ignite-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sboi...@apache.org
Subject [09/50] [abbrv] incubator-ignite git commit: #ignite-189: review
Date Fri, 13 Feb 2015 16:25:36 GMT
#ignite-189: review


Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/baf00881
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/baf00881
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/baf00881

Branch: refs/heads/sprint-1
Commit: baf008813a97c71d891bc19f2db5c5b2f851a255
Parents: 48ba885
Author: ivasilinets <ivasilinets@gridgain.com>
Authored: Thu Feb 12 17:44:46 2015 +0300
Committer: ivasilinets <ivasilinets@gridgain.com>
Committed: Thu Feb 12 17:44:46 2015 +0300

----------------------------------------------------------------------
 .../ignite/internal/GridKernalContext.java      |   4 +-
 .../ignite/internal/GridKernalContextImpl.java  |   4 +-
 .../apache/ignite/internal/IgniteKernal.java    |   4 +-
 .../ignite/internal/IgniteNodeAttributes.java   |   4 -
 .../managers/GridNoopManagerAdapter.java        |  89 -------
 .../discovery/GridDiscoveryManager.java         |   2 +-
 .../securesession/GridSecureSession.java        |  54 ----
 .../GridSecureSessionProcessor.java             |  60 -----
 .../os/GridOsSecureSessionProcessor.java        |  61 -----
 .../security/GridAllowAllPermissionSet.java     |  55 ----
 .../managers/security/GridSecurityContext.java  | 248 -------------------
 .../security/GridSecurityProcessor.java         |  99 --------
 .../security/GridSecuritySubjectAdapter.java    | 131 ----------
 .../security/os/GridOsSecurityProcessor.java    | 102 --------
 .../processors/GridNoopProcessorAdapter.java    |  88 +++++++
 .../processors/rest/GridRestProcessor.java      |   4 +-
 .../securesession/GridSecureSession.java        |  54 ++++
 .../GridSecureSessionProcessor.java             |  59 +++++
 .../os/GridOsSecureSessionProcessor.java        |  61 +++++
 .../security/GridAllowAllPermissionSet.java     |  55 ++++
 .../security/GridSecurityContext.java           | 248 +++++++++++++++++++
 .../security/GridSecurityProcessor.java         |  98 ++++++++
 .../security/GridSecuritySubjectAdapter.java    | 131 ++++++++++
 .../security/os/GridOsSecurityProcessor.java    | 102 ++++++++
 .../ignite/internal/util/IgniteUtils.java       |  12 -
 .../optimized/optimized-classnames.properties   |   4 +-
 .../DiscoverySpiNodeAuthenticator.java          |   2 +-
 .../spi/discovery/tcp/TcpDiscoverySpi.java      |   2 +-
 .../discovery/AbstractDiscoverySelfTest.java    |   2 +-
 .../tcp/TcpDiscoverySpiStartStopSelfTest.java   |   2 +-
 .../junits/spi/GridSpiAbstractTest.java         |   2 +-
 31 files changed, 912 insertions(+), 931 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java
index d7cccd6..e8c280b 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContext.java
@@ -28,8 +28,6 @@ import org.apache.ignite.internal.managers.eventstorage.*;
 import org.apache.ignite.internal.managers.failover.*;
 import org.apache.ignite.internal.managers.indexing.*;
 import org.apache.ignite.internal.managers.loadbalancer.*;
-import org.apache.ignite.internal.managers.securesession.*;
-import org.apache.ignite.internal.managers.security.*;
 import org.apache.ignite.internal.managers.swapspace.*;
 import org.apache.ignite.internal.processors.affinity.*;
 import org.apache.ignite.internal.processors.cache.*;
@@ -51,6 +49,8 @@ import org.apache.ignite.internal.processors.query.*;
 import org.apache.ignite.internal.processors.resource.*;
 import org.apache.ignite.internal.processors.rest.*;
 import org.apache.ignite.internal.processors.schedule.*;
+import org.apache.ignite.internal.processors.securesession.*;
+import org.apache.ignite.internal.processors.security.*;
 import org.apache.ignite.internal.processors.segmentation.*;
 import org.apache.ignite.internal.processors.service.*;
 import org.apache.ignite.internal.processors.session.*;

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java
index c6f4087..9528748 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/GridKernalContextImpl.java
@@ -28,8 +28,6 @@ import org.apache.ignite.internal.managers.eventstorage.*;
 import org.apache.ignite.internal.managers.failover.*;
 import org.apache.ignite.internal.managers.indexing.*;
 import org.apache.ignite.internal.managers.loadbalancer.*;
-import org.apache.ignite.internal.managers.securesession.*;
-import org.apache.ignite.internal.managers.security.*;
 import org.apache.ignite.internal.managers.swapspace.*;
 import org.apache.ignite.internal.processors.affinity.*;
 import org.apache.ignite.internal.processors.cache.*;
@@ -55,6 +53,8 @@ import org.apache.ignite.internal.processors.query.*;
 import org.apache.ignite.internal.processors.resource.*;
 import org.apache.ignite.internal.processors.rest.*;
 import org.apache.ignite.internal.processors.schedule.*;
+import org.apache.ignite.internal.processors.securesession.*;
+import org.apache.ignite.internal.processors.security.*;
 import org.apache.ignite.internal.processors.segmentation.*;
 import org.apache.ignite.internal.processors.service.*;
 import org.apache.ignite.internal.processors.session.*;

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java
index 4219602..b168c28 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java
@@ -32,8 +32,6 @@ import org.apache.ignite.internal.managers.eventstorage.*;
 import org.apache.ignite.internal.managers.failover.*;
 import org.apache.ignite.internal.managers.indexing.*;
 import org.apache.ignite.internal.managers.loadbalancer.*;
-import org.apache.ignite.internal.managers.securesession.*;
-import org.apache.ignite.internal.managers.security.*;
 import org.apache.ignite.internal.managers.swapspace.*;
 import org.apache.ignite.internal.processors.*;
 import org.apache.ignite.internal.processors.affinity.*;
@@ -54,6 +52,8 @@ import org.apache.ignite.internal.processors.portable.*;
 import org.apache.ignite.internal.processors.query.*;
 import org.apache.ignite.internal.processors.resource.*;
 import org.apache.ignite.internal.processors.rest.*;
+import org.apache.ignite.internal.processors.securesession.*;
+import org.apache.ignite.internal.processors.security.*;
 import org.apache.ignite.internal.processors.segmentation.*;
 import org.apache.ignite.internal.processors.service.*;
 import org.apache.ignite.internal.processors.session.*;

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java
index a2d8d3c..eab6b37 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteNodeAttributes.java
@@ -57,10 +57,6 @@ public final class IgniteNodeAttributes {
     /** Internal attribute name postfix constant. */
     public static final String ATTR_SPI_CLASS = ATTR_PREFIX + ".spi.class";
 
-    public static final String ATTR_AUTHENTICATION_CLASS = ATTR_PREFIX + ".authentication.class";
-
-    public static final String ATTR_SECURE_SESSION_CLASS = ATTR_PREFIX + ".securesession.class";
-
     /** Internal attribute name constant. */
     public static final String ATTR_CACHE = ATTR_PREFIX + ".cache";
 

