#ignite-189: wip
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/54f90f89 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/54f90f89 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/54f90f89 Branch: refs/heads/ignite-189 Commit: 54f90f893112a47ec75ca7365e2d06ae818bd9d4 Parents: 24b46dc Author: ivasilinets <ivasilin...@gridgain.com> Authored: Wed Feb 11 19:04:46 2015 +0300 Committer: ivasilinets <ivasilin...@gridgain.com> Committed: Wed Feb 11 19:04:46 2015 +0300 ---------------------------------------------------------------------- .../configuration/IgniteConfiguration.java | 29 ----- .../apache/ignite/internal/IgniteKernal.java | 14 -- .../ignite/internal/IgniteNodeAttributes.java | 4 + .../org/apache/ignite/internal/IgnitionEx.java | 8 -- .../processors/GridProcessorAdapter.java | 3 + .../ignite/internal/util/IgniteUtils.java | 12 ++ .../visor/node/VisorSpisConfiguration.java | 1 - .../org/apache/ignite/mxbean/IgniteMXBean.java | 9 -- .../org/apache/ignite/spi/IgniteSpiAdapter.java | 128 +++++++++++++++++++ .../spi/securesession/SecureSessionSpi.java | 92 ------------- .../noop/NoopSecureSessionMBean.java | 29 +++++ .../noop/NoopSecureSessionSpi.java | 123 ------------------ .../noop/NoopSecureSessionSpiMBean.java | 29 ----- 13 files changed, 176 insertions(+), 305 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java b/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java index d207115..4467a76 100644 --- a/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java +++ b/modules/core/src/main/java/org/apache/ignite/configuration/IgniteConfiguration.java @@ -31,7 +31,6 @@ import org.apache.ignite.streamer.*; import org.apache.ignite.plugin.security.*; import org.apache.ignite.plugin.segmentation.*; import org.apache.ignite.services.*; -import org.apache.ignite.spi.authentication.*; import org.apache.ignite.spi.checkpoint.*; import org.apache.ignite.spi.collision.*; import org.apache.ignite.spi.communication.*; @@ -39,11 +38,8 @@ import org.apache.ignite.spi.deployment.*; import org.apache.ignite.spi.discovery.*; import org.apache.ignite.spi.eventstorage.*; import org.apache.ignite.spi.failover.*; -import org.apache.ignite.spi.indexing.*; import org.apache.ignite.spi.loadbalancing.*; -import org.apache.ignite.spi.securesession.*; import org.apache.ignite.spi.swapspace.*; -import org.apache.ignite.streamer.*; import javax.management.*; import java.lang.management.*; @@ -299,9 +295,6 @@ public class IgniteConfiguration { /** Collision SPI. */ private CollisionSpi colSpi; - /** Secure session SPI. */ - private SecureSessionSpi sesSpi; - /** Deployment SPI. */ private DeploymentSpi deploySpi; @@ -439,7 +432,6 @@ public class IgniteConfiguration { cpSpi = cfg.getCheckpointSpi(); colSpi = cfg.getCollisionSpi(); failSpi = cfg.getFailoverSpi(); - sesSpi = cfg.getSecureSessionSpi(); loadBalancingSpi = cfg.getLoadBalancingSpi(); swapSpaceSpi = cfg.getSwapSpaceSpi(); indexingSpi = cfg.getIndexingSpi(); @@ -1676,27 +1668,6 @@ public class IgniteConfiguration { } /** - * Should return fully configured secure session SPI implementation. If not provided, - * {@link org.apache.ignite.spi.securesession.noop.NoopSecureSessionSpi} will be used. - * - * @return Grid secure session SPI implementation or {@code null} to use default implementation. - */ - public SecureSessionSpi getSecureSessionSpi() { - return sesSpi; - } - - /** - * Sets fully configured instance of {@link org.apache.ignite.spi.securesession.SecureSessionSpi}. - * - * @param sesSpi Fully configured instance of {@link org.apache.ignite.spi.securesession.SecureSessionSpi} or - * {@code null} if no SPI provided. - * @see IgniteConfiguration#getSecureSessionSpi() - */ - public void setSecureSessionSpi(SecureSessionSpi sesSpi) { - this.sesSpi = sesSpi; - } - - /** * Should return fully configured deployment SPI implementation. If not provided, * {@link