#gg-9809: GridOsSecurityProcessor throws UnsupportedOperationException.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/b387122e Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/b387122e Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/b387122e Branch: refs/heads/sprint-2 Commit: b387122e88340d12c6670710f8f6eaded6dba6e3 Parents: 1b3da57 Author: ivasilinets <ivasilin...@gridgain.com> Authored: Wed Feb 18 16:25:15 2015 +0300 Committer: ivasilinets <ivasilin...@gridgain.com> Committed: Wed Feb 18 16:25:15 2015 +0300 ---------------------------------------------------------------------- .../processors/rest/GridRestProcessor.java | 26 +- .../security/os/GridOsSecurityProcessor.java | 146 +--------- .../security/os/SecurityContextImpl.java | 282 ------------------- .../spi/discovery/tcp/TcpDiscoverySpi.java | 134 ++++----- .../ignite/testframework/junits/IgniteMock.java | 1 - 5 files changed, 88 insertions(+), 501 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index 3d834fb..51f8abe 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -161,22 +161,24 @@ public class GridRestProcessor extends GridProcessorAdapter { if (log.isDebugEnabled()) log.debug("Received request from client: " + req); - SecurityContext subjCtx = null; + if (ctx.security().enabled()) { + SecurityContext subjCtx = null; - try { - subjCtx = authenticate(req); + try { + subjCtx = authenticate(req); - authorize(req, subjCtx); - } - catch (GridSecurityException e) { - assert subjCtx != null; + authorize(req, subjCtx); + } + catch (GridSecurityException e) { + assert subjCtx != null; - GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()); + GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()); - return new GridFinishedFuture<>(ctx, res); - } - catch (IgniteCheckedException e) { - return new GridFinishedFuture<>(ctx, new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage())); + return new GridFinishedFuture<>(ctx, res); + } + catch (IgniteCheckedException e) { + return new GridFinishedFuture<>(ctx, new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage())); + } } interceptRequest(req); http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java index 8366b77..4a8c53b 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java @@ -22,13 +22,9 @@ import org.apache.ignite.cluster.*; import org.apache.ignite.internal.*; import org.apache.ignite.internal.processors.*; import org.apache.ignite.internal.processors.security.*; -import org.apache.ignite.internal.util.tostring.*; -import org.apache.ignite.internal.util.typedef.*; -import org.apache.ignite.internal.util.typedef.internal.*; import org.apache.ignite.plugin.security.*; import org.jetbrains.annotations.*; -import java.net.*; import java.util.*; /** @@ -42,65 +38,25 @@ public class GridOsSecurityProcessor extends GridProcessorAdapter implements Gri super(ctx); } - /** Allow all permissions. */ - private static final GridSecurityPermissionSet ALLOW_ALL = new GridSecurityPermissionSet() { - /** Serial version uid. */ - private static final long serialVersionUID = 0L; - - /** {@inheritDoc} */ - @Override public boolean defaultAllowAll() { - return true; - } - - /** {@inheritDoc} */ - @Override public Map<String, Collection<GridSecurityPermission>> taskPermissions() { - return Collections.emptyMap(); - } - - /** {@inheritDoc} */ - @Override public Map<String, Collection<GridSecurityPermission>> cachePermissions() { - return Collections.emptyMap(); - } - - /** {@inheritDoc} */ - @Nullable @Override public Collection<GridSecurityPermission> systemPermissions() { - return null; - } - }; - /** {@inheritDoc} */ @Override public SecurityContext authenticateNode(ClusterNode node, GridSecurityCredentials cred) throws IgniteCheckedException { - GridSecuritySubjectAdapter s = new GridSecuritySubjectAdapter(GridSecuritySubjectType.REMOTE_NODE, node.id()); - - s.address(new InetSocketAddress(F.first(node.addresses()), 0)); - - s.permissions(ALLOW_ALL); - - return new SecurityContextImpl(s); + throw new UnsupportedOperationException("GridOsSecurityProcessor.authenticateNode()"); } /** {@inheritDoc} */ @Override public boolean isGlobalNodeAuthentication() { - return false; + throw new UnsupportedOperationException("GridOsSecurityProcessor.isGlobalNodeAuthentication()"); } /** {@inheritDoc} */ @Override public SecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException { - GridSecuritySubjectAdapter s = new GridSecuritySubjectAdapter(authCtx.subjectType(), authCtx.subjectId()); - - s.permissions(ALLOW_ALL); - s.address(authCtx.address()); - - if (authCtx.credentials() != null) - s.login(authCtx.credentials().getLogin()); - - return new SecurityContextImpl(s); + throw new UnsupportedOperationException("GridOsSecurityProcessor.authenticate()"); } /** {@inheritDoc} */ @Override public Collection<GridSecuritySubject> authenticatedSubjects() { - return Collections.emptyList(); + throw new UnsupportedOperationException("GridOsSecurityProcessor.authenticatedSubjects()"); } /** {@inheritDoc} */ @@ -116,7 +72,7 @@ public class GridOsSecurityProcessor extends GridProcessorAdapter implements Gri /** {@inheritDoc} */ @Override public SecurityContext createSecurityContext(GridSecuritySubject subj) { - return new SecurityContextImpl(subj); + throw new UnsupportedOperationException("GridOsSecurityProcessor.createSecurityContext()"); } /** {@inheritDoc} */ @@ -128,96 +84,4 @@ public class GridOsSecurityProcessor extends GridProcessorAdapter implements Gri @Override public boolean enabled() { return false; } - - /** - * Authenticated security subject. - */ - private class GridSecuritySubjectAdapter implements GridSecuritySubject { - /** */ - private static final long serialVersionUID = 0L; - - /** Subject ID. */ - private UUID id; - - /** Subject type. */ - private GridSecuritySubjectType subjType; - - /** Address. */ - private InetSocketAddress addr; - - /** Permissions assigned to a subject. */ - private GridSecurityPermissionSet permissions; - - /** Login. */ - @GridToStringInclude - private Object login; - - /** - * @param subjType Subject type. - * @param id Subject ID. - */ - public GridSecuritySubjectAdapter(GridSecuritySubjectType subjType, UUID id) { - this.subjType = subjType; - this.id = id; - } - - /** - * @return Subject ID. - */ - @Override public UUID id() { - return id; - } - - /** - * @return Subject type. - */ - @Override public GridSecuritySubjectType type() { - return subjType; - } - - /** - * @return Subject address. - */ - @Override public InetSocketAddress address() { - return addr; - } - - /** - * @param addr Subject address. - */ - public void address(InetSocketAddress addr) { - this.addr = addr; - } - - /** - * @return Security permissions. - */ - @Override public GridSecurityPermissionSet permissions() { - return permissions; - } - - /** {@inheritDoc} */ - @Override public Object login() { - return login; - } - - /** - * @param login Login. - */ - public void login(Object login) { - this.login = login; - } - - /** - * @param permissions Permissions. - */ - public void permissions(GridSecurityPermissionSet permissions) { - this.permissions = permissions; - } - - /** {@inheritDoc} */ - public String toString() { - return S.toString(GridSecuritySubjectAdapter.class, this); - } - } } http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java deleted file mode 100644 index 3e7484a..0000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java +++ /dev/null @@ -1,282 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.processors.security.os; - -import org.apache.ignite.internal.processors.security.*; -import org.apache.ignite.internal.util.typedef.internal.*; -import org.apache.ignite.plugin.security.*; - -import java.io.*; -import java.util.*; - -/** - * TODO: remove - */ -public class SecurityContextImpl implements SecurityContext, Externalizable - - { - /** */ - private static final long serialVersionUID = 0L; - - /** - * Visor ignite tasks prefix. - */ - private static final String VISOR_IGNITE_TASK_PREFIX = "org.apache.ignite.internal.visor."; - - /** - * Visor gridgain tasks prefix. - */ - private static final String VISOR_GRIDGAIN_TASK_PREFIX = "org.gridgain.grid.internal.visor."; - - /** - * Cache query task name. - */ - public static final String VISOR_CACHE_QUERY_TASK_NAME = - "org.apache.ignite.internal.visor.query.VisorQueryTask"; - - /** - * Cache load task name. - */ - public static final String VISOR_CACHE_LOAD_TASK_NAME = - "org.apache.ignite.internal.visor.cache.VisorCacheLoadTask"; - - /** - * Cache clear task name. - */ - public static final String VISOR_CACHE_CLEAR_TASK_NAME = - "org.apache.ignite.internal.visor.query.VisorQueryCleanupTask"; - - /** - * Security subject. - */ - private GridSecuritySubject