 @@ private IgniteConfiguration getConfiguration(int idx, ignite.cluster().active(true); } - /** {@inheritDoc} */ - @Override protected SecurityPermissionSetBuilder builder() { - return super.builder().defaultAllowAll(false); - } - /** * @throws Exception If error occurs. */ @Test public void testCacheSinglePermOperations() throws Exception { - for (IgniteBiTuple, String> t : consumers(CACHE)) + for (IgniteBiTuple, String> t : operations(CACHE)) executeOperation(CLIENT, t.get1()); - for (IgniteBiTuple, String> t : consumers(FORBIDDEN_CACHE)) + for (IgniteBiTuple, String> t : operations(FORBIDDEN_CACHE)) executeForbiddenOperation(t); } @@ -179,11 +169,11 @@ public void testSysOperation() throws Exception { try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { sysPrmClnt.createCache(DYNAMIC_CACHE); - assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(true)); + assertTrue(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE)); sysPrmClnt.destroyCache(DYNAMIC_CACHE); - assertThat(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE), is(false)); + assertFalse(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE)); } executeForbiddenOperation(t(c -> c.createCache(DYNAMIC_CACHE), "createCache")); @@ -193,7 +183,7 @@ public void testSysOperation() throws Exception { /** * @param cacheName Cache name. */ - private Collection, String>> consumers(final String cacheName) { + private Collection, String>> operations(final String cacheName) { return Arrays.asList( t(c -> c.cache(cacheName).put("key", "value"), "put"), t(c -> c.cache(cacheName).putAll(singletonMap("key", "value")), "putAll"), @@ -229,17 +219,10 @@ private void executeForbiddenOperation(IgniteBiTuple, Str } catch (Exception e) { - assertThrowable(e); + assertTrue(X.hasCause(e, ClientAuthorizationException.class)); } } - /** - * @param throwable Throwable. - */ - private void assertThrowable(Throwable throwable) { - assertThat(throwable instanceof ClientAuthorizationException, is(true)); - } - /** * @param userName User name. */ diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java index 7e1eb1ecaafb3..72ff81912d1b6 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java @@ -17,19 +17,19 @@ package org.apache.ignite.internal.processors.security.compute; -import java.util.ArrayList; import java.util.Arrays; -import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.Map; import java.util.concurrent.ExecutionException; import java.util.concurrent.Future; import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.locks.ReentrantLock; import java.util.function.Function; import java.util.function.Supplier; +import java.util.stream.Stream; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterNode; @@ -44,17 +44,18 @@ import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.apache.ignite.testframework.GridTestUtils.RunnableX; +import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; import static java.util.Collections.singletonList; +import static java.util.function.Function.identity; import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; -import static org.hamcrest.core.Is.is; -import static org.junit.Assert.assertThat; /** * Task execute permission tests. @@ -75,38 +76,41 @@ public class ComputePermissionCheckTest extends AbstractSecurityTest { /** Test callable. */ private static final IgniteCallable TEST_CALLABLE = () -> { - IS_EXECUTED.set(true); + waitForCancel(); - syncForCancel(); + IS_EXECUTED.set(true); return null; }; /** Test runnable. */ private static final IgniteRunnable TEST_RUNNABLE = () -> { - IS_EXECUTED.set(true); + waitForCancel(); - syncForCancel(); + IS_EXECUTED.set(true); }; /** Test closure. */ private static final IgniteClosure TEST_CLOSURE = a -> { - IS_EXECUTED.set(true); + waitForCancel(); - syncForCancel(); + IS_EXECUTED.set(true); return null; }; - /** Synchronization for tests TASK_CANCEL. */ - private static void syncForCancel() { + /** Waits for InterruptedException on RNT_LOCK. */ + private static void waitForCancel() { boolean isLocked = false; try { isLocked = RNT_LOCK.tryLock(RNT_LOCK_TIMEOUT, TimeUnit.MILLISECONDS); + + if (!isLocked) + throw new IgniteException("tryLock should succeed or interrupted"); } catch (InterruptedException e) { - throw new IgniteException(e); + // This is expected. } finally { if (isLocked) @@ -117,82 +121,67 @@ private static void syncForCancel() { /** */ @Test public void test() throws Exception { - Ignite srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); + Ignite srvAllowed = startGrid("srv_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), false); - Ignite srvForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS)); + Ignite srvForbidden = startGrid("srv_forbidden", permissions(EMPTY_PERMS), false); - Ignite srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE)); + Ignite srvForbiddenCancel = startGrid("srv_forbidden_cnl", permissions(TASK_EXECUTE), false); - Ignite clntAllowed = startClient("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL)); + Ignite clntAllowed = startGrid("clnt_allowed", permissions(TASK_EXECUTE, TASK_CANCEL), true); - Ignite clntForbidden = startClient("clnt_forbidden", permissions(EMPTY_PERMS)); + Ignite clntForbidden = startGrid("clnt_forbidden", permissions(EMPTY_PERMS), true); - Ignite clntForbiddenCancel = startClient("clnt_forbidden_cnl", permissions(TASK_EXECUTE)); + Ignite clntForbiddenCancel = startGrid("clnt_forbidden_cnl", permissions(TASK_EXECUTE), true); srvAllowed.cluster().active(true); - for (Runnable r : runnables(srvAllowed, clntAllowed)) - allowedRun(r); + operations(srvAllowed, clntAllowed).forEach(this::allowedRun); - for (Runnable r : runnables(srvForbidden, clntForbidden)) - assertForbidden(r); + operations(srvForbidden, clntForbidden).forEach(this::assertForbidden); - for (Supplier s : suppliers(srvAllowed, clntAllowed)) - allowedCancel(s); + asyncOperations(srvAllowed, clntAllowed).forEach(this::allowedCancel); - for (Supplier s : suppliers(srvForbiddenCancel, clntForbiddenCancel)) - forbiddenCancel(s); + asyncOperations(srvForbiddenCancel, clntForbiddenCancel).forEach(this::forbiddenCancel); } /** * @param nodes Array of nodes. */ - private Collection runnables(Ignite... nodes) { - Function f = (node) -> new RunnableX[] { + private Stream operations(Ignite... nodes) { + Function> nodeOps = (node) -> Stream.of( () -> node.compute().execute(TEST_COMPUTE_TASK, 0), - () -> node.compute().executeAsync(TEST_COMPUTE_TASK, 0).get(), () -> node.compute().broadcast(TEST_CALLABLE), - () -> node.compute().broadcastAsync(TEST_CALLABLE).get(), () -> node.compute().call(TEST_CALLABLE), - () -> node.compute().callAsync(TEST_CALLABLE).get(), () -> node.compute().run(TEST_RUNNABLE), - () -> node.compute().runAsync(TEST_RUNNABLE).get(), () -> node.compute().apply(TEST_CLOSURE, new Object()), - () -> node.compute().applyAsync(TEST_CLOSURE, new Object()).get(), - () -> node.executorService().submit(TEST_CALLABLE).get(), () -> node.executorService().invokeAll(singletonList(TEST_CALLABLE)), () -> node.executorService().invokeAny(singletonList(TEST_CALLABLE)) - }; + ); - List res = new ArrayList<>(); + Stream operations = Arrays.stream(nodes).map(nodeOps).flatMap(identity()); - for (Ignite node : nodes) - res.addAll(Arrays.asList(f.apply(node))); - - return res; + return Stream.concat(operations, asyncOperations(nodes).map(s -> () -> s.get().get())); } /** */ - private List> suppliers(Ignite... nodes) { - List> res = new ArrayList<>(); - - for (Ignite node : nodes) { - res.add(() -> new FutureAdapter(node.compute().broadcastAsync(TEST_CALLABLE))); - res.add(() -> new FutureAdapter(node.compute().callAsync(TEST_CALLABLE))); - res.add(() -> new FutureAdapter(node.compute().runAsync(TEST_RUNNABLE))); - res.add(() -> new FutureAdapter(node.compute().applyAsync(TEST_CLOSURE, new Object()))); - res.add(() -> new FutureAdapter(node.compute().executeAsync(TEST_COMPUTE_TASK, 0))); - res.add(() -> new FutureAdapter(node.executorService().submit(TEST_CALLABLE))); - } - - return res; + private Stream> asyncOperations(Ignite... nodes) { + Function>> nodeOps = (node) -> Stream.of( + () -> new FutureAdapter(node.compute().executeAsync(TEST_COMPUTE_TASK, 0)), + () -> new FutureAdapter(node.compute().broadcastAsync(TEST_CALLABLE)), + () -> new FutureAdapter(node.compute().callAsync(TEST_CALLABLE)), + () -> new FutureAdapter(node.compute().runAsync(TEST_RUNNABLE)), + () -> new FutureAdapter(node.compute().applyAsync(TEST_CLOSURE, new Object())), + () -> node.executorService().submit(TEST_CALLABLE) + ); + + return Arrays.stream(nodes).map(nodeOps).flatMap(identity()); } /** * @param perms Permissions. */ private SecurityPermissionSet permissions(SecurityPermission... perms) { - return builder() + return SecurityPermissionSetBuilder.create() .appendTaskPermissions(TEST_COMPUTE_TASK.getClass().getName(), perms) .appendTaskPermissions(TEST_CALLABLE.getClass().getName(), perms) .appendTaskPermissions(TEST_RUNNABLE.getClass().getName(), perms) @@ -219,13 +208,13 @@ private void allowedRun(Runnable r) { /** * @param s Supplier. */ - private void forbiddenCancel(Supplier s) { + private void forbiddenCancel(Supplier s) { RNT_LOCK.lock(); try { - FutureAdapter f = s.get(); + Future f = s.get(); - assertForbidden(f::cancel); + assertForbidden(() -> f.cancel(true)); } finally { RNT_LOCK.unlock(); @@ -235,15 +224,15 @@ private void forbiddenCancel(Supplier s) { /** * @param s Supplier. */ - private void allowedCancel(Supplier s) { + private void allowedCancel(Supplier s) { RNT_LOCK.lock(); try { - FutureAdapter f = s.get(); + Future f = s.get(); - f.cancel(); + f.cancel(true); - assertThat(f.isCancelled(), is(true)); + assertTrue(f.isCancelled()); } finally { RNT_LOCK.unlock(); @@ -251,49 +240,34 @@ private void allowedCancel(Supplier s) { } /** */ - private static class FutureAdapter { + private static class FutureAdapter implements Future { /** Ignite future. */ - private final IgniteFuture igniteFut; - - /** Future. */ - private final Future fut; - - /** - * @param igniteFut Ignite future. - */ - public FutureAdapter(IgniteFuture igniteFut) { - assert igniteFut != null; + private final IgniteFuture igniteFut; + /** */ + public FutureAdapter(IgniteFuture igniteFut) { this.igniteFut = igniteFut; - fut = null; } - /** - * @param fut Future. - */ - public FutureAdapter(Future fut) { - assert fut != null; + @Override public boolean cancel(boolean mayInterruptIfRunning) { + return igniteFut.cancel(); + } - this.fut = fut; - igniteFut = null; + @Override public boolean isCancelled() { + return igniteFut.isCancelled(); } - /** */ - public void cancel() { - if (igniteFut != null) - igniteFut.cancel(); - else - fut.cancel(true); + @Override public boolean isDone() { + return igniteFut.isDone(); } - /** */ - public Object get() throws ExecutionException, InterruptedException { - return igniteFut != null ? igniteFut.get() : fut.get(); + @Override public T get() throws InterruptedException, ExecutionException { + return igniteFut.get(); } - /** */ - public boolean isCancelled() { - return igniteFut != null ? igniteFut.isCancelled() : fut.isCancelled(); + @Override public T get(long timeout, + @NotNull TimeUnit unit) throws InterruptedException, ExecutionException, TimeoutException { + return igniteFut.get(timeout, unit); } } @@ -313,7 +287,7 @@ private static class TestComputeTask implements ComputeTask { } @Override public Object execute() { - syncForCancel(); + waitForCancel(); return null; } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 71070aacf2a66..be98171c9d381 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -37,6 +37,8 @@ import org.jetbrains.annotations.Nullable; import org.junit.Test; +import static org.apache.ignite.Ignition.localIgnite; + /** * Testing operation security context when the compute task is executed on remote nodes. *

      @@ -49,21 +51,21 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - startGrid(SRV_INITIATOR, allowAllPermissionSet()); + startGridAllowAll(SRV_INITIATOR); - startClient(CLNT_INITIATOR, allowAllPermissionSet()); + startClientAllowAll(CLNT_INITIATOR); - startGrid(SRV_RUN, allowAllPermissionSet()); + startGridAllowAll(SRV_RUN); - startClient(CLNT_RUN, allowAllPermissionSet()); + startClientAllowAll(CLNT_RUN); - startGrid(SRV_CHECK, allowAllPermissionSet()); + startGridAllowAll(SRV_CHECK); - startClient(CLNT_CHECK, allowAllPermissionSet()); + startClientAllowAll(CLNT_CHECK); - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGridAllowAll(SRV_ENDPOINT); - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + startClientAllowAll(CLNT_ENDPOINT); G.allGrids().get(0).cluster().active(true); } @@ -79,31 +81,29 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSec .expect(CLNT_ENDPOINT, 4); } - /** - * - */ + /** */ @Test public void test() { - runAndCheck(grid(SRV_INITIATOR), checkCases()); - runAndCheck(grid(CLNT_INITIATOR), checkCases()); + runAndCheck(grid(SRV_INITIATOR), operations()); + runAndCheck(grid(CLNT_INITIATOR), operations()); } /** * @return Stream of check cases. */ - private Stream checkCases() { + private Stream operations() { return Stream.of( () -> { register(); - Ignition.localIgnite().compute().execute( + localIgnite().compute().execute( new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 ); }, () -> { register(); - Ignition.localIgnite().compute().executeAsync( + localIgnite().compute().executeAsync( new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 ).get(); } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 1b3b5ad562c5e..e69a64d4c5cc9 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -25,6 +25,8 @@ import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; +import static org.apache.ignite.Ignition.localIgnite; + /** * Testing operation security context when the compute closure is executed on remote nodes. *

      @@ -37,21 +39,21 @@ public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRe @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - startGrid(SRV_INITIATOR, allowAllPermissionSet()); + startGridAllowAll(SRV_INITIATOR); - startClient(CLNT_INITIATOR, allowAllPermissionSet()); + startClientAllowAll(CLNT_INITIATOR); - startGrid(SRV_RUN, allowAllPermissionSet()); + startGridAllowAll(SRV_RUN); - startClient(CLNT_RUN, allowAllPermissionSet()); + startClientAllowAll(CLNT_RUN); - startGrid(SRV_CHECK, allowAllPermissionSet()); + startGridAllowAll(SRV_CHECK); - startClient(CLNT_CHECK, allowAllPermissionSet()); + startClientAllowAll(CLNT_CHECK); - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGridAllowAll(SRV_ENDPOINT); - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + startClientAllowAll(CLNT_ENDPOINT); G.allGrids().get(0).cluster().active(true); } @@ -67,60 +69,48 @@ public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRe .expect(CLNT_ENDPOINT, 4); } - /** - * - */ + /** */ @Test public void test() { - runAndCheck(grid(SRV_INITIATOR), checkCases()); - runAndCheck(grid(CLNT_INITIATOR), checkCases()); + runAndCheck(grid(SRV_INITIATOR), operations()); + runAndCheck(grid(CLNT_INITIATOR), operations()); } /** * @return Stream of check cases. */ - private Stream checkCases() { + private Stream operations() { return Stream.of( - () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcast((IgniteRunnable)new RegisterExecAndForward<>(endpoints())), - - () -> compute(Ignition.localIgnite(), nodesToCheck()) - .broadcastAsync((IgniteRunnable)new RegisterExecAndForward<>(endpoints())) - .get(), + () -> compute(localIgnite(), nodesToCheck()).broadcast((IgniteRunnable) createRunner()), + () -> compute(localIgnite(), nodesToCheck()).broadcastAsync((IgniteRunnable) createRunner()).get(), () -> { for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .call(new RegisterExecAndForward<>(endpoints())); + compute(localIgnite(), id).call(createRunner()); } }, () -> { for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .callAsync(new RegisterExecAndForward<>(endpoints())).get(); + compute(localIgnite(), id).callAsync(createRunner()).get(); } }, () -> { for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .run(new RegisterExecAndForward<>(endpoints())); + compute(localIgnite(), id).run(createRunner()); } }, () -> { for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .runAsync(new RegisterExecAndForward<>(endpoints())).get(); + compute(localIgnite(), id).runAsync(createRunner()).get(); } }, () -> { for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .apply(new RegisterExecAndForward<>(endpoints()), new Object()); + compute(localIgnite(), id).apply(createRunner(), new Object()); } }, () -> { for (UUID id : nodesToCheck()) { - compute(Ignition.localIgnite(), id) - .applyAsync(new RegisterExecAndForward<>(endpoints()), new Object()).get(); + compute(localIgnite(), id).applyAsync(createRunner(), new Object()).get(); } } ).map(RegisterExecAndForward::new); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index fbf3402e4d0a6..adfd417135c6e 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -23,7 +23,7 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.testframework.GridTestUtils.IgniteRunnableX; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -41,21 +41,21 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - startGrid(SRV_INITIATOR, allowAllPermissionSet()); + startGridAllowAll(SRV_INITIATOR); - startClient(CLNT_INITIATOR, allowAllPermissionSet()); + startClientAllowAll(CLNT_INITIATOR); - startGrid(SRV_RUN, allowAllPermissionSet()); + startGridAllowAll(SRV_RUN); - startClient(CLNT_RUN, allowAllPermissionSet()); + startClientAllowAll(CLNT_RUN); - startGrid(SRV_CHECK, allowAllPermissionSet()); + startGridAllowAll(SRV_CHECK); - startClient(CLNT_CHECK, allowAllPermissionSet()); + startClientAllowAll(CLNT_CHECK); - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGridAllowAll(SRV_ENDPOINT); - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + startClientAllowAll(CLNT_ENDPOINT); G.allGrids().get(0).cluster().active(true); } @@ -71,12 +71,10 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot .expect(CLNT_ENDPOINT, 4); } - /** - * - */ + /** */ @Test public void test() { - IgniteRunnable checkCase = () -> { + IgniteRunnableX operation = () -> { register(); Ignite loc = Ignition.localIgnite(); @@ -84,17 +82,11 @@ public void test() { for (UUID nodeId : nodesToCheck()) { ExecutorService svc = loc.executorService(loc.cluster().forNodeId(nodeId)); - try { - svc.submit((Runnable) new RegisterExecAndForward<>(endpoints())).get(); - } - catch (Exception e) { - throw new RuntimeException(e); - } + svc.submit((Runnable) createRunner()).get(); } }; - - runAndCheck(grid(SRV_INITIATOR), checkCase); - runAndCheck(grid(CLNT_INITIATOR), checkCase); + runAndCheck(grid(SRV_INITIATOR), operation); + runAndCheck(grid(CLNT_INITIATOR), operation); } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java index 0366447be5e2b..8e6461d666ccf 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -25,9 +25,12 @@ import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.plugin.security.SecurityPermission; +import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameter; +import org.junit.runners.Parameterized.Parameters; import static java.util.Collections.singletonList; import static java.util.Collections.singletonMap; @@ -35,34 +38,26 @@ /** * Test cache permissions for Data Streamer. */ -@RunWith(JUnit4.class) +@RunWith(Parameterized.class) public class DataStreamerPermissionCheckTest extends AbstractCacheOperationPermissionCheckTest { - /** - * @throws Exception If fail. - */ - @Test - public void testServerNode() throws Exception { - testDataStreamer(false); + /** Parameters. */ + @Parameters(name = "clientMode={0}") + public static Iterable data() { + return Arrays.asList(new Boolean[] {true}, new Boolean[] {false}); } - /** - * @throws Exception If fail. - */ - @Test - public void testClientNode() throws Exception { - testDataStreamer(true); - } + /** Client mode. */ + @Parameter(0) + public boolean clientMode; - /** - * @param isClient True if is client mode. - * @throws Exception If fail. - */ - private void testDataStreamer(boolean isClient) throws Exception { - Ignite node = startGrid(loginPrefix(isClient) + "_test_node", - builder() + /** */ + @Test + public void testDataStreamer() throws Exception { + Ignite node = startGrid(loginPrefix(clientMode) + "_test_node", + SecurityPermissionSetBuilder.create() .appendCachePermissions(CACHE_NAME, SecurityPermission.CACHE_PUT) .