ignite-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From se...@apache.org
Subject [17/46] incubator-ignite git commit: #gg-9809: add temp class SecurityContextImpl.
Date Wed, 25 Feb 2015 00:36:40 GMT
#gg-9809: add temp class SecurityContextImpl.


Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/15a5c084
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/15a5c084
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/15a5c084

Branch: refs/heads/ignite-sql-tests
Commit: 15a5c084fb2689b8511f6b1e069e3ccb9364252e
Parents: f9f27f0
Author: ivasilinets <ivasilinets@gridgain.com>
Authored: Wed Feb 18 15:23:33 2015 +0300
Committer: ivasilinets <ivasilinets@gridgain.com>
Committed: Wed Feb 18 15:23:33 2015 +0300

----------------------------------------------------------------------
 .../security/os/GridOsSecurityProcessor.java    | 256 ------------------
 .../security/os/SecurityContextImpl.java        | 265 +++++++++++++++++++
 2 files changed, 265 insertions(+), 256 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/15a5c084/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
index b83935e..8366b77 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
@@ -28,7 +28,6 @@ import org.apache.ignite.internal.util.typedef.internal.*;
 import org.apache.ignite.plugin.security.*;
 import org.jetbrains.annotations.*;
 
-import java.io.*;
 import java.net.*;
 import java.util.*;
 