subj; - - /** - * String task permissions. - */ - private Map<String, Collection<GridSecurityPermission>> strictTaskPermissions = new LinkedHashMap<>(); - - /** - * String task permissions. - */ - private Map<String, Collection<GridSecurityPermission>> wildcardTaskPermissions = new LinkedHashMap<>(); - - /** - * String task permissions. - */ - private Map<String, Collection<GridSecurityPermission>> strictCachePermissions = new LinkedHashMap<>(); - - /** - * String task permissions. - */ - private Map<String, Collection<GridSecurityPermission>> wildcardCachePermissions = new LinkedHashMap<>(); - - /** - * System-wide permissions. - */ - private Collection<GridSecurityPermission> sysPermissions; - - /** - * Empty constructor required by {@link Externalizable}. - */ - public SecurityContextImpl() { - // No-op. - } - - /** - * @param subj Subject. - */ - public SecurityContextImpl(GridSecuritySubject subj) { - this.subj = subj; - - initRules(); - } - - /** - * @return Security subject. - */ - public GridSecuritySubject subject() { - return subj; - } - - /** - * Checks whether task operation is allowed. - * - * @param taskClsName Task class name. - * @param perm Permission to check. - * @return {@code True} if task operation is allowed. - */ - public boolean taskOperationAllowed(String taskClsName, GridSecurityPermission perm) { - assert perm == GridSecurityPermission.TASK_EXECUTE || perm == GridSecurityPermission.TASK_CANCEL; - - if (visorTask(taskClsName)) - return visorTaskAllowed(taskClsName); - - Collection<GridSecurityPermission> p = strictTaskPermissions.get(taskClsName); - - if (p != null) - return p.contains(perm); - - for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardTaskPermissions.entrySet()) { - if (taskClsName.startsWith(entry.getKey())) - return entry.getValue().contains(perm); - } - - return subj.permissions().defaultAllowAll(); - } - - /** - * Checks whether cache operation is allowed. - * - * @param cacheName Cache name. - * @param perm Permission to check. - * @return {@code True} if cache operation is allowed. - */ - public boolean cacheOperationAllowed(String cacheName, GridSecurityPermission perm) { - assert perm == GridSecurityPermission.CACHE_PUT || perm == GridSecurityPermission.CACHE_READ || - perm == GridSecurityPermission.CACHE_REMOVE; - - Collection<GridSecurityPermission> p = strictCachePermissions.get(cacheName); - - if (p != null) - return p.contains(perm); - - for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardCachePermissions.entrySet()) { - if (cacheName != null) { - if (cacheName.startsWith(entry.getKey())) - return entry.getValue().contains(perm); - } else { - // Match null cache to '*' - if (entry.getKey().isEmpty()) - return entry.getValue().contains(perm); - } - } - - return subj.permissions().defaultAllowAll(); - } - - /** - * Checks whether system-wide permission is allowed (excluding Visor task operations). - * - * @param perm Permission to check. - * @return {@code True} if system operation is allowed. - */ - public boolean systemOperationAllowed(GridSecurityPermission perm) { - if (sysPermissions == null) - return subj.permissions().defaultAllowAll(); - - boolean ret = sysPermissions.contains(perm); - - if (!ret && (perm == GridSecurityPermission.EVENTS_ENABLE || perm == GridSecurityPermission.EVENTS_DISABLE)) - ret = sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW); - - return ret; - } - - /** - * Checks if task is Visor task. - * - * @param taskCls Task class name. - * @return {@code True} if task is Visor task. - */ - private boolean visorTask(String taskCls) { - return taskCls.startsWith(VISOR_IGNITE_TASK_PREFIX) || taskCls.startsWith(VISOR_GRIDGAIN_TASK_PREFIX); - } - - /** - * Checks if Visor task is allowed for execution. - * - * @param taskName Task name. - * @return {@code True} if execution is allowed. - */ - private boolean visorTaskAllowed(String taskName) { - if (sysPermissions == null) - return subj.permissions().defaultAllowAll(); - - switch (taskName) { - case VISOR_CACHE_QUERY_TASK_NAME: - return sysPermissions.contains(GridSecurityPermission.ADMIN_QUERY); - case VISOR_CACHE_LOAD_TASK_NAME: - case VISOR_CACHE_CLEAR_TASK_NAME: - return sysPermissions.contains(GridSecurityPermission.ADMIN_CACHE); - default: - return sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW); - } - } - - /** - * Init rules. - */ - private void