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/GridNoopManagerAdapter.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/GridNoopManagerAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/GridNoopManagerAdapter.java
deleted file mode 100644
index 9d8c270..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/GridNoopManagerAdapter.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.managers;
-
-import org.apache.ignite.*;
-import org.apache.ignite.cluster.*;
-import org.apache.ignite.internal.*;
-import org.apache.ignite.internal.processors.*;
-import org.apache.ignite.spi.*;
-import org.jetbrains.annotations.*;
-
-import java.util.*;
-
-/**
- * No-op {@link GridManager} adapter.
- */
-public class GridNoopManagerAdapter implements GridProcessor {
-    /**
-     * @param ctx Kernal context.
-     */
-    public GridNoopManagerAdapter(GridKernalContext ctx) {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Override public void addAttributes(Map<String, Object> attrs) throws IgniteCheckedException {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Override public void start() throws IgniteCheckedException {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Override public void stop(boolean cancel) throws IgniteCheckedException {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Override public void onKernalStart() throws IgniteCheckedException {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Override public void onKernalStop(boolean cancel) {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Nullable @Override public DiscoveryDataExchangeType discoveryDataType() {
-        return null;
-    }
-
-    /** {@inheritDoc} */
-    @Nullable @Override public Object collectDiscoveryData(UUID nodeId) {
-        return null;
-    }
-
-    /** {@inheritDoc} */
-    @Override public void onDiscoveryDataReceived(Object data) {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Override public void printMemoryStats() {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Nullable @Override public IgniteSpiNodeValidationResult validateNode(ClusterNode node) {
-        return null;
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
index 39df697..bd5cff2 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
@@ -24,9 +24,9 @@ import org.apache.ignite.internal.*;
 import org.apache.ignite.internal.managers.*;
 import org.apache.ignite.internal.managers.communication.*;
 import org.apache.ignite.internal.managers.eventstorage.*;
-import org.apache.ignite.internal.managers.security.*;
 import org.apache.ignite.internal.processors.cache.*;
 import org.apache.ignite.internal.processors.jobmetrics.*;
+import org.apache.ignite.internal.processors.security.*;
 import org.apache.ignite.internal.util.*;
 import org.apache.ignite.internal.util.future.*;
 import org.apache.ignite.internal.util.lang.*;