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) - .build(), isClient); + .build(), clientMode); List>> operations = Arrays.asList( s -> s.addData("k", 1), diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index 399b259434aa5..ac40fed356584 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -43,17 +43,17 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe @Override protected void beforeTestsStarted() throws Exception { super.beforeTestsStarted(); - startGrid(SRV_INITIATOR, allowAllPermissionSet()); + startGridAllowAll(SRV_INITIATOR); - startClient(CLNT_INITIATOR, allowAllPermissionSet()); + startClientAllowAll(CLNT_INITIATOR); - startGrid(SRV_RUN, allowAllPermissionSet()); + startGridAllowAll(SRV_RUN); - startGrid(SRV_CHECK, allowAllPermissionSet()); + startGridAllowAll(SRV_CHECK); - startGrid(SRV_ENDPOINT, allowAllPermissionSet()); + startGridAllowAll(SRV_ENDPOINT); - startClient(CLNT_ENDPOINT, allowAllPermissionSet()); + startClientAllowAll(CLNT_ENDPOINT); G.allGrids().get(0).cluster().active(true); } @@ -67,24 +67,21 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe .expect(CLNT_ENDPOINT, 1); } - /** - * - */ + /** */ @Test public void testDataStreamer() { - IgniteRunnable checkCase = () -> { + IgniteRunnable op = () -> { register(); try (IgniteDataStreamer strm = Ignition.localIgnite().dataStreamer(CACHE_NAME)) { - strm.receiver(StreamVisitor - .from(new ExecRegisterAndForwardAdapter<>(endpoints()))); + strm.receiver(StreamVisitor.from(new ExecRegisterAndForwardAdapter<>(endpoints()))); strm.addData(prmKey(grid(SRV_CHECK)), 100); } }; - runAndCheck(grid(SRV_INITIATOR), checkCase); - runAndCheck(grid(CLNT_INITIATOR), checkCase); + runAndCheck(grid(SRV_INITIATOR), op); + runAndCheck(grid(CLNT_INITIATOR), op); } /** {@inheritDoc} */ diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java index 74bc04d57d543..f65b44bd60c0d 100644 --- a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java +++ b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java @@ -104,6 +104,7 @@ import org.apache.ignite.lang.IgniteFuture; import org.apache.ignite.lang.IgniteInClosure; import org.apache.ignite.lang.IgnitePredicate; +import org.apache.ignite.lang.IgniteRunnable; import org.apache.ignite.plugin.extensions.communication.Message; import org.apache.ignite.spi.discovery.DiscoverySpiCustomMessage; import org.apache.ignite.spi.discovery.DiscoverySpiListener; @@ -2152,7 +2153,30 @@ public static long sleep_and_can_fail() { @FunctionalInterface public interface RunnableX extends Runnable { /** - * Closure body. + * Runnable body. + * + * @throws Exception If failed. + */ + void runx() throws Exception; + + /** {@inheritdoc} */ + @Override default void run() { + try { + runx(); + } + catch (Exception e) { + throw new IgniteException(e); + } + } + } + + /** + * IgniteRunnable that can throw exceptions. + */ + @FunctionalInterface + public interface IgniteRunnableX extends IgniteRunnable { + /** + * Runnable body. * * @throws Exception If failed. */ From f058311af31e2c45f02c3e998fd7f9ab8fef3924 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Mon, 15 Apr 2019 23:27:55 +0300 Subject: [PATCH 88/98] IGNITE-9560 code style --- ...bstractRemoteSecurityContextCheckTest.java | 5 ++--- .../security/AbstractSecurityTest.java | 2 +- .../cache/ScanQueryPermissionCheckTest.java | 2 +- ...cheLoadRemoteSecurityContextCheckTest.java | 3 +-- ...ocessorRemoteSecurityContextCheckTest.java | 2 -- ...anQueryRemoteSecurityContextCheckTest.java | 1 - .../compute/ComputePermissionCheckTest.java | 5 +++++ ...uteTaskRemoteSecurityContextCheckTest.java | 1 - ...ClosureRemoteSecurityContextCheckTest.java | 19 ++++++------------- .../DataStreamerPermissionCheckTest.java | 2 +- 10 files changed, 17 insertions(+), 25 deletions(-) diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java index 66c8fad07107c..7b26dd9d6cd35 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java @@ -34,15 +34,12 @@ import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.T2; -import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.lang.IgniteBiInClosure; import org.apache.ignite.lang.IgniteBiPredicate; import org.apache.ignite.lang.IgniteCallable; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; -import org.apache.ignite.plugin.security.SecurityException; -import static org.hamcrest.CoreMatchers.notNullValue; import static org.hamcrest.core.Is.is; import static org.junit.Assert.assertThat; @@ -296,10 +293,12 @@ public ExecRegisterAndForwardAdapter(Collection endpoints) { } } + /** */ protected RegisterExecAndForward createRunner(String srvName) { return new RegisterExecAndForward<>(srvName, endpoints()); } + /** */ protected RegisterExecAndForward createRunner() { return new RegisterExecAndForward<>(endpoints()); } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java index 583c3ae2421cb..431e4e8d32598 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -108,7 +108,7 @@ protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, boolean } /** - * Method {@link TestRunnable#run()} should throw {@link SecurityException}. + * Method {@link Runnable#run()} should throw {@link SecurityException}. * * @param r Runnable. */ diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java index f2fc4c2439a27..04ab7920f523b 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java @@ -44,7 +44,7 @@ public static Iterable data() { } /** Client mode. */ - @Parameter(0) + @Parameter() public boolean clientMode; /** */ diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 4121905c04a08..ea6eb617032e0 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -22,7 +22,6 @@ import java.util.UUID; import javax.cache.Cache; import javax.cache.configuration.Factory; -import org.apache.ignite.Ignition; import org.apache.ignite.cache.CacheMode; import org.apache.ignite.cache.store.CacheStoreAdapter; import org.apache.ignite.configuration.CacheConfiguration; @@ -94,7 +93,7 @@ public void test() { register(); localIgnite().cache(CACHE_NAME).loadCache( - new RegisterExecAndForward(SRV_CHECK, endpoints()) + new RegisterExecAndForward<>(SRV_CHECK, endpoints()) ); }; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index 1ae5fa5f50356..ecd4861320670 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -21,10 +21,8 @@ import java.util.Collections; import java.util.UUID; import java.util.stream.Stream; -import org.apache.ignite.Ignition; import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; - import org.apache.ignite.lang.IgniteRunnable; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index f60077b5bcd06..18ff602b6a53e 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -21,7 +21,6 @@ import java.util.Collections; import java.util.UUID; import java.util.stream.Stream; -import org.apache.ignite.Ignition; import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.processors.security.AbstractCacheOperationRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java index 72ff81912d1b6..617332b9910a3 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java @@ -249,22 +249,27 @@ public FutureAdapter(IgniteFuture igniteFut) { this.igniteFut = igniteFut; } + /** {@inheritDoc} */ @Override public boolean cancel(boolean mayInterruptIfRunning) { return igniteFut.cancel(); } + /** {@inheritDoc} */ @Override public boolean isCancelled() { return igniteFut.isCancelled(); } + /** {@inheritDoc} */ @Override public boolean isDone() { return igniteFut.isDone(); } + /** {@inheritDoc} */ @Override public T get() throws InterruptedException, ExecutionException { return igniteFut.get(); } + /** {@inheritDoc} */ @Override public T get(long timeout, @NotNull TimeUnit unit) throws InterruptedException, ExecutionException, TimeoutException { return igniteFut.get(timeout, unit); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index be98171c9d381..da51e2f488f5f 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -24,7 +24,6 @@ import java.util.UUID; import java.util.stream.Stream; import org.apache.ignite.Ignite; -import org.apache.ignite.Ignition; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.compute.ComputeJob; import org.apache.ignite.compute.ComputeJobResult; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index e69a64d4c5cc9..45f6f28b3446d 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -19,7 +19,6 @@ import java.util.UUID; import java.util.stream.Stream; -import org.apache.ignite.Ignition; import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; @@ -84,34 +83,28 @@ private Stream operations() { () -> compute(localIgnite(), nodesToCheck()).broadcast((IgniteRunnable) createRunner()), () -> compute(localIgnite(), nodesToCheck()).broadcastAsync((IgniteRunnable) createRunner()).get(), () -> { - for (UUID id : nodesToCheck()) { + for (UUID id : nodesToCheck()) compute(localIgnite(), id).call(createRunner()); - } }, () -> { - for (UUID id : nodesToCheck()) { + for (UUID id : nodesToCheck()) compute(localIgnite(), id).callAsync(createRunner()).get(); - } }, () -> { - for (UUID id : nodesToCheck()) { + for (UUID id : nodesToCheck()) compute(localIgnite(), id).run(createRunner()); - } }, () -> { - for (UUID id : nodesToCheck()) { + for (UUID id : nodesToCheck()) compute(localIgnite(), id).runAsync(createRunner()).get(); - } }, () -> { - for (UUID id : nodesToCheck()) { + for (UUID id : nodesToCheck()) compute(localIgnite(), id).apply(createRunner(), new Object()); - } }, () -> { - for (UUID id : nodesToCheck()) { + for (UUID id : nodesToCheck()) compute(localIgnite(), id).applyAsync(createRunner(), new Object()).get(); - } } ).map(RegisterExecAndForward::new); } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java index 8e6461d666ccf..49f38856ca3bf 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -47,7 +47,7 @@ public static Iterable data() { } /** Client mode. */ - @Parameter(0) + @Parameter() public boolean clientMode; /** */ From 119bde196ef6c561f402a193f2840a95f9d8c152 Mon Sep 17 00:00:00 2001 From: Nikolay Date: Tue, 16 Apr 2019 10:47:26 +0300 Subject: [PATCH 89/98] Ignite 9560 (#15) * IGNITE-9560: Tests reducing * IGNITE-9560: Tests reducing --- ...ractCacheOperationPermissionCheckTest.java | 2 - .../security/AbstractSecurityTest.java | 11 ---- .../CacheOperationPermissionCheckTest.java | 4 +- .../EntryProcessorPermissionCheckTest.java | 4 +- .../cache/ScanQueryPermissionCheckTest.java | 26 ++++----- ...cheLoadRemoteSecurityContextCheckTest.java | 2 - ...ocessorRemoteSecurityContextCheckTest.java | 2 - ...anQueryRemoteSecurityContextCheckTest.java | 2 - .../client/ThinClientPermissionCheckTest.java | 58 +++++++++---------- .../compute/ComputePermissionCheckTest.java | 29 +++++----- ...uteTaskRemoteSecurityContextCheckTest.java | 16 +---- ...ClosureRemoteSecurityContextCheckTest.java | 2 - ...ServiceRemoteSecurityContextCheckTest.java | 2 - .../DataStreamerPermissionCheckTest.java | 26 +++------ ...treamerRemoteSecurityContextCheckTest.java | 2 - 15 files changed, 68 insertions(+), 120 deletions(-) diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java index 8455ff9289524..46c88cda503e4 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractCacheOperationPermissionCheckTest.java @@ -37,8 +37,6 @@ public abstract class AbstractCacheOperationPermissionCheckTest extends Abstract /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - startGridAllowAll("server").cluster().active(true); } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java index 431e4e8d32598..63ee017130162 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -39,8 +39,6 @@ public class AbstractSecurityTest extends GridCommonAbstractTest { /** {@inheritDoc} */ @Override protected void afterTestsStopped() throws Exception { - super.afterTestsStopped(); - stopAllGrids(); cleanPersistenceDir(); @@ -106,13 +104,4 @@ protected IgniteEx startClientAllowAll(String login) throws Exception { protected IgniteEx startGrid(String login, SecurityPermissionSet prmSet, boolean isClient) throws Exception { return startGrid(getConfiguration(login, secPluginCfg(login, "", prmSet)).setClientMode(isClient)); } - - /** - * Method {@link Runnable#run()} should throw {@link SecurityException}. - * - * @param r Runnable. - */ - protected void assertForbidden(Runnable r) { - GridTestUtils.assertThrowsWithCause(r, SecurityException.class); - } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java index dc0a77d73f4b5..a8f80b43945c9 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/CacheOperationPermissionCheckTest.java @@ -24,6 +24,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; @@ -33,6 +34,7 @@ import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test CRUD cache permissions. @@ -64,7 +66,7 @@ private void testCrudCachePermissions(boolean isClient) throws Exception { for (Consumer> c : operations()) { c.accept(node.cache(CACHE_NAME)); - assertForbidden(() -> c.accept(node.cache(FORBIDDEN_CACHE))); + assertThrowsWithCause(() -> c.accept(node.cache(FORBIDDEN_CACHE)), SecurityException.class); } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java index 21671141c2703..5bc832cc51c94 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java @@ -26,6 +26,7 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.T2; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; @@ -34,6 +35,7 @@ import static java.util.Collections.singleton; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; import static org.hamcrest.core.Is.is; import static org.junit.Assert.assertThat; @@ -117,7 +119,7 @@ private void assertAllowed(Ignite node, BiConsumer> private void assertForbidden(Ignite node, BiConsumer> c) { T2 entry = entry(); - assertForbidden(() -> c.accept(FORBIDDEN_CACHE, entry)); + assertThrowsWithCause(() -> c.accept(FORBIDDEN_CACHE, entry), SecurityException.class); assertNull(node.cache(CACHE_NAME).get(entry.getKey())); } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java index 04ab7920f523b..3c7c41567af03 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java @@ -23,6 +23,7 @@ import org.apache.ignite.cache.query.ScanQuery; import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; import org.apache.ignite.internal.util.typedef.G; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; import org.junit.runner.RunWith; @@ -31,6 +32,7 @@ import org.junit.runners.Parameterized.Parameters; import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test cache permission for invoking of Scan Query. @@ -50,20 +52,6 @@ public static Iterable data() { /** */ @Test public void testScanQuery() throws Exception { - putTestData(); - - Ignite node = startGrid(loginPrefix(clientMode) + "_test_node", - SecurityPermissionSetBuilder.create() - .appendCachePermissions(CACHE_NAME, CACHE_READ) - .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), clientMode); - - assertFalse(node.cache(CACHE_NAME).query(new ScanQuery()).getAll().isEmpty()); - - assertForbidden(() -> node.cache(FORBIDDEN_CACHE).query(new ScanQuery()).getAll()); - } - - /** */ - private void putTestData() { Ignite ignite = G.allGrids().stream().findFirst().get(); try (IgniteDataStreamer strAllowedCache = ignite.dataStreamer(CACHE_NAME); @@ -73,5 +61,15 @@ private void putTestData() { strForbiddenCache.addData(Integer.toString(i), i); } } + + Ignite node = startGrid(loginPrefix(clientMode) + "_test_node", + SecurityPermissionSetBuilder.create() + .appendCachePermissions(CACHE_NAME, CACHE_READ) + .appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build(), clientMode); + + assertFalse(node.cache(CACHE_NAME).query(new ScanQuery()).getAll().isEmpty()); + + assertThrowsWithCause(() -> node.cache(FORBIDDEN_CACHE).query(new ScanQuery()).getAll(), + SecurityException.class); } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index ea6eb617032e0..929bacff7604c 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -46,8 +46,6 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - startGridAllowAll(SRV_INITIATOR); startClientAllowAll(CLNT_INITIATOR); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java index ecd4861320670..4ca1f602a75da 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/EntryProcessorRemoteSecurityContextCheckTest.java @@ -42,8 +42,6 @@ public class EntryProcessorRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - startGridAllowAll(SRV_INITIATOR); startClientAllowAll(CLNT_INITIATOR); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 18ff602b6a53e..7f07b7b4547e9 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -42,8 +42,6 @@ public class ScanQueryRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - startGridAllowAll(SRV_INITIATOR); startClientAllowAll(CLNT_INITIATOR); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java index ba5e5b8725456..f4976f9874da5 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java @@ -20,7 +20,9 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; +import java.util.List; import java.util.function.Consumer; +import org.apache.ignite.IgniteException; import org.apache.ignite.Ignition; import org.apache.ignite.client.ClientAuthorizationException; import org.apache.ignite.client.Config; @@ -32,7 +34,6 @@ import org.apache.ignite.internal.processors.security.AbstractSecurityTest; import org.apache.ignite.internal.processors.security.TestSecurityData; import org.apache.ignite.internal.util.typedef.G; -import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.lang.IgniteBiTuple; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; @@ -48,6 +49,7 @@ import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE; import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; import static org.apache.ignite.plugin.security.SecurityPermissionSetBuilder.ALLOW_ALL; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Security tests for thin client. @@ -105,8 +107,6 @@ private IgniteConfiguration getConfiguration(int idx, TestSecurityData... client /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - IgniteEx ignite = startGrid( getConfiguration( new TestSecurityData(CLIENT, @@ -133,16 +133,14 @@ private IgniteConfiguration getConfiguration(int idx, TestSecurityData... client ignite.cluster().active(true); } - /** - * @throws Exception If error occurs. - */ + /** */ @Test public void testCacheSinglePermOperations() throws Exception { for (IgniteBiTuple, String> t : operations(CACHE)) - executeOperation(CLIENT, t.get1()); + runOperation(CLIENT, t); for (IgniteBiTuple, String> t : operations(FORBIDDEN_CACHE)) - executeForbiddenOperation(t); + assertThrowsWithCause(() -> runOperation(CLIENT, t), ClientAuthorizationException.class); } /** @@ -154,16 +152,19 @@ public void testCacheSinglePermOperations() throws Exception { */ @Test public void testCacheTaskPermOperations() throws Exception { - executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).removeAll()); - executeOperation(CLIENT_CACHE_TASK_OPER, c -> c.cache(CACHE).clear()); + List, String>> ops = Arrays.asList( + t(c -> c.cache(CACHE).removeAll(), "removeAll"), + t(c -> c.cache(CACHE).clear(), "clear") + ); - executeForbiddenOperation(t(c -> c.cache(CACHE).removeAll(), "removeAll")); - executeForbiddenOperation(t(c -> c.cache(CACHE).clear(), "clear")); + for (IgniteBiTuple, String> op : ops) { + runOperation(CLIENT_CACHE_TASK_OPER, op); + + assertThrowsWithCause(() -> runOperation(CLIENT, op), ClientAuthorizationException.class); + } } - /** - * @throws Exception If error occurs. - */ + /** */ @Test public void testSysOperation() throws Exception { try (IgniteClient sysPrmClnt = startClient(CLIENT_SYS_PERM)) { @@ -176,8 +177,13 @@ public void testSysOperation() throws Exception { assertFalse(sysPrmClnt.cacheNames().contains(DYNAMIC_CACHE)); } - executeForbiddenOperation(t(c -> c.createCache(DYNAMIC_CACHE), "createCache")); - executeForbiddenOperation(t(c -> c.destroyCache(CACHE), "destroyCache")); + List, String>> ops = Arrays.asList( + t(c -> c.createCache(DYNAMIC_CACHE), "createCache"), + t(c -> c.destroyCache(CACHE), "destroyCache") + ); + + for (IgniteBiTuple, String> op : ops) + assertThrowsWithCause(() -> runOperation(CLIENT, op), ClientAuthorizationException.class); } /** @@ -202,24 +208,12 @@ private Collection, String>> operations(fin /** * @param cons Consumer. */ - private void executeOperation(String clientName, Consumer cons) throws Exception { + private void runOperation(String clientName, IgniteBiTuple, String> op) { try (IgniteClient client = startClient(clientName)) { - cons.accept(client); - } - } - - /** - * @param t Contains consumer that executes an operation and the name of this operation. - */ - private void executeForbiddenOperation(IgniteBiTuple, String> t) { - try (IgniteClient client = startClient(CLIENT)) { - t.get1().accept(client); - - fail("The operation " + t.get2() + " has to be forbidden."); - + op.get1().accept(client); } catch (Exception e) { - assertTrue(X.hasCause(e, ClientAuthorizationException.class)); + throw new IgniteException(op.get2(), e); } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java