org.apache.ignite.spi.deployment.local.LocalDeploymentSpi} will be used. * http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java index 7baad5b..792f80b 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java @@ -378,13 +378,6 @@ public class IgniteKernal extends ClusterGroupAdapter implements IgniteEx, Ignit } /** {@inheritDoc} */ - @Override public String getSecureSessionSpiFormatted() { - assert cfg != null; - - return cfg.getSecureSessionSpi().toString(); - } - - /** {@inheritDoc} */ @Override public String getOsInformation() { return U.osString(); } @@ -1118,8 +1111,6 @@ public class IgniteKernal extends ClusterGroupAdapter implements IgniteEx, Ignit A.notNull(cfg.getCommunicationSpi(), "cfg.getCommunicationSpi()"); A.notNull(cfg.getDeploymentSpi(), "cfg.getDeploymentSpi()"); A.notNull(cfg.getDiscoverySpi(), "cfg.getDiscoverySpi()"); - A.notNull(cfg.getEventStorageSpi(), "cfg.getEventStorageSpi()"); - A.notNull(cfg.getSecureSessionSpi(), "cfg.getSecureSessionSpi()"); A.notNull(cfg.getCollisionSpi(), "cfg.getCollisionSpi()"); A.notNull(cfg.getFailoverSpi(), "cfg.getFailoverSpi()"); A.notNull(cfg.getLoadBalancingSpi(), "cfg.getLoadBalancingSpi()"); @@ -1201,9 +1192,6 @@ public class IgniteKernal extends ClusterGroupAdapter implements IgniteEx, Ignit if (!F.isEmpty(cfg.getSegmentationResolvers())) msgs.add("Network segmentation detection."); - if (cfg.getSecureSessionSpi() != null && !(cfg.getSecureSessionSpi() instanceof NoopSecureSessionSpi)) - msgs.add("Secure session SPI."); - if (!F.isEmpty(msgs)) { U.quietAndInfo(log, "The following features are not supported in open source edition, " + "related configuration settings will be ignored " + @@ -1358,7 +1346,6 @@ public class IgniteKernal extends ClusterGroupAdapter implements IgniteEx, Ignit addAttributes(attrs, cfg.getEventStorageSpi()); addAttributes(attrs, cfg.getCheckpointSpi()); addAttributes(attrs, cfg.getLoadBalancingSpi()); - addAttributes(attrs, cfg.getSecureSessionSpi()); addAttributes(attrs, cfg.getDeploymentSpi()); @@ -2241,7 +2228,6 @@ public class IgniteKernal extends ClusterGroupAdapter implements IgniteEx, Ignit log.debug("Grid event storage SPI : " + cfg.getEventStorageSpi()); log.debug("Grid failover SPI : " + Arrays.toString(cfg.getFailoverSpi())); log.debug("Grid load balancing SPI : " + Arrays.toString(cfg.getLoadBalancingSpi())); - log.debug("Grid secure session SPI : " + cfg.getSecureSessionSpi()); log.debug("Grid swap space SPI : " + cfg.getSwapSpaceSpi()); } } http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java index eab6b37..a2d8d3c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java @@ -57,6 +57,10 @@ public final class IgniteNodeAttributes { /** Internal attribute name postfix constant. */ public static final String ATTR_SPI_CLASS = ATTR_PREFIX + ".spi.class"; + public static final String ATTR_AUTHENTICATION_CLASS = ATTR_PREFIX + ".authentication.class"; + + public static final String ATTR_SECURE_SESSION_CLASS = ATTR_PREFIX + ".securesession.class"; + /** Internal attribute name constant. */ public static final String ATTR_CACHE = ATTR_PREFIX + ".cache"; http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/internal/IgnitionEx.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgnitionEx.java b/modules/core/src/main/java/org/apache/ignite/internal/IgnitionEx.java index 1044246..d9bda2e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/IgnitionEx.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/IgnitionEx.java @@ -52,8 +52,6 @@ import org.apache.ignite.spi.failover.always.*; import org.apache.ignite.spi.indexing.*; import org.apache.ignite.spi.loadbalancing.*; import org.apache.ignite.spi.loadbalancing.roundrobin.*; -import org.apache.ignite.spi.securesession.*; -import org.apache.ignite.spi.securesession.noop.*; import org.apache.ignite.spi.swapspace.*; import org.apache.ignite.spi.swapspace.file.*; import org.apache.ignite.spi.swapspace.noop.