initRules() { - GridSecurityPermissionSet permSet = subj.permissions(); - - for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.taskPermissions().entrySet()) { - String ptrn = entry.getKey(); - - Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue()); - - if (ptrn.endsWith("*")) { - String noWildcard = ptrn.substring(0, ptrn.length() - 1); - - wildcardTaskPermissions.put(noWildcard, vals); - } else - strictTaskPermissions.put(ptrn, vals); - } - - for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.cachePermissions().entrySet()) { - String ptrn = entry.getKey(); - - Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue()); - - if (ptrn != null && ptrn.endsWith("*")) { - String noWildcard = ptrn.substring(0, ptrn.length() - 1); - - wildcardCachePermissions.put(noWildcard, vals); - } else - strictCachePermissions.put(ptrn, vals); - } - - sysPermissions = permSet.systemPermissions(); - } - - /** - * {@inheritDoc} - */ - @Override - public void writeExternal(ObjectOutput out) throws IOException { - out.writeObject(subj); - } - - /** - * {@inheritDoc} - */ - @Override - public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { - subj = (GridSecuritySubject) in.readObject(); - - initRules(); - } - - /** - * {@inheritDoc} - */ - @Override - public String toString() { - return S.toString(SecurityContextImpl.class, this); - } -} http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java index 8e9d372..0d4fb41 100644 --- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java +++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java @@ -1269,23 +1269,25 @@ public class TcpDiscoverySpi extends TcpDiscoverySpiAdapter implements TcpDiscov if (log.isDebugEnabled()) log.debug("Join request message has not been sent (local node is the first in the topology)."); - // Authenticate local node. - try { - SecurityContext subj = nodeAuth.authenticateNode(locNode, locCred); + if (((IgniteKernal)ignite).context().security().enabled()) { + // Authenticate local node. + try { + SecurityContext subj = nodeAuth.authenticateNode(locNode, locCred); - if (subj == null) - throw new IgniteSpiException("Authentication failed for local node: " + locNode.id()); + if (subj == null) + throw new IgniteSpiException("Authentication failed for local node: " + locNode.id()); - Map<String, Object> attrs = new HashMap<>(locNode.attributes()); + Map<String, Object> attrs = new HashMap<>(locNode.attributes()); - attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT, - ignite.configuration().getMarshaller().marshal(subj)); - attrs.remove(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS); + attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT, + ignite.configuration().getMarshaller().marshal(subj)); + attrs.remove(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS); - locNode.setAttributes(attrs); - } - catch (IgniteException | IgniteCheckedException e) { - throw new IgniteSpiException("Failed to authenticate local node (will shutdown local node).", e); + locNode.setAttributes(attrs); + } + catch (IgniteException | IgniteCheckedException e) { + throw new IgniteSpiException("Failed to authenticate local node (will shutdown local node).", e); + } } locNode.order(1); @@ -3062,51 +3064,25 @@ public class TcpDiscoverySpi extends TcpDiscoverySpiAdapter implements TcpDiscov return; } - // Authenticate node first. - try { - GridSecurityCredentials cred = unmarshalCredentials(node); - - SecurityContext subj = nodeAuth.authenticateNode(node, cred); - - if (subj == null) { - // Node has not pass authentication. - LT.warn(log, null, - "Authentication failed [nodeId=" + node.id() + - ", addrs=" + U.addressesAsString(node) + ']', - "Authentication failed [nodeId=" + U.id8(node.id()) + ", addrs=" + - U.addressesAsString(node) + ']'); - - // Always output in debug. - if (log.isDebugEnabled()) - log.debug("Authentication failed [nodeId=" + node.id() + ", addrs=" + - U.addressesAsString(node)); + if (((IgniteKernal)ignite).context().security().enabled()) { + // Authenticate node first. + try { + GridSecurityCredentials cred = unmarshalCredentials(node); - try { - trySendMessageDirectly(node, new TcpDiscoveryAuthFailedMessage(locNodeId, locHost)); - } - catch (IgniteSpiException e) { - if (log.isDebugEnabled()) - log.debug("Failed to send unauthenticated message to node " + - "[node=" + node + ", err=" + e.getMessage() + ']'); - } + SecurityContext subj = nodeAuth.authenticateNode(node, cred); - // Ignore join request. - return; - } - else { - if (!