ignite-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sboi...@apache.org
Subject [16/43] incubator-ignite git commit: #gg-9809: move GridSecurityContext to org.gridgain.grid.internal.processors.security.ent.
Date Tue, 24 Feb 2015 19:29:03 GMT
#gg-9809: move GridSecurityContext to org.gridgain.grid.internal.processors.security.ent.


Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/f9f27f01
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/f9f27f01
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/f9f27f01

Branch: refs/heads/ignite-51
Commit: f9f27f01d0fdeea0f14d89f74545ad0b8cb7f280
Parents: 17fa00b
Author: ivasilinets <ivasilinets@gridgain.com>
Authored: Wed Feb 18 14:45:04 2015 +0300
Committer: ivasilinets <ivasilinets@gridgain.com>
Committed: Wed Feb 18 14:45:04 2015 +0300

----------------------------------------------------------------------
 .../security/GridSecurityContext.java           | 251 -------------------
 .../optimized/optimized-classnames.properties   |   1 -
 2 files changed, 252 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/f9f27f01/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityContext.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityContext.java
deleted file mode 100644
index ca92770..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityContext.java
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.processors.security;
-
-import org.apache.ignite.internal.util.typedef.internal.*;
-import org.apache.ignite.plugin.security.*;
-
-import java.io.*;
-import java.util.*;
-
-/**
- * Security context.
- */
-public class GridSecurityContext implements SecurityContext, Externalizable {
-    /** */
-    private static final long serialVersionUID = 0L;
-
-    /** Visor ignite tasks prefix. */
-    private static final String VISOR_IGNITE_TASK_PREFIX = "org.apache.ignite.internal.visor.";
-
-    /** Visor gridgain tasks prefix. */
-    private static final String VISOR_GRIDGAIN_TASK_PREFIX = "org.gridgain.grid.internal.visor.";
-
-    /** Cache query task name. */
-    public static final String VISOR_CACHE_QUERY_TASK_NAME =
-        "org.apache.ignite.internal.visor.query.VisorQueryTask";
-
-    /** Cache load task name. */
-    public static final String VISOR_CACHE_LOAD_TASK_NAME =
-        "org.apache.ignite.internal.visor.cache.VisorCacheLoadTask";
-
-    /** Cache clear task name. */
-    public static final String VISOR_CACHE_CLEAR_TASK_NAME =
-        "org.apache.ignite.internal.visor.query.VisorQueryCleanupTask";
-
-    /** Security subject. */
-    private GridSecuritySubject subj;
-
-    /** String task permissions. */
-    private Map<String, Collection<GridSecurityPermission>> strictTaskPermissions
= new LinkedHashMap<>();
-
-    /** String task permissions. */
-    private Map<String, Collection<GridSecurityPermission>> wildcardTaskPermissions
= new LinkedHashMap<>();
-
-    /** String task permissions. */
-    private Map<String, Collection<GridSecurityPermission>> strictCachePermissions
= new LinkedHashMap<>();
-
-    /** String task permissions. */
-    private Map<String, Collection<GridSecurityPermission>> wildcardCachePermissions
= new LinkedHashMap<>();
-
-    /** System-wide permissions. */
-    private Collection<GridSecurityPermission> sysPermissions;
-
-    /**
-     * Empty constructor required by {@link Externalizable}.
-     */
-    public GridSecurityContext() {
-        // No-op.
-    }
-
-    /**
-     * @param subj Subject.
-     */
-    public GridSecurityContext(GridSecuritySubject subj) {
-        this.subj = subj;
-
-        initRules();
-    }
-
-    /**
-     * @return Security subject.
-     */
-    public GridSecuritySubject subject() {
-        return subj;
-    }
-
-    /**
-     * Checks whether task operation is allowed.
-     *
-     * @param taskClsName Task class name.
-     * @param perm Permission to check.
-     * @return {@code True} if task operation is allowed.
-     */
-    public boolean taskOperationAllowed(String taskClsName, GridSecurityPermission perm)
{
-        assert perm == GridSecurityPermission.TASK_EXECUTE || perm == GridSecurityPermission.TASK_CANCEL;
-
-        if (visorTask(taskClsName))
-            return visorTaskAllowed(taskClsName);
-
-        Collection<GridSecurityPermission> p = strictTaskPermissions.get(taskClsName);
-
-        if (p != null)
-            return p.contains(perm);
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardTaskPermissions.entrySet())
{
-            if (taskClsName.startsWith(entry.getKey()))
-                return entry.getValue().contains(perm);
-        }
-
-        return subj.permissions().defaultAllowAll();
-    }
-
-    /**
-     * Checks whether cache operation is allowed.
-     *
-     * @param cacheName Cache name.
-     * @param perm Permission to check.
-     * @return {@code True} if cache operation is allowed.
-     */
-    public boolean cacheOperationAllowed(String cacheName, GridSecurityPermission perm) {
-        assert perm == GridSecurityPermission.CACHE_PUT || perm == GridSecurityPermission.CACHE_READ
||
-            perm == GridSecurityPermission.CACHE_REMOVE;