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/GridSecureSession.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/GridSecureSession.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/GridSecureSession.java
deleted file mode 100644
index 38e724c..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/GridSecureSession.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.managers.securesession;
-
-import org.apache.ignite.internal.managers.security.*;
-
-/**
- * Secure session object.
- */
-public class GridSecureSession {
-    /** Authentication subject context returned by authentication SPI. */
-    private GridSecurityContext authSubjCtx;
-
-    /** Session creation time. */
-    private byte[] sesTok;
-
-    /**
-     * @param authSubjCtx Authentication subject context.
-     * @param sesTok Session token.
-     */
-    public GridSecureSession(GridSecurityContext authSubjCtx, byte[] sesTok) {
-        this.authSubjCtx = authSubjCtx;
-        this.sesTok = sesTok;
-    }
-
-    /**
-     * @return Authentication subject context returned by authentication SPI.
-     */
-    public GridSecurityContext authenticationSubjectContext() {
-        return authSubjCtx;
-    }
-
-    /**
-     * @return Session creation time.
-     */
-    public byte[] sessionToken() {
-        return sesTok;
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/GridSecureSessionProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/GridSecureSessionProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/GridSecureSessionProcessor.java
deleted file mode 100644
index 5921c70..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/GridSecureSessionProcessor.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.managers.securesession;
-
-import org.apache.ignite.*;
-import org.apache.ignite.internal.managers.security.*;
-import org.apache.ignite.internal.processors.*;
-import org.apache.ignite.plugin.security.*;
-import org.jetbrains.annotations.*;
-
-import java.util.*;
-
-/**
- * This interface defines a grid secure session manager.
- */
-public interface GridSecureSessionProcessor extends GridProcessor {
-    /**
-     * @param subjType Subject type.
-     * @param subjId Subject ID.
-     * @param tok Token.
-     * @param params Parameters.
-     * @return Validated secure session or {@code null} if session is not valid.
-     * @throws IgniteCheckedException If error occurred.
-     */
-    public GridSecureSession validateSession(GridSecuritySubjectType subjType, UUID subjId, @Nullable byte[] tok,
-        @Nullable Object params) throws IgniteCheckedException;
-
-    /**
-     * Generates secure session token.
-     *
-     * @param subjType Subject type.
-     * @param subjId Subject ID.
-     * @param subjCtx Authentication subject context.
-     * @param params Params.
-     * @return Generated session token.
-     */
-    public byte[] updateSession(GridSecuritySubjectType subjType, UUID subjId, GridSecurityContext subjCtx,
-        @Nullable Object params) throws IgniteCheckedException;
-
-    /**
-     * @return Returns {@code true} if at least one SPI does not have a {@code NO-OP}
-     *      implementation, {@code false} otherwise.
-     */
-    public boolean enabled();
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/os/GridOsSecureSessionProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/os/GridOsSecureSessionProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/os/GridOsSecureSessionProcessor.java
deleted file mode 100644
index daa5456..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/securesession/os/GridOsSecureSessionProcessor.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.managers.securesession.os;
-
-import org.apache.ignite.*;
-import org.apache.ignite.internal.*;
-import org.apache.ignite.internal.managers.*;
-import org.apache.ignite.internal.managers.securesession.*;
-import org.apache.ignite.internal.managers.security.*;
-import org.apache.ignite.plugin.security.*;
-import org.jetbrains.annotations.*;
-
-import java.util.*;
-
-/**
- * No-op implementation for {@link GridSecureSessionProcessor}.
- */
-public class GridOsSecureSessionProcessor extends GridNoopManagerAdapter implements GridSecureSessionProcessor {
-    /** Empty bytes. */
-    private static final byte[] EMPTY_BYTES = new byte[0];
-
-    /**
-     * @param ctx Kernal context.
-     */
-    public GridOsSecureSessionProcessor(GridKernalContext ctx) {
-        super(ctx);
-    }
-
-    /** {@inheritDoc} */
-    @Override public GridSecureSession validateSession(GridSecuritySubjectType subjType, UUID subjId,
-        @Nullable byte[] tok,
-        @Nullable Object params) throws IgniteCheckedException {
-        return null;
-    }
-
-    /** {@inheritDoc} */
-    @Override public byte[] updateSession(GridSecuritySubjectType subjType, UUID subjId, GridSecurityContext subjCtx,
-        @Nullable Object params) {
-        return EMPTY_BYTES;
-    }
-
-    /** {@inheritDoc} */
-    @Override public boolean enabled() {
-        return false;
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridAllowAllPermissionSet.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridAllowAllPermissionSet.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridAllowAllPermissionSet.java
deleted file mode 100644
index b721c0c..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridAllowAllPermissionSet.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.managers.security;
-
-import org.apache.ignite.plugin.security.*;
-
-import java.util.*;
-
-/**
-* Allow all permission set.
-*/
-public class GridAllowAllPermissionSet implements GridSecurityPermissionSet {
-    /** */
-    private static final long serialVersionUID = 0L;
-
-    /** {@inheritDoc} */
-    @Override public boolean defaultAllowAll() {
-        return true;
-    }
-
-    /** {@inheritDoc} */
-    @Override public Map<String, Collection<GridSecurityPermission>> taskPermissions() {
-        return Collections.emptyMap();
-    }
-
-    /** {@inheritDoc} */
-    @Override public Map<String, Collection<GridSecurityPermission>> cachePermissions() {
-        return Collections.emptyMap();
-    }
-
-    /** {@inheritDoc} */
-    @Override public Collection<GridSecurityPermission> systemPermissions() {
-        return null;
-    }
-
-    /** {@inheritDoc} */
-    public String toString() {
-        return getClass().getSimpleName();
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityContext.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityContext.java
deleted file mode 100644
index adb77d3..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityContext.java
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.managers.security;
-
-import org.apache.ignite.internal.util.typedef.internal.*;
-import org.apache.ignite.plugin.security.*;
-
-import java.io.*;
-import java.util.*;
-
-/**
- * Security context.
- */
-public class GridSecurityContext implements Externalizable {
-    /** */
-    private static final long serialVersionUID = 0L;
-
-    /** Visor tasks prefix. */
-    private static final String VISOR_TASK_PREFIX = "org.apache.ignite.internal.visor.";
-
-    /** Cache query task name. */
-    public static final String VISOR_CACHE_QUERY_TASK_NAME =
-        "org.apache.ignite.internal.visor.query.VisorQueryTask";
-
-    /** Cache load task name. */
-    public static final String VISOR_CACHE_LOAD_TASK_NAME =
-        "org.apache.ignite.internal.visor.cache.VisorCacheLoadTask";
-
-    /** Cache clear task name. */
-    public static final String VISOR_CACHE_CLEAR_TASK_NAME =
-        "org.apache.ignite.internal.visor.query.VisorQueryCleanupTask";
-
-    /** Security subject. */
-    private GridSecuritySubject subj;
-
-    /** String task permissions. */
-    private Map<String, Collection<GridSecurityPermission>> strictTaskPermissions = new LinkedHashMap<>();
-
-    /** String task permissions. */
-    private Map<String, Collection<GridSecurityPermission>> wildcardTaskPermissions = new LinkedHashMap<>();
-
-    /** String task permissions. */
-    private Map<String, Collection<GridSecurityPermission>> strictCachePermissions = new LinkedHashMap<>();
-
-    /** String task permissions. */
-    private Map<String, Collection<GridSecurityPermission>> wildcardCachePermissions = new LinkedHashMap<>();
-
-    /** System-wide permissions. */
-    private Collection<GridSecurityPermission> sysPermissions;
-
-    /**
-     * Empty constructor required by {@link Externalizable}.
-     */
-    public GridSecurityContext() {
-        // No-op.
-    }
-
-    /**
-     * @param subj Subject.
-     */
-    public GridSecurityContext(GridSecuritySubject subj) {
-        this.subj = subj;
-
-        initRules();
-    }
-
-    /**
-     * @return Security subject.
-     */
-    public GridSecuritySubject subject() {
-        return subj;
-    }
-
-    /**
-     * Checks whether task operation is allowed.
-     *
-     * @param taskClsName Task class name.
-     * @param perm Permission to check.
-     * @return {@code True} if task operation is allowed.
-     */
-    public boolean taskOperationAllowed(String taskClsName, GridSecurityPermission perm) {
-        assert perm == GridSecurityPermission.TASK_EXECUTE || perm == GridSecurityPermission.TASK_CANCEL;
-
-        if (visorTask(taskClsName))
-            return visorTaskAllowed(taskClsName);
-
-        Collection<GridSecurityPermission> p = strictTaskPermissions.get(taskClsName);
-
-        if (p != null)
-            return p.contains(perm);
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardTaskPermissions.entrySet()) {
-            if (taskClsName.startsWith(entry.getKey()))
-                return entry.getValue().contains(perm);
-        }
-
-        return subj.permissions().defaultAllowAll();
-    }
-
-    /**
-     * Checks whether cache operation is allowed.
-     *
-     * @param cacheName Cache name.
-     * @param perm Permission to check.
-     * @return {@code True} if cache operation is allowed.
-     */
-    public boolean cacheOperationAllowed(String cacheName, GridSecurityPermission perm) {
-        assert perm == GridSecurityPermission.CACHE_PUT || perm == GridSecurityPermission.CACHE_READ ||
-            perm == GridSecurityPermission.CACHE_REMOVE;
-
-        Collection<GridSecurityPermission> p = strictCachePermissions.get(cacheName);
-
-        if (p != null)
-            return p.contains(perm);
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardCachePermissions.entrySet()) {
-            if (cacheName != null) {
-                if (cacheName.startsWith(entry.getKey()))
-                    return entry.getValue().contains(perm);
-            }
-            else {
-                // Match null cache to '*'
-                if (entry.getKey().isEmpty())
-                    return entry.getValue().contains(perm);
-            }
-        }
-
-        return subj.permissions().defaultAllowAll();
-    }
-
-    /**
-     * Checks whether system-wide permission is allowed (excluding Visor task operations).
-     *
-     * @param perm Permission to check.
-     * @return {@code True} if system operation is allowed.
-     */
-    public boolean systemOperationAllowed(GridSecurityPermission perm) {
-        if (sysPermissions == null)
-            return subj.permissions().defaultAllowAll();
-
-        boolean ret = sysPermissions.contains(perm);
-
-        if (!ret && (perm == GridSecurityPermission.EVENTS_ENABLE || perm == GridSecurityPermission.EVENTS_DISABLE))
-            ret = sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
-
-        return ret;
-    }
-
-    /**
-     * Checks if task is Visor task.
-     *
-     * @param taskCls Task class name.
-     * @return {@code True} if task is Visor task.
-     */
-    private boolean visorTask(String taskCls) {
-        return taskCls.startsWith(VISOR_TASK_PREFIX);
-    }
-
-    /**
-     * Checks if Visor task is allowed for execution.
-     *
-     * @param taskName Task name.
-     * @return {@code True} if execution is allowed.
-     */
-    private boolean visorTaskAllowed(String taskName) {
-        if (sysPermissions == null)
-            return subj.permissions().defaultAllowAll();
-
-        switch (taskName) {
-            case VISOR_CACHE_QUERY_TASK_NAME:
-                return sysPermissions.contains(GridSecurityPermission.ADMIN_QUERY);
-            case VISOR_CACHE_LOAD_TASK_NAME:
-            case VISOR_CACHE_CLEAR_TASK_NAME:
-                return sysPermissions.contains(GridSecurityPermission.ADMIN_CACHE);
-            default:
-                return sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
-        }
-    }
-
-    /**
-     * Init rules.
-     */
-    private void initRules() {
-        GridSecurityPermissionSet permSet = subj.permissions();
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.taskPermissions().entrySet()) {
-            String ptrn = entry.getKey();
-
-            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
-
-            if (ptrn.endsWith("*")) {
-                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
-
-                wildcardTaskPermissions.put(noWildcard, vals);
-            }
-            else
-                strictTaskPermissions.put(ptrn, vals);
-        }