index 617332b9910a3..4d2877e84d649 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java @@ -42,6 +42,7 @@ import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteFuture; import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; @@ -56,6 +57,7 @@ import static java.util.function.Function.identity; import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL; import static org.apache.ignite.plugin.security.SecurityPermission.TASK_EXECUTE; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Task execute permission tests. @@ -135,13 +137,13 @@ public void test() throws Exception { srvAllowed.cluster().active(true); - operations(srvAllowed, clntAllowed).forEach(this::allowedRun); + operations(srvAllowed, clntAllowed).forEach(this::assertAllowed); - operations(srvForbidden, clntForbidden).forEach(this::assertForbidden); + operations(srvForbidden, clntForbidden).forEach(op -> assertThrowsWithCause(op, SecurityException.class)); - asyncOperations(srvAllowed, clntAllowed).forEach(this::allowedCancel); + asyncOperations(srvAllowed, clntAllowed).forEach(this::assertCancelAllowed); - asyncOperations(srvForbiddenCancel, clntForbiddenCancel).forEach(this::forbiddenCancel); + asyncOperations(srvForbiddenCancel, clntForbiddenCancel).forEach(this::assertCancelForbidden); } /** @@ -158,9 +160,9 @@ private Stream operations(Ignite... nodes) { () -> node.executorService().invokeAny(singletonList(TEST_CALLABLE)) ); - Stream operations = Arrays.stream(nodes).map(nodeOps).flatMap(identity()); + Stream ops = Arrays.stream(nodes).map(nodeOps).flatMap(identity()); - return Stream.concat(operations, asyncOperations(nodes).map(s -> () -> s.get().get())); + return Stream.concat(ops, asyncOperations(nodes).map(s -> () -> s.get().get())); } /** */ @@ -192,15 +194,10 @@ private SecurityPermissionSet permissions(SecurityPermission... perms) { /** * @param r TestRunnable. */ - private void allowedRun(Runnable r) { + private void assertAllowed(Runnable r) { IS_EXECUTED.set(false); - try { - r.run(); - } - catch (Exception e) { - throw new RuntimeException(e); - } + r.run(); assertTrue(IS_EXECUTED.get()); } @@ -208,13 +205,13 @@ private void allowedRun(Runnable r) { /** * @param s Supplier. */ - private void forbiddenCancel(Supplier s) { + private void assertCancelForbidden(Supplier s) { RNT_LOCK.lock(); try { Future f = s.get(); - assertForbidden(() -> f.cancel(true)); + assertThrowsWithCause(() -> f.cancel(true), SecurityException.class); } finally { RNT_LOCK.unlock(); @@ -224,7 +221,7 @@ private void forbiddenCancel(Supplier s) { /** * @param s Supplier. */ - private void allowedCancel(Supplier s) { + private void assertCancelAllowed(Supplier s) { RNT_LOCK.lock(); try { diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index da51e2f488f5f..9d17db5e63ce8 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -48,8 +48,6 @@ public class ComputeTaskRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - startGridAllowAll(SRV_INITIATOR); startClientAllowAll(CLNT_INITIATOR); @@ -95,16 +93,12 @@ private Stream operations() { () -> { register(); - localIgnite().compute().execute( - new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 - ); + localIgnite().compute().execute(new ComputeTaskClosure(nodesToCheck(), endpoints()), 0); }, () -> { register(); - localIgnite().compute().executeAsync( - new ComputeTaskClosure(nodesToCheck(), endpoints()), 0 - ).get(); + localIgnite().compute().executeAsync(new ComputeTaskClosure(nodesToCheck(), endpoints()), 0).get(); } ); } @@ -128,9 +122,6 @@ static class ComputeTaskClosure implements ComputeTask { * @param endpoints Collection of endpoint node ids. */ public ComputeTaskClosure(Collection remotes, Collection endpoints) { - assert !remotes.isEmpty(); - assert !endpoints.isEmpty(); - this.remotes = remotes; this.endpoints = endpoints; } @@ -153,8 +144,7 @@ public ComputeTaskClosure(Collection remotes, Collection endpoints) @Override public Object execute() { register(); - compute(loc, endpoints) - .broadcast(() -> register()); + compute(loc, endpoints).broadcast(() -> register()); return null; } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 45f6f28b3446d..05cb87b735c6b 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -36,8 +36,6 @@ public class DistributedClosureRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - startGridAllowAll(SRV_INITIATOR); startClientAllowAll(CLNT_INITIATOR); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index adfd417135c6e..7783ae0247318 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -39,8 +39,6 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemoteSecurityContextCheckTest { /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - startGridAllowAll(SRV_INITIATOR); startClientAllowAll(CLNT_INITIATOR); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java index 49f38856ca3bf..0eec851510676 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -24,6 +24,7 @@ import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.internal.processors.security.AbstractCacheOperationPermissionCheckTest; +import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; import org.junit.Test; @@ -34,6 +35,7 @@ import static java.util.Collections.singletonList; import static java.util.Collections.singletonMap; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsWithCause; /** * Test cache permissions for Data Streamer. @@ -59,37 +61,25 @@ public void testDataStreamer() throws Exception { .appendCachePermissions(FORBIDDEN_CACHE, SecurityPermission.CACHE_READ) .build(), clientMode); - List>> operations = Arrays.asList( + List>> ops = Arrays.asList( s -> s.addData("k", 1), s -> s.addData(singletonMap("key", 2)), s -> s.addData((Map.Entry)entry()), s -> s.addData(singletonList(entry()))); - operations.forEach(c -> assertAllowed(node, c)); + ops.forEach(c -> executeOperation(node, CACHE_NAME, c)); - operations.forEach(c -> assertForbidden(node, c)); + ops.forEach(c -> + assertThrowsWithCause(() -> executeOperation(node, FORBIDDEN_CACHE, c), SecurityException.class)); } /** * @param node Node. * @param c Consumer. */ - private void assertAllowed(Ignite node, Consumer> c) { - try (IgniteDataStreamer s = node.dataStreamer(CACHE_NAME)) { + private void executeOperation(Ignite node, String cache, Consumer> c) { + try (IgniteDataStreamer s = node.dataStreamer(cache)) { c.accept(s); } } - - /** - * @param node Node. - * @param c Consumer. - */ - private void assertForbidden(Ignite node, Consumer> c) { - assertForbidden(() -> { - try (IgniteDataStreamer s = node.dataStreamer(FORBIDDEN_CACHE)) { - c.accept(s); - } - } - ); - } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index ac40fed356584..cc43d474a6c96 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -41,8 +41,6 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { - super.beforeTestsStarted(); - startGridAllowAll(SRV_INITIATOR); startClientAllowAll(CLNT_INITIATOR); From 3c9022c871bdd96e75bf85c6249a18e82a4320ca Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 16 Apr 2019 11:19:31 +0300 Subject: [PATCH 90/98] IGNITE-9560 code style --- .../AbstractRemoteSecurityContextCheckTest.java | 4 ++-- .../processors/security/AbstractSecurityTest.java | 2 -- .../security/cache/ScanQueryPermissionCheckTest.java | 2 +- .../client/ThinClientPermissionCheckTest.java | 4 +--- .../security/compute/ComputePermissionCheckTest.java | 12 ++++++------ 5 files changed, 10 insertions(+), 14 deletions(-) diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java index 7b26dd9d6cd35..af65302e797bc 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java @@ -294,12 +294,12 @@ public ExecRegisterAndForwardAdapter(Collection endpoints) { } /** */ - protected RegisterExecAndForward createRunner(String srvName) { + protected RegisterExecAndForward createRunner(String srvName) { return new RegisterExecAndForward<>(srvName, endpoints()); } /** */ - protected RegisterExecAndForward createRunner() { + protected RegisterExecAndForward createRunner() { return new RegisterExecAndForward<>(endpoints()); } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java index 63ee017130162..573a4a8fa8f27 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -22,10 +22,8 @@ import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.plugin.security.SecurityException; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; -import org.apache.ignite.testframework.GridTestUtils; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import static org.apache.ignite.plugin.security.SecurityPermissionSetBuilder.ALLOW_ALL; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java index 3c7c41567af03..0fc02c97289b3 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/ScanQueryPermissionCheckTest.java @@ -52,7 +52,7 @@ public static Iterable data() { /** */ @Test public void testScanQuery() throws Exception { - Ignite ignite = G.allGrids().stream().findFirst().get(); + Ignite ignite = G.allGrids().stream().findFirst().orElseThrow(IllegalStateException::new); try (IgniteDataStreamer strAllowedCache = ignite.dataStreamer(CACHE_NAME); IgniteDataStreamer strForbiddenCache = ignite.dataStreamer(FORBIDDEN_CACHE)) { diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java index f4976f9874da5..e8577e15fded3 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java @@ -205,9 +205,7 @@ private Collection, String>> operations(fin ); } - /** - * @param cons Consumer. - */ + /** */ private void runOperation(String clientName, IgniteBiTuple, String> op) { try (IgniteClient client = startClient(clientName)) { op.get1().accept(client); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java index 4d2877e84d649..ebf17a7f4cacf 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java @@ -168,11 +168,11 @@ private Stream operations(Ignite... nodes) { /** */ private Stream> asyncOperations(Ignite... nodes) { Function>> nodeOps = (node) -> Stream.of( - () -> new FutureAdapter(node.compute().executeAsync(TEST_COMPUTE_TASK, 0)), - () -> new FutureAdapter(node.compute().broadcastAsync(TEST_CALLABLE)), - () -> new FutureAdapter(node.compute().callAsync(TEST_CALLABLE)), - () -> new FutureAdapter(node.compute().runAsync(TEST_RUNNABLE)), - () -> new FutureAdapter(node.compute().applyAsync(TEST_CLOSURE, new Object())), + () -> new FutureAdapter<>(node.compute().executeAsync(TEST_COMPUTE_TASK, 0)), + () -> new FutureAdapter<>(node.compute().broadcastAsync(TEST_CALLABLE)), + () -> new FutureAdapter<>(node.compute().callAsync(TEST_CALLABLE)), + () -> new FutureAdapter<>(node.compute().runAsync(TEST_RUNNABLE)), + () -> new FutureAdapter<>(node.compute().applyAsync(TEST_CLOSURE, new Object())), () -> node.executorService().submit(TEST_CALLABLE) ); @@ -293,7 +293,7 @@ private static class TestComputeTask implements ComputeTask { return null; } - }, subgrid.stream().findFirst().get() + }, subgrid.stream().findFirst().orElseThrow(IllegalStateException::new) ); } From 3ec0e29697a4ee3d36e8767d0aa90123147e92ee Mon Sep 17 00:00:00 2001 From: Denis Garus Date: Tue, 16 Apr 2019 15:49:29 +0300 Subject: [PATCH 91/98] IGNITE-9560 fix index tests (#16) * IGNITE-9560 fix index tests * IGNITE-9560 fix index tests * IGNITE-9560 fix comments * IGNITE-9560 fix comments --- ...bstractRemoteSecurityContextCheckTest.java | 51 ++++++++---------- .../security/TestSecurityProcessor.java | 3 -- .../EntryProcessorPermissionCheckTest.java | 53 ++++++++++--------- .../compute/ComputePermissionCheckTest.java | 27 +++------- .../DataStreamerPermissionCheckTest.java | 6 +-- .../cache/index/AbstractSchemaSelfTest.java | 3 +- .../DynamicIndexAbstractBasicSelfTest.java | 27 +++++----- ...ynamicIndexAbstractConcurrentSelfTest.java | 9 ++-- .../index/H2DynamicIndexAbstractSelfTest.java | 8 +-- ...ctionsCommandsWithMvccEnabledSelfTest.java | 8 +-- .../cache/index/SqlTransactionsSelfTest.java | 8 +-- 11 files changed, 93 insertions(+), 110 deletions(-) diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java index af65302e797bc..21c4fb1a0f823 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java @@ -164,7 +164,9 @@ protected void runAndCheck(IgniteEx initiator, IgniteRunnable op) { */ protected void runAndCheck(IgniteEx initiator, Stream ops) { ops.forEach(r -> { - setupVerifier(VERIFIER.start(secSubjectId(initiator))); + VERIFIER.clear().expectSubjId(secSubjectId(initiator)); + + setupVerifier(VERIFIER); compute(initiator, nodesToRun()).broadcast(r); @@ -179,28 +181,24 @@ public static class Verifier { /** * Map that contains an expected behaviour. */ - private final ConcurrentHashMap> map = new ConcurrentHashMap<>(); + private final ConcurrentHashMap> expInvokes = new ConcurrentHashMap<>(); /** * List of registered security subjects. */ - private final List> list = Collections.synchronizedList(new ArrayList<>()); + private final List> registeredSubjects = Collections.synchronizedList(new ArrayList<>()); /** * Expected security subject id. */ private UUID expSecSubjId; - /** - * Prepare for test. - * - * @param expSecSubjId Expected security subject id. - */ - private Verifier start(UUID expSecSubjId) { - this.expSecSubjId = expSecSubjId; + /** */ + private Verifier clear() { + registeredSubjects.clear(); + expInvokes.clear(); - list.clear(); - map.clear(); + expSecSubjId = null; return this; } @@ -213,7 +211,7 @@ private Verifier start(UUID expSecSubjId) { * @param num Expected number of invokes. */ public Verifier expect(String nodeName, int num) { - map.put(nodeName, new T2<>(num, 0)); + expInvokes.put(nodeName, new T2<>(num, 0)); return this; } @@ -224,12 +222,9 @@ public Verifier expect(String nodeName, int num) { * @param ignite Local node. */ private void register(IgniteEx ignite) { - assert expSecSubjId != null; - assert ignite != null; - - list.add(new T2<>(secSubjectId(ignite), ignite.name())); + registeredSubjects.add(new T2<>(secSubjectId(ignite), ignite.name())); - map.computeIfPresent(ignite.name(), (name, t2) -> { + expInvokes.computeIfPresent(ignite.name(), (name, t2) -> { Integer val = t2.getValue(); t2.setValue(++val); @@ -242,21 +237,23 @@ private void register(IgniteEx ignite) { * Checks result of test and clears expected behavior. */ private void checkResult() { - assert !map.isEmpty(); - - list.forEach(t -> + registeredSubjects.forEach(t -> assertThat("Invalide security context on node " + t.get2(), t.get1(), is(expSecSubjId)) ); - map.forEach((key, value) -> + expInvokes.forEach((key, value) -> assertThat("Node " + key + ". Execution of register: ", value.get2(), is(value.get1()))); - list.clear(); - map.clear(); + clear(); + } - expSecSubjId = null; + /** */ + private Verifier expectSubjId(UUID expSecSubjId) { + this.expSecSubjId = expSecSubjId; + + return this; } } @@ -357,12 +354,10 @@ public RegisterExecAndForward(Collection endpoints) { if (node == null || node.equals(loc.name())) { register(); - Ignite ignite = Ignition.localIgnite(); - if (runnable != null) runnable.run(); else { - compute(ignite, endpoints) + compute(loc, endpoints) .broadcast(() -> register()); } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java index e20a5d147a4b7..4a6a6989e3fe8 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java @@ -107,9 +107,6 @@ public TestSecurityProcessor(GridKernalContext ctx, TestSecurityData nodeSecData /** {@inheritDoc} */ @Override public void authorize(String name, SecurityPermission perm, SecurityContext securityCtx) throws SecurityException { - - assert securityCtx instanceof TestSecurityContext; - if (!((TestSecurityContext)securityCtx).operationAllowed(name, perm)) throw new SecurityException("Authorization failed [perm=" + perm + ", name=" + name + diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java index 5bc832cc51c94..09d910664ef63 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java @@ -47,6 +47,11 @@ public class EntryProcessorPermissionCheckTest extends AbstractCacheOperationPer /** */ @Test public void test() throws Exception { + IgniteEx verifierNode = startGrid("verifier_node", + SecurityPermissionSetBuilder.create() + .appendCachePermissions(CACHE_NAME, CACHE_READ) + .appendCachePermissions(FORBIDDEN_CACHE, CACHE_READ).build(), false); + IgniteEx srvNode = startGrid("server_node", SecurityPermissionSetBuilder.create() .appendCachePermissions(CACHE_NAME, CACHE_READ, CACHE_PUT) @@ -63,14 +68,36 @@ public void test() throws Exception { .forEach( n -> operations(n).forEach( c -> { - assertAllowed(n, c); + runOperation(verifierNode, c); - assertForbidden(n, c); + runForbiddenOperation(verifierNode, c); } ) ); } + /** + * @param c Consumer. + */ + private void runOperation(Ignite node, BiConsumer> c) { + T2 entry = entry(); + + c.accept(CACHE_NAME, entry); + + assertThat(node.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); + } + + /** + * @param c Consumer. + */ + private void runForbiddenOperation(Ignite node, BiConsumer> c) { + T2 entry = entry(); + + assertThrowsWithCause(() -> c.accept(FORBIDDEN_CACHE, entry), SecurityException.class); + + assertNull(node.cache(FORBIDDEN_CACHE).get(entry.getKey())); + } + /** * @return Collection of operations to invoke entry processor. */ @@ -101,26 +128,4 @@ private static CacheEntryProcessor processor(T2> c) { - T2 entry = entry(); - - c.accept(CACHE_NAME, entry); - - assertThat(node.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); - } - - /** - * @param c Consumer. - */ - private void assertForbidden(Ignite node, BiConsumer> c) { - T2 entry = entry(); - - assertThrowsWithCause(() -> c.accept(FORBIDDEN_CACHE, entry), SecurityException.class); - - assertNull(node.cache(CACHE_NAME).get(entry.getKey())); - } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java index ebf17a7f4cacf..1fa69439318ef 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/ComputePermissionCheckTest.java @@ -137,13 +137,14 @@ public void test() throws Exception { srvAllowed.cluster().active(true); - operations(srvAllowed, clntAllowed).forEach(this::assertAllowed); + operations(srvAllowed, clntAllowed).forEach(this::runOperation); operations(srvForbidden, clntForbidden).forEach(op -> assertThrowsWithCause(op, SecurityException.class)); - asyncOperations(srvAllowed, clntAllowed).forEach(this::assertCancelAllowed); + asyncOperations(srvAllowed, clntAllowed).forEach(this::runOperationCancel); - asyncOperations(srvForbiddenCancel, clntForbiddenCancel).forEach(this::assertCancelForbidden); + asyncOperations(srvForbiddenCancel, clntForbiddenCancel).forEach(op -> + assertThrowsWithCause(() -> runOperationCancel(op), SecurityException.class)); } /** @@ -194,7 +195,7 @@ private SecurityPermissionSet permissions(SecurityPermission... perms) { /** * @param r TestRunnable. */ - private void assertAllowed(Runnable r) { + private void runOperation(Runnable r) { IS_EXECUTED.set(false); r.run(); @@ -205,23 +206,7 @@ private void assertAllowed(Runnable r) { /** * @param s Supplier. */ - private void assertCancelForbidden(Supplier s) { - RNT_LOCK.lock(); - - try { - Future f = s.get(); - - assertThrowsWithCause(() -> f.cancel(true), SecurityException.class); - } - finally { - RNT_LOCK.unlock(); - } - } - - /** - * @param s Supplier. - */ - private void assertCancelAllowed(Supplier s) { + private void runOperationCancel(Supplier s) { RNT_LOCK.lock(); try { diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java index 0eec851510676..210d12e447482 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/DataStreamerPermissionCheckTest.java @@ -67,17 +67,17 @@ public void testDataStreamer() throws Exception { s -> s.addData((Map.Entry)entry()), s -> s.addData(singletonList(entry()))); - ops.forEach(c -> executeOperation(node, CACHE_NAME, c)); + ops.forEach(c -> runOperation(node, CACHE_NAME, c)); ops.forEach(c -> - assertThrowsWithCause(() -> executeOperation(node, FORBIDDEN_CACHE, c), SecurityException.class)); + assertThrowsWithCause(() -> runOperation(node, FORBIDDEN_CACHE, c), SecurityException.class)); } /** * @param node Node. * @param c Consumer. */ - private void executeOperation(Ignite node, String cache, Consumer> c) { + private void runOperation(Ignite node, String cache, Consumer> c) { try (IgniteDataStreamer s = node.dataStreamer(cache)) { c.accept(s); } diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/AbstractSchemaSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/AbstractSchemaSelfTest.java index 7458087b804f6..0cd3caacaccd0 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/AbstractSchemaSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/AbstractSchemaSelfTest.java @@ -59,7 +59,6 @@ import org.apache.ignite.internal.util.typedef.internal.SB; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.lang.IgniteBiTuple; -import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.jetbrains.annotations.Nullable; /** @@ -135,7 +134,7 @@ protected IgniteConfiguration commonConfiguration(int idx) throws Exception { * @param r Runnable. * @param expCode Error code. */ - static void assertSqlException(RunnableX r, int expCode) { + static void assertSqlException(Runnable r, int expCode) { try { try { r.run(); diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractBasicSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractBasicSelfTest.java index ff02d4a067f7c..cbe7d5dbb73f9 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractBasicSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractBasicSelfTest.java @@ -36,7 +36,6 @@ import org.apache.ignite.internal.processors.query.IgniteSQLException; import org.apache.ignite.internal.processors.query.schema.SchemaOperationException; import org.apache.ignite.internal.util.typedef.F; -import org.apache.ignite.testframework.GridTestUtils; import org.apache.ignite.testframework.junits.WithSystemProperty; import org.junit.Test; @@ -45,6 +44,8 @@ import static org.apache.ignite.cache.CacheAtomicityMode.TRANSACTIONAL; import static org.apache.ignite.cache.CacheMode.PARTITIONED; import static org.apache.ignite.cache.CacheMode.REPLICATED; +import static org.apache.ignite.testframework.GridTestUtils.RunnableX; +import static org.apache.ignite.testframework.GridTestUtils.assertThrows; /** * Tests for dynamic index creation. @@ -210,7 +211,7 @@ private void checkCreate(CacheMode mode, CacheAtomicityMode atomicityMode, boole assertIndex(CACHE_NAME, TBL_NAME, IDX_NAME_1, QueryIndex.DFLT_INLINE_SIZE, field(FIELD_NAME_1_ESCAPED)); assertIgniteSqlException(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { dynamicIndexCreate(CACHE_NAME, TBL_NAME, idx, false, 0); } }, IgniteQueryErrorCode.INDEX_ALREADY_EXISTS); @@ -471,7 +472,7 @@ private void checkCreateNoTable(CacheMode mode, CacheAtomicityMode atomicityMode final QueryIndex idx = index(IDX_NAME_1, field(FIELD_NAME_1_ESCAPED)); assertIgniteSqlException(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { dynamicIndexCreate(CACHE_NAME, randomString(), idx, false, 0); } }, IgniteQueryErrorCode.TABLE_NOT_FOUND); @@ -553,7 +554,7 @@ private void checkCreateIndexNoColumn(CacheMode mode, CacheAtomicityMode atomici final QueryIndex idx = index(IDX_NAME_1, field(randomString())); assertIgniteSqlException(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { dynamicIndexCreate(CACHE_NAME, TBL_NAME, idx, false, 0); } }, IgniteQueryErrorCode.COLUMN_NOT_FOUND); @@ -634,7 +635,7 @@ private void checkCreateIndexOnColumnWithAlias(CacheMode mode, CacheAtomicityMod initialize(mode, atomicityMode, near); assertIgniteSqlException(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { QueryIndex idx = index(IDX_NAME_1, field(FIELD_NAME_2_ESCAPED)); dynamicIndexCreate(CACHE_NAME, TBL_NAME, idx, false, 0); @@ -772,7 +773,7 @@ private void checkIndexCreatedForInlineSize(int inlineSize) throws Exception { */ private void checkNoIndexIsCreatedForInlineSize(final int inlineSize, int igniteQryErrorCode) throws Exception { assertIgniteSqlException(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { QueryIndex idx = index(IDX_NAME_1, field(FIELD_NAME_1_ESCAPED)); idx.setInlineSize(inlineSize); dynamicIndexCreate(CACHE_NAME, TBL_NAME, idx, false, 0); @@ -903,7 +904,7 @@ private void checkIndexCreatedForParallelism(int parallel) throws Exception { */ private void checkNoIndexIsCreatedForParallelism(final int parallel, int igniteQryErrorCode) throws Exception { assertIgniteSqlException(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { QueryIndex idx = index(IDX_NAME_1, field(FIELD_NAME_1_ESCAPED)); dynamicIndexCreate(CACHE_NAME, TBL_NAME, idx, false, parallel); } @@ -1086,7 +1087,7 @@ private void checkDropNoIndex(CacheMode mode, CacheAtomicityMode atomicityMode, initialize(mode, atomicityMode, near); assertIgniteSqlException(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { dynamicIndexDrop(CACHE_NAME, IDX_NAME_1, false); } }, IgniteQueryErrorCode.INDEX_NOT_FOUND); @@ -1202,7 +1203,7 @@ public void testFailOnLocalCache() throws Exception { final QueryIndex idx = index(IDX_NAME_1, field(FIELD_NAME_1_ESCAPED)); assertIgniteSqlException(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { dynamicIndexCreate(CACHE_NAME, TBL_NAME, idx, true, 0); } }, IgniteQueryErrorCode.UNSUPPORTED_OPERATION); @@ -1210,7 +1211,7 @@ public void testFailOnLocalCache() throws Exception { assertNoIndex(CACHE_NAME, TBL_NAME, IDX_NAME_1); assertIgniteSqlException(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { dynamicIndexDrop(CACHE_NAME, IDX_NAME_LOCAL, true); } }, IgniteQueryErrorCode.UNSUPPORTED_OPERATION); @@ -1294,7 +1295,7 @@ private void assertIndexNameIsNotValid(String idxNameToCreate, final String chec dynamicIndexCreate(STATIC_CACHE_NAME, TBL_NAME, idx, true, 0); - GridTestUtils.assertThrows(null, new Callable() { + assertThrows(null, new Callable() { @Override public Object call() throws Exception { dynamicIndexDrop(STATIC_CACHE_NAME, checkedIdxName, false); @@ -1428,7 +1429,7 @@ private void assertCompositeIndexOperations(String sql) { * @param r Runnable. * @param expCode Error code. */ - protected static void assertIgniteSqlException(RunnableX r, int expCode) { + protected static void assertIgniteSqlException(Runnable r, int expCode) { assertIgniteSqlException(r, null, expCode); } @@ -1439,7 +1440,7 @@ protected static void assertIgniteSqlException(RunnableX r, int expCode) { * @param msg Exception message to expect, or {@code null} if it can be waived. * @param expCode Error code. */ - private static void assertIgniteSqlException(RunnableX r, String msg, int expCode) { + private static void assertIgniteSqlException(Runnable r, String msg, int expCode) { try { r.run(); } diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractConcurrentSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractConcurrentSelfTest.java index 93249453566a9..2d73d3746837e 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractConcurrentSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractConcurrentSelfTest.java @@ -54,6 +54,7 @@ import org.junit.Test; import static org.apache.ignite.internal.IgniteClientReconnectAbstractTest.TestTcpDiscoverySpi; +import static org.apache.ignite.testframework.GridTestUtils.RunnableX; /** * Concurrency tests for dynamic index create/drop. @@ -674,7 +675,7 @@ private void checkClientReconnect(final boolean restartCache) throws Exception { // Check index create. reconnectClientNode(srv, cli, restartCache, new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { final QueryIndex idx = index(IDX_NAME_1, field(FIELD_NAME_1)); queryProcessor(srv).dynamicIndexCreate(CACHE_NAME, CACHE_NAME, TBL_NAME, idx, false, 0).get(); @@ -687,7 +688,7 @@ private void checkClientReconnect(final boolean restartCache) throws Exception { // Check index drop. reconnectClientNode(srv, cli, restartCache, new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { if (!restartCache) queryProcessor(srv).dynamicIndexDrop(CACHE_NAME, CACHE_NAME, IDX_NAME_1, false).get(); } @@ -707,7 +708,7 @@ private void checkClientReconnect(final boolean restartCache) throws Exception { assertIndexUsed(IDX_NAME_2, SQL_SIMPLE_FIELD_2, SQL_ARG_2); reconnectClientNode(srv, cli, restartCache, new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { if (!restartCache) queryProcessor(srv).dynamicIndexDrop(CACHE_NAME, CACHE_NAME, IDX_NAME_2, false).get(); @@ -732,7 +733,7 @@ private void checkClientReconnect(final boolean restartCache) throws Exception { * @throws Exception If failed. */ private void reconnectClientNode(final Ignite srvNode, final Ignite cliNode, final boolean restart, - final RunnableX clo) throws Exception { + final Runnable clo) throws Exception { IgniteClientReconnectAbstractTest.reconnectClientNode(log, cliNode, srvNode, new Runnable() { @Override public void run() { if (restart) { diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/H2DynamicIndexAbstractSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/H2DynamicIndexAbstractSelfTest.java index 16122548026b7..1c8f5e9606c8c 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/H2DynamicIndexAbstractSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/H2DynamicIndexAbstractSelfTest.java @@ -123,8 +123,8 @@ public void testCreateIndexWithDuplicateName() { cache.query(new SqlFieldsQuery("CREATE INDEX \"" + IDX_NAME_1_ESCAPED + "\" ON \"" + TBL_NAME_ESCAPED + "\"(\"" + FIELD_NAME_1_ESCAPED + "\" ASC)")); - assertSqlException(new RunnableX() { - @Override public void run() throws Exception { + assertSqlException(new Runnable() { + @Override public void run() { cache.query(new SqlFieldsQuery("CREATE INDEX \"" + IDX_NAME_1_ESCAPED + "\" ON \"" + TBL_NAME_ESCAPED + "\"(\"id\" ASC)")); } @@ -188,8 +188,8 @@ public void testDropIndex() { public void testDropMissingIndex() { final IgniteCache cache = cache(); - assertSqlException(new RunnableX() { - @Override public void run() throws Exception { + assertSqlException(new Runnable() { + @Override public void run() { cache.query(new SqlFieldsQuery("DROP INDEX \"" + IDX_NAME_1_ESCAPED + "\"")); } }, IgniteQueryErrorCode.INDEX_NOT_FOUND); diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/SqlTransactionsCommandsWithMvccEnabledSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/SqlTransactionsCommandsWithMvccEnabledSelfTest.java index 95ed2ebc35ba9..49845156b5c08 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/SqlTransactionsCommandsWithMvccEnabledSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/SqlTransactionsCommandsWithMvccEnabledSelfTest.java @@ -159,8 +159,8 @@ private void assertSqlOperationWithinNonSqlTransactionThrows(final String sql) { try (Transaction ignored = node().transactions().txStart()) { node().cache("ints").put(1, 1); - assertSqlException(new RunnableX() { - @Override public void run() throws Exception { + assertSqlException(new Runnable() { + @Override public void run() { execute(node(), sql); } }, IgniteQueryErrorCode.TRANSACTION_TYPE_MISMATCH); @@ -169,8 +169,8 @@ private void assertSqlOperationWithinNonSqlTransactionThrows(final String sql) { try (Transaction ignored = node().transactions().txStart()) { node().cache("ints").put(1, 1); - assertSqlException(new RunnableX() { - @Override public void run() throws Exception { + assertSqlException(new Runnable() { + @Override public void run() { node().cache("ints").query(new SqlFieldsQuery(sql).setLocal(true)).getAll(); } }, IgniteQueryErrorCode.TRANSACTION_TYPE_MISMATCH); diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/SqlTransactionsSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/SqlTransactionsSelfTest.java index f929b6e736030..2a044a236e007 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/SqlTransactionsSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/SqlTransactionsSelfTest.java @@ -160,8 +160,8 @@ private void assertSqlOperationWithinNonSqlTransactionThrows(final String sql) { try (Transaction ignored = node().transactions().txStart()) { node().cache("ints").put(1, 1); - assertSqlException(new RunnableX() { - @Override public void run() throws Exception { + assertSqlException(new Runnable() { + @Override public void run() { execute(node(), sql); } }, IgniteQueryErrorCode.TRANSACTION_TYPE_MISMATCH); @@ -170,8 +170,8 @@ private void assertSqlOperationWithinNonSqlTransactionThrows(final String sql) { try (Transaction ignored = node().transactions().txStart()) { node().cache("ints").put(1, 1); - assertSqlException(new RunnableX() { - @Override public void run() throws Exception { + assertSqlException(new Runnable() { + @Override public void run() { node().cache("ints").query(new SqlFieldsQuery(sql).setLocal(true)).getAll(); } }, IgniteQueryErrorCode.TRANSACTION_TYPE_MISMATCH); From c576781692484bd8dff224660ee6b4961a358276 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Tue, 16 Apr 2019 17:11:15 +0300 Subject: [PATCH 92/98] IGNITE-9560 fix comments --- .../org.apache.ignite.plugin.PluginProvider | 2 +- ...ridDiscoveryManagerAttributesSelfTest.java | 2 +- ...bstractRemoteSecurityContextCheckTest.java | 93 ++++++------------- .../security/AbstractSecurityTest.java | 14 +-- .../EntryProcessorPermissionCheckTest.java | 51 ++++------ ...cheLoadRemoteSecurityContextCheckTest.java | 5 +- ...anQueryRemoteSecurityContextCheckTest.java | 4 +- .../client/ThinClientPermissionCheckTest.java | 2 +- ...uteTaskRemoteSecurityContextCheckTest.java | 8 +- ...ClosureRemoteSecurityContextCheckTest.java | 21 +++-- ...ServiceRemoteSecurityContextCheckTest.java | 2 +- ...treamerRemoteSecurityContextCheckTest.java | 2 +- .../{ => impl}/TestSecurityContext.java | 5 +- .../security/{ => impl}/TestSecurityData.java | 2 +- .../TestSecurityPluginConfiguration.java | 3 +- .../{ => impl}/TestSecurityProcessor.java | 4 +- .../TestSecurityProcessorProvider.java | 3 +- .../{ => impl}/TestSecuritySubject.java | 2 +- .../discovery/AuthenticationRestartTest.java | 2 +- ...ryNodeAttributesUpdateOnReconnectTest.java | 2 +- 20 files changed, 92 insertions(+), 137 deletions(-) rename modules/core/src/test/java/org/apache/ignite/internal/processors/security/{ => impl}/TestSecurityContext.java (96%) rename modules/core/src/test/java/org/apache/ignite/internal/processors/security/{ => impl}/TestSecurityData.java (97%) rename modules/core/src/test/java/org/apache/ignite/internal/processors/security/{ => impl}/TestSecurityPluginConfiguration.java (89%) rename modules/core/src/test/java/org/apache/ignite/internal/processors/security/{ => impl}/TestSecurityProcessor.java (96%) rename modules/core/src/test/java/org/apache/ignite/internal/processors/security/{ => impl}/TestSecurityProcessorProvider.java (96%) rename modules/core/src/test/java/org/apache/ignite/internal/processors/security/{ => impl}/TestSecuritySubject.java (98%) diff --git a/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider b/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider index 74c2589365a47..5e51c7a2cc656 100644 --- a/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider +++ b/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider @@ -1,4 +1,4 @@ -org.apache.ignite.internal.processors.security.TestSecurityProcessorProvider +org.apache.ignite.internal.processors.security.impl.TestSecurityProcessorProvider org.apache.ignite.internal.processors.cache.persistence.standbycluster.IgniteStandByClusterTest$StanByClusterTestProvider org.apache.ignite.internal.processors.cache.persistence.wal.memtracker.PageMemoryTrackerPluginProvider org.apache.ignite.internal.processors.configuration.distributed.TestDistibutedConfigurationPlugin diff --git a/modules/core/src/test/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManagerAttributesSelfTest.java b/modules/core/src/test/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManagerAttributesSelfTest.java index f003a051c518f..ce384de8cdf03 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManagerAttributesSelfTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManagerAttributesSelfTest.java @@ -24,7 +24,7 @@ import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.binary.BinaryMarshaller; import org.apache.ignite.internal.marshaller.optimized.OptimizedMarshaller; -import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; +import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginConfiguration; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi; import org.apache.ignite.spi.discovery.tcp.TestReconnectProcessor; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java index 21c4fb1a0f823..05b348c53e50d 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractRemoteSecurityContextCheckTest.java @@ -21,17 +21,17 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.Objects; import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; import java.util.stream.Stream; import javax.cache.Cache; import javax.cache.processor.EntryProcessor; import javax.cache.processor.MutableEntry; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCompute; -import org.apache.ignite.Ignition; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteBiInClosure; @@ -40,6 +40,7 @@ import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; +import static org.apache.ignite.Ignition.localIgnite; import static org.hamcrest.core.Is.is; import static org.junit.Assert.assertThat; @@ -47,9 +48,6 @@ * */ public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSecurityTest { - /** Transition load cache. */ - protected static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; - /** Name of server initiator node. */ protected static final String SRV_INITIATOR = "srv_initiator"; @@ -75,14 +73,7 @@ public abstract class AbstractRemoteSecurityContextCheckTest extends AbstractSec protected static final String CLNT_ENDPOINT = "clnt_endpoint"; /** Verifier to check results of tests. */ - private static final Verifier VERIFIER = new Verifier(); - - /** - * Registers current security context and increments invoke's counter. - */ - protected static void register() { - VERIFIER.register((IgniteEx)Ignition.localIgnite()); - } + protected static final Verifier VERIFIER = new Verifier(); /** * @return IgniteCompute is produced by passed node for cluster group that contains nodes with ids from collection. @@ -91,29 +82,6 @@ protected static IgniteCompute compute(Ignite ignite, Collection ids) { return ignite.compute(ignite.cluster().forNodeIds(ids)); } - /** - * @return IgniteCompute is produced by passed node for cluster group that contains node with id. - */ - protected static IgniteCompute compute(Ignite ignite, UUID id) { - return ignite.compute(ignite.cluster().forNodeId(id)); - } - - /** - * @param ign Node. - * @return Security subject id of passed node. - */ - protected static UUID secSubjectId(IgniteEx ign) { - return ign.context().security().securityContext().subject().id(); - } - - /** - * @param name Security subject id of passed node. - * @return Security subject id of passed node. - */ - protected UUID secSubjectId(String name) { - return secSubjectId(grid(name)); - } - /** * @return Collection of feature call nodes ids. */ @@ -164,7 +132,7 @@ protected void runAndCheck(IgniteEx initiator, IgniteRunnable op) { */ protected void runAndCheck(IgniteEx initiator, Stream ops) { ops.forEach(r -> { - VERIFIER.clear().expectSubjId(secSubjectId(initiator)); + VERIFIER.clear().initiator(initiator); setupVerifier(VERIFIER); @@ -181,12 +149,12 @@ public static class Verifier { /** * Map that contains an expected behaviour. */ - private final ConcurrentHashMap> expInvokes = new ConcurrentHashMap<>(); + private final Map> expInvokes = new HashMap<>(); /** * List of registered security subjects. */ - private final List> registeredSubjects = Collections.synchronizedList(new ArrayList<>()); + private final List> registeredSubjects = new ArrayList<>(); /** * Expected security subject id. @@ -204,7 +172,7 @@ private Verifier clear() { } /** - * Adds expected behaivior the method {@link #register(IgniteEx)} will be invoke exp times on the node with + * Adds expected behaivior the method {@link #register} will be invoke exp times on the node with * passed name. * * @param nodeName Node name. @@ -218,10 +186,10 @@ public Verifier expect(String nodeName, int num) { /** * Registers current security context and increments invoke's counter. - * - * @param ignite Local node. */ - private void register(IgniteEx ignite) { + public synchronized void register() { + IgniteEx ignite = (IgniteEx)localIgnite(); + registeredSubjects.add(new T2<>(secSubjectId(ignite), ignite.name())); expInvokes.computeIfPresent(ignite.name(), (name, t2) -> { @@ -255,6 +223,16 @@ private Verifier expectSubjId(UUID expSecSubjId) { return this; } + + /** */ + private void initiator(IgniteEx initiator) { + expSecSubjId = secSubjectId(initiator); + } + + /** */ + private UUID secSubjectId(IgniteEx node) { + return node.context().security().securityContext().subject().id(); + } } /** */ @@ -262,21 +240,6 @@ protected static class ExecRegisterAndForwardAdapter implements IgniteBiIn /** RegisterExecAndForward. */ private RegisterExecAndForward instance; - /** - * @param runnable Runnable. - */ - public ExecRegisterAndForwardAdapter(IgniteRunnable runnable) { - instance = new RegisterExecAndForward<>(runnable); - } - - /** - * @param node Expected local node name. - * @param endpoints Collection of endpont nodes ids. - */ - public ExecRegisterAndForwardAdapter(String node, Collection endpoints) { - instance = new RegisterExecAndForward<>(node, endpoints); - } - /** * @param endpoints Collection of endpont nodes ids. */ @@ -291,12 +254,12 @@ public ExecRegisterAndForwardAdapter(Collection endpoints) { } /** */ - protected RegisterExecAndForward createRunner(String srvName) { + protected RegisterExecAndForward createRunner(String srvName) { return new RegisterExecAndForward<>(srvName, endpoints()); } /** */ - protected RegisterExecAndForward createRunner() { + protected RegisterExecAndForward createRunner() { return new RegisterExecAndForward<>(endpoints()); } @@ -349,17 +312,15 @@ public RegisterExecAndForward(Collection endpoints) { /** {@inheritDoc} */ @Override public void run() { - Ignite loc = Ignition.localIgnite(); + Ignite loc = localIgnite(); if (node == null || node.equals(loc.name())) { - register(); + VERIFIER.register(); if (runnable != null) runnable.run(); - else { - compute(loc, endpoints) - .broadcast(() -> register()); - } + else + compute(loc, endpoints).broadcast(() -> VERIFIER.register()); } } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java index 573a4a8fa8f27..165c46a3e2d76 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -22,6 +22,9 @@ import org.apache.ignite.configuration.DataStorageConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processors.security.impl.TestSecurityData; +import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginConfiguration; +import org.apache.ignite.internal.processors.security.impl.TestSecurityProcessor; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; @@ -60,17 +63,6 @@ protected IgniteConfiguration getConfiguration(String instanceName, .setPluginConfigurations(secCfg); } - /** - * @param idx Index. - * @param login Login. - * @param pwd Password. - * @param prmSet Security permission set. - */ - protected IgniteConfiguration getConfiguration(int idx, String login, String pwd, - SecurityPermissionSet prmSet) throws Exception { - return getConfiguration(getTestIgniteInstanceName(idx), secPluginCfg(login, pwd, prmSet)); - } - /** * @param login Login. * @param pwd Password. diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java index 09d910664ef63..7534a571de2fe 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/EntryProcessorPermissionCheckTest.java @@ -64,38 +64,31 @@ public void test() throws Exception { srvNode.cluster().active(true); - Stream.of(srvNode, clientNode) - .forEach( - n -> operations(n).forEach( - c -> { - runOperation(verifierNode, c); - - runForbiddenOperation(verifierNode, c); - } - ) - ); + Stream.of(srvNode, clientNode).forEach(n -> + operations(n).forEach(c -> { + runOperation(verifierNode, c); + + runForbiddenOperation(verifierNode, c); + }) + ); } - /** - * @param c Consumer. - */ - private void runOperation(Ignite node, BiConsumer> c) { + /** */ + private void runOperation(Ignite verifierNode, BiConsumer> c) { T2 entry = entry(); c.accept(CACHE_NAME, entry); - assertThat(node.