@@ -221,259 +220,4 @@ public class GridOsSecurityProcessor extends GridProcessorAdapter implements
Gri
             return S.toString(GridSecuritySubjectAdapter.class, this);
         }
     }
-
-    /**
-     * TODO: remove
-     */
-    private class SecurityContextImpl implements SecurityContext, Externalizable {
-        /** */
-        private static final long serialVersionUID = 0L;
-
-        /**
-         * Visor ignite tasks prefix.
-         */
-        private static final String VISOR_IGNITE_TASK_PREFIX = "org.apache.ignite.internal.visor.";
-
-        /**
-         * Visor gridgain tasks prefix.
-         */
-        private static final String VISOR_GRIDGAIN_TASK_PREFIX = "org.gridgain.grid.internal.visor.";
-
-        /**
-         * Cache query task name.
-         */
-        public static final String VISOR_CACHE_QUERY_TASK_NAME =
-            "org.apache.ignite.internal.visor.query.VisorQueryTask";
-
-        /**
-         * Cache load task name.
-         */
-        public static final String VISOR_CACHE_LOAD_TASK_NAME =
-            "org.apache.ignite.internal.visor.cache.VisorCacheLoadTask";
-
-        /**
-         * Cache clear task name.
-         */
-        public static final String VISOR_CACHE_CLEAR_TASK_NAME =
-            "org.apache.ignite.internal.visor.query.VisorQueryCleanupTask";
-
-        /**
-         * Security subject.
-         */
-        private GridSecuritySubject subj;
-
-        /**
-         * String task permissions.
-         */
-        private Map<String, Collection<GridSecurityPermission>> strictTaskPermissions
= new LinkedHashMap<>();
-
-        /**
-         * String task permissions.
-         */
-        private Map<String, Collection<GridSecurityPermission>> wildcardTaskPermissions
= new LinkedHashMap<>();
-
-        /**
-         * String task permissions.
-         */
-        private Map<String, Collection<GridSecurityPermission>> strictCachePermissions
= new LinkedHashMap<>();
-
-        /**
-         * String task permissions.
-         */
-        private Map<String, Collection<GridSecurityPermission>> wildcardCachePermissions
= new LinkedHashMap<>();
-
-        /**
-         * System-wide permissions.
-         */
-        private Collection<GridSecurityPermission> sysPermissions;
-
-        /**
-         * Empty constructor required by {@link Externalizable}.
-         */
-        public SecurityContextImpl() {
-            // No-op.
-        }
-
-        /**
-         * @param subj Subject.
-         */
-        public SecurityContextImpl(GridSecuritySubject subj) {
-            this.subj = subj;
-
-            initRules();
-        }
-
-        /**
-         * @return Security subject.
-         */
-        public GridSecuritySubject subject() {
-            return subj;
-        }
-
-        /**
-         * Checks whether task operation is allowed.
-         *
-         * @param taskClsName Task class name.
-         * @param perm        Permission to check.
-         * @return {@code True} if task operation is allowed.
-         */
-        public boolean taskOperationAllowed(String taskClsName, GridSecurityPermission perm)
{
-            assert perm == GridSecurityPermission.TASK_EXECUTE || perm == GridSecurityPermission.TASK_CANCEL;
-
-            if (visorTask(taskClsName))
-                return visorTaskAllowed(taskClsName);
-
-            Collection<GridSecurityPermission> p = strictTaskPermissions.get(taskClsName);
-
-            if (p != null)
-                return p.contains(perm);
-
-            for (Map.Entry<String, Collection<GridSecurityPermission>> entry
: wildcardTaskPermissions.entrySet()) {
-                if (taskClsName.startsWith(entry.getKey()))
-                    return entry.getValue().contains(perm);
-            }
-
-            return subj.permissions().defaultAllowAll();
-        }
-
-        /**
-         * Checks whether cache operation is allowed.
-         *
-         * @param cacheName Cache name.
-         * @param perm      Permission to check.
-         * @return {@code True} if cache operation is allowed.
-         */
-        public boolean cacheOperationAllowed(String cacheName, GridSecurityPermission perm)
{
-            assert perm == GridSecurityPermission.CACHE_PUT || perm == GridSecurityPermission.CACHE_READ
||
-                perm == GridSecurityPermission.CACHE_REMOVE;
-
-            Collection<GridSecurityPermission> p = strictCachePermissions.get(cacheName);
-
-            if (p != null)
