ignite-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akuznet...@apache.org
Subject [01/50] [abbrv] incubator-ignite git commit: #gg-9809: GridOsSecurityProcessor throws UnsupportedOperationException.
Date Tue, 24 Feb 2015 09:26:29 GMT
Repository: incubator-ignite
Updated Branches:
  refs/heads/ignite-298 ea57e0748 -> 8469db791


#gg-9809: GridOsSecurityProcessor throws UnsupportedOperationException.


Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/b387122e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/b387122e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/b387122e

Branch: refs/heads/ignite-298
Commit: b387122e88340d12c6670710f8f6eaded6dba6e3
Parents: 1b3da57
Author: ivasilinets <ivasilinets@gridgain.com>
Authored: Wed Feb 18 16:25:15 2015 +0300
Committer: ivasilinets <ivasilinets@gridgain.com>
Committed: Wed Feb 18 16:25:15 2015 +0300

----------------------------------------------------------------------
 .../processors/rest/GridRestProcessor.java      |  26 +-
 .../security/os/GridOsSecurityProcessor.java    | 146 +---------
 .../security/os/SecurityContextImpl.java        | 282 -------------------
 .../spi/discovery/tcp/TcpDiscoverySpi.java      | 134 ++++-----
 .../ignite/testframework/junits/IgniteMock.java |   1 -
 5 files changed, 88 insertions(+), 501 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
index 3d834fb..51f8abe 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java
@@ -161,22 +161,24 @@ public class GridRestProcessor extends GridProcessorAdapter {
         if (log.isDebugEnabled())
             log.debug("Received request from client: " + req);
 
-        SecurityContext subjCtx = null;
+        if (ctx.security().enabled()) {
+            SecurityContext subjCtx = null;
 
-        try {
-            subjCtx = authenticate(req);
+            try {
+                subjCtx = authenticate(req);
 
-            authorize(req, subjCtx);
-        }
-        catch (GridSecurityException e) {
-            assert subjCtx != null;
+                authorize(req, subjCtx);
+            }
+            catch (GridSecurityException e) {
+                assert subjCtx != null;
 
-            GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage());
+                GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED,
e.getMessage());
 
-            return new GridFinishedFuture<>(ctx, res);
-        }
-        catch (IgniteCheckedException e) {
-            return new GridFinishedFuture<>(ctx, new GridRestResponse(STATUS_AUTH_FAILED,
e.getMessage()));
+                return new GridFinishedFuture<>(ctx, res);
+            }
+            catch (IgniteCheckedException e) {
+                return new GridFinishedFuture<>(ctx, new GridRestResponse(STATUS_AUTH_FAILED,
e.getMessage()));
+            }
         }
 
         interceptRequest(req);

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
index 8366b77..4a8c53b 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/GridOsSecurityProcessor.java
@@ -22,13 +22,9 @@ import org.apache.ignite.cluster.*;
 import org.apache.ignite.internal.*;
 import org.apache.ignite.internal.processors.*;
 import org.apache.ignite.internal.processors.security.*;
-import org.apache.ignite.internal.util.tostring.*;
-import org.apache.ignite.internal.util.typedef.*;
-import org.apache.ignite.internal.util.typedef.internal.*;
 import org.apache.ignite.plugin.security.*;
 import org.jetbrains.annotations.*;
 
-import java.net.*;
 import java.util.*;
 
 /**
@@ -42,65 +38,25 @@ public class GridOsSecurityProcessor extends GridProcessorAdapter implements
Gri
         super(ctx);
     }
 
-    /** Allow all permissions. */
-    private static final GridSecurityPermissionSet ALLOW_ALL = new GridSecurityPermissionSet()
{
-        /** Serial version uid. */
-        private static final long serialVersionUID = 0L;
-
-        /** {@inheritDoc} */
-        @Override public boolean defaultAllowAll() {
-            return true;
-        }
-
-        /** {@inheritDoc} */
-        @Override public Map<String, Collection<GridSecurityPermission>> taskPermissions()
{
-            return Collections.emptyMap();
-        }
-
-        /** {@inheritDoc} */
-        @Override public Map<String, Collection<GridSecurityPermission>> cachePermissions()
{
-            return Collections.emptyMap();
-        }
-
-        /** {@inheritDoc} */
-        @Nullable @Override public Collection<GridSecurityPermission> systemPermissions()
{
-            return null;
-        }
-    };
-
     /** {@inheritDoc} */
     @Override public SecurityContext authenticateNode(ClusterNode node, GridSecurityCredentials
cred)
         throws IgniteCheckedException {
-        GridSecuritySubjectAdapter s = new GridSecuritySubjectAdapter(GridSecuritySubjectType.REMOTE_NODE,
node.id());
-
-        s.address(new InetSocketAddress(F.first(node.addresses()), 0));
-
-        s.permissions(ALLOW_ALL);
-
-        return new SecurityContextImpl(s);
+        throw new UnsupportedOperationException("GridOsSecurityProcessor.authenticateNode()");
     }
 