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); + assertThat(verifierNode.cache(CACHE_NAME).get(entry.getKey()), is(entry.getValue())); } - /** - * @param c Consumer. - */ - private void runForbiddenOperation(Ignite node, BiConsumer> c) { + /** */ + private void runForbiddenOperation(Ignite verifierNode, BiConsumer> c) { T2 entry = entry(); assertThrowsWithCause(() -> c.accept(FORBIDDEN_CACHE, entry), SecurityException.class); - assertNull(node.cache(FORBIDDEN_CACHE).get(entry.getKey())); + assertNull(verifierNode.cache(FORBIDDEN_CACHE).get(entry.getKey())); } /** @@ -103,25 +96,17 @@ private void runForbiddenOperation(Ignite node, BiConsumer>> operations(final Ignite node) { return Arrays.asList( - (cacheName, t) -> node.cache(cacheName).invoke( - t.getKey(), processor(t) - ), - (cacheName, t) -> node.cache(cacheName).invokeAll( - singleton(t.getKey()), processor(t) - ), - (cacheName, t) -> node.cache(cacheName).invokeAsync( - t.getKey(), processor(t) - ).get(), - (cacheName, t) -> node.cache(cacheName).invokeAllAsync( - singleton(t.getKey()), processor(t) - ).get() + (cacheName, t) -> node.cache(cacheName).invoke(t.getKey(), processor(t)), + (cacheName, t) -> node.cache(cacheName).invokeAll(singleton(t.getKey()), processor(t)), + (cacheName, t) -> node.cache(cacheName).invokeAsync(t.getKey(), processor(t)).get(), + (cacheName, t) -> node.cache(cacheName).invokeAllAsync(singleton(t.getKey()), processor(t)).get() ); } /** * @param t T2. */ - private static CacheEntryProcessor processor(T2 t) { + private CacheEntryProcessor processor(T2 t) { return (entry, o) -> { entry.setValue(t.getValue()); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java index 929bacff7604c..00b0374bb0698 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/CacheLoadRemoteSecurityContextCheckTest.java @@ -44,6 +44,9 @@ */ @RunWith(JUnit4.class) public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperationRemoteSecurityContextCheckTest { + /** Transition load cache. */ + private static final String TRANSITION_LOAD_CACHE = "TRANSITION_LOAD_CACHE"; + /** {@inheritDoc} */ @Override protected void beforeTestsStarted() throws Exception { startGridAllowAll(SRV_INITIATOR); @@ -88,7 +91,7 @@ public class CacheLoadRemoteSecurityContextCheckTest extends AbstractCacheOperat @Test public void test() { IgniteRunnable operation = () -> { - register(); + VERIFIER.register(); localIgnite().cache(CACHE_NAME).loadCache( new RegisterExecAndForward<>(SRV_CHECK, endpoints()) diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java index 7f07b7b4547e9..27f7116fb55fe 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/cache/closure/ScanQueryRemoteSecurityContextCheckTest.java @@ -92,12 +92,12 @@ public void test() throws Exception { private Stream operations() { return Stream.of( () -> { - register(); + VERIFIER.register(); localIgnite().cache(CACHE_NAME).query(new ScanQuery<>(createRunner(SRV_CHECK))).getAll(); }, () -> { - register(); + VERIFIER.register(); localIgnite().cache(CACHE_NAME).query( new ScanQuery<>((k, v) -> true), diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java index e8577e15fded3..b41d9b44149a9 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/client/ThinClientPermissionCheckTest.java @@ -32,7 +32,7 @@ import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processors.security.AbstractSecurityTest; -import org.apache.ignite.internal.processors.security.TestSecurityData; +import org.apache.ignite.internal.processors.security.impl.TestSecurityData; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteBiTuple; import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java index 9d17db5e63ce8..2dd31b34011c3 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ComputeTaskRemoteSecurityContextCheckTest.java @@ -91,12 +91,12 @@ public void test() { private Stream operations() { return Stream.of( () -> { - register(); + VERIFIER.register(); localIgnite().compute().execute(new ComputeTaskClosure(nodesToCheck(), endpoints()), 0); }, () -> { - register(); + VERIFIER.register(); localIgnite().compute().executeAsync(new ComputeTaskClosure(nodesToCheck(), endpoints()), 0).get(); } @@ -142,9 +142,9 @@ public ComputeTaskClosure(Collection remotes, Collection endpoints) } @Override public Object execute() { - register(); + VERIFIER.register(); - compute(loc, endpoints).broadcast(() -> register()); + compute(loc, endpoints).broadcast(() -> VERIFIER.register()); return null; } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java index 05cb87b735c6b..6a6ca0f4e77b1 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/DistributedClosureRemoteSecurityContextCheckTest.java @@ -19,6 +19,8 @@ import java.util.UUID; import java.util.stream.Stream; +import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteCompute; import org.apache.ignite.internal.processors.security.AbstractRemoteSecurityContextCheckTest; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.lang.IgniteRunnable; @@ -73,6 +75,13 @@ public void test() { runAndCheck(grid(CLNT_INITIATOR), operations()); } + /** */ + private IgniteCompute compute(UUID id) { + Ignite loc = localIgnite(); + + return loc.compute(loc.cluster().forNodeId(id)); + } + /** * @return Stream of check cases. */ @@ -82,27 +91,27 @@ private Stream operations() { () -> compute(localIgnite(), nodesToCheck()).broadcastAsync((IgniteRunnable) createRunner()).get(), () -> { for (UUID id : nodesToCheck()) - compute(localIgnite(), id).call(createRunner()); + compute(id).call(createRunner()); }, () -> { for (UUID id : nodesToCheck()) - compute(localIgnite(), id).callAsync(createRunner()).get(); + compute(id).callAsync(createRunner()).get(); }, () -> { for (UUID id : nodesToCheck()) - compute(localIgnite(), id).run(createRunner()); + compute(id).run(createRunner()); }, () -> { for (UUID id : nodesToCheck()) - compute(localIgnite(), id).runAsync(createRunner()).get(); + compute(id).runAsync(createRunner()).get(); }, () -> { for (UUID id : nodesToCheck()) - compute(localIgnite(), id).apply(createRunner(), new Object()); + compute(id).apply(createRunner(), new Object()); }, () -> { for (UUID id : nodesToCheck()) - compute(localIgnite(), id).applyAsync(createRunner(), new Object()).get(); + compute(id).applyAsync(createRunner(), new Object()).get(); } ).map(RegisterExecAndForward::new); } diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java index 7783ae0247318..3f450ed587ffc 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/compute/closure/ExecutorServiceRemoteSecurityContextCheckTest.java @@ -73,7 +73,7 @@ public class ExecutorServiceRemoteSecurityContextCheckTest extends AbstractRemot @Test public void test() { IgniteRunnableX operation = () -> { - register(); + VERIFIER.register(); Ignite loc = Ignition.localIgnite(); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java index cc43d474a6c96..fbb82aa4b1f17 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/datastreamer/closure/DataStreamerRemoteSecurityContextCheckTest.java @@ -69,7 +69,7 @@ public class DataStreamerRemoteSecurityContextCheckTest extends AbstractCacheOpe @Test public void testDataStreamer() { IgniteRunnable op = () -> { - register(); + VERIFIER.register(); try (IgniteDataStreamer strm = Ignition.localIgnite().dataStreamer(CACHE_NAME)) { strm.receiver(StreamVisitor.from(new ExecRegisterAndForwardAdapter<>(endpoints()))); diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityContext.java similarity index 96% rename from modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityContext.java index c5fa46c03bca1..846762c8a8dd1 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityContext.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityContext.java @@ -15,10 +15,11 @@ * limitations under the License. */ -package org.apache.ignite.internal.processors.security; +package org.apache.ignite.internal.processors.security.impl; import java.io.Serializable; import java.util.Collection; +import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecuritySubject; @@ -121,4 +122,4 @@ private boolean hasPermission(Collection perms, SecurityPerm "subject=" + subject + '}'; } -} \ No newline at end of file +} diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityData.java similarity index 97% rename from modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityData.java index 91e225c2e8efe..66bc171a20982 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityData.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityData.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processors.security; +package org.apache.ignite.internal.processors.security.impl; import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityPermissionSet; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityPluginConfiguration.java similarity index 89% rename from modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityPluginConfiguration.java index 9239509b0052a..97c1e450d3ae8 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityPluginConfiguration.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityPluginConfiguration.java @@ -15,9 +15,10 @@ * limitations under the License. */ -package org.apache.ignite.internal.processors.security; +package org.apache.ignite.internal.processors.security.impl; import org.apache.ignite.internal.GridKernalContext; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.plugin.PluginConfiguration; /** diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessor.java similarity index 96% rename from modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessor.java index 4a6a6989e3fe8..0bda5b7a65844 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessor.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessor.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processors.security; +package org.apache.ignite.internal.processors.security.impl; import java.net.InetSocketAddress; import java.util.ArrayList; @@ -29,6 +29,8 @@ import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.IgniteNodeAttributes; import org.apache.ignite.internal.processors.GridProcessorAdapter; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; +import org.apache.ignite.internal.processors.security.SecurityContext; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.plugin.security.AuthenticationContext; import org.apache.ignite.plugin.security.SecurityCredentials; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java similarity index 96% rename from modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java index fef1d51868160..1ff5a201af204 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecurityProcessorProvider.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java @@ -15,13 +15,14 @@ * limitations under the License. */ -package org.apache.ignite.internal.processors.security; +package org.apache.ignite.internal.processors.security.impl; import java.io.Serializable; import java.util.UUID; import org.apache.ignite.cluster.ClusterNode; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; +import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.plugin.CachePluginContext; import org.apache.ignite.plugin.CachePluginProvider; import org.apache.ignite.plugin.ExtensionRegistry; diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecuritySubject.java similarity index 98% rename from modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java rename to modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecuritySubject.java index c26af70e116ce..6fa47cf19e24b 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/TestSecuritySubject.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecuritySubject.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.apache.ignite.internal.processors.security; +package org.apache.ignite.internal.processors.security.impl; import java.net.InetSocketAddress; import java.util.UUID; diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java index ddfa4a0f47aaa..8d6185143a38d 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AuthenticationRestartTest.java @@ -19,7 +19,7 @@ import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; -import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; +import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginConfiguration; import org.apache.ignite.internal.util.lang.GridAbsPredicate; import org.apache.ignite.lang.IgniteFuture; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi; diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java index 888e1f2bda57e..f20bf55734a52 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoveryNodeAttributesUpdateOnReconnectTest.java @@ -28,7 +28,7 @@ import org.apache.ignite.events.Event; import org.apache.ignite.events.EventType; import org.apache.ignite.internal.IgniteClientReconnectAbstractTest; -import org.apache.ignite.internal.processors.security.TestSecurityPluginConfiguration; +import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginConfiguration; import org.apache.ignite.lang.IgnitePredicate; import org.apache.ignite.resources.LoggerResource; import org.apache.ignite.spi.discovery.tcp.ipfinder.TcpDiscoveryIpFinder; From a4daf09e1d88152c0de19a47e58899ab8464ccfa Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 17 Apr 2019 10:27:49 +0300 Subject: [PATCH 93/98] IGNITE-9560 fix clients tests --- .../jdbc/thin/JdbcThinAbstractSelfTest.java | 40 +-- ...JdbcThinConnectionMvccEnabledSelfTest.java | 35 +- .../jdbc/thin/JdbcThinConnectionSelfTest.java | 180 ++++++----- .../JdbcThinPreparedStatementSelfTest.java | 49 +-- .../jdbc/thin/JdbcThinResultSetSelfTest.java | 300 +++++++++--------- .../jdbc/thin/JdbcThinStatementSelfTest.java | 55 ++-- 6 files changed, 327 insertions(+), 332 deletions(-) diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAbstractSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAbstractSelfTest.java index 23cd6a6794294..d317353e32608 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAbstractSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAbstractSelfTest.java @@ -28,7 +28,6 @@ import java.util.Collection; import java.util.Collections; import java.util.List; -import java.util.concurrent.Callable; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processors.odbc.ClientListenerProcessor; import org.apache.ignite.internal.processors.port.GridPortRecord; @@ -46,27 +45,18 @@ public class JdbcThinAbstractSelfTest extends GridCommonAbstractTest { * @param r Runnable to check support. */ protected void checkNotSupported(final RunnableX r) { - GridTestUtils.assertThrows(log, - new Callable() { - @Override public Object call() throws Exception { - r.run(); - - return null; - } - }, SQLFeatureNotSupportedException.class, null); + GridTestUtils.assertThrowsWithCause(r, SQLFeatureNotSupportedException.class); } /** * @param r Runnable to check on closed connection. */ protected void checkConnectionClosed(final RunnableX r) { - GridTestUtils.assertThrows(log, - new Callable() { - @Override public Object call() throws Exception { - r.run(); + GridTestUtils.assertThrowsAnyCause(log, + () -> { + r.run(); - return null; - } + return null; }, SQLException.class, "Connection is closed"); } @@ -74,13 +64,11 @@ protected void checkConnectionClosed(final RunnableX r) { * @param r Runnable to check on closed statement. */ protected void checkStatementClosed(final RunnableX r) { - GridTestUtils.assertThrows(log, - new Callable() { - @Override public Object call() throws Exception { - r.run(); + GridTestUtils.assertThrowsAnyCause(log, + () -> { + r.run(); - return null; - } + return null; }, SQLException.class, "Statement is closed"); } @@ -88,13 +76,11 @@ protected void checkStatementClosed(final RunnableX r) { * @param r Runnable to check on closed result set. */ protected void checkResultSetClosed(final RunnableX r) { - GridTestUtils.assertThrows(log, - new Callable() { - @Override public Object call() throws Exception { - r.run(); + GridTestUtils.assertThrowsAnyCause(log, + () -> { + r.run(); - return null; - } + return null; }, SQLException.class, "Result set is closed"); } diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionMvccEnabledSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionMvccEnabledSelfTest.java index fa13ed7b28063..d99c06fd0e7a4 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionMvccEnabledSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionMvccEnabledSelfTest.java @@ -28,7 +28,6 @@ import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.binary.BinaryMarshaller; import org.apache.ignite.testframework.GridStringLogger; -import org.apache.ignite.testframework.GridTestUtils; import org.jetbrains.annotations.NotNull; import org.junit.Test; @@ -37,6 +36,8 @@ import static java.sql.Connection.TRANSACTION_READ_UNCOMMITTED; import static java.sql.Connection.TRANSACTION_REPEATABLE_READ; import static java.sql.Connection.TRANSACTION_SERIALIZABLE; +import static org.apache.ignite.testframework.GridTestUtils.RunnableX; +import static org.apache.ignite.testframework.GridTestUtils.assertThrows; /** * Connection test. @@ -120,7 +121,7 @@ public void testGetSetAutoCommit() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setAutoCommit(true); } }); @@ -136,7 +137,7 @@ public void testCommit() throws Exception { assertTrue(conn.getMetaData().supportsTransactions()); // Should not be called in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.commit(); @@ -156,7 +157,7 @@ public void testCommit() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.commit(); } }); @@ -172,7 +173,7 @@ public void testRollback() throws Exception { assertTrue(conn.getMetaData().supportsTransactions()); // Should not be called in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.rollback(); @@ -192,7 +193,7 @@ public void testRollback() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.rollback(); } }); @@ -208,7 +209,7 @@ public void testSetSavepoint() throws Exception { assert !conn.getMetaData().supportsSavepoints(); // Disallowed