-                return p.contains(perm);
-
-            for (Map.Entry<String, Collection<GridSecurityPermission>> entry
: wildcardCachePermissions.entrySet()) {
-                if (cacheName != null) {
-                    if (cacheName.startsWith(entry.getKey()))
-                        return entry.getValue().contains(perm);
-                } else {
-                    // Match null cache to '*'
-                    if (entry.getKey().isEmpty())
-                        return entry.getValue().contains(perm);
-                }
-            }
-
-            return subj.permissions().defaultAllowAll();
-        }
-
-        /**
-         * Checks whether system-wide permission is allowed (excluding Visor task operations).
-         *
-         * @param perm Permission to check.
-         * @return {@code True} if system operation is allowed.
-         */
-        public boolean systemOperationAllowed(GridSecurityPermission perm) {
-            if (sysPermissions == null)
-                return subj.permissions().defaultAllowAll();
-
-            boolean ret = sysPermissions.contains(perm);
-
-            if (!ret && (perm == GridSecurityPermission.EVENTS_ENABLE || perm ==
GridSecurityPermission.EVENTS_DISABLE))
-                ret = sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
-
-            return ret;
-        }
-
-        /**
-         * Checks if task is Visor task.
-         *
-         * @param taskCls Task class name.
-         * @return {@code True} if task is Visor task.
-         */
-        private boolean visorTask(String taskCls) {
-            return taskCls.startsWith(VISOR_IGNITE_TASK_PREFIX) || taskCls.startsWith(VISOR_GRIDGAIN_TASK_PREFIX);
-        }
-
-        /**
-         * Checks if Visor task is allowed for execution.
-         *
-         * @param taskName Task name.
-         * @return {@code True} if execution is allowed.
-         */
-        private boolean visorTaskAllowed(String taskName) {
-            if (sysPermissions == null)
-                return subj.permissions().defaultAllowAll();
-
-            switch (taskName) {
-                case VISOR_CACHE_QUERY_TASK_NAME:
-                    return sysPermissions.contains(GridSecurityPermission.ADMIN_QUERY);
-                case VISOR_CACHE_LOAD_TASK_NAME:
-                case VISOR_CACHE_CLEAR_TASK_NAME:
-                    return sysPermissions.contains(GridSecurityPermission.ADMIN_CACHE);
-                default:
-                    return sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
-            }
-        }
-
-        /**
-         * Init rules.
-         */
-        private void initRules() {
-            GridSecurityPermissionSet permSet = subj.permissions();
-
-            for (Map.Entry<String, Collection<GridSecurityPermission>> entry
: permSet.taskPermissions().entrySet()) {
-                String ptrn = entry.getKey();
-
-                Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
-
-                if (ptrn.endsWith("*")) {
-                    String noWildcard = ptrn.substring(0, ptrn.length() - 1);
-
-                    wildcardTaskPermissions.put(noWildcard, vals);
-                } else
-                    strictTaskPermissions.put(ptrn, vals);
-            }
-
-            for (Map.Entry<String, Collection<GridSecurityPermission>> entry
: permSet.cachePermissions().entrySet()) {
-                String ptrn = entry.getKey();
-
-                Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
-
-                if (ptrn != null && ptrn.endsWith("*")) {
-                    String noWildcard = ptrn.substring(0, ptrn.length() - 1);
-
-                    wildcardCachePermissions.put(noWildcard, vals);
-                } else
-                    strictCachePermissions.put(ptrn, vals);
-            }
-
-            sysPermissions = permSet.systemPermissions();
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        @Override
-        public void writeExternal(ObjectOutput out) throws IOException {
-            out.writeObject(subj);
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        @Override
-        public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException
{
-            subj = (GridSecuritySubject) in.readObject();
-
-            initRules();
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        @Override
-        public String toString() {
-            return S.toString(SecurityContextImpl.class, this);
-        }
-    }
 }