     /** {@inheritDoc} */
     @Override public boolean isGlobalNodeAuthentication() {
-        return false;
+        throw new UnsupportedOperationException("GridOsSecurityProcessor.isGlobalNodeAuthentication()");
     }
 
     /** {@inheritDoc} */
     @Override public SecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException
{
-        GridSecuritySubjectAdapter s = new GridSecuritySubjectAdapter(authCtx.subjectType(),
authCtx.subjectId());
-
-        s.permissions(ALLOW_ALL);
-        s.address(authCtx.address());
-
-        if (authCtx.credentials() != null)
-            s.login(authCtx.credentials().getLogin());
-
-        return new SecurityContextImpl(s);
+        throw new UnsupportedOperationException("GridOsSecurityProcessor.authenticate()");
     }
 
     /** {@inheritDoc} */
     @Override public Collection<GridSecuritySubject> authenticatedSubjects() {
-        return Collections.emptyList();
+        throw new UnsupportedOperationException("GridOsSecurityProcessor.authenticatedSubjects()");
     }
 
     /** {@inheritDoc} */
@@ -116,7 +72,7 @@ public class GridOsSecurityProcessor extends GridProcessorAdapter implements
Gri
 
     /** {@inheritDoc} */
     @Override public SecurityContext createSecurityContext(GridSecuritySubject subj) {
-        return new SecurityContextImpl(subj);
+        throw new UnsupportedOperationException("GridOsSecurityProcessor.createSecurityContext()");
     }
 
     /** {@inheritDoc} */
@@ -128,96 +84,4 @@ public class GridOsSecurityProcessor extends GridProcessorAdapter implements
Gri
     @Override public boolean enabled() {
         return false;
     }
-
-     /**
-     * Authenticated security subject.
-     */
-     private class GridSecuritySubjectAdapter implements GridSecuritySubject {
-        /** */
-        private static final long serialVersionUID = 0L;
-
-        /** Subject ID. */
-        private UUID id;
-
-        /** Subject type. */
-        private GridSecuritySubjectType subjType;
-
-        /** Address. */
-        private InetSocketAddress addr;
-
-        /** Permissions assigned to a subject. */
-        private GridSecurityPermissionSet permissions;
-
-        /** Login. */
-        @GridToStringInclude
-        private Object login;
-
-        /**
-         * @param subjType Subject type.
-         * @param id Subject ID.
-         */
-        public GridSecuritySubjectAdapter(GridSecuritySubjectType subjType, UUID id) {
-            this.subjType = subjType;
-            this.id = id;
-        }
-
-        /**
-         * @return Subject ID.
-         */
-        @Override public UUID id() {
-            return id;
-        }
-
-        /**
-         * @return Subject type.
-         */
-        @Override public GridSecuritySubjectType type() {
-            return subjType;
-        }
-
-        /**
-         * @return Subject address.
-         */
-        @Override public InetSocketAddress address() {
-            return addr;
-        }
-
-        /**
-         * @param addr Subject address.
-         */
-        public void address(InetSocketAddress addr) {
-            this.addr = addr;
-        }
-
-        /**
-         * @return Security permissions.
-         */
-        @Override public GridSecurityPermissionSet permissions() {
-            return permissions;
-        }
-
-        /** {@inheritDoc} */
-        @Override public Object login() {
-            return login;
-        }
-
-        /**
-         * @param login Login.
-         */
-        public void login(Object login) {
-            this.login = login;
-        }
-
-        /**
-         * @param permissions Permissions.
-         */
-        public void permissions(GridSecurityPermissionSet permissions) {
-            this.permissions = permissions;
-        }
-
-        /** {@inheritDoc} */
-        public String toString() {
-            return S.toString(GridSecuritySubjectAdapter.class, this);
-        }
-    }
 }