*; @@ -1445,7 +1443,6 @@ public class IgnitionEx { DiscoverySpi discoSpi = cfg.getDiscoverySpi(); EventStorageSpi evtSpi = cfg.getEventStorageSpi(); CollisionSpi colSpi = cfg.getCollisionSpi(); - SecureSessionSpi sesSpi = cfg.getSecureSessionSpi(); DeploymentSpi deploySpi = cfg.getDeploymentSpi(); CheckpointSpi[] cpSpi = cfg.getCheckpointSpi(); FailoverSpi[] failSpi = cfg.getFailoverSpi(); @@ -1607,9 +1604,6 @@ public class IgnitionEx { if (colSpi == null) colSpi = new NoopCollisionSpi(); - if (sesSpi == null) - sesSpi = new NoopSecureSessionSpi(); - if (deploySpi == null) deploySpi = new LocalDeploymentSpi(); @@ -1647,7 +1641,6 @@ public class IgnitionEx { myCfg.setDiscoverySpi(discoSpi); myCfg.setCheckpointSpi(cpSpi); myCfg.setEventStorageSpi(evtSpi); - myCfg.setSecureSessionSpi(sesSpi); myCfg.setDeploymentSpi(deploySpi); myCfg.setFailoverSpi(failSpi); myCfg.setCollisionSpi(colSpi); @@ -1820,7 +1813,6 @@ public class IgnitionEx { ensureMultiInstanceSupport(evtSpi); ensureMultiInstanceSupport(colSpi); ensureMultiInstanceSupport(failSpi); - ensureMultiInstanceSupport(sesSpi); ensureMultiInstanceSupport(loadBalancingSpi); ensureMultiInstanceSupport(swapspaceSpi); } http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/internal/processors/GridProcessorAdapter.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/GridProcessorAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/GridProcessorAdapter.java index d91802a..0c67dae 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/GridProcessorAdapter.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/GridProcessorAdapter.java @@ -21,12 +21,15 @@ import org.apache.ignite.*; import org.apache.ignite.cluster.*; import org.apache.ignite.internal.*; import org.apache.ignite.internal.util.tostring.*; +import org.apache.ignite.internal.util.typedef.*; import org.apache.ignite.internal.util.typedef.internal.*; import org.apache.ignite.spi.*; import org.jetbrains.annotations.*; import java.util.*; +import static org.apache.ignite.IgniteSystemProperties.IGNITE_SKIP_CONFIGURATION_CONSISTENCY_CHECK; + /** * Advanced parent adapter for all processor. */ http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java index c1657fe..23775ad 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java @@ -9194,4 +9194,16 @@ public abstract class IgniteUtils { return cnt; } + + /** + * Throws exception with uniform error message if given parameter's assertion condition + * is {@code false}. + * + * @param cond Assertion condition to check. + * @param condDesc Description of failed condition. + */ + public static void assertParameter(boolean cond, String condDesc) throws IgniteException { + if (!cond) + throw new IgniteException("SPI parameter failed condition check: " + condDesc); + } } http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/internal/visor/node/VisorSpisConfiguration.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/visor/node/VisorSpisConfiguration.java b/modules/core/src/main/java/org/apache/ignite/internal/visor/node/VisorSpisConfiguration.java index d9525bb..ff27163 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/visor/node/VisorSpisConfiguration.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/visor/node/VisorSpisConfiguration.java @@ -147,7 +147,6 @@ public class VisorSpisConfiguration implements Serializable { cfg.communicationSpi(collectSpiInfo(c.getCommunicationSpi())); cfg.eventStorageSpi(collectSpiInfo(c.getEventStorageSpi())); cfg.collisionSpi(collectSpiInfo(c.getCollisionSpi())); - cfg.secureSessionSpi(collectSpiInfo(c.getSecureSessionSpi())); cfg.deploymentSpi(collectSpiInfo(c.getDeploymentSpi())); cfg.checkpointSpis(collectSpiInfo(c.getCheckpointSpi())); cfg.failoverSpis(collectSpiInfo(c.getFailoverSpi())); http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/mxbean/IgniteMXBean.