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/15a5c084/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java
new file mode 100644
index 0000000..136ab3f
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java
@@ -0,0 +1,265 @@
+package org.apache.ignite.internal.processors.security.os;
+
+import org.apache.ignite.internal.processors.security.*;
+import org.apache.ignite.internal.util.typedef.internal.*;
+import org.apache.ignite.plugin.security.*;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * TODO: remove
+ */
+public class SecurityContextImpl implements SecurityContext, Externalizable
+
+    {
+        /** */
+        private static final long serialVersionUID = 0L;
+
+        /**
+         * Visor ignite tasks prefix.
+         */
+        private static final String VISOR_IGNITE_TASK_PREFIX = "org.apache.ignite.internal.visor.";
+
+        /**
+         * Visor gridgain tasks prefix.
+         */
+        private static final String VISOR_GRIDGAIN_TASK_PREFIX = "org.gridgain.grid.internal.visor.";
+
+        /**
+         * Cache query task name.
+         */
+        public static final String VISOR_CACHE_QUERY_TASK_NAME =
+            "org.apache.ignite.internal.visor.query.VisorQueryTask";
+
+        /**
+         * Cache load task name.
+         */
+        public static final String VISOR_CACHE_LOAD_TASK_NAME =
+            "org.apache.ignite.internal.visor.cache.VisorCacheLoadTask";
+
+        /**
+         * Cache clear task name.
+         */
+        public static final String VISOR_CACHE_CLEAR_TASK_NAME =
+            "org.apache.ignite.internal.visor.query.VisorQueryCleanupTask";
+
+        /**
+         * Security subject.
+         */
+        private GridSecuritySubject subj;
+
+        /**
+         * String task permissions.
+         */
+        private Map<String, Collection<GridSecurityPermission>> strictTaskPermissions
= new LinkedHashMap<>();
+
+        /**
+         * String task permissions.
+         */
+        private Map<String, Collection<GridSecurityPermission>> wildcardTaskPermissions
= new LinkedHashMap<>();
+
+        /**
+         * String task permissions.
+         */
+        private Map<String, Collection<GridSecurityPermission>> strictCachePermissions
= new LinkedHashMap<>();
+
+        /**
+         * String task permissions.
+         */
+        private Map<String, Collection<GridSecurityPermission>> wildcardCachePermissions
= new LinkedHashMap<>();
+
+        /**
+         * System-wide permissions.
+         */
+        private Collection<GridSecurityPermission> sysPermissions;
+
+        /**
+         * Empty constructor required by {@link Externalizable}.
+         */
+        public SecurityContextImpl() {
+        // No-op.
+    }
+
+        /**
+         * @param subj Subject.
+         */
+        public SecurityContextImpl(GridSecuritySubject subj) {
+        this.subj = subj;
+
+        initRules();
+    }
+
+        /**
+         * @return Security subject.
+         */
+    public GridSecuritySubject subject() {
+        return subj;
+    }
+
+    /**
+     * Checks whether task operation is allowed.
+     *
+     * @param taskClsName Task class name.
+     * @param perm        Permission to check.
+     * @return {@code True} if task operation is allowed.
+     */
+    public boolean taskOperationAllowed(String taskClsName, GridSecurityPermission perm)
{
+        assert perm == GridSecurityPermission.TASK_EXECUTE || perm == GridSecurityPermission.TASK_CANCEL;
+
+        if (visorTask(taskClsName))
+            return visorTaskAllowed(taskClsName);
+
+        Collection<GridSecurityPermission> p = strictTaskPermissions.get(taskClsName);
+
+        if (p != null)
+            return p.contains(perm);
+
+        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardTaskPermissions.entrySet())
{
+            if (taskClsName.startsWith(entry.getKey()))
+                return entry.getValue().contains(perm);
+        }
+
+        return subj.permissions().defaultAllowAll();
+    }
+
+    /**
+     * Checks whether cache operation is allowed.
+     *
+     * @param cacheName Cache name.
+     * @param perm      Permission to check.
+     * @return {@code True} if cache operation is allowed.
+     */
+    public boolean cacheOperationAllowed(String cacheName, GridSecurityPermission perm) {
+        assert perm == GridSecurityPermission.CACHE_PUT || perm == GridSecurityPermission.CACHE_READ
||
+            perm == GridSecurityPermission.CACHE_REMOVE;
+
+        Collection<GridSecurityPermission> p = strictCachePermissions.get(cacheName);
+
+        if (p != null)
+            return p.contains(perm);
+
+        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardCachePermissions.entrySet())
{
+            if (cacheName != null) {
+                if (cacheName.startsWith(entry.getKey()))
+                    return entry.getValue().contains(perm);
+            } else {
+                // Match null cache to '*'
+                if (entry.getKey().isEmpty())
+                    return entry.getValue().contains(perm);
+            }
+        }
+
+        return subj.permissions().defaultAllowAll();
+    }
+
+    /**
+     * Checks whether system-wide permission is allowed (excluding Visor task operations).
+     *
+     * @param perm Permission to check.
+     * @return {@code True} if system operation is allowed.
+     */
+    public boolean systemOperationAllowed(GridSecurityPermission perm) {
+        if (sysPermissions == null)
+            return subj.permissions().defaultAllowAll();
+
+        boolean ret = sysPermissions.contains(perm);
+
+        if (!ret && (perm == GridSecurityPermission.EVENTS_ENABLE || perm == GridSecurityPermission.EVENTS_DISABLE))
+            ret = sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
+
+        return ret;
+    }
+
+    /**
+     * Checks if task is Visor task.
+     *
+     * @param taskCls Task class name.
+     * @return {@code True} if task is Visor task.
+     */
+    private boolean visorTask(String taskCls) {
+        return taskCls.startsWith(VISOR_IGNITE_TASK_PREFIX) || taskCls.startsWith(VISOR_GRIDGAIN_TASK_PREFIX);
+    }
+
+    /**
+     * Checks if Visor task is allowed for execution.
+     *
+     * @param taskName Task name.
+     * @return {@code True} if execution is allowed.
+     */
+    private boolean visorTaskAllowed(String taskName) {
+        if (sysPermissions == null)
+            return subj.permissions().defaultAllowAll();
+
+        switch (taskName) {
+            case VISOR_CACHE_QUERY_TASK_NAME:
+                return sysPermissions.contains(GridSecurityPermission.ADMIN_QUERY);
+            case VISOR_CACHE_LOAD_TASK_NAME:
+            case VISOR_CACHE_CLEAR_TASK_NAME:
+                return sysPermissions.contains(GridSecurityPermission.ADMIN_CACHE);
+            default:
+                return sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
+        }
+    }
+
+    /**
+     * Init rules.
+     */
+    private void initRules() {
+        GridSecurityPermissionSet permSet = subj.permissions();
+
+        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.taskPermissions().entrySet())
{
+            String ptrn = entry.getKey();
+
+            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
+
+            if (ptrn.endsWith("*")) {
+                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
+
+                wildcardTaskPermissions.put(noWildcard, vals);
+            } else
+                strictTaskPermissions.put(ptrn, vals);
+        }
+
+        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.cachePermissions().entrySet())
{
+            String ptrn = entry.getKey();
+
+            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
+
+            if (ptrn != null && ptrn.endsWith("*")) {
+                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
+
+                wildcardCachePermissions.put(noWildcard, vals);
+            } else
+                strictCachePermissions.put(ptrn, vals);
+        }
+
+        sysPermissions = permSet.systemPermissions();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void writeExternal(ObjectOutput out) throws IOException {
+        out.writeObject(subj);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
+        subj = (GridSecuritySubject) in.readObject();
+
+        initRules();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String toString() {
+        return S.toString(SecurityContextImpl.class, this);
+    }
+}


Mime
View raw message