Repository: incubator-ignite Updated Branches: refs/heads/ignite-gg-10610 [created] 67f9cce4e
#ignite-gg-10610: add security checks for streaming. Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/67f9cce4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/67f9cce4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/67f9cce4 Branch: refs/heads/ignite-gg-10610 Commit: 67f9cce4e122e0ffd79576c7a56833596796ba7d Parents: a127756 Author: ivasilinets <ivasilin...@gridgain.com> Authored: Tue Jul 28 13:45:40 2015 +0300 Committer: ivasilinets <ivasilin...@gridgain.com> Committed: Tue Jul 28 13:45:40 2015 +0300 ---------------------------------------------------------------------- .../datastreamer/DataStreamerImpl.java | 23 ++++++++++++++++++++ .../plugin/security/SecurityPermission.java | 6 +++++ 2 files changed, 29 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/67f9cce4/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java index 605f478..13223fd 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java @@ -39,6 +39,7 @@ import org.apache.ignite.internal.util.tostring.*; import org.apache.ignite.internal.util.typedef.*; import org.apache.ignite.internal.util.typedef.internal.*; import org.apache.ignite.lang.*; +import org.apache.ignite.plugin.security.*; import org.apache.ignite.stream.*; import org.jetbrains.annotations.*; import org.jsr166.*; @@ -413,6 +414,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed @Override public IgniteFuture<?> addData(Collection<? extends Map.Entry<K, V>> entries) { A.notEmpty(entries, "entries"); + checkSecurityPermission(SecurityPermission.STREAMING_ADD); + enterBusy(); try { @@ -513,6 +516,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed @Override public IgniteFuture<?> addData(Map.Entry<K, V> entry) { A.notNull(entry, "entry"); + checkSecurityPermission(SecurityPermission.STREAMING_ADD); + return addData(F.asList(entry)); } @@ -520,6 +525,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed @Override public IgniteFuture<?> addData(K key, V val) { A.notNull(key, "key"); + checkSecurityPermission(SecurityPermission.STREAMING_ADD); + KeyCacheObject key0 = cacheObjProc.toCacheKeyObject(cacheObjCtx, key, true); CacheObject val0 = cacheObjProc.toCacheObject(cacheObjCtx, val, true); @@ -528,6 +535,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed /** {@inheritDoc} */ @Override public IgniteFuture<?> removeData(K key) { + checkSecurityPermission(SecurityPermission.STREAMING_REMOVE); + return addData(key, null); } @@ -980,6 +989,20 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed } /** + * Check permissions for streaming. + * + * @param perm Security permission. + * @throws org.apache.ignite.plugin.security.SecurityException If permissions are not enough for streaming. + */ + private void checkSecurityPermission(SecurityPermission perm) + throws org.apache.ignite.plugin.security.SecurityException{ + if (!ctx.security().enabled()) + return; + + ctx.security().authorize(cacheName, perm, null); + } + + /** * */ private class Buffer { http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/67f9cce4/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java index 0e660d2..5738133 100644 --- a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java +++ b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java @@ -33,6 +33,12 @@ public enum SecurityPermission { /** Cache {@code remove} permission. */ CACHE_REMOVE, + /** Streaming permission for add. */ + STREAMING_ADD, + + /** Streaming permission for remove. */ + STREAMING_REMOVE, + /** Task {@code execute} permission. */ TASK_EXECUTE,