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/mxbean/IgniteMXBean.java b/modules/core/src/main/java/org/apache/ignite/mxbean/IgniteMXBean.java index fbd6606..15dfde5 100644 --- a/modules/core/src/main/java/org/apache/ignite/mxbean/IgniteMXBean.java +++ b/modules/core/src/main/java/org/apache/ignite/mxbean/IgniteMXBean.java @@ -320,15 +320,6 @@ public interface IgniteMXBean { @MXBeanDescription("Formatted instance of fully configured load balancing SPI implementations.") public String getLoadBalancingSpiFormatted(); - - /** - * Gets a formatted instance of fully configured secure session SPI implementation. - * - * @return Grid secure session SPI implementation. - */ - @MXBeanDescription("Formatted instance of fully configured secure session SPI implementation.") - public String getSecureSessionSpiFormatted(); - /** * Gets OS information. * http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/spi/IgniteSpiAdapter.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/spi/IgniteSpiAdapter.java b/modules/core/src/main/java/org/apache/ignite/spi/IgniteSpiAdapter.java index a57b319..eabec8d 100644 --- a/modules/core/src/main/java/org/apache/ignite/spi/IgniteSpiAdapter.java +++ b/modules/core/src/main/java/org/apache/ignite/spi/IgniteSpiAdapter.java @@ -272,7 +272,27 @@ public abstract class IgniteSpiAdapter implements IgniteSpi, IgniteSpiManagement return "Using parameter [" + name + '=' + val + ']'; } + /** + * @param msg Error message. + * @param locVal Local node value. + * @return Error text. + */ + private static String format(String msg, Object locVal) { + return msg + U.nl() + + ">>> => Local node: " + locVal + U.nl(); + } + /** + * @param msg Error message. + * @param locVal Local node value. + * @param rmtVal Remote node value. + * @return Error text. + */ + private static String format(String msg, Object locVal, Object rmtVal) { + return msg + U.nl() + + ">>> => Local node: " + locVal + U.nl() + + ">>> => Remote node: " + rmtVal + U.nl(); + } /** * Registers SPI MBean. Note that SPI can only register one MBean. @@ -326,7 +346,14 @@ public abstract class IgniteSpiAdapter implements IgniteSpi, IgniteSpiManagement } } + /** + * @return {@code true} if this check is optional. + */ + private boolean checkOptional() { + IgniteSpiConsistencyChecked ann = U.getAnnotation(getClass(), IgniteSpiConsistencyChecked.class); + return ann != null && ann.optional(); + } /** * @return {@code true} if this check is optional. @@ -338,6 +365,13 @@ public abstract class IgniteSpiAdapter implements IgniteSpi, IgniteSpiManagement } /** + * @return {@code true} if this check is enabled. + */ + private boolean checkEnabled() { + return U.getAnnotation(getClass(), IgniteSpiConsistencyChecked.class) != null; + } + + /** * Method which is called in the end of checkConfigurationConsistency() method. May be overriden in SPIs. * * @param spiCtx SPI context. @@ -370,6 +404,100 @@ public abstract class IgniteSpiAdapter implements IgniteSpi, IgniteSpiManagement return; } + + /* + * Optional SPI means that we should not print warning if SPIs are different but + * still need to compare attributes if SPIs are the same. + */ + boolean optional = checkOptional(); + boolean enabled = checkEnabled(); + + if (!enabled) + return; + + String clsAttr = createSpiAttributeName(IgniteNodeAttributes.ATTR_SPI_CLASS); + + String name = getName(); + + SB sb = new SB(); + + /* + * If there are any attributes do compare class and version + * (do not print warning for the optional SPIs). + */ + + /* Check SPI class and version. */ + String locCls = spiCtx.localNode().attribute(clsAttr); + String rmtCls = node.attribute(clsAttr); + + assert locCls != null : "Local SPI class name attribute not found: " + clsAttr; + + boolean isSpiConsistent = false; + + String tipStr = " (fix configuration or set " + "-D" + IGNITE_SKIP_CONFIGURATION_CONSISTENCY_CHECK + "=true system property)"; + + if (rmtCls == null) { + if (!optional && starting) + throw new IgniteSpiException("Remote SPI with the same name is not configured" + tipStr + " [name=" + name + + ", loc=" + locCls + ']'); + + sb.a(format(">>> Remote SPI with the same name is not configured: " + name, locCls)); + } + else if (!locCls.equals(rmtCls)) { + if (!optional && starting) + throw new IgniteSpiException("Remote SPI with the same name is of different type" + tipStr + " [name=" + name + + ", loc=" + locCls + ", rmt=" + rmtCls + ']'); + + sb.a(format(">>> Remote SPI with the same name is of different type: " + name, locCls, rmtCls)); + } + else + isSpiConsistent = true; + + if (optional && !isSpiConsistent) + return; + + // It makes no sense to compare inconsistent SPIs attributes. + if (isSpiConsistent) { + List<String> attrs = getConsistentAttributeNames(); + + // Process all SPI specific attributes. + for (String attr : attrs) { + // Ignore class and version attributes processed above. + if (!attr.equals(clsAttr)) { + // This check is considered as optional if no attributes + Object rmtVal = node.attribute(attr); + Object locVal = spiCtx.localNode().attribute(attr); + + if (locVal == null && rmtVal == null) + continue; + + if (locVal == null || rmtVal == null || !locVal.equals(rmtVal)) + sb.a(format(">>> Remote node has different " + getName() + " SPI attribute " + + attr, locVal, rmtVal)); + } + } + } + + if (sb.length() > 0) { + String msg; + + if (starting) + msg = U.nl() + U.nl() + + ">>> +--------------------------------------------------------------------+" + U.nl() + + ">>> + Courtesy notice that starting node has inconsistent configuration. +" + U.nl() + + ">>> + Ignore this message if you are sure that this is done on purpose. +" + U.nl() + + ">>> +--------------------------------------------------------------------+" + U.nl() + + ">>> Remote Node ID: " + node.id().toString().toUpperCase() + U.nl() + sb; + else + msg = U.nl() + U.nl() + + ">>> +-------------------------------------------------------------------+" + U.nl() + + ">>> + Courtesy notice that joining node has inconsistent configuration. +" + U.nl() + + ">>> + Ignore this message if you are sure that this is done on purpose. +" + U.nl() + + ">>> +-------------------------------------------------------------------+" + U.nl() + + ">>> Remote Node ID: " + node.id().toString().toUpperCase() + U.nl() + sb; + + U.courtesy(log, msg); + } } /** http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/spi/securesession/SecureSessionSpi.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/spi/securesession/SecureSessionSpi.java b/modules/core/src/main/java/org/apache/ignite/spi/securesession/SecureSessionSpi.java deleted file mode 100644 index ba4cef9..0000000 --- a/modules/core/src/main/java/org/apache/ignite/spi/securesession/SecureSessionSpi.java +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.spi.securesession; - -import org.apache.ignite.plugin.security.*; -import org.apache.ignite.spi.*; -import org.jetbrains.annotations.*; - -import java.util.*; - -/** - * Secure session SPI allows for session creation and validation, typically after authentication - * has successfully happened. The main purpose of this SPI is to ensure that remote clients are - * authenticated only once and upon successful authentication get issued a secure session token - * to reuse for consequent requests (very much the same way like HTTP sessions work). - * <p> - * The default secure session SPI is {@link org.apache.ignite.spi.securesession.noop.NoopSecureSessionSpi} - * which permits any request. - * <p> - * Ignite provides the following {@code GridSecureSessionSpi} implementations: - * <ul> - * <li> - * {@link org.apache.ignite.spi.securesession.noop.NoopSecureSessionSpi} - permits any request. - * </li> - * <li> - * {@code GridRememberMeSecureSessionSpi} - - * validates client session with remember-me session token. - * </li> - * </ul> - * <p> - * <b>NOTE:</b> that