in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setSavepoint(); @@ -224,7 +225,7 @@ public void testSetSavepoint() throws Exception { // Unsupported checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setSavepoint(); } }); @@ -232,7 +233,7 @@ public void testSetSavepoint() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setSavepoint(); } }); @@ -248,7 +249,7 @@ public void testSetSavepointName() throws Exception { assert !conn.getMetaData().supportsSavepoints(); // Invalid arg - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setSavepoint(null); @@ -263,7 +264,7 @@ public void testSetSavepointName() throws Exception { final String name = "savepoint"; // Disallowed in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setSavepoint(name); @@ -279,7 +280,7 @@ public void testSetSavepointName() throws Exception { // Unsupported checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setSavepoint(name); } }); @@ -287,7 +288,7 @@ public void testSetSavepointName() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setSavepoint(name); } }); @@ -303,7 +304,7 @@ public void testRollbackSavePoint() throws Exception { assert !conn.getMetaData().supportsSavepoints(); // Invalid arg - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.rollback(null); @@ -318,7 +319,7 @@ public void testRollbackSavePoint() throws Exception { final Savepoint savepoint = getFakeSavepoint(); // Disallowed in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.rollback(savepoint); @@ -334,7 +335,7 @@ public void testRollbackSavePoint() throws Exception { // Unsupported checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.rollback(savepoint); } }); @@ -342,7 +343,7 @@ public void testRollbackSavePoint() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.rollback(savepoint); } }); diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSelfTest.java index 976f2d2e9d537..310b0b951d983 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSelfTest.java @@ -48,7 +48,6 @@ import org.apache.ignite.internal.util.HostAndPortRange; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.testframework.GridStringLogger; -import org.apache.ignite.testframework.GridTestUtils; import org.jetbrains.annotations.NotNull; import org.junit.Test; @@ -65,6 +64,11 @@ import static java.sql.Statement.RETURN_GENERATED_KEYS; import static org.apache.ignite.configuration.ClientConnectorConfiguration.DFLT_PORT; import static org.apache.ignite.internal.processors.odbc.SqlStateCode.TRANSACTION_STATE_EXCEPTION; +import static org.apache.ignite.testframework.GridTestUtils.RunnableX; +import static org.apache.ignite.testframework.GridTestUtils.assertThrows; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsAnyCause; +import static org.apache.ignite.testframework.GridTestUtils.getFieldValue; +import static org.apache.ignite.testframework.GridTestUtils.runMultiThreadedAsync; /** * Connection test. @@ -516,7 +520,7 @@ public void testSchemaSemicolon() throws Exception { private static JdbcThinTcpIo io(Connection conn) throws Exception { JdbcThinConnection conn0 = conn.unwrap(JdbcThinConnection.class); - return GridTestUtils.getFieldValue(conn0, JdbcThinConnection.class, "cliIo"); + return getFieldValue(conn0, JdbcThinConnection.class, "cliIo"); } /** @@ -527,7 +531,7 @@ private static JdbcThinTcpIo io(Connection conn) throws Exception { */ @SuppressWarnings("ThrowableNotThrown") private void assertInvalid(final String url, String errMsg) { - GridTestUtils.assertThrowsAnyCause(log, new Callable() { + assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { DriverManager.getConnection(url); @@ -555,7 +559,7 @@ public void testClose() throws Exception { assert !conn.isValid(2) : "Connection must be closed"; - GridTestUtils.assertThrows(log, new Callable() { + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.isValid(-2); @@ -579,7 +583,7 @@ public void testCreateStatement() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.createStatement(); } }); @@ -617,7 +621,7 @@ public void testCreateStatement2() throws Exception { continue; } - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createStatement(type, concur); @@ -633,7 +637,7 @@ public void testCreateStatement2() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.createStatement(TYPE_FORWARD_ONLY, CONCUR_READ_ONLY); } @@ -676,7 +680,7 @@ public void testCreateStatement3() throws Exception { continue; } - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createStatement(type, concur, holdabililty); @@ -693,7 +697,7 @@ public void testCreateStatement3() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.createStatement(TYPE_FORWARD_ONLY, CONCUR_READ_ONLY, HOLD_CURSORS_OVER_COMMIT); } @@ -708,7 +712,7 @@ public void testCreateStatement3() throws Exception { public void testPrepareStatement() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // null query text - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareStatement(null); @@ -728,7 +732,7 @@ public void testPrepareStatement() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.prepareStatement(sqlText); } }); @@ -758,7 +762,7 @@ public void testPrepareStatement3() throws Exception { assert concur == CONCUR_READ_ONLY; // null query text - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareStatement(null, type, concur); @@ -771,7 +775,7 @@ public void testPrepareStatement3() throws Exception { continue; } - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareStatement(sqlText, type, concur); @@ -787,7 +791,7 @@ public void testPrepareStatement3() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.prepareStatement(sqlText, TYPE_FORWARD_ONLY, CONCUR_READ_ONLY); } }); @@ -823,7 +827,7 @@ public void testPrepareStatement4() throws Exception { assert concur == CONCUR_READ_ONLY; // null query text - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareStatement(null, type, concur, holdabililty); @@ -836,7 +840,7 @@ public void testPrepareStatement4() throws Exception { continue; } - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareStatement(sqlText, type, concur, holdabililty); @@ -853,7 +857,7 @@ public void testPrepareStatement4() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.prepareStatement(sqlText, TYPE_FORWARD_ONLY, CONCUR_READ_ONLY, HOLD_CURSORS_OVER_COMMIT); } }); @@ -870,7 +874,7 @@ public void testPrepareStatementAutoGeneratedKeysUnsupported() throws Exception try (Connection conn = DriverManager.getConnection(URL)) { final String sqlText = "insert into test (val) values (?)"; - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareStatement(sqlText, RETURN_GENERATED_KEYS); @@ -880,7 +884,7 @@ public void testPrepareStatementAutoGeneratedKeysUnsupported() throws Exception "Auto generated keys are not supported." ); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareStatement(sqlText, NO_GENERATED_KEYS); @@ -890,7 +894,7 @@ public void testPrepareStatementAutoGeneratedKeysUnsupported() throws Exception "Auto generated keys are not supported." ); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareStatement(sqlText, new int[] {1}); @@ -900,7 +904,7 @@ public void testPrepareStatementAutoGeneratedKeysUnsupported() throws Exception "Auto generated keys are not supported." ); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareStatement(sqlText, new String[] {"ID"}); @@ -920,7 +924,7 @@ public void testPrepareCallUnsupported() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { final String sqlText = "exec test()"; - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareCall(sqlText); @@ -930,7 +934,7 @@ public void testPrepareCallUnsupported() throws Exception { "Callable functions are not supported." ); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareCall(sqlText, TYPE_FORWARD_ONLY, CONCUR_READ_ONLY); @@ -940,7 +944,7 @@ public void testPrepareCallUnsupported() throws Exception { "Callable functions are not supported." ); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.prepareCall(sqlText, TYPE_FORWARD_ONLY, @@ -960,7 +964,7 @@ public void testPrepareCallUnsupported() throws Exception { public void testNativeSql() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // null query text - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.nativeSQL(null); @@ -978,7 +982,7 @@ public void testNativeSql() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.nativeSQL(sqlText); } }); @@ -1003,7 +1007,7 @@ public void testGetSetAutoCommit() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setAutoCommit(ac0); } }); @@ -1017,7 +1021,7 @@ public void testGetSetAutoCommit() throws Exception { public void testCommit() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // Should not be called in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.commit(); @@ -1032,7 +1036,7 @@ public void testCommit() throws Exception { assertTrue(conn.getAutoCommit()); // Should not be called in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.commit(); @@ -1048,7 +1052,7 @@ public void testCommit() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.commit(); } }); @@ -1062,7 +1066,7 @@ public void testCommit() throws Exception { public void testRollback() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // Should not be called in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.rollback(); @@ -1078,7 +1082,7 @@ public void testRollback() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.rollback(); } }); @@ -1143,7 +1147,7 @@ public void testGetMetaData() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.getMetaData(); } }); @@ -1160,14 +1164,14 @@ public void testGetSetReadOnly() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setReadOnly(true); } }); // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.isReadOnly(); } }); @@ -1192,14 +1196,14 @@ public void testGetSetCatalog() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setCatalog(""); } }); // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.getCatalog(); } }); @@ -1213,7 +1217,7 @@ public void testGetSetCatalog() throws Exception { public void testGetSetTransactionIsolation() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // Invalid parameter value - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @SuppressWarnings("MagicConstant") @Override public Object call() throws Exception { @@ -1243,14 +1247,14 @@ public void testGetSetTransactionIsolation() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.getTransactionIsolation(); } }); // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setTransactionIsolation(TRANSACTION_SERIALIZABLE); } }); @@ -1277,14 +1281,14 @@ public void testClearGetWarnings() throws Exception { // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.getWarnings(); } }); // Exception when called on closed connection checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.clearWarnings(); } }); @@ -1297,7 +1301,7 @@ public void testClearGetWarnings() throws Exception { @Test public void testGetSetTypeMap() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.getTypeMap(); @@ -1307,7 +1311,7 @@ public void testGetSetTypeMap() throws Exception { "Types mapping is not supported" ); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setTypeMap(new HashMap>()); @@ -1322,7 +1326,7 @@ public void testGetSetTypeMap() throws Exception { conn.close(); // Exception when called on closed connection - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.getTypeMap(); @@ -1333,7 +1337,7 @@ public void testGetSetTypeMap() throws Exception { ); // Exception when called on closed connection - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setTypeMap(new HashMap>()); @@ -1363,7 +1367,7 @@ public void testGetSetHoldability() throws Exception { assertEquals(CLOSE_CURSORS_AT_COMMIT, conn.getHoldability()); // Invalid constant - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setHoldability(-1); @@ -1377,7 +1381,7 @@ public void testGetSetHoldability() throws Exception { conn.close(); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.getHoldability(); @@ -1387,7 +1391,7 @@ public void testGetSetHoldability() throws Exception { "Connection is closed" ); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setHoldability(HOLD_CURSORS_OVER_COMMIT); @@ -1410,7 +1414,7 @@ public void testSetSavepoint() throws Exception { assert !conn.getMetaData().supportsSavepoints(); // Disallowed in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setSavepoint(); @@ -1425,7 +1429,7 @@ public void testSetSavepoint() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setSavepoint(); } }); @@ -1441,7 +1445,7 @@ public void testSetSavepointName() throws Exception { assert !conn.getMetaData().supportsSavepoints(); // Invalid arg - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setSavepoint(null); @@ -1456,7 +1460,7 @@ public void testSetSavepointName() throws Exception { final String name = "savepoint"; // Disallowed in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setSavepoint(name); @@ -1471,7 +1475,7 @@ public void testSetSavepointName() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setSavepoint(name); } }); @@ -1487,7 +1491,7 @@ public void testRollbackSavePoint() throws Exception { assert !conn.getMetaData().supportsSavepoints(); // Invalid arg - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.rollback(null); @@ -1502,7 +1506,7 @@ public void testRollbackSavePoint() throws Exception { final Savepoint savepoint = getFakeSavepoint(); // Disallowed in auto-commit mode - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.rollback(savepoint); @@ -1517,7 +1521,7 @@ public void testRollbackSavePoint() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.rollback(savepoint); } }); @@ -1533,7 +1537,7 @@ public void testReleaseSavepoint() throws Exception { assert !conn.getMetaData().supportsSavepoints(); // Invalid arg - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.releaseSavepoint(null); @@ -1548,7 +1552,7 @@ public void testReleaseSavepoint() throws Exception { final Savepoint savepoint = getFakeSavepoint(); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.releaseSavepoint(savepoint); } }); @@ -1556,7 +1560,7 @@ public void testReleaseSavepoint() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.releaseSavepoint(savepoint); } }); @@ -1570,7 +1574,7 @@ public void testReleaseSavepoint() throws Exception { public void testCreateClob() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // Unsupported - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createClob(); @@ -1582,7 +1586,7 @@ public void testCreateClob() throws Exception { conn.close(); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createClob(); @@ -1601,7 +1605,7 @@ public void testCreateClob() throws Exception { public void testCreateBlob() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // Unsupported - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createBlob(); @@ -1613,7 +1617,7 @@ public void testCreateBlob() throws Exception { conn.close(); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createBlob(); @@ -1632,7 +1636,7 @@ public void testCreateBlob() throws Exception { public void testCreateNClob() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // Unsupported - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createNClob(); @@ -1644,7 +1648,7 @@ public void testCreateNClob() throws Exception { conn.close(); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createNClob(); @@ -1663,7 +1667,7 @@ public void testCreateNClob() throws Exception { public void testCreateSQLXML() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // Unsupported - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createSQLXML(); @@ -1675,7 +1679,7 @@ public void testCreateSQLXML() throws Exception { conn.close(); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createSQLXML(); @@ -1707,12 +1711,12 @@ public void testGetSetClientInfoPair() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.getClientInfo(name); } }); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setClientInfo(name, val); @@ -1746,12 +1750,12 @@ public void testGetSetClientInfoProperties() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.getClientInfo(); } }); - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setClientInfo(props); @@ -1773,7 +1777,7 @@ public void testCreateArrayOf() throws Exception { final String[] elements = new String[] {"apple", "pear"}; // Invalid typename - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.createArrayOf(null, null); @@ -1788,7 +1792,7 @@ public void testCreateArrayOf() throws Exception { // Unsupported checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.createArrayOf(typeName, elements); } }); @@ -1796,7 +1800,7 @@ public void testCreateArrayOf() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.createArrayOf(typeName, elements); } }); @@ -1810,7 +1814,7 @@ public void testCreateArrayOf() throws Exception { public void testCreateStruct() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { // Invalid typename - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { return conn.createStruct(null, null); @@ -1825,7 +1829,7 @@ public void testCreateStruct() throws Exception { final Object[] attrs = new Object[] {100, "Tom"}; checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.createStruct(typeName, attrs); } }); @@ -1833,7 +1837,7 @@ public void testCreateStruct() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.createStruct(typeName, attrs); } }); @@ -1861,13 +1865,13 @@ public void testGetSetSchema() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setSchema(schema); } }); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.getSchema(); } }); @@ -1881,7 +1885,7 @@ public void testGetSetSchema() throws Exception { public void testAbort() throws Exception { try (Connection conn = DriverManager.getConnection(URL)) { //Invalid executor - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.abort(null); @@ -1915,7 +1919,7 @@ public void testGetSetNetworkTimeout() throws Exception { final int timeout = 1000; //Invalid timeout - GridTestUtils.assertThrows(log, + assertThrows(log, new Callable() { @Override public Object call() throws Exception { conn.setNetworkTimeout(executor, -1); @@ -1934,13 +1938,13 @@ public void testGetSetNetworkTimeout() throws Exception { conn.close(); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.getNetworkTimeout(); } }); checkConnectionClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { conn.setNetworkTimeout(executor, timeout); } }); @@ -1952,7 +1956,7 @@ public void testGetSetNetworkTimeout() throws Exception { */ @Test public void testInvalidNestedTxMode() { - GridTestUtils.assertThrows(null, new Callable() { + assertThrows(null, new Callable() { @Override public Object call() throws Exception { DriverManager.getConnection(URL + "/?nestedTransactionsMode=invalid"); @@ -1984,7 +1988,7 @@ public void testInvalidNestedTxModeOnServerSide() throws SQLException, NoSuchMet final JdbcThinTcpIo io = (JdbcThinTcpIo)ctor.newInstance(connProps); try { - GridTestUtils.assertThrows(null, new Callable() { + assertThrows(null, new Callable() { @Override public Object call() throws Exception { io.start(); @@ -2003,7 +2007,7 @@ public void testInvalidNestedTxModeOnServerSide() throws SQLException, NoSuchMet */ @Test public void testSslClientAndPlainServer() { - GridTestUtils.assertThrows(log, new Callable() { + assertThrows(log, new Callable() { @Override public Object call() throws Exception { DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + @@ -2030,7 +2034,7 @@ public void testMultithreadingException() throws Exception { final AtomicInteger exCnt = new AtomicInteger(0); try (final Connection conn = DriverManager.getConnection(URL)) { - final IgniteInternalFuture f = GridTestUtils.runMultiThreadedAsync(new Runnable() { + final IgniteInternalFuture f = runMultiThreadedAsync(new Runnable() { @Override public void run() { try { conn.createStatement(); diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinPreparedStatementSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinPreparedStatementSelfTest.java index a29050fee85de..e7c31cbe10f39 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinPreparedStatementSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinPreparedStatementSelfTest.java @@ -41,6 +41,7 @@ import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.testframework.GridTestUtils; +import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.junit.Test; import static java.sql.Types.BIGINT; @@ -799,145 +800,145 @@ public void testNotSupportedTypes() throws Exception { stmt = conn.prepareStatement(""); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setArray(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setAsciiStream(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setAsciiStream(1, null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setAsciiStream(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setBinaryStream(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setBinaryStream(1, null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setBinaryStream(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setBlob(1, (Blob)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setBlob(1, (InputStream)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setBlob(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setCharacterStream(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setCharacterStream(1, null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setCharacterStream(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setClob(1, (Clob)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setClob(1, (Reader)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setClob(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setNCharacterStream(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setNCharacterStream(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setNClob(1, (NClob)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setNClob(1, (Reader)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setNClob(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setRowId(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setRef(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setSQLXML(1, null); } }); diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinResultSetSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinResultSetSelfTest.java index 010a30c2d44f9..33b3a6facdf36 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinResultSetSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinResultSetSelfTest.java @@ -42,11 +42,13 @@ import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.util.typedef.internal.S; -import org.apache.ignite.testframework.GridTestUtils; import org.junit.Test; import static org.apache.ignite.cache.CacheMode.PARTITIONED; import static org.apache.ignite.cache.CacheWriteSynchronizationMode.FULL_SYNC; +import static org.apache.ignite.testframework.GridTestUtils.RunnableX; +import static org.apache.ignite.testframework.GridTestUtils.assertThrows; +import static org.apache.ignite.testframework.GridTestUtils.assertThrowsAnyCause; /** * Result set test. @@ -207,7 +209,7 @@ public void testBoolean() throws Exception { assert rs0.next(); assert !rs0.getBoolean(1); - GridTestUtils.assertThrowsAnyCause(log, new Callable() { + assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { ResultSet rs0 = stmt.executeQuery("select ''"); @@ -218,7 +220,7 @@ public void testBoolean() throws Exception { } }, SQLException.class, "Cannot convert to boolean: "); - GridTestUtils.assertThrowsAnyCause(log, new Callable() { + assertThrowsAnyCause(log, new Callable() { @Override public Void call() throws Exception { ResultSet rs0 = stmt.executeQuery("select 'qwe'"); @@ -687,7 +689,7 @@ public void testTimestamp() throws Exception { */ @Test public void testObjectNotSupported() throws Exception { - GridTestUtils.assertThrowsAnyCause(log, new Callable() { + assertThrowsAnyCause(log, new Callable() { @Override public Object call() throws Exception { stmt.executeQuery("select f1 from TestObject where id = 1"); @@ -750,7 +752,7 @@ public void testFindColumn() throws Exception { assert rs.findColumn("id") == 1; - GridTestUtils.assertThrows( + assertThrows( log, new Callable() { @Override public Object call() throws Exception { @@ -774,133 +776,133 @@ public void testNotSupportedTypes() throws Exception { assert rs.next(); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getArray(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getArray("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getAsciiStream(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getAsciiStream("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getBinaryStream(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getBinaryStream("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getBlob(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getBlob("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getClob(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getClob("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getCharacterStream(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getCharacterStream("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getNCharacterStream(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getNCharacterStream("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getNClob(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getNClob("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getRef(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getRef("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getRowId(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getRowId("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getSQLXML(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getSQLXML("id"); } }); @@ -916,499 +918,499 @@ public void testUpdateNotSupported() throws Exception { assert rs.next(); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBoolean(1, true); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBoolean("id", true); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateByte(1, (byte)0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateByte("id", (byte)0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateShort(1, (short)0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateShort("id", (short)0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateInt(1, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateInt("id", 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateLong(1, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateLong("id", 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateFloat(1, (float)0.0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateFloat("id", (float)0.0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateDouble(1, 0.0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateDouble("id", 0.0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateString(1, ""); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateString("id", ""); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateTime(1, new Time(0)); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateTime("id", new Time(0)); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateDate(1, new Date(0)); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateDate("id", new Date(0)); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateTimestamp(1, new Timestamp(0)); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateTimestamp("id", new Timestamp(0)); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBytes(1, new byte[]{}); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBytes("id", new byte[]{}); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateArray(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateArray("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBlob(1, (Blob)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBlob(1, (InputStream)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBlob(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBlob("id", (Blob)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBlob("id", (InputStream)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBlob("id", null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateClob(1, (Clob)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateClob(1, (Reader)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateClob(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateClob("id", (Clob)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateClob("id", (Reader)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateClob("id", null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNClob(1, (NClob)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNClob(1, (Reader)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNClob(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNClob("id", (NClob)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNClob("id", (Reader)null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNClob("id", null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateAsciiStream(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateAsciiStream(1, null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateAsciiStream(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateAsciiStream("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateAsciiStream("id", null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateAsciiStream("id", null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateCharacterStream(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateCharacterStream(1, null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateCharacterStream(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateCharacterStream("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateCharacterStream("id", null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateCharacterStream("id", null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNCharacterStream(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNCharacterStream(1, null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNCharacterStream(1, null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNCharacterStream("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNCharacterStream("id", null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNCharacterStream("id", null, 0L); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateRef(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateRef("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateRowId(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateRowId("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNString(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNString("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateSQLXML(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateSQLXML("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateObject(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateObject(1, null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateObject("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateObject("id", null, 0); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBigDecimal(1, null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateBigDecimal("id", null); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNull(1); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateNull("id"); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.cancelRowUpdates(); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.updateRow(); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.deleteRow(); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.insertRow(); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.moveToInsertRow(); } }); @@ -1427,235 +1429,235 @@ public void testExceptionOnClosedResultSet() throws Exception { rs.close(); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getBoolean(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getBoolean("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getByte(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getByte("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getShort(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getShort("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getInt(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getInt("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getLong(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getLong("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getFloat(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getFloat("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getDouble(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getDouble("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getString(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getString("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getBytes(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getBytes("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getDate(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getDate(1, new GregorianCalendar()); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getDate("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getDate("id", new GregorianCalendar()); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getTime(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getTime(1, new GregorianCalendar()); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getTime("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getTime("id", new GregorianCalendar()); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getTimestamp(1); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getTimestamp(1, new GregorianCalendar()); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getTimestamp("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getTimestamp("id", new GregorianCalendar()); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.wasNull(); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getMetaData(); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.next(); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.last(); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.afterLast(); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.beforeFirst(); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.first(); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.findColumn("id"); } }); checkResultSetClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { rs.getRow(); } }); diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinStatementSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinStatementSelfTest.java index c18751988196a..e0a2863796a83 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinStatementSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinStatementSelfTest.java @@ -32,6 +32,7 @@ import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.testframework.GridTestUtils; +import org.apache.ignite.testframework.GridTestUtils.RunnableX; import org.junit.Ignore; import static org.apache.ignite.cache.CacheMode.PARTITIONED; @@ -162,7 +163,7 @@ public void testExecuteQuery1() throws Exception { // Call on a closed statement checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.executeQuery(sqlText); } }); @@ -517,7 +518,7 @@ public void testExecuteUpdate() throws Exception { stmt.close(); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.executeUpdate(sqlText); } }); @@ -589,14 +590,14 @@ public void testGetSetMaxFieldSizeUnsupported() throws Exception { // Call on a closed statement checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getMaxFieldSize(); } }); // Call on a closed statement checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setMaxFieldSize(100); } }); @@ -640,14 +641,14 @@ public void testGetSetMaxRows() throws Exception { // Call on a closed statement checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getMaxRows(); } }); // Call on a closed statement checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setMaxRows(maxRows); } }); @@ -684,7 +685,7 @@ public void testSetEscapeProcessing() throws Exception { stmt.close(); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setEscapeProcessing(true); } }); @@ -722,14 +723,14 @@ public void testGetSetQueryTimeout() throws Exception { // Call on a closed statement checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getQueryTimeout(); } }); // Call on a closed statement checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setQueryTimeout(timeout); } }); @@ -755,7 +756,7 @@ public void testMaxFieldSize() throws Exception { ); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setMaxFieldSize(100); } }); @@ -775,13 +776,13 @@ public void testQueryTimeout() throws Exception { stmt.close(); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getQueryTimeout(); } }); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setQueryTimeout(10); } }); @@ -799,13 +800,13 @@ public void testWarningsOnClosedStatement() throws Exception { stmt.close(); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getWarnings(); } }); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.clearWarnings(); } }); @@ -817,7 +818,7 @@ public void testWarningsOnClosedStatement() throws Exception { @org.junit.Test public void testCursorName() throws Exception { checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setCursorName("test"); } }); @@ -825,7 +826,7 @@ public void testCursorName() throws Exception { stmt.close(); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setCursorName("test"); } }); @@ -851,7 +852,7 @@ public void testGetMoreResults() throws Exception { stmt.close(); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getMoreResults(); } }); @@ -881,7 +882,7 @@ public void testGetMoreResults1() throws Exception { stmt.close(); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getMoreResults(Statement.KEEP_CURRENT_RESULT); } }); @@ -925,13 +926,13 @@ public void testFetchDirection() throws Exception { stmt.close(); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.setFetchDirection(-1); } }); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getFetchDirection(); } }); @@ -967,43 +968,43 @@ public void testAutogenerated() throws Exception { assert !conn.getMetaData().supportsGetGeneratedKeys(); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getGeneratedKeys(); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.executeUpdate("select 1", Statement.RETURN_GENERATED_KEYS); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.executeUpdate("select 1", new int[] {1, 2}); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.executeUpdate("select 1", new String[] {"a", "b"}); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.execute("select 1", Statement.RETURN_GENERATED_KEYS); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.execute("select 1", new int[] {1, 2}); } }); checkNotSupported(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.execute("select 1", new String[] {"a", "b"}); } }); From 9872fe5b9a47861f6ae09241882f6e1418b8ec78 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Wed, 17 Apr 2019 15:04:15 +0300 Subject: [PATCH 94/98] IGNITE-9560 English --- .../ignite/internal/processors/security/IgniteSecurity.java | 2 +- .../internal/processors/security/IgniteSecurityProcessor.java | 4 ++-- .../processors/security/NoOpIgniteSecurityProcessor.java | 4 ++-- .../ignite/internal/processors/security/SecurityUtils.java | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java index 14764ab1657ab..ea90299be29ac 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java @@ -58,7 +58,7 @@ public interface IgniteSecurity { /** * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by - * node with given nodeId until holder {@link OperationSecurityContext} will be closed. + * the node with given nodeId until holder {@link OperationSecurityContext} will be closed. * * @param nodeId Node id. * @return Security context holder. diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java index aa3256b0f974a..782b1988b926f 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java @@ -45,7 +45,7 @@ import static org.apache.ignite.internal.processors.security.SecurityUtils.nodeSecurityContext; /** - * Default Grid security Manager implementation. + * Default IgniteSecurity implementation. */ public class IgniteSecurityProcessor implements IgniteSecurity, GridProcessor { /** Internal attribute name constant. */ @@ -63,7 +63,7 @@ public class IgniteSecurityProcessor implements IgniteSecurity, GridProcessor { /** Must use JDK marshaller for Security Subject. */ private final JdkMarshaller marsh; - /** Map of security contexts. Key is node's id. */ + /** Map of security contexts. Key is the node's id. */ private final Map secCtxs = new ConcurrentHashMap<>(); /** diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java index 0615ac044a5ea..7a17dc486f9c4 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java @@ -34,7 +34,7 @@ import static org.apache.ignite.internal.processors.security.IgniteSecurityProcessor.ATTR_GRID_SEC_PROC_CLASS; /** - * No operation Ignite Security Processor. + * No operation