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java
deleted file mode 100644
index 3e7484a..0000000
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/os/SecurityContextImpl.java
+++ /dev/null
@@ -1,282 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.processors.security.os;
-
-import org.apache.ignite.internal.processors.security.*;
-import org.apache.ignite.internal.util.typedef.internal.*;
-import org.apache.ignite.plugin.security.*;
-
-import java.io.*;
-import java.util.*;
-
-/**
- * TODO: remove
- */
-public class SecurityContextImpl implements SecurityContext, Externalizable
-
-    {
-        /** */
-        private static final long serialVersionUID = 0L;
-
-        /**
-         * Visor ignite tasks prefix.
-         */
-        private static final String VISOR_IGNITE_TASK_PREFIX = "org.apache.ignite.internal.visor.";
-
-        /**
-         * Visor gridgain tasks prefix.
-         */
-        private static final String VISOR_GRIDGAIN_TASK_PREFIX = "org.gridgain.grid.internal.visor.";
-
-        /**
-         * Cache query task name.
-         */
-        public static final String VISOR_CACHE_QUERY_TASK_NAME =
-            "org.apache.ignite.internal.visor.query.VisorQueryTask";
-
-        /**
-         * Cache load task name.
-         */
-        public static final String VISOR_CACHE_LOAD_TASK_NAME =
-            "org.apache.ignite.internal.visor.cache.VisorCacheLoadTask";
-
-        /**
-         * Cache clear task name.
-         */
-        public static final String VISOR_CACHE_CLEAR_TASK_NAME =
-            "org.apache.ignite.internal.visor.query.VisorQueryCleanupTask";
-
-        /**
-         * Security subject.
-         */
-        private GridSecuritySubject subj;
-
-        /**
-         * String task permissions.
-         */
-        private Map<String, Collection<GridSecurityPermission>> strictTaskPermissions
= new LinkedHashMap<>();
-
-        /**
-         * String task permissions.
-         */
-        private Map<String, Collection<GridSecurityPermission>> wildcardTaskPermissions
= new LinkedHashMap<>();
-
-        /**
-         * String task permissions.
-         */
-        private Map<String, Collection<GridSecurityPermission>> strictCachePermissions
= new LinkedHashMap<>();
-
-        /**
-         * String task permissions.
-         */
-        private Map<String, Collection<GridSecurityPermission>> wildcardCachePermissions
= new LinkedHashMap<>();
-
-        /**
-         * System-wide permissions.
-         */
-        private Collection<GridSecurityPermission> sysPermissions;
-
-        /**
-         * Empty constructor required by {@link Externalizable}.
-         */
-        public SecurityContextImpl() {
-        // No-op.
-    }
-
-        /**
-         * @param subj Subject.
-         */
-        public SecurityContextImpl(GridSecuritySubject subj) {
-        this.subj = subj;
-
-        initRules();
-    }
-
-        /**
-         * @return Security subject.
-         */
-    public GridSecuritySubject subject() {
-        return subj;
-    }
-
-    /**
-     * Checks whether task operation is allowed.
-     *
-     * @param taskClsName Task class name.
-     * @param perm        Permission to check.
-     * @return {@code True} if task operation is allowed.
-     */
-    public boolean taskOperationAllowed(String taskClsName, GridSecurityPermission perm)
{
-        assert perm == GridSecurityPermission.TASK_EXECUTE || perm == GridSecurityPermission.TASK_CANCEL;
-
-        if (visorTask(taskClsName))
-            return visorTaskAllowed(taskClsName);
-
-        Collection<GridSecurityPermission> p = strictTaskPermissions.get(taskClsName);
-
-        if (p != null)
-            return p.contains(perm);
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardTaskPermissions.entrySet())
{
-            if (taskClsName.startsWith(entry.getKey()))
-                return entry.getValue().contains(perm);
-        }
-
-        return subj.permissions().defaultAllowAll();
-    }
-
-    /**
-     * Checks whether cache operation is allowed.
-     *
-     * @param cacheName Cache name.
-     * @param perm      Permission to check.
-     * @return {@code True} if cache operation is allowed.
-     */
-    public boolean cacheOperationAllowed(String cacheName, GridSecurityPermission perm) {
-        assert perm == GridSecurityPermission.CACHE_PUT || perm == GridSecurityPermission.CACHE_READ
||
-            perm == GridSecurityPermission.CACHE_REMOVE;
-
-        Collection<GridSecurityPermission> p = strictCachePermissions.get(cacheName);
-