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.cachePermissions().entrySet()) {
-            String ptrn = entry.getKey();
-
-            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
-
-            if (ptrn != null && ptrn.endsWith("*")) {
-                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
-
-                wildcardCachePermissions.put(noWildcard, vals);
-            }
-            else
-                strictCachePermissions.put(ptrn, vals);
-        }
-
-        sysPermissions = permSet.systemPermissions();
-    }
-
-    /** {@inheritDoc} */
-    @Override public void writeExternal(ObjectOutput out) throws IOException {
-        out.writeObject(subj);
-    }
-
-    /** {@inheritDoc} */
-    @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
-        subj = (GridSecuritySubject)in.readObject();
-
-        initRules();
-    }
-
-    /** {@inheritDoc} */
-    @Override public String toString() {
-        return S.toString(GridSecurityContext.class, this);
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityProcessor.java
deleted file mode 100644
index 6c67a3f..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecurityProcessor.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.managers.security;
-
-import org.apache.ignite.*;
-import org.apache.ignite.cluster.*;
-import org.apache.ignite.internal.processors.*;
-import org.apache.ignite.plugin.security.*;
-import org.apache.ignite.spi.authentication.*;
-import org.jetbrains.annotations.*;
-
-import java.util.*;
-
-/**
- * This interface defines a grid authentication manager.
- */
-public interface GridSecurityProcessor extends GridProcessor {
-    /**
-     * Authenticates grid node with it's attributes via underlying Authenticator.
-     *
-     * @param node Node id to authenticate.
-     * @param cred Security credentials.
-     * @return {@code True} if succeeded, {@code false} otherwise.
-     * @throws IgniteCheckedException If error occurred.
-     */
-    public GridSecurityContext authenticateNode(ClusterNode node, GridSecurityCredentials cred) throws IgniteCheckedException;
-
-    /**
-     * Gets flag indicating whether all nodes or coordinator only should run the authentication for joining node.
-     *
-     * @return {@code True} if all nodes should run authentication process, {@code false} otherwise.
-     */
-    public boolean isGlobalNodeAuthentication();
-
-    /**
-     * Authenticates subject via underlying Authenticator.
-     *
-     * @param ctx Authentication context.
-     * @return {@code True} if succeeded, {@code false} otherwise.
-     * @throws IgniteCheckedException If error occurred.
-     */
-    public GridSecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException;
-
-    /**
-     * Gets collection of authenticated nodes.
-     *
-     * @return Collection of authenticated nodes.
-     * @throws IgniteCheckedException If error occurred.
-     */
-    public Collection<GridSecuritySubject> authenticatedSubjects() throws IgniteCheckedException;
-
-    /**
-     * Gets authenticated node subject.
-     *
-     * @param subjId Subject ID.
-     * @return Security subject.
-     * @throws IgniteCheckedException If error occurred.
-     */
-    public GridSecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException;
-
-    /**
-     * Authorizes grid operation.
-     *
-     * @param name Cache name or task class name.
-     * @param perm Permission to authorize.
-     * @param securityCtx Optional security context.
-     * @throws GridSecurityException If security check failed.
-     */
-    public void authorize(String name, GridSecurityPermission perm, @Nullable GridSecurityContext securityCtx)
-        throws GridSecurityException;
-
-    /**
-     * Callback invoked when subject session got expired.
-     *
-     * @param subjId Subject ID.
-     */
-    public void onSessionExpired(UUID subjId);
-
-    /**
-     * @return Returns {@code true} if at least one SPI does not have a {@code NO-OP}
-     *      implementation, {@code false} otherwise.
-     */
-    public boolean enabled();
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecuritySubjectAdapter.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecuritySubjectAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecuritySubjectAdapter.java
deleted file mode 100644
index 5144bd5..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/GridSecuritySubjectAdapter.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.managers.security;
-
-import org.apache.ignite.internal.util.tostring.*;
-import org.apache.ignite.internal.util.typedef.internal.*;
-import org.apache.ignite.plugin.security.*;
-
-import java.net.*;
-import java.util.*;
-
-/**
- * Authenticated security subject.
- */
-public class GridSecuritySubjectAdapter implements GridSecuritySubject {
-    /** */
-    private static final long serialVersionUID = 0L;
-
-    /** Subject ID. */
-    private UUID id;
-
-    /** Subject type. */
-    private GridSecuritySubjectType subjType;
-
-    /** Address. */
-    private InetSocketAddress addr;
-
-    /** Permissions assigned to a subject. */
-    private GridSecurityPermissionSet permissions;
-
-    /** Login. */
-    @GridToStringInclude
-    private Object login;
-
-    /**
-     * @param subjType Subject type.
-     * @param id Subject ID.
-     */
-    public GridSecuritySubjectAdapter(GridSecuritySubjectType subjType, UUID id) {
-        this.subjType = subjType;
-        this.id = id;
-    }
-
-    /**
-     * Gets subject ID.
-     *
-     * @return Subject ID.
-     */
-    @Override public UUID id() {
-        return id;
-    }
-
-    /**
-     * Gets subject type.
-     *
-     * @return Subject type.
-     */
-    @Override public GridSecuritySubjectType type() {
-        return subjType;
-    }
-
-    /**
-     * Gets subject address.
-     *
-     * @return Subject address.
-     */
-    @Override public InetSocketAddress address() {
-        return addr;
-    }
-
-    /**
-     * Sets subject address.
-     *
-     * @param addr Subject address.
-     */
-    public void address(InetSocketAddress addr) {
-        this.addr = addr;
-    }
-
-    /**
-     * Gets security permissions.
-     *
-     * @return Security permissions.
-     */
-    @Override public GridSecurityPermissionSet permissions() {
-        return permissions;
-    }
-
-    /** {@inheritDoc} */
-    @Override public Object login() {
-        return login;
-    }
-
-    /**
-     * Sets login provided by security credentials.
-     *
-     * @param login Login.
-     */
-    public void login(Object login) {
-        this.login = login;
-    }
-
-    /**
-     * Sets security permissions.
-     *
-     * @param permissions Permissions.
-     */
-    public void permissions(GridSecurityPermissionSet permissions) {
-        this.permissions = permissions;
-    }
-
-    /** {@inheritDoc} */
-    public String toString() {
-        return S.toString(GridSecuritySubjectAdapter.class, this);
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/managers/security/os/GridOsSecurityProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/os/GridOsSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/security/os/GridOsSecurityProcessor.java
deleted file mode 100644
index 62ebd67..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/security/os/GridOsSecurityProcessor.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.managers.security.os;
-
-import org.apache.ignite.*;
-import org.apache.ignite.cluster.*;
-import org.apache.ignite.internal.*;
-import org.apache.ignite.internal.managers.*;
-import org.apache.ignite.internal.managers.security.*;
-import org.apache.ignite.internal.util.typedef.*;
-import org.apache.ignite.plugin.security.*;
-import org.apache.ignite.spi.authentication.*;
-import org.jetbrains.annotations.*;
-
-import java.net.*;
-import java.util.*;
-
-/**
- * No-op implementation for {@link GridSecurityProcessor}.
- */
-public class GridOsSecurityProcessor extends GridNoopManagerAdapter implements GridSecurityProcessor {
-    /**
-     * @param ctx Kernal context.
-     */
-    public GridOsSecurityProcessor(GridKernalContext ctx) {
-        super(ctx);
-    }
-
-    /** Allow all permissions. */
-    private static final GridSecurityPermissionSet ALLOW_ALL = new GridAllowAllPermissionSet();
-
-    /** {@inheritDoc} */
-    @Override public GridSecurityContext authenticateNode(ClusterNode node, GridSecurityCredentials cred)
-        throws IgniteCheckedException {
-        GridSecuritySubjectAdapter s = new GridSecuritySubjectAdapter(GridSecuritySubjectType.REMOTE_NODE, node.id());
-
-        s.address(new InetSocketAddress(F.first(node.addresses()), 0));
-
-        s.permissions(ALLOW_ALL);
-
-        return new GridSecurityContext(s);
-    }
-
-    /** {@inheritDoc} */
-    @Override public boolean isGlobalNodeAuthentication() {
-        return false;
-    }
-
-    /** {@inheritDoc} */
-    @Override public GridSecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException {
-        GridSecuritySubjectAdapter s = new GridSecuritySubjectAdapter(authCtx.subjectType(), authCtx.subjectId());
-
-        s.permissions(ALLOW_ALL);
-        s.address(authCtx.address());
-
-        if (authCtx.credentials() != null)
-            s.login(authCtx.credentials().getLogin());
-
-        return new GridSecurityContext(s);
-    }
-
-    /** {@inheritDoc} */
-    @Override public Collection<GridSecuritySubject> authenticatedSubjects() {
-        return Collections.emptyList();
-    }
-
-    /** {@inheritDoc} */
-    @Override public GridSecuritySubject authenticatedSubject(UUID nodeId) {
-        return null;
-    }
-
-    /** {@inheritDoc} */
-    @Override public void authorize(String name, GridSecurityPermission perm, @Nullable GridSecurityContext securityCtx)
-        throws GridSecurityException {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Override public void onSessionExpired(UUID subjId) {
-        // No-op.
-    }
-
-    /** {@inheritDoc} */
-    @Override public boolean enabled() {
-        return false;
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/GridNoopProcessorAdapter.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/GridNoopProcessorAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/GridNoopProcessorAdapter.java
new file mode 100644
index 0000000..c771f25
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/GridNoopProcessorAdapter.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors;
+
+import org.apache.ignite.*;
+import org.apache.ignite.cluster.*;
+import org.apache.ignite.internal.*;
+import org.apache.ignite.spi.*;
+import org.jetbrains.annotations.*;
+
+import java.util.*;
+
+/**
+ * No-op {@link GridProcessor} adapter.
+ */
+public class GridNoopProcessorAdapter implements GridProcessor {
+    /**
+     * @param ctx Kernal context.
+     */
+    public GridNoopProcessorAdapter(GridKernalContext ctx) {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public void addAttributes(Map<String, Object> attrs) throws IgniteCheckedException {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public void start() throws IgniteCheckedException {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public void stop(boolean cancel) throws IgniteCheckedException {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public void onKernalStart() throws IgniteCheckedException {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public void onKernalStop(boolean cancel) {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Nullable @Override public DiscoveryDataExchangeType discoveryDataType() {
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    @Nullable @Override public Object collectDiscoveryData(UUID nodeId) {
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    @Override public void onDiscoveryDataReceived(Object data) {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public void printMemoryStats() {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Nullable @Override public IgniteSpiNodeValidationResult validateNode(ClusterNode node) {
+        return null;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
index 93e0a0e..3bd459b 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
@@ -20,8 +20,6 @@ package org.apache.ignite.internal.processors.rest;
 import org.apache.ignite.*;
 import org.apache.ignite.configuration.*;
 import org.apache.ignite.internal.*;
-import org.apache.ignite.internal.managers.securesession.*;
-import org.apache.ignite.internal.managers.security.*;
 import org.apache.ignite.internal.processors.*;
 import org.apache.ignite.internal.processors.rest.client.message.*;
 import org.apache.ignite.internal.processors.rest.handlers.*;
@@ -32,6 +30,8 @@ import org.apache.ignite.internal.processors.rest.handlers.top.*;
 import org.apache.ignite.internal.processors.rest.handlers.version.*;
 import org.apache.ignite.internal.processors.rest.protocols.tcp.*;
 import org.apache.ignite.internal.processors.rest.request.*;
+import org.apache.ignite.internal.processors.securesession.*;
+import org.apache.ignite.internal.processors.security.*;
 import org.apache.ignite.internal.util.*;
 import org.apache.ignite.internal.util.future.*;
 import org.apache.ignite.internal.util.typedef.*;

