# IGNITE-222: Moved security facede to enterprise.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/70c8eeb6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/70c8eeb6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/70c8eeb6 Branch: refs/heads/ignite-204 Commit: 70c8eeb6d73a77018945fa47690cd1c07ebf2f91 Parents: 69772c7 Author: vozerov-gridgain <voze...@gridgain.com> Authored: Wed Feb 11 13:36:35 2015 +0300 Committer: vozerov-gridgain <voze...@gridgain.com> Committed: Wed Feb 11 13:36:35 2015 +0300 ---------------------------------------------------------------------- .../src/main/java/org/apache/ignite/Ignite.java | 7 -- .../apache/ignite/internal/IgniteKernal.java | 11 --- .../internal/managers/GridManagerAdapter.java | 14 ++- .../managers/security/GridSecurityImpl.java | 95 ------------------- .../optimized/optimized-classnames.properties | 2 +- .../ignite/plugin/security/GridSecurity.java | 97 -------------------- .../plugin/security/GridSecuritySubject.java | 1 - .../ignite/testframework/junits/IgniteMock.java | 5 - .../org/apache/ignite/IgniteSpringBean.java | 7 -- 9 files changed, 13 insertions(+), 226 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/70c8eeb6/modules/core/src/main/java/org/apache/ignite/Ignite.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/Ignite.java b/modules/core/src/main/java/org/apache/ignite/Ignite.java index 26bb08e..80f4aa6 100644 --- a/modules/core/src/main/java/org/apache/ignite/Ignite.java +++ b/modules/core/src/main/java/org/apache/ignite/Ignite.java @@ -190,13 +190,6 @@ public interface Ignite extends AutoCloseable { public IgniteScheduler scheduler(); /** - * Gets an instance of {@code GridSecurity} interface. Available in enterprise edition only. - * - * @return Instance of {@code GridSecurity} interface. - */ - public GridSecurity security(); - - /** * Gets the cache instance for the given name, if one does not * exist {@link IllegalArgumentException} will be thrown. * Note that in case named cache instance is used as GGFS data or meta cache, {@link IllegalStateException} http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/70c8eeb6/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index 5181bcc..620b1fe 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -206,10 +206,6 @@ public class IgniteKernal extends ClusterGroupAdapter implements IgniteEx, Ignit @GridToStringExclude private IgniteScheduler scheduler; - /** Grid security instance. */ - @GridToStringExclude - private GridSecurity security; - /** Kernal gateway. */ @GridToStringExclude private final AtomicReference<GridKernalGateway> gw = new AtomicReference<>(); @@ -762,8 +758,6 @@ public class IgniteKernal extends ClusterGroupAdapter implements IgniteEx, Ignit provider.start(ctx.plugins().pluginContextForProvider(provider), attrs); } - security = new GridSecurityImpl(ctx); - gw.writeLock(); try { @@ -3187,11 +3181,6 @@ public class IgniteKernal extends ClusterGroupAdapter implements IgniteEx, Ignit } /** {@inheritDoc} */ - @Override public GridSecurity security() { - return security; - } - - /** {@inheritDoc} */ @Override public Collection<String> compatibleVersions() { return compatibleVers; } http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/70c8eeb6/modules/core/src/main/java/org/apache/ignite/internal/managers/GridManagerAdapter.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/GridManagerAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/GridManagerAdapter.java index 771b352..d85f25e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/GridManagerAdapter.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/GridManagerAdapter.java @@ -500,11 +500,21 @@ public abstract class GridManagerAdapter<T extends IgniteSpi> implements GridMan } @Override public Collection<GridSecuritySubject> authenticatedSubjects() { - return ctx.grid().security().authenticatedSubjects(); + try { + return ctx.security().authenticatedSubjects(); + } + catch (IgniteCheckedException e) { + throw U.convertException(e); + } } @Override public GridSecuritySubject authenticatedSubject(UUID subjId) { - return ctx.grid().security().authenticatedSubject(subjId); + try { + return ctx.security().authenticatedSubject(subjId); + } + catch (IgniteCheckedException e) { + throw U.convertException(e); + } } @SuppressWarnings("unchecked") http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/70c8eeb6/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityImpl.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityImpl.java deleted file mode 100644 index 8b1edf7..0000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityImpl.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.managers.security; - -import org.apache.ignite.*; -import org.apache.ignite.internal.*; -import org.apache.ignite.internal.util.typedef.internal.*; -import org.apache.ignite.plugin.security.*; - -import java.io.*; -import java.util.*; - -/** - * Implementation of grid security interface. - */ -public class GridSecurityImpl implements GridSecurity, Externalizable { - /** */ - private static final long serialVersionUID = 0L; - - /** Security manager. */ - private GridSecurityManager secMgr; - - /** Context. */ - private GridKernalContext ctx; - - /** - * Required by {@link Externalizable}. - */ - public GridSecurityImpl() { - // No-op. - } - - /** - * @param ctx Context. - */ - public GridSecurityImpl(GridKernalContext ctx) { - this.secMgr = ctx.security(); - this.ctx = ctx; - } - - /** {@inheritDoc} */ - @Override public Collection<GridSecuritySubject> authenticatedSubjects() throws IgniteException { - try { - return secMgr.authenticatedSubjects(); - } - catch (IgniteCheckedException e) { - throw U.convertException(e); - } - } - - /** {@inheritDoc} */ - @Override public GridSecuritySubject authenticatedSubject(UUID subjId) throws IgniteException { - try { - return secMgr.authenticatedSubject(subjId); - } - catch (IgniteCheckedException e) { - throw U.convertException(e); - } - } - - /** {@inheritDoc} */ - @Override public void writeExternal(ObjectOutput out) throws IOException { - out.writeObject(ctx); - } - - /** {@inheritDoc} */ - @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { - ctx = (GridKernalContext)in.readObject(); - } - - /** - * Reconstructs object on unmarshalling. - * - * @return Reconstructed object. - * @throws ObjectStreamException Thrown in case of unmarshalling error. - */ - private Object readResolve() throws ObjectStreamException { - return ctx.grid().security(); - } -} http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/70c8eeb6/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties b/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties index e6ece60..1e50af4 100644 --- a/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties +++ b/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties @@ -278,7 +278,7 @@ org.apache.ignite.internal.managers.indexing.GridIndexingManager$1 org.apache.ignite.internal.managers.loadbalancer.GridLoadBalancerManager$1 org.apache.ignite.internal.managers.security.GridAllowAllPermissionSet org.apache.ignite.internal.managers.security.GridSecurityContext -org.apache.ignite.internal.managers.security.GridSecurityImpl +org.gridgain.grid.kernal.processors.security.GridSecurityImpl org.apache.ignite.internal.managers.security.GridSecuritySubjectAdapter org.apache.ignite.internal.processors.affinity.GridAffinityAssignment org.apache.ignite.internal.processors.affinity.GridAffinityAssignmentCache$AffinityReadyFuture http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/70c8eeb6/modules/core/src/main/java/org/apache/ignite/plugin/security/GridSecurity.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/plugin/security/GridSecurity.java b/modules/core/src/main/java/org/apache/ignite/plugin/security/GridSecurity.java deleted file mode 100644 index bf70055..0000000 --- a/modules/core/src/main/java/org/apache/ignite/plugin/security/GridSecurity.java +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.plugin.security; - -import org.apache.ignite.*; - -import java.util.*; - -/** - * Grid security facade. This facade contains information about authenticated subjects - * currently logged in to grid together with their permission sets. - * <p> - * You can get an instance of security facade from {@link org.apache.ignite.Ignite#security()} method. - * <h1 class="header">Grid Nodes vs Remote Clients</h1> - * When security is enabled, both grid nodes and remote clients must be authenticated. - * For grid nodes, authentication parameters are specified in grid configuration via - * {@link org.apache.ignite.configuration.IgniteConfiguration#getSecurityCredentialsProvider()} provider. Here is an example - * of how a simple user name and password may be provided: - * <pre class="brush: java"> - * GridConfiguration cfg = new GridConfiguration(); - * - * GridSecurityCredentials creds = new GridSecurityCredentials("username", "password"); - * - * cfg.setSecurityCredentialsProvider(new GridSecurityCredentialsBasicProvider(creds)); - * - * Grid grid = Ignition.start(cfg); - * </pre> - * For remote Java client, configuration is provided in a similar way by specifying - * {@code GridClientConfiguration.setSecurityCredentialsProvider(...)