-        if (p != null)
-            return p.contains(perm);
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : wildcardCachePermissions.entrySet())
{
-            if (cacheName != null) {
-                if (cacheName.startsWith(entry.getKey()))
-                    return entry.getValue().contains(perm);
-            } else {
-                // Match null cache to '*'
-                if (entry.getKey().isEmpty())
-                    return entry.getValue().contains(perm);
-            }
-        }
-
-        return subj.permissions().defaultAllowAll();
-    }
-
-    /**
-     * Checks whether system-wide permission is allowed (excluding Visor task operations).
-     *
-     * @param perm Permission to check.
-     * @return {@code True} if system operation is allowed.
-     */
-    public boolean systemOperationAllowed(GridSecurityPermission perm) {
-        if (sysPermissions == null)
-            return subj.permissions().defaultAllowAll();
-
-        boolean ret = sysPermissions.contains(perm);
-
-        if (!ret && (perm == GridSecurityPermission.EVENTS_ENABLE || perm == GridSecurityPermission.EVENTS_DISABLE))
-            ret = sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
-
-        return ret;
-    }
-
-    /**
-     * Checks if task is Visor task.
-     *
-     * @param taskCls Task class name.
-     * @return {@code True} if task is Visor task.
-     */
-    private boolean visorTask(String taskCls) {
-        return taskCls.startsWith(VISOR_IGNITE_TASK_PREFIX) || taskCls.startsWith(VISOR_GRIDGAIN_TASK_PREFIX);
-    }
-
-    /**
-     * Checks if Visor task is allowed for execution.
-     *
-     * @param taskName Task name.
-     * @return {@code True} if execution is allowed.
-     */
-    private boolean visorTaskAllowed(String taskName) {
-        if (sysPermissions == null)
-            return subj.permissions().defaultAllowAll();
-
-        switch (taskName) {
-            case VISOR_CACHE_QUERY_TASK_NAME:
-                return sysPermissions.contains(GridSecurityPermission.ADMIN_QUERY);
-            case VISOR_CACHE_LOAD_TASK_NAME:
-            case VISOR_CACHE_CLEAR_TASK_NAME:
-                return sysPermissions.contains(GridSecurityPermission.ADMIN_CACHE);
-            default:
-                return sysPermissions.contains(GridSecurityPermission.ADMIN_VIEW);
-        }
-    }
-
-    /**
-     * Init rules.
-     */
-    private void initRules() {
-        GridSecurityPermissionSet permSet = subj.permissions();
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.taskPermissions().entrySet())
{
-            String ptrn = entry.getKey();
-
-            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
-
-            if (ptrn.endsWith("*")) {
-                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
-
-                wildcardTaskPermissions.put(noWildcard, vals);
-            } else
-                strictTaskPermissions.put(ptrn, vals);
-        }
-
-        for (Map.Entry<String, Collection<GridSecurityPermission>> entry : permSet.cachePermissions().entrySet())
{
-            String ptrn = entry.getKey();
-
-            Collection<GridSecurityPermission> vals = Collections.unmodifiableCollection(entry.getValue());
-
-            if (ptrn != null && ptrn.endsWith("*")) {
-                String noWildcard = ptrn.substring(0, ptrn.length() - 1);
-
-                wildcardCachePermissions.put(noWildcard, vals);
-            } else
-                strictCachePermissions.put(ptrn, vals);
-        }
-
-        sysPermissions = permSet.systemPermissions();
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    @Override
-    public void writeExternal(ObjectOutput out) throws IOException {
-        out.writeObject(subj);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    @Override
-    public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
-        subj = (GridSecuritySubject) in.readObject();
-
-        initRules();
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    @Override
-    public String toString() {
-        return S.toString(SecurityContextImpl.class, this);
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
index 8e9d372..0d4fb41 100644
--- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
+++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
@@ -1269,23 +1269,25 @@ public class TcpDiscoverySpi extends TcpDiscoverySpiAdapter implements
TcpDiscov
                 if (log.isDebugEnabled())
                     log.debug("Join request message has not been sent (local node is the
first in the topology).");
 