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/GridSecureSession.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/GridSecureSession.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/GridSecureSession.java
new file mode 100644
index 0000000..099097c
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/GridSecureSession.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.securesession;
+
+import org.apache.ignite.internal.processors.security.*;
+
+/**
+ * Secure session object.
+ */
+public class GridSecureSession {
+    /** Authentication subject context returned by authentication SPI. */
+    private GridSecurityContext authSubjCtx;
+
+    /** Session creation time. */
+    private byte[] sesTok;
+
+    /**
+     * @param authSubjCtx Authentication subject context.
+     * @param sesTok Session token.
+     */
+    public GridSecureSession(GridSecurityContext authSubjCtx, byte[] sesTok) {
+        this.authSubjCtx = authSubjCtx;
+        this.sesTok = sesTok;
+    }
+
+    /**
+     * @return Authentication subject context returned by authentication SPI.
+     */
+    public GridSecurityContext authenticationSubjectContext() {
+        return authSubjCtx;
+    }
+
+    /**
+     * @return Session creation time.
+     */
+    public byte[] sessionToken() {
+        return sesTok;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/GridSecureSessionProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/GridSecureSessionProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/GridSecureSessionProcessor.java
new file mode 100644
index 0000000..550a238
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/GridSecureSessionProcessor.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.securesession;
+
+import org.apache.ignite.*;
+import org.apache.ignite.internal.processors.*;
+import org.apache.ignite.internal.processors.security.*;
+import org.apache.ignite.plugin.security.*;
+import org.jetbrains.annotations.*;
+
+import java.util.*;
+
+/**
+ * This interface defines a grid secure session processor.
+ */
+public interface GridSecureSessionProcessor extends GridProcessor {
+    /**
+     * @param subjType Subject type.
+     * @param subjId Subject ID.
+     * @param tok Token.
+     * @param params Parameters.
+     * @return Validated secure session or {@code null} if session is not valid.
+     * @throws IgniteCheckedException If error occurred.
+     */
+    public GridSecureSession validateSession(GridSecuritySubjectType subjType, UUID subjId, @Nullable byte[] tok,
+        @Nullable Object params) throws IgniteCheckedException;
+
+    /**
+     * Generates secure session token.
+     *
+     * @param subjType Subject type.
+     * @param subjId Subject ID.
+     * @param subjCtx Authentication subject context.
+     * @param params Params.
+     * @return Generated session token.
+     */
+    public byte[] updateSession(GridSecuritySubjectType subjType, UUID subjId, GridSecurityContext subjCtx,
+        @Nullable Object params) throws IgniteCheckedException;
+
+    /**
+     * @return GridSecureSessionProcessor is enable.
+     */
+    public boolean enabled();
+}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/os/GridOsSecureSessionProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/os/GridOsSecureSessionProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/os/GridOsSecureSessionProcessor.java
new file mode 100644
index 0000000..717f866
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/securesession/os/GridOsSecureSessionProcessor.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.securesession.os;
+
+import org.apache.ignite.*;
+import org.apache.ignite.internal.*;
+import org.apache.ignite.internal.processors.*;
+import org.apache.ignite.internal.processors.securesession.*;
+import org.apache.ignite.internal.processors.security.*;
+import org.apache.ignite.plugin.security.*;
+import org.jetbrains.annotations.*;
+
+import java.util.*;
+
+/**
+ * No-op implementation for {@link GridSecureSessionProcessor}.
+ */
+public class GridOsSecureSessionProcessor extends GridNoopProcessorAdapter implements GridSecureSessionProcessor {
+    /** Empty bytes. */
+    private static final byte[] EMPTY_BYTES = new byte[0];
+
+    /**
+     * @param ctx Kernal context.
+     */
+    public GridOsSecureSessionProcessor(GridKernalContext ctx) {
+        super(ctx);
+    }
+
+    /** {@inheritDoc} */
+    @Override public GridSecureSession validateSession(GridSecuritySubjectType subjType, UUID subjId,
+        @Nullable byte[] tok,
+        @Nullable Object params) throws IgniteCheckedException {
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    @Override public byte[] updateSession(GridSecuritySubjectType subjType, UUID subjId, GridSecurityContext subjCtx,
+        @Nullable Object params) {
+        return EMPTY_BYTES;
+    }
+
+    /** {@inheritDoc} */
+    @Override public boolean enabled() {
+        return false;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridAllowAllPermissionSet.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridAllowAllPermissionSet.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridAllowAllPermissionSet.java
new file mode 100644
index 0000000..e4059d1
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridAllowAllPermissionSet.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security;
+
+import org.apache.ignite.plugin.security.*;
+
+import java.util.*;
+
+/**
+* Allow all permission set.
+*/
+public class GridAllowAllPermissionSet implements GridSecurityPermissionSet {
+    /** */
+    private static final long serialVersionUID = 0L;
+
+    /** {@inheritDoc} */
+    @Override public boolean defaultAllowAll() {
+        return true;
+    }
+
+    /** {@inheritDoc} */
+    @Override public Map<String, Collection<GridSecurityPermission>> taskPermissions() {
+        return Collections.emptyMap();
+    }
+
+    /** {@inheritDoc} */
+    @Override public Map<String, Collection<GridSecurityPermission>> cachePermissions() {
+        return Collections.emptyMap();
+    }
+
+    /** {@inheritDoc} */
+    @Override public Collection<GridSecurityPermission> systemPermissions() {
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    public String toString() {
+        return getClass().getSimpleName();
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityContext.java
new file mode 100644
index 0000000..e112c62
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityContext.java
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security;
+
+import org.apache.ignite.internal.util.typedef.internal.*;
+import org.apache.ignite.plugin.security.*;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * Security context.
+ */
+public class GridSecurityContext implements Externalizable {
+    /** */
+    private static final long serialVersionUID = 0L;
+
+    /** Visor tasks prefix. */
+    private static final String VISOR_TASK_PREFIX = "org.apache.ignite.internal.visor.";
+
+    /** Cache query task name. */
+    public static final String VISOR_CACHE_QUERY_TASK_NAME =
+        "org.apache.ignite.internal.visor.query.VisorQueryTask";
+
+    /** Cache load task name. */
+    public static final String VISOR_CACHE_LOAD_TASK_NAME =
+        "org.apache.ignite.internal.visor.cache.VisorCacheLoadTask";
+
+    /** Cache clear task name. */
+    public static final String VISOR_CACHE_CLEAR_TASK_NAME =
+        "org.apache.ignite.internal.visor.query.VisorQueryCleanupTask";
+
+    /** Security subject. */
+    private GridSecuritySubject subj;
+
+    /** String task permissions. */
+    private Map<String, Collection<GridSecurityPermission>> strictTaskPermissions = new LinkedHashMap<>();
+
+    /** String task permissions. */
+    private Map<String, Collection<GridSecurityPermission>> wildcardTaskPermissions = new LinkedHashMap<>();
+
+    /** String task permissions. */
+    private Map<String, Collection<GridSecurityPermission>> strictCachePermissions = new LinkedHashMap<>();
+
+    /** String task permissions. */
+    private Map<String, Collection<GridSecurityPermission>> wildcardCachePermissions = new LinkedHashMap<>();
+
+    /** System-wide permissions. */
+    private Collection<GridSecurityPermission> sysPermissions;
+
+    /**
+     * Empty constructor required by {@link Externalizable}.
+     */
+    public GridSecurityContext() {
+        // No-op.
+    }
+
+    /**
+     * @param subj Subject.
+     */
+    public GridSecurityContext(GridSecuritySubject subj) {
+        this.subj = subj;
+
+        initRules();
+    }
+
+    /**
+     * @return Security subject.
+     */
+    public GridSecuritySubject subject() {
+        return subj;
+    }
+
+    /**
+     * Checks whether task operation is allowed.
+     *
+     * @param taskClsName Task class name.
+     * @param perm Permission to check.
+     * @return {@code True} if task operation is allowed.
+     */
+    public boolean taskOperationAllowed(String taskClsName, GridSecurityPermission perm) {
+        assert perm == GridSecurityPermission.TASK_EXECUTE || perm == GridSecurityPermission.TASK_CANCEL;
+
+        if (visorTask(taskClsName))
+            return visorTaskAllowed(taskClsName);
+
+        Collection<GridSecurityPermission> p = strictTaskPermissions.get(taskClsName);
+
+        if (p != null)
+            return p.contains(perm);
+
+        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardTaskPermissions.entrySet()) {
+            if (taskClsName.startsWith(entry.getKey()))
+                return entry.getValue().contains(perm);
+        }
+
+        return subj.permissions().defaultAllowAll();
+    }
+
+    /**
+     * Checks whether cache operation is allowed.
+     *
+     * @param cacheName Cache name.
+     * @param perm Permission to check.
+     * @return {@code True} if cache operation is allowed.
+     */
+    public boolean cacheOperationAllowed(String cacheName, GridSecurityPermission perm) {
+        assert perm == GridSecurityPermission.CACHE_PUT || perm == GridSecurityPermission.CACHE_READ ||
+            perm == GridSecurityPermission.CACHE_REMOVE;
+
+        Collection<GridSecurityPermission> p = strictCachePermissions.get(cacheName);
+
+        if (p != null)
+            return p.contains(perm);
+
+        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardCachePermissions.entrySet()) {
+            if (cacheName != null) {
+                if (cacheName.startsWith(entry.getKey()))
+                    return entry.getValue().contains(perm);
+            }
+            else {
+                // Match null cache to '*'
+                if (entry.getKey().isEmpty())
+                    return entry.getValue().contains(perm);
+            }
+        }
+
+        return subj.permissions().defaultAllowAll();
+    }
+
+    /**
+     * Checks whether system-wide permission is allowed (excluding Visor task operations).
+     *
+     * @param perm Permission to check.
+     * @return {@code True} if system operation is allowed.
+     */
+    public boolean systemOperationAllowed(GridSecurityPermission perm) {
+        if (sysPermissions == null)
+            return subj.permissions().defaultAllowAll();
+
+        boolean ret = sysPermissions.contains(perm);
+
+        if (!ret && (perm == GridSecurityPermission.EVENTS_ENABLE || perm == GridSecurityPermission.EVENTS_DISABLE))
+            ret = sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
+
+        return ret;
+    }
+
+    /**
+     * Checks if task is Visor task.