multiple secure session SPIs may be started on the same grid node. In this case - * Ignite will differentiate between them based on {@link #supported(GridSecuritySubjectType)} - * value. The first SPI which returns {@code true} for a given subject type will be used for - * session validation. - * <p> - * <b>NOTE:</b> this SPI (i.e. methods in this interface) should never be used directly. SPIs provide - * internal view on the subsystem and is used internally by Ignite kernal. In rare use cases when - * access to a specific implementation of this SPI is required - an instance of this SPI can be obtained - * via {@link org.apache.ignite.Ignite#configuration()} method to check its configuration properties or call other non-SPI - * methods. Note again that calling methods from this interface on the obtained instance can lead - * to undefined behavior and explicitly not supported. - */ -public interface SecureSessionSpi extends IgniteSpi { - /** - * Checks if given subject is supported by this SPI. If not, then next secure session SPI - * in the list will be checked. - * - * @param subjType Subject type. - * @return {@code True} if subject type is supported, {@code false} otherwise. - */ - public boolean supported(GridSecuritySubjectType subjType); - - /** - * Validates given session token. - * - * @param subjType Subject type. - * @param subjId Unique subject ID such as local or remote node ID, client ID, etc. - * @param tok Token to validate. - * @param params Additional implementation-specific parameters. - * @return {@code True} if session token is valid, {@code false} otherwise. - * @throws IgniteSpiException If validation resulted in system error. Note that - * bad credentials should not cause this exception. - */ - public boolean validate(GridSecuritySubjectType subjType, UUID subjId, byte[] tok, - @Nullable Object params) throws IgniteSpiException; - - /** - * Generates new session token. - * - * @param subjType Subject type. - * @param subjId Unique subject ID such as local or remote node ID, client ID, etc. - * @param params Additional implementation-specific parameters. - * @return Session token that should be used for further validation. - */ - public byte[] generateSessionToken(GridSecuritySubjectType subjType, UUID subjId, @Nullable Object params) - throws IgniteSpiException; -} http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionMBean.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionMBean.java b/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionMBean.java new file mode 100644 index 0000000..f05c75b --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionMBean.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.spi.securesession.noop; + +import org.apache.ignite.mxbean.*; +import org.apache.ignite.spi.*; + +/** + * Management bean for {@link NoopSecureSession}. + */ +@MXBeanDescription("MBean that provides access to no-op secure session SPI configuration.") +public interface NoopSecureSessionMBean extends IgniteSpiManagementMBean { + // No-op. +} http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionSpi.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionSpi.java b/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionSpi.java deleted file mode 100644 index 3da96e1..0000000 --- a/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionSpi.java +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.spi.securesession.noop; - -import org.apache.ignite.*; -import org.apache.ignite.internal.util.typedef.internal.*; -import org.apache.ignite.plugin.security.*; -import org.apache.ignite.resources.*; -import org.apache.ignite.spi.*; -import org.apache.ignite.spi.securesession.*; -import org.jetbrains.annotations.*; - -import java.util.