#ignite-gg-9809: Mock session tokens.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/2a73b067 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/2a73b067 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/2a73b067 Branch: refs/heads/sprint-2 Commit: 2a73b067f082d1c24152145ca1453280a4b6a741 Parents: 36acc47 Author: ivasilinets <ivasilin...@gridgain.com> Authored: Thu Feb 19 13:50:24 2015 +0300 Committer: ivasilinets <ivasilin...@gridgain.com> Committed: Thu Feb 19 13:50:24 2015 +0300 ---------------------------------------------------------------------- .../processors/rest/GridRestProcessor.java | 82 +++++++++++++++++++- 1 file changed, 80 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/2a73b067/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index 51f8abe..8cf26cc 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -70,6 +70,9 @@ public class GridRestProcessor extends GridProcessorAdapter { /** Workers count. */ private final LongAdder workersCnt = new LongAdder(); + /** SecurityContext map. */ + private ConcurrentMap<SubjectKey, SecurityContext> sesMap = new ConcurrentHashMap8<>(); + /** Protocol handler. */ private final GridRestProtocolHandler protoHnd = new GridRestProtocolHandler() { @Override public GridRestResponse handle(GridRestRequest req) throws IgniteCheckedException { @@ -161,9 +164,9 @@ public class GridRestProcessor extends GridProcessorAdapter { if (log.isDebugEnabled()) log.debug("Received request from client: " + req); - if (ctx.security().enabled()) { - SecurityContext subjCtx = null; + SecurityContext subjCtx = null; + if (ctx.security().enabled()) { try { subjCtx = authenticate(req); @@ -174,6 +177,14 @@ public class GridRestProcessor extends GridProcessorAdapter { GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()); + try { + updateSession(req, subjCtx); + res.sessionTokenBytes(new byte[0]); + } + catch (IgniteCheckedException e1) { + U.warn(log, "Cannot update response session token: " + e1.getMessage()); + } + return new GridFinishedFuture<>(ctx, res); } catch (IgniteCheckedException e) { @@ -191,6 +202,8 @@ public class GridRestProcessor extends GridProcessorAdapter { return new GridFinishedFuture<>(ctx, new IgniteCheckedException("Failed to find registered handler for command: " + req.command())); + final SecurityContext subjCtx0 = subjCtx; + return res.chain(new C1<IgniteInternalFuture<GridRestResponse>, GridRestResponse>() { @Override public GridRestResponse apply(IgniteInternalFuture<GridRestResponse> f) { GridRestResponse res; @@ -209,6 +222,14 @@ public class GridRestProcessor extends GridProcessorAdapter { assert res != null; + try { + updateSession(req, subjCtx0); + res.sessionTokenBytes(new byte[0]); + } + catch (IgniteCheckedException e) { + U.warn(log, "Cannot update response session token: " + e.getMessage()); + } + interceptResponse(res, req); return res; @@ -439,6 +460,12 @@ public class GridRestProcessor extends GridProcessorAdapter { * @throws IgniteCheckedException If authentication failed. */ private SecurityContext authenticate(GridRestRequest req) throws IgniteCheckedException { + UUID clientId = req.clientId(); + SecurityContext secCtx = sesMap.get(new SubjectKey(REMOTE_CLIENT, clientId)); + + if (secCtx != null) + return secCtx; + // Authenticate client if invalid session. AuthenticationContext authCtx = new AuthenticationContext(); @@ -481,6 +508,15 @@ public class GridRestProcessor extends GridProcessorAdapter { } /** + * Update session. + * @param req REST request. + * @param sCtx Security context. + */ + private void updateSession(GridRestRequest req, SecurityContext sCtx) throws IgniteCheckedException { + sesMap.put(new SubjectKey(REMOTE_CLIENT, req.clientId()), sCtx); + } + + /** * @param req REST request. * @param sCtx Security context. * @throws GridSecurityException If authorization failed. @@ -639,4 +675,46 @@ public class GridRestProcessor extends GridProcessorAdapter { X.println(">>> protosSize: " + protos.size()); X.println(">>> handlersSize: " + handlers.size()); } + + /** + * Subject key. + */ + private static class SubjectKey { + /** */ + private final GridSecuritySubjectType subjType; + + /** */ + private final UUID subjId; + + /** + * @param subjType Subject type. + * @param subjId Subject ID. + */ + private SubjectKey(GridSecuritySubjectType subjType, UUID subjId) { + this.subjType = subjType; + this.subjId = subjId; + } + + /** {@inheritDoc} */ + @Override public boolean equals(Object o) { + if (this == o) + return true; + + if (!(o instanceof SubjectKey)) + return false; + + SubjectKey that = (SubjectKey)o; + + return F.eq(subjId, that.subjId) && subjType == that.subjType; + } + + /** {@inheritDoc} */ + @Override public int hashCode() { + int res = subjType.hashCode(); + + res = 31 * res + (subjId == null ? 0 : subjId.hashCode()); + + return res; + } + } }