IgniteSecurity. */ public class NoOpIgniteSecurityProcessor extends GridProcessorAdapter implements IgniteSecurity { /** No operation security context. */ @@ -114,7 +114,7 @@ public NoOpIgniteSecurityProcessor(GridKernalContext ctx) { } /** - * Validates that remote node's grid security processor class is undefined. + * Validates that remote the node's grid security processor class is undefined. * * @param node Joining node. * @return Validation result or {@code null} in case of success. diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java index 41d2ce9ea07d4..b9a5215866764 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java @@ -93,7 +93,7 @@ public static Map> compatibleServicePermi } /** - * Getting node's security context. + * Gets the node's security context. * * @param marsh Marshaller. * @param ldr Class loader. From 99ed2a0e3fd28eca600fece5a0bb3513a512e013 Mon Sep 17 00:00:00 2001 From: Petrov Mikhail <32207922+ololo3000@users.noreply.github.com> Date: Wed, 17 Apr 2019 16:02:18 +0300 Subject: [PATCH 95/98] IGNITE-9560 Explicit plugin configuration added. (#17) * IGNITE-9560 Explicit plugin configuration added. * IGNITE-9560 pluginConfiguration method was deprecated. * IGNITE-9560 Added explicit test security plugin provider passing. --- .../configuration/IgniteConfiguration.java | 30 ++++++++++++ .../apache/ignite/internal/IgniteKernal.java | 3 +- .../org.apache.ignite.plugin.PluginProvider | 3 +- .../security/AbstractSecurityTest.java | 3 +- .../impl/TestSecurityProcessorProvider.java | 47 +++++++++---------- 5 files changed, 57 insertions(+), 29 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java b/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java index 1ded4862d9a84..ae115e2e6331b 100644 --- a/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java +++ b/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java @@ -397,6 +397,7 @@ public class IgniteConfiguration { private TransactionConfiguration txCfg = new TransactionConfiguration(); /** */ + @Deprecated private PluginConfiguration[] pluginCfgs; /** Flag indicating whether cache sanity check is enabled. */ @@ -530,6 +531,9 @@ public class IgniteConfiguration { /** SQL schemas to be created on node start. */ private String[] sqlSchemas; + /** Plugin providers. */ + private PluginProvider[] plugins; + /** * Creates valid grid configuration with all default values. */ @@ -622,6 +626,7 @@ public IgniteConfiguration(IgniteConfiguration cfg) { p2pPoolSize = cfg.getPeerClassLoadingThreadPoolSize(); platformCfg = cfg.getPlatformConfiguration(); pluginCfgs = cfg.getPluginConfigurations(); + plugins = cfg.getPlugins(); pubPoolSize = cfg.getPublicThreadPoolSize(); qryPoolSize = cfg.getQueryThreadPoolSize(); rebalanceThreadPoolSize = cfg.getRebalanceThreadPoolSize(); @@ -2846,6 +2851,7 @@ public IgniteConfiguration setTransactionConfiguration(TransactionConfiguration * @return Plugin configurations. * @see PluginProvider */ + @Deprecated public PluginConfiguration[] getPluginConfigurations() { return pluginCfgs; } @@ -2856,7 +2862,10 @@ public PluginConfiguration[] getPluginConfigurations() { * @param pluginCfgs Plugin configurations. * @return {@code this} for chaining. * @see PluginProvider + * @deprecated Since {@link PluginProvider}s can be setted explicitly via {@link #setPlugins(PluginProvider[])} + * it's preferable to store {@link PluginConfiguration} as a part of {@link PluginProvider}. */ + @Deprecated public IgniteConfiguration setPluginConfigurations(PluginConfiguration... pluginCfgs) { this.pluginCfgs = pluginCfgs; @@ -3198,6 +3207,27 @@ public IgniteConfiguration setSqlSchemas(String... sqlSchemas) { return this; } + /** + * Gets plugin providers. + * + * @return Plugin providers. + */ + public PluginProvider[] getPlugins() { + return plugins; + } + + /** + * Sets plugin providers. + * + * @param plugins Plugin providers. + * @return {@code this} for chaining. + */ + public IgniteConfiguration setPlugins(PluginProvider... plugins) { + this.plugins = plugins; + + return this; + } + /** {@inheritDoc} */ @Override public String toString() { return S.toString(IgniteConfiguration.class, this); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index f477c91cbe642..488ed243a0bc2 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -887,7 +887,8 @@ public void start( // Ack configuration. ackSpis(); - List plugins = U.allPluginProviders(); + List plugins = cfg.getPlugins() == null || cfg.getPlugins().length == 0 ? + U.allPluginProviders() : Arrays.asList(cfg.getPlugins()); // Spin out SPIs & managers. try { diff --git a/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider b/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider index 5e51c7a2cc656..6bca88f3d4065 100644 --- a/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider +++ b/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider @@ -1,5 +1,4 @@ -org.apache.ignite.internal.processors.security.impl.TestSecurityProcessorProvider org.apache.ignite.internal.processors.cache.persistence.standbycluster.IgniteStandByClusterTest$StanByClusterTestProvider org.apache.ignite.internal.processors.cache.persistence.wal.memtracker.PageMemoryTrackerPluginProvider org.apache.ignite.internal.processors.configuration.distributed.TestDistibutedConfigurationPlugin -org.apache.ignite.plugin.NodeValidationPluginProvider \ No newline at end of file +org.apache.ignite.plugin.NodeValidationPluginProvider diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java index 165c46a3e2d76..823a884ce4edc 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -25,6 +25,7 @@ import org.apache.ignite.internal.processors.security.impl.TestSecurityData; import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginConfiguration; import org.apache.ignite.internal.processors.security.impl.TestSecurityProcessor; +import org.apache.ignite.internal.processors.security.impl.TestSecurityProcessorProvider; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; @@ -60,7 +61,7 @@ protected IgniteConfiguration getConfiguration(String instanceName, ) ) .setAuthenticationEnabled(true) - .setPluginConfigurations(secCfg); + .setPlugins(new TestSecurityProcessorProvider(secCfg)); } /** diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java index 1ff5a201af204..6d29b656d4884 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java @@ -18,16 +18,15 @@ package org.apache.ignite.internal.processors.security.impl; import java.io.Serializable; +import java.util.Objects; import java.util.UUID; import org.apache.ignite.cluster.ClusterNode; -import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.plugin.CachePluginContext; import org.apache.ignite.plugin.CachePluginProvider; import org.apache.ignite.plugin.ExtensionRegistry; import org.apache.ignite.plugin.IgnitePlugin; -import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.PluginContext; import org.apache.ignite.plugin.PluginProvider; import org.apache.ignite.plugin.PluginValidationException; @@ -37,6 +36,16 @@ * Security processor provider for tests. */ public class TestSecurityProcessorProvider implements PluginProvider { + /** Security plugin configuration. */ + TestSecurityPluginConfiguration cfg; + + /** + * @param cfg Plugin configuration. + */ + public TestSecurityProcessorProvider(TestSecurityPluginConfiguration cfg) { + this.cfg = Objects.requireNonNull(cfg); + } + /** {@inheritDoc} */ @Override public String name() { return "TestSecurityProcessorProvider"; @@ -66,29 +75,8 @@ public class TestSecurityProcessorProvider implements PluginProvider { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public @Nullable Object createComponent(PluginContext ctx, Class cls) { - if (cls.isAssignableFrom(GridSecurityProcessor.class)) { - TestSecurityPluginConfiguration cfg = secProcBuilder(ctx); - - return cfg != null ? cfg.build(((IgniteEx)ctx.grid()).context()) : null; - } - - return null; - } - - /** - * Gets security processor builder. - * - * @param ctx Context. - */ - private TestSecurityPluginConfiguration secProcBuilder(PluginContext ctx){ - IgniteConfiguration igniteCfg = ctx.igniteConfiguration(); - - if (igniteCfg.getPluginConfigurations() != null) { - for (PluginConfiguration pluginCfg : igniteCfg.getPluginConfigurations()) { - if (pluginCfg instanceof TestSecurityPluginConfiguration) - return (TestSecurityPluginConfiguration)pluginCfg; - } - } + if (cls.isAssignableFrom(GridSecurityProcessor.class)) + return cfg.build(((IgniteEx)ctx.grid()).context()); return null; } @@ -132,4 +120,13 @@ private TestSecurityPluginConfiguration secProcBuilder(PluginContext ctx){ @Override public void validateNewNode(ClusterNode node) throws PluginValidationException { // No-op. } + + /** + * Gets plugin configuration. + * + * @return Plugin configuration. + */ + public TestSecurityPluginConfiguration getConfiguration() { + return cfg; + } } From 7e6688878a67b0d9bfbdee25ce2c6e090251cee2 Mon Sep 17 00:00:00 2001 From: Denis Garus Date: Wed, 17 Apr 2019 21:02:54 +0300 Subject: [PATCH 96/98] IGNITE-9560 fix tests (#19) --- .../DynamicIndexAbstractBasicSelfTest.java | 41 ++++++++++++------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractBasicSelfTest.java b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractBasicSelfTest.java index cbe7d5dbb73f9..0e2867f2dc1a2 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractBasicSelfTest.java +++ b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/index/DynamicIndexAbstractBasicSelfTest.java @@ -23,6 +23,7 @@ import java.util.concurrent.Callable; import javax.cache.CacheException; import org.apache.ignite.Ignite; +import org.apache.ignite.IgniteException; import org.apache.ignite.Ignition; import org.apache.ignite.cache.CacheAtomicityMode; import org.apache.ignite.cache.CacheMode; @@ -1444,22 +1445,15 @@ private static void assertIgniteSqlException(Runnable r, String msg, int expCode try { r.run(); } - catch (CacheException e) { - Throwable cause = e.getCause(); - - assertTrue(cause != null); - assertTrue("Unexpected cause: " + cause.getClass().getName(), cause instanceof IgniteSQLException); - - IgniteSQLException cause0 = (IgniteSQLException)cause; - - int code = cause0.statusCode(); + catch (IgniteException ie){ + assertTrue("Unexpected exception: " + ie, ie.getCause() instanceof CacheException); - assertEquals("Unexpected error code [expected=" + expCode + ", actual=" + code + - ", msg=" + cause.getMessage() + ']', expCode, code); + checkCacheException(msg, expCode, (CacheException)ie.getCause()); - if (msg != null) - assertEquals("Unexpected error message [expected=" + msg + ", actual=" + cause0.getMessage() + ']', - msg, cause0.getMessage()); + return; + } + catch (CacheException e) { + checkCacheException(msg, expCode, e); return; } @@ -1470,6 +1464,25 @@ private static void assertIgniteSqlException(Runnable r, String msg, int expCode fail(IgniteSQLException.class.getSimpleName() + " is not thrown."); } + /** */ + private static void checkCacheException(String msg, int expCode, CacheException e) { + Throwable cause = e.getCause(); + + assertTrue(cause != null); + assertTrue("Unexpected cause: " + cause.getClass().getName(), cause instanceof IgniteSQLException); + + IgniteSQLException cause0 = (IgniteSQLException)cause; + + int code = cause0.statusCode(); + + assertEquals("Unexpected error code [expected=" + expCode + ", actual=" + code + + ", msg=" + cause.getMessage() + ']', expCode, code); + + if (msg != null) + assertEquals("Unexpected error message [expected=" + msg + ", actual=" + cause0.getMessage() + ']', + msg, cause0.getMessage()); + } + /** * Synchronously create index. * From 1a32bc27958822108daf3c7c03adeee072899e5c Mon Sep 17 00:00:00 2001 From: Denis Garus Date: Thu, 18 Apr 2019 11:41:18 +0300 Subject: [PATCH 97/98] Revert "IGNITE-9560 Explicit plugin configuration added. (#17)" (#20) This reverts commit 99ed2a0e3fd28eca600fece5a0bb3513a512e013. --- .../configuration/IgniteConfiguration.java | 30 ------------ .../apache/ignite/internal/IgniteKernal.java | 3 +- .../org.apache.ignite.plugin.PluginProvider | 3 +- .../security/AbstractSecurityTest.java | 3 +- .../impl/TestSecurityProcessorProvider.java | 47 ++++++++++--------- 5 files changed, 29 insertions(+), 57 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java b/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java index ae115e2e6331b..1ded4862d9a84 100644 --- a/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java +++ b/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java @@ -397,7 +397,6 @@ public class IgniteConfiguration { private TransactionConfiguration txCfg = new TransactionConfiguration(); /** */ - @Deprecated private PluginConfiguration[] pluginCfgs; /** Flag indicating whether cache sanity check is enabled. */ @@ -531,9 +530,6 @@ public class IgniteConfiguration { /** SQL schemas to be created on node start. */ private String[] sqlSchemas; - /** Plugin providers. */ - private PluginProvider[] plugins; - /** * Creates valid grid configuration with all default values. */ @@ -626,7 +622,6 @@ public IgniteConfiguration(IgniteConfiguration cfg) { p2pPoolSize = cfg.getPeerClassLoadingThreadPoolSize(); platformCfg = cfg.getPlatformConfiguration(); pluginCfgs = cfg.getPluginConfigurations(); - plugins = cfg.getPlugins(); pubPoolSize = cfg.getPublicThreadPoolSize(); qryPoolSize = cfg.getQueryThreadPoolSize(); rebalanceThreadPoolSize = cfg.getRebalanceThreadPoolSize(); @@ -2851,7 +2846,6 @@ public IgniteConfiguration setTransactionConfiguration(TransactionConfiguration * @return Plugin configurations. * @see PluginProvider */ - @Deprecated public PluginConfiguration[] getPluginConfigurations() { return pluginCfgs; } @@ -2862,10 +2856,7 @@ public PluginConfiguration[] getPluginConfigurations() { * @param pluginCfgs Plugin configurations. * @return {@code this} for chaining. * @see PluginProvider - * @deprecated Since {@link PluginProvider}s can be setted explicitly via {@link #setPlugins(PluginProvider[])} - * it's preferable to store {@link PluginConfiguration} as a part of {@link PluginProvider}. */ - @Deprecated public IgniteConfiguration setPluginConfigurations(PluginConfiguration... pluginCfgs) { this.pluginCfgs = pluginCfgs; @@ -3207,27 +3198,6 @@ public IgniteConfiguration setSqlSchemas(String... sqlSchemas) { return this; } - /** - * Gets plugin providers. - * - * @return Plugin providers. - */ - public PluginProvider[] getPlugins() { - return plugins; - } - - /** - * Sets plugin providers. - * - * @param plugins Plugin providers. - * @return {@code this} for chaining. - */ - public IgniteConfiguration setPlugins(PluginProvider... plugins) { - this.plugins = plugins; - - return this; - } - /** {@inheritDoc} */ @Override public String toString() { return S.toString(IgniteConfiguration.class, this); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index 488ed243a0bc2..f477c91cbe642 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -887,8 +887,7 @@ public void start( // Ack configuration. ackSpis(); - List plugins = cfg.getPlugins() == null || cfg.getPlugins().length == 0 ? - U.allPluginProviders() : Arrays.asList(cfg.getPlugins()); + List plugins = U.allPluginProviders(); // Spin out SPIs & managers. try { diff --git a/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider b/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider index 6bca88f3d4065..5e51c7a2cc656 100644 --- a/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider +++ b/modules/core/src/test/java/META-INF/services/org.apache.ignite.plugin.PluginProvider @@ -1,4 +1,5 @@ +org.apache.ignite.internal.processors.security.impl.TestSecurityProcessorProvider org.apache.ignite.internal.processors.cache.persistence.standbycluster.IgniteStandByClusterTest$StanByClusterTestProvider org.apache.ignite.internal.processors.cache.persistence.wal.memtracker.PageMemoryTrackerPluginProvider org.apache.ignite.internal.processors.configuration.distributed.TestDistibutedConfigurationPlugin -org.apache.ignite.plugin.NodeValidationPluginProvider +org.apache.ignite.plugin.NodeValidationPluginProvider \ No newline at end of file diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java index 823a884ce4edc..165c46a3e2d76 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/AbstractSecurityTest.java @@ -25,7 +25,6 @@ import org.apache.ignite.internal.processors.security.impl.TestSecurityData; import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginConfiguration; import org.apache.ignite.internal.processors.security.impl.TestSecurityProcessor; -import org.apache.ignite.internal.processors.security.impl.TestSecurityProcessorProvider; import org.apache.ignite.plugin.security.SecurityPermission; import org.apache.ignite.plugin.security.SecurityPermissionSet; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; @@ -61,7 +60,7 @@ protected IgniteConfiguration getConfiguration(String instanceName, ) ) .setAuthenticationEnabled(true) - .setPlugins(new TestSecurityProcessorProvider(secCfg)); + .setPluginConfigurations(secCfg); } /** diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java index 6d29b656d4884..1ff5a201af204 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessorProvider.java @@ -18,15 +18,16 @@ package org.apache.ignite.internal.processors.security.impl; import java.io.Serializable; -import java.util.Objects; import java.util.UUID; import org.apache.ignite.cluster.ClusterNode; +import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteEx; import org.apache.ignite.internal.processors.security.GridSecurityProcessor; import org.apache.ignite.plugin.CachePluginContext; import org.apache.ignite.plugin.CachePluginProvider; import org.apache.ignite.plugin.ExtensionRegistry; import org.apache.ignite.plugin.IgnitePlugin; +import org.apache.ignite.plugin.PluginConfiguration; import org.apache.ignite.plugin.PluginContext; import org.apache.ignite.plugin.PluginProvider; import org.apache.ignite.plugin.PluginValidationException; @@ -36,16 +37,6 @@ * Security processor provider for tests. */ public class TestSecurityProcessorProvider implements PluginProvider { - /** Security plugin configuration. */ - TestSecurityPluginConfiguration cfg; - - /** - * @param cfg Plugin configuration. - */ - public TestSecurityProcessorProvider(TestSecurityPluginConfiguration cfg) { - this.cfg = Objects.requireNonNull(cfg); - } - /** {@inheritDoc} */ @Override public String name() { return "TestSecurityProcessorProvider"; @@ -75,8 +66,29 @@ public TestSecurityProcessorProvider(TestSecurityPluginConfiguration cfg) { /** {@inheritDoc} */ @SuppressWarnings("unchecked") @Override public @Nullable Object createComponent(PluginContext ctx, Class cls) { - if (cls.isAssignableFrom(GridSecurityProcessor.class)) - return cfg.build(((IgniteEx)ctx.grid()).context()); + if (cls.isAssignableFrom(GridSecurityProcessor.class)) { + TestSecurityPluginConfiguration cfg = secProcBuilder(ctx); + + return cfg != null ? cfg.build(((IgniteEx)ctx.grid()).context()) : null; + } + + return null; + } + + /** + * Gets security processor builder. + * + * @param ctx Context. + */ + private TestSecurityPluginConfiguration secProcBuilder(PluginContext ctx){ + IgniteConfiguration igniteCfg = ctx.igniteConfiguration(); + + if (igniteCfg.getPluginConfigurations() != null) { + for (PluginConfiguration pluginCfg : igniteCfg.getPluginConfigurations()) { + if (pluginCfg instanceof TestSecurityPluginConfiguration) + return (TestSecurityPluginConfiguration)pluginCfg; + } + } return null; } @@ -120,13 +132,4 @@ public TestSecurityProcessorProvider(TestSecurityPluginConfiguration cfg) { @Override public void validateNewNode(ClusterNode node) throws PluginValidationException { // No-op. } - - /** - * Gets plugin configuration. - * - * @return Plugin configuration. - */ - public TestSecurityPluginConfiguration getConfiguration() { - return cfg; - } } From 7799dae63fe26b39d0ffac8cfa648dc447166d80 Mon Sep 17 00:00:00 2001 From: "d.garus" Date: Fri, 19 Apr 2019 16:27:26 +0300 Subject: [PATCH 98/98] IGNITE-9560 fix clients tests --- .../org/apache/ignite/jdbc/thin/JdbcThinStatementSelfTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinStatementSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinStatementSelfTest.java index 342a8cc6aa7ee..e4ed1e3806aa7 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinStatementSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinStatementSelfTest.java @@ -893,7 +893,7 @@ public void testGetMoreResultsKeepCurrent() throws Exception { stmt.close(); checkStatementClosed(new RunnableX() { - @Override public void run() throws Exception { + @Override public void runx() throws Exception { stmt.getMoreResults(Statement.KEEP_CURRENT_RESULT); } });