+     *
+     * @param taskCls Task class name.
+     * @return {@code True} if task is Visor task.
+     */
+    private boolean visorTask(String taskCls) {
+        return taskCls.startsWith(VISOR_TASK_PREFIX);
+    }
+
+    /**
+     * Checks if Visor task is allowed for execution.
+     *
+     * @param taskName Task name.
+     * @return {@code True} if execution is allowed.
+     */
+    private boolean visorTaskAllowed(String taskName) {
+        if (sysPermissions == null)
+            return subj.permissions().defaultAllowAll();
+
+        switch (taskName) {
+            case VISOR_CACHE_QUERY_TASK_NAME:
+                return sysPermissions.contains(GridSecurityPermission.ADMIN_QUERY);
+            case VISOR_CACHE_LOAD_TASK_NAME:
+            case VISOR_CACHE_CLEAR_TASK_NAME:
+                return sysPermissions.contains(GridSecurityPermission.ADMIN_CACHE);
+            default:
+                return sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
+        }
+    }
+
+    /**
+     * Init rules.
+     */
+    private void initRules() {
+        GridSecurityPermissionSet permSet = subj.permissions();
+
+        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.taskPermissions().entrySet()) {
+            String ptrn = entry.getKey();
+
+            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
+
+            if (ptrn.endsWith("*")) {
+                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
+
+                wildcardTaskPermissions.put(noWildcard, vals);
+            }
+            else
+                strictTaskPermissions.put(ptrn, vals);
+        }
+
+        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.cachePermissions().entrySet()) {
+            String ptrn = entry.getKey();
+
+            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
+
+            if (ptrn != null && ptrn.endsWith("*")) {
+                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
+
+                wildcardCachePermissions.put(noWildcard, vals);
+            }
+            else
+                strictCachePermissions.put(ptrn, vals);
+        }
+
+        sysPermissions = permSet.systemPermissions();
+    }
+
+    /** {@inheritDoc} */
+    @Override public void writeExternal(ObjectOutput out) throws IOException {
+        out.writeObject(subj);
+    }
+
+    /** {@inheritDoc} */
+    @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
+        subj = (GridSecuritySubject)in.readObject();
+
+        initRules();
+    }
+
+    /** {@inheritDoc} */
+    @Override public String toString() {
+        return S.toString(GridSecurityContext.class, this);
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java
new file mode 100644
index 0000000..f63e44d
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security;
+
+import org.apache.ignite.*;
+import org.apache.ignite.cluster.*;
+import org.apache.ignite.internal.processors.*;
+import org.apache.ignite.plugin.security.*;
+import org.apache.ignite.spi.authentication.*;
+import org.jetbrains.annotations.*;
+
+import java.util.*;
+
+/**
+ * This interface defines a grid authentication processor.
+ */
+public interface GridSecurityProcessor extends GridProcessor {
+    /**
+     * Authenticates grid node with it's attributes via underlying Authenticator.
+     *
+     * @param node Node id to authenticate.
+     * @param cred Security credentials.
+     * @return {@code True} if succeeded, {@code false} otherwise.
+     * @throws IgniteCheckedException If error occurred.
+     */
+    public GridSecurityContext authenticateNode(ClusterNode node, GridSecurityCredentials cred) throws IgniteCheckedException;
+
+    /**
+     * Gets flag indicating whether all nodes or coordinator only should run the authentication for joining node.
+     *
+     * @return {@code True} if all nodes should run authentication process, {@code false} otherwise.
+     */
+    public boolean isGlobalNodeAuthentication();
+
+    /**
+     * Authenticates subject via underlying Authenticator.
+     *
+     * @param ctx Authentication context.
+     * @return {@code True} if succeeded, {@code false} otherwise.
+     * @throws IgniteCheckedException If error occurred.
+     */
+    public GridSecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException;
+
+    /**
+     * Gets collection of authenticated nodes.
+     *
+     * @return Collection of authenticated nodes.
+     * @throws IgniteCheckedException If error occurred.
+     */
+    public Collection<GridSecuritySubject> authenticatedSubjects() throws IgniteCheckedException;
+
+    /**
+     * Gets authenticated node subject.
+     *
+     * @param subjId Subject ID.
+     * @return Security subject.
+     * @throws IgniteCheckedException If error occurred.
+     */
+    public GridSecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException;
+
+    /**
+     * Authorizes grid operation.
+     *
+     * @param name Cache name or task class name.
+     * @param perm Permission to authorize.
+     * @param securityCtx Optional security context.
+     * @throws GridSecurityException If security check failed.
+     */
+    public void authorize(String name, GridSecurityPermission perm, @Nullable GridSecurityContext securityCtx)
+        throws GridSecurityException;
+
+    /**
+     * Callback invoked when subject session got expired.
+     *
+     * @param subjId Subject ID.
+     */
+    public void onSessionExpired(UUID subjId);
+
+    /**
+     * @return GridSecurityProcessor is enable.
+     */
+    public boolean enabled();
+}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySubjectAdapter.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySubjectAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySubjectAdapter.java
new file mode 100644
index 0000000..0c1edaf
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecuritySubjectAdapter.java
@@ -0,0 +1,131 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security;
+
+import org.apache.ignite.internal.util.tostring.*;
+import org.apache.ignite.internal.util.typedef.internal.*;
+import org.apache.ignite.plugin.security.*;
+
+import java.net.*;
+import java.util.*;
+
+/**
+ * Authenticated security subject.
+ */
+public class GridSecuritySubjectAdapter implements GridSecuritySubject {
+    /** */
+    private static final long serialVersionUID = 0L;
+
+    /** Subject ID. */
+    private UUID id;
+
+    /** Subject type. */
+    private GridSecuritySubjectType subjType;
+
+    /** Address. */
+    private InetSocketAddress addr;
+
+    /** Permissions assigned to a subject. */
+    private GridSecurityPermissionSet permissions;
+
+    /** Login. */
+    @GridToStringInclude
+    private Object login;
+
+    /**
+     * @param subjType Subject type.
+     * @param id Subject ID.
+     */
+    public GridSecuritySubjectAdapter(GridSecuritySubjectType subjType, UUID id) {
+        this.subjType = subjType;
+        this.id = id;
+    }
+
+    /**
+     * Gets subject ID.
+     *
+     * @return Subject ID.
+     */
+    @Override public UUID id() {
+        return id;
+    }
+
+    /**
+     * Gets subject type.
+     *
+     * @return Subject type.
+     */
+    @Override public GridSecuritySubjectType type() {
+        return subjType;
+    }
+
+    /**
+     * Gets subject address.
+     *
+     * @return Subject address.
+     */
+    @Override public InetSocketAddress address() {
+        return addr;
+    }
+
+    /**
+     * Sets subject address.
+     *
+     * @param addr Subject address.
+     */
+    public void address(InetSocketAddress addr) {
+        this.addr = addr;
+    }
+
+    /**
+     * Gets security permissions.
+     *
+     * @return Security permissions.
+     */
+    @Override public GridSecurityPermissionSet permissions() {
+        return permissions;
+    }
+
+    /** {@inheritDoc} */
+    @Override public Object login() {
+        return login;
+    }
+
+    /**
+     * Sets login provided by security credentials.
+     *
+     * @param login Login.
+     */
+    public void login(Object login) {
+        this.login = login;
+    }
+
+    /**
+     * Sets security permissions.
+     *
+     * @param permissions Permissions.
+     */
+    public void permissions(GridSecurityPermissionSet permissions) {
+        this.permissions = permissions;
+    }
+
+    /** {@inheritDoc} */
+    public String toString() {
+        return S.toString(GridSecuritySubjectAdapter.class, this);
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
new file mode 100644
index 0000000..d5ae015
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security.os;
+
+import org.apache.ignite.*;
+import org.apache.ignite.cluster.*;
+import org.apache.ignite.internal.*;
+import org.apache.ignite.internal.processors.*;
+import org.apache.ignite.internal.processors.security.*;
+import org.apache.ignite.internal.util.typedef.*;
+import org.apache.ignite.plugin.security.*;
+import org.apache.ignite.spi.authentication.*;
+import org.jetbrains.annotations.*;
+
+import java.net.*;
+import java.util.*;
+
+/**
+ * No-op implementation for {@link org.apache.ignite.internal.processors.security.GridSecurityProcessor}.
+ */
+public class GridOsSecurityProcessor extends GridNoopProcessorAdapter implements GridSecurityProcessor {
+    /**
+     * @param ctx Kernal context.
+     */
+    public GridOsSecurityProcessor(GridKernalContext ctx) {
+        super(ctx);
+    }
+
+    /** Allow all permissions. */
+    private static final GridSecurityPermissionSet ALLOW_ALL = new GridAllowAllPermissionSet();
+
+    /** {@inheritDoc} */
+    @Override public GridSecurityContext authenticateNode(ClusterNode node, GridSecurityCredentials cred)
+        throws IgniteCheckedException {
+        GridSecuritySubjectAdapter s = new GridSecuritySubjectAdapter(GridSecuritySubjectType.REMOTE_NODE, node.id());
+
+        s.address(new InetSocketAddress(F.first(node.addresses()), 0));
+
+        s.permissions(ALLOW_ALL);
+
+        return new GridSecurityContext(s);
+    }
+
+    /** {@inheritDoc} */
+    @Override public boolean isGlobalNodeAuthentication() {
+        return false;
+    }
+
+    /** {@inheritDoc} */
+    @Override public GridSecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException {
+        GridSecuritySubjectAdapter s = new GridSecuritySubjectAdapter(authCtx.subjectType(), authCtx.subjectId());
+
+        s.permissions(ALLOW_ALL);
+        s.address(authCtx.address());
+
+        if (authCtx.credentials() != null)
+            s.login(authCtx.credentials().getLogin());
+
+        return new GridSecurityContext(s);
+    }
+
+    /** {@inheritDoc} */
+    @Override public Collection<GridSecuritySubject> authenticatedSubjects() {
+        return Collections.emptyList();
+    }
+
+    /** {@inheritDoc} */
+    @Override public GridSecuritySubject authenticatedSubject(UUID nodeId) {
+        return null;
+    }
+
+    /** {@inheritDoc} */
+    @Override public void authorize(String name, GridSecurityPermission perm, @Nullable GridSecurityContext securityCtx)
+        throws GridSecurityException {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public void onSessionExpired(UUID subjId) {
+        // No-op.
+    }
+
+    /** {@inheritDoc} */
+    @Override public boolean enabled() {
+        return false;
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java
index d70200e..618a0ff 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java
@@ -9169,16 +9169,4 @@ public abstract class IgniteUtils {
 