} property. - * <p> - * For remote C++ and .NET clients, security credentials are provided in configuration - * as well in the form of {@code "username:password"} string. - * <h1 class="header">Authentication And Authorization</h1> - * Node or client authentication happens in {@link org.apache.ignite.spi.authentication.AuthenticationSpi}. Upon successful - * authentication, the SPI will return list of permissions for authenticated subject. - * <p> - * Ignite ships with following authentication SPIs out of the box: - * <ul> - * <li>{@code GridJaasAuthenticationSpi} - provides authentication based on JAAS standard.</li> - * <li>{@code GridPasscodeAuthenticationSpi} - basic username and password authentication.</li> - * </ul> - * All permissions supported by Ignite are provided in {@link GridSecurityPermission} enum. Permissions - * are specified on per-cache or per-task level (wildcards are allowed). Authentication SPIs should usually - * (although not required) specify security permissions in the following JSON format: - * <pre class="brush: text"> - * { - * { - * "cache":"partitioned", - * "permissions":["CACHE_PUT", "CACHE_REMOVE", "CACHE_READ"] - * }, - * { - * "cache":"*", - * "permissions":["CACHE_READ"] - * }, - * { - * "task":"org.mytasks.*", - * "permissions":["TASK_EXECUTE"] - * }, - * { - * "system":["EVENTS_ENABLE", "ADMIN_VIEW"] - * } - * "defaultAllow":"false" - * } - * </pre> - * Refer to documentation of available authentication SPIs for more information. - */ -public interface GridSecurity { - /** - * Gets collection of authenticated subjects together with their permissions. - * - * @return Collection of authenticated subjects. - */ - public Collection<GridSecuritySubject> authenticatedSubjects() throws IgniteException; - - /** - * Gets security subject based on subject ID. - * - * @param subjId Subject ID. - * @return Authorized security subject. - */ - public GridSecuritySubject authenticatedSubject(UUID subjId) throws IgniteException; -} http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/70c8eeb6/modules/core/src/main/java/org/apache/ignite/plugin/security/GridSecuritySubject.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/plugin/security/GridSecuritySubject.java b/modules/core/src/main/java/org/apache/ignite/plugin/security/GridSecuritySubject.java index 7b1b9cf..b55e282 100644 --- a/modules/core/src/main/java/org/apache/ignite/plugin/security/GridSecuritySubject.java +++ b/modules/core/src/main/java/org/apache/ignite/plugin/security/GridSecuritySubject.java @@ -23,7 +23,6 @@ import java.util.*; /** * Security subject representing authenticated node or client with a set of permissions. - * List of authenticated subjects can be retrieved from {@link GridSecurity#authenticatedSubjects()} method. */ public interface GridSecuritySubject extends Serializable { /** http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/70c8eeb6/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java ---------------------------------------------------------------------- diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java b/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java index 19ea250..56995ff 100644 --- a/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java +++ b/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java @@ -163,11 +163,6 @@ public class IgniteMock implements Ignite { } /** {@inheritDoc} */ - @Override public GridSecurity security() { - return null; - } - - /** {@inheritDoc} */ @Override public <K, V> GridCache<K, V> cache(@Nullable String name) { return null; } http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/70c8eeb6/modules/spring/src/main/java/org/apache/ignite/IgniteSpringBean.java ---------------------------------------------------------------------- diff --git a/modules/spring/src/main/java/org/apache/ignite/IgniteSpringBean.java b/modules/spring/src/main/java/org/apache/ignite/IgniteSpringBean.java index 6a46da1..031d73e 100644 --- a/modules/spring/src/main/java/org/apache/ignite/IgniteSpringBean.java +++ b/modules/spring/src/main/java/org/apache/ignite/IgniteSpringBean.java @@ -235,13 +235,6 @@ public class IgniteSpringBean implements Ignite, DisposableBean, InitializingBea } /** {@inheritDoc} */ - @Override public GridSecurity security() { - assert g != null; - - return g.security(); - } - - /** {@inheritDoc} */ @Override public String name() { assert g != null;