(subj instanceof Serializable)) { + if (subj == null) { // Node has not pass authentication. LT.warn(log, null, - "Authentication subject is not Serializable [nodeId=" + node.id() + + "Authentication failed [nodeId=" + node.id() + ", addrs=" + U.addressesAsString(node) + ']', - "Authentication subject is not Serializable [nodeId=" + U.id8(node.id()) + - ", addrs=" + + "Authentication failed [nodeId=" + U.id8(node.id()) + ", addrs=" + U.addressesAsString(node) + ']'); // Always output in debug. if (log.isDebugEnabled()) - log.debug("Authentication subject is not serializable [nodeId=" + node.id() + - ", addrs=" + U.addressesAsString(node)); + log.debug("Authentication failed [nodeId=" + node.id() + ", addrs=" + + U.addressesAsString(node)); try { trySendMessageDirectly(node, new TcpDiscoveryAuthFailedMessage(locNodeId, locHost)); @@ -3119,27 +3095,54 @@ public class TcpDiscoverySpi extends TcpDiscoverySpiAdapter implements TcpDiscov // Ignore join request. return; - } + } else { + if (!(subj instanceof Serializable)) { + // Node has not pass authentication. + LT.warn(log, null, + "Authentication subject is not Serializable [nodeId=" + node.id() + + ", addrs=" + U.addressesAsString(node) + ']', + "Authentication subject is not Serializable [nodeId=" + U.id8(node.id()) + + ", addrs=" + + U.addressesAsString(node) + ']'); - // Stick in authentication subject to node (use security-safe attributes for copy). - Map<String, Object> attrs = new HashMap<>(node.getAttributes()); + // Always output in debug. + if (log.isDebugEnabled()) + log.debug("Authentication subject is not serializable [nodeId=" + node.id() + + ", addrs=" + U.addressesAsString(node)); - attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT, - ignite.configuration().getMarshaller().marshal(subj)); + try { + trySendMessageDirectly(node, new TcpDiscoveryAuthFailedMessage(locNodeId, locHost)); + } + catch (IgniteSpiException e) { + if (log.isDebugEnabled()) + log.debug("Failed to send unauthenticated message to node " + + "[node=" + node + ", err=" + e.getMessage() + ']'); + } + + // Ignore join request. + return; + } + + // Stick in authentication subject to node (use security-safe attributes for copy). + Map<String, Object> attrs = new HashMap<>(node.getAttributes()); - node.setAttributes(attrs); + attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT, + ignite.configuration().getMarshaller().marshal(subj)); + + node.setAttributes(attrs); + } } - } - catch (IgniteException | IgniteCheckedException e) { - LT.error(log, e, "Authentication failed [nodeId=" + node.id() + ", addrs=" + - U.addressesAsString(node) + ']'); + catch (IgniteException | IgniteCheckedException e) { + LT.error(log, e, "Authentication failed [nodeId=" + node.id() + ", addrs=" + + U.addressesAsString(node) + ']'); - if (log.isDebugEnabled()) - log.debug("Failed to authenticate node (will ignore join request) [node=" + node + - ", err=" + e + ']'); + if (log.isDebugEnabled()) + log.debug("Failed to authenticate node (will ignore join request) [node=" + node + + ", err=" + e + ']'); - // Ignore join request. - return; + // Ignore join request. + return; + } } IgniteSpiNodeValidationResult err = getSpiContext().validateNode(node); @@ -3492,7 +3495,8 @@ public class TcpDiscoverySpi extends TcpDiscoverySpiAdapter implements TcpDiscov return; } - if (!isLocalNodeCoordinator() && nodeAuth.isGlobalNodeAuthentication()) { + if (!isLocalNodeCoordinator() && ((IgniteKernal)ignite).context().security().enabled() && + nodeAuth.isGlobalNodeAuthentication()) { boolean authFailed = true; try { http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java ---------------------------------------------------------------------- diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java b/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java index ff497da..58478d3 100644 --- a/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java +++ b/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java @@ -18,7 +18,6 @@ package org.apache.ignite.testframework.junits; import org.apache.ignite.*; -import org.apache.ignite.cache.*; import org.apache.ignite.cache.affinity.*; import org.apache.ignite.cluster.*; import org.apache.ignite.configuration.*;