*; - -/** - * Default no-op implementation of the secure session SPI which supports all subject types and denies any token. - * <p> - * <h1 class="header">Configuration</h1> - * <h2 class="header">Mandatory</h2> - * This SPI has no mandatory configuration parameters. - * <h2 class="header">Optional</h2> - * This SPI has no optional configuration parameters. - * <h2 class="header">Java Example</h2> - * GridNoopSecureSessionSpi is used by default and has no parameters to be explicitly configured. - * <pre name="code" class="java"> - * GridNoopSecureSessionSpi spi = new GridNoopSecureSessionSpi(); - * - * GridConfiguration cfg = new GridConfiguration(); - * - * // Override default SecureSession SPI. - * cfg.setSecureSessionSpi(spi); - * - * // Start grid. - * Ignition.start(cfg); - * </pre> - * <h2 class="header">Spring Example</h2> - * GridNoopSecureSessionSpi can be configured from Spring XML configuration file: - * <pre name="code" class="xml"> - * <bean id="grid.custom.cfg" class="org.apache.ignite.configuration.IgniteConfiguration" singleton="true"> - * ... - * <property name="secureSessionSpi"> - * <bean class="org.apache.ignite.spi.SecureSession.noop.GridNoopSecureSessionSpi"/> - * </property> - * ... - * </bean> - * </pre> - * <p> - * <img src="http://www.gridgain.com/images/spring-small.png";> - * <br> - * For information about Spring framework visit <a href="http://www.springframework.org/";>www.springframework.org</a> - * @see org.apache.ignite.spi.securesession.SecureSessionSpi - */ -@IgniteSpiNoop -@IgniteSpiMultipleInstancesSupport(true) -public class NoopSecureSessionSpi extends IgniteSpiAdapter - implements SecureSessionSpi, NoopSecureSessionSpiMBean { - /** Empty bytes array. */ - private static final byte[] EMPTY_BYTE_ARRAY = new byte[0]; - - /** Injected grid logger. */ - @LoggerResource - private IgniteLogger log; - - /** {@inheritDoc} */ - @Override public boolean supported(GridSecuritySubjectType subjType) { - // If this SPI is included, then session management is disabled. - return true; - } - - /** {@inheritDoc} */ - @Override public boolean validate(GridSecuritySubjectType subjType, UUID subjId, @Nullable byte[] tok, - @Nullable Object params) throws IgniteSpiException { - // Never validate any token - all tokens are invalid. - return false; - } - - /** {@inheritDoc} */ - @Override public byte[] generateSessionToken(GridSecuritySubjectType subjType, UUID subjId, - @Nullable Object params) { - return EMPTY_BYTE_ARRAY; - } - - /** {@inheritDoc} */ - @Override public void spiStart(String gridName) throws IgniteSpiException { - // Start SPI start stopwatch. - startStopwatch(); - - registerMBean(gridName, this, NoopSecureSessionSpiMBean.class); - - // Ack ok start. - if (log.isDebugEnabled()) - log.debug(startInfo()); - } - - /** {@inheritDoc} */ - @Override public void spiStop() throws IgniteSpiException { - unregisterMBean(); - - // Ack ok stop. - if (log.isDebugEnabled()) - log.debug(stopInfo()); - } - - /** {@inheritDoc} */ - @Override public String toString() { - return S.toString(NoopSecureSessionSpi.class, this); - } -} http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/54f90f89/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionSpiMBean.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionSpiMBean.java b/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionSpiMBean.java deleted file mode 100644 index abbfc2f..0000000 --- a/modules/core/src/main/java/org/apache/ignite/spi/securesession/noop/NoopSecureSessionSpiMBean.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.spi.securesession.noop; - -import org.apache.ignite.mxbean.*; -import org.apache.ignite.spi.*; - -/** - * Management bean for {@link NoopSecureSessionSpi}. - */ -@MXBeanDescription("MBean that provides access to no-op secure session SPI configuration.") -public interface NoopSecureSessionSpiMBean extends IgniteSpiManagementMBean { - // No-op. -}
![http://www.gridgain.com/images/spring-small.png"](http://www.gridgain.com/images/spring-small.png"){kind=link}