         return cnt;
     }
-
-    /**
-     * Throws exception with uniform error message if given parameter's assertion condition
-     * is {@code false}.
-     *
-     * @param cond Assertion condition to check.
-     * @param condDesc Description of failed condition.
-     */
-    public static void assertParameter(boolean cond, String condDesc) throws IgniteException {
-        if (!cond)
-            throw new IgniteException("SPI parameter failed condition check: " + condDesc);
-    }
 }

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties b/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties
index e64bb77..19bddea 100644
--- a/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties
+++ b/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties
@@ -277,9 +277,9 @@ org.apache.ignite.internal.managers.eventstorage.GridEventStorageMessage
 org.apache.ignite.internal.managers.indexing.GridIndexingManager$1
 org.apache.ignite.internal.managers.loadbalancer.GridLoadBalancerManager$1
 org.apache.ignite.internal.managers.security.GridAllowAllPermissionSet
-org.apache.ignite.internal.managers.security.GridSecurityContext
+org.apache.ignite.internal.processors.security.GridSecurityContext
 org.gridgain.grid.kernal.processors.security.GridSecurityImpl
-org.apache.ignite.internal.managers.security.GridSecuritySubjectAdapter
+org.apache.ignite.internal.processors.security.GridSecuritySubjectAdapter
 org.apache.ignite.internal.processors.affinity.GridAffinityAssignment
 org.apache.ignite.internal.processors.affinity.GridAffinityAssignmentCache$AffinityReadyFuture
 org.apache.ignite.internal.processors.affinity.GridAffinityMessage