-
-        Collection<GridSecurityPermission> p = strictCachePermissions.get(cacheName);
-
-        if (p != null)
-            return p.contains(perm);
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardCachePermissions.entrySet())
{
-            if (cacheName != null) {
-                if (cacheName.startsWith(entry.getKey()))
-                    return entry.getValue().contains(perm);
-            }
-            else {
-                // Match null cache to '*'
-                if (entry.getKey().isEmpty())
-                    return entry.getValue().contains(perm);
-            }
-        }
-
-        return subj.permissions().defaultAllowAll();
-    }
-
-    /**
-     * Checks whether system-wide permission is allowed (excluding Visor task operations).
-     *
-     * @param perm Permission to check.
-     * @return {@code True} if system operation is allowed.
-     */
-    public boolean systemOperationAllowed(GridSecurityPermission perm) {
-        if (sysPermissions == null)
-            return subj.permissions().defaultAllowAll();
-
-        boolean ret = sysPermissions.contains(perm);
-
-        if (!ret && (perm == GridSecurityPermission.EVENTS_ENABLE || perm == GridSecurityPermission.EVENTS_DISABLE))
-            ret = sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
-
-        return ret;
-    }
-
-    /**
-     * Checks if task is Visor task.
-     *
-     * @param taskCls Task class name.
-     * @return {@code True} if task is Visor task.
-     */
-    private boolean visorTask(String taskCls) {
-        return taskCls.startsWith(VISOR_IGNITE_TASK_PREFIX) || taskCls.startsWith(VISOR_GRIDGAIN_TASK_PREFIX);
-    }
-
-    /**
-     * Checks if Visor task is allowed for execution.
-     *
-     * @param taskName Task name.
-     * @return {@code True} if execution is allowed.
-     */
-    private boolean visorTaskAllowed(String taskName) {
-        if (sysPermissions == null)
-            return subj.permissions().defaultAllowAll();
-
-        switch (taskName) {
-            case VISOR_CACHE_QUERY_TASK_NAME:
-                return sysPermissions.contains(GridSecurityPermission.ADMIN_QUERY);
-            case VISOR_CACHE_LOAD_TASK_NAME:
-            case VISOR_CACHE_CLEAR_TASK_NAME:
-                return sysPermissions.contains(GridSecurityPermission.ADMIN_CACHE);
-            default:
-                return sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
-        }
-    }
-
-    /**
-     * Init rules.
-     */
-    private void initRules() {
-        GridSecurityPermissionSet permSet = subj.permissions();
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.taskPermissions().entrySet())
{
-            String ptrn = entry.getKey();
-
-            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
-
-            if (ptrn.endsWith("*")) {
-                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
-
-                wildcardTaskPermissions.put(noWildcard, vals);
-            }
-            else
-                strictTaskPermissions.put(ptrn, vals);
-        }
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.cachePermissions().entrySet())
{
-            String ptrn = entry.getKey();
-
-            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
-
-            if (ptrn != null && ptrn.endsWith("*")) {
-                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
-
-                wildcardCachePermissions.put(noWildcard, vals);
-            }
-            else
-                strictCachePermissions.put(ptrn, vals);
-        }
-
-        sysPermissions = permSet.systemPermissions();
-    }
-
-    /** {@inheritDoc} */
-    @Override public void writeExternal(ObjectOutput out) throws IOException {
-        out.writeObject(subj);
-    }
-
-    /** {@inheritDoc} */
-    @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException
{
-        subj = (GridSecuritySubject)in.readObject();
-
-        initRules();
-    }
-
-    /** {@inheritDoc} */
-    @Override public String toString() {
-        return S.toString(GridSecurityContext.class, this);
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/f9f27f01/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties
b/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties
index 5fa1c2c..59ee47f 100644
--- a/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties
+++ b/modules/core/src/main/java/org/apache/ignite/marshaller/optimized/optimized-classnames.properties
@@ -1016,7 +1016,6 @@ org.apache.ignite.internal.processors.rest.request.GridRestCacheQueryRequest
 org.apache.ignite.internal.processors.schedule.IgniteScheduleProcessor$1
 org.apache.ignite.internal.processors.schedule.ScheduleFutureImpl$3
 org.apache.ignite.internal.processors.schedule.ScheduleFutureImpl$4
-org.apache.ignite.internal.processors.security.GridSecurityContext
 org.apache.ignite.internal.processors.security.os.GridOsSecurityProcessor$1
 org.apache.ignite.internal.processors.security.os.GridOsSecurityProcessor$GridSecuritySubjectAdapter
 org.apache.ignite.internal.processors.service.GridServiceAssignments


Mime
View raw message