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/spi/discovery/DiscoverySpiNodeAuthenticator.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/DiscoverySpiNodeAuthenticator.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/DiscoverySpiNodeAuthenticator.java
index 46c3c59..f817699 100644
--- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/DiscoverySpiNodeAuthenticator.java
+++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/DiscoverySpiNodeAuthenticator.java
@@ -19,7 +19,7 @@ package org.apache.ignite.spi.discovery;
 
 import org.apache.ignite.*;
 import org.apache.ignite.cluster.*;
-import org.apache.ignite.internal.managers.security.*;
+import org.apache.ignite.internal.processors.security.*;
 import org.apache.ignite.plugin.security.*;
 
 /**

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
index 359a96d..ac2002e 100644
--- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
+++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
@@ -21,7 +21,7 @@ import org.apache.ignite.*;
 import org.apache.ignite.cluster.*;
 import org.apache.ignite.configuration.*;
 import org.apache.ignite.internal.*;
-import org.apache.ignite.internal.managers.security.*;
+import org.apache.ignite.internal.processors.security.*;
 import org.apache.ignite.internal.util.*;
 import org.apache.ignite.internal.util.future.*;
 import org.apache.ignite.internal.util.lang.*;

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/baf00881/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java
index bc48890..b7c507b 100644
--- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java
+++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java
@@ -19,7 +19,7 @@ package org.apache.ignite.spi.discovery;
 
 import mx4j.tools.adaptor.http.*;
 import org.apache.ignite.cluster.*;
-import org.apache.ignite.internal.managers.security.*;
+import org.apache.ignite.internal.processors.security.*;
 import org.apache.ignite.internal.util.typedef.internal.*;
 import org.apache.ignite.marshaller.*;
 import org.apache.ignite.plugin.security.*;


Mime
View raw message