-                // Authenticate local node.
-                try {
-                    SecurityContext subj = nodeAuth.authenticateNode(locNode, locCred);
+                if (((IgniteKernal)ignite).context().security().enabled()) {
+                    // Authenticate local node.
+                    try {
+                        SecurityContext subj = nodeAuth.authenticateNode(locNode, locCred);
 
-                    if (subj == null)
-                        throw new IgniteSpiException("Authentication failed for local node:
" + locNode.id());
+                        if (subj == null)
+                            throw new IgniteSpiException("Authentication failed for local
node: " + locNode.id());
 
-                    Map<String, Object> attrs = new HashMap<>(locNode.attributes());
+                        Map<String, Object> attrs = new HashMap<>(locNode.attributes());
 
-                    attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT,
-                        ignite.configuration().getMarshaller().marshal(subj));
-                    attrs.remove(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS);
+                        attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT,
+                            ignite.configuration().getMarshaller().marshal(subj));
+                        attrs.remove(IgniteNodeAttributes.ATTR_SECURITY_CREDENTIALS);
 
-                    locNode.setAttributes(attrs);
-                }
-                catch (IgniteException | IgniteCheckedException e) {
-                    throw new IgniteSpiException("Failed to authenticate local node (will
shutdown local node).", e);
+                        locNode.setAttributes(attrs);
+                    }
+                    catch (IgniteException | IgniteCheckedException e) {
+                        throw new IgniteSpiException("Failed to authenticate local node (will
shutdown local node).", e);
+                    }
                 }
 
                 locNode.order(1);
@@ -3062,51 +3064,25 @@ public class TcpDiscoverySpi extends TcpDiscoverySpiAdapter implements
TcpDiscov
                     return;
                 }
 
-                // Authenticate node first.
-                try {
-                    GridSecurityCredentials cred = unmarshalCredentials(node);
-
-                    SecurityContext subj = nodeAuth.authenticateNode(node, cred);
-
-                    if (subj == null) {
-                        // Node has not pass authentication.
-                        LT.warn(log, null,
-                            "Authentication failed [nodeId=" + node.id() +
-                                ", addrs=" + U.addressesAsString(node) + ']',
-                            "Authentication failed [nodeId=" + U.id8(node.id()) + ", addrs="
+
-                                U.addressesAsString(node) + ']');
-
-                        // Always output in debug.
-                        if (log.isDebugEnabled())
-                            log.debug("Authentication failed [nodeId=" + node.id() + ", addrs="
+
-                                U.addressesAsString(node));
+                if (((IgniteKernal)ignite).context().security().enabled()) {
+                    // Authenticate node first.
+                    try {
+                        GridSecurityCredentials cred = unmarshalCredentials(node);
 
-                        try {
-                            trySendMessageDirectly(node, new TcpDiscoveryAuthFailedMessage(locNodeId,
locHost));
-                        }
-                        catch (IgniteSpiException e) {
-                            if (log.isDebugEnabled())
-                                log.debug("Failed to send unauthenticated message to node
" +
-                                    "[node=" + node + ", err=" + e.getMessage() + ']');
-                        }
+                        SecurityContext subj = nodeAuth.authenticateNode(node, cred);
 
-                        // Ignore join request.
-                        return;
-                    }
-                    else {
-                        if (!(subj instanceof Serializable)) {
+                        if (subj == null) {
                             // Node has not pass authentication.
                             LT.warn(log, null,
-                                "Authentication subject is not Serializable [nodeId=" + node.id()
+
+                                "Authentication failed [nodeId=" + node.id() +
                                     ", addrs=" + U.addressesAsString(node) + ']',
-                                "Authentication subject is not Serializable [nodeId=" + U.id8(node.id())
+
-                                    ", addrs=" +
+                                "Authentication failed [nodeId=" + U.id8(node.id()) + ",
addrs=" +
                                     U.addressesAsString(node) + ']');
 
                             // Always output in debug.
                             if (log.isDebugEnabled())
-                                log.debug("Authentication subject is not serializable [nodeId="
+ node.id() +
-                                    ", addrs=" + U.addressesAsString(node));
+                                log.debug("Authentication failed [nodeId=" + node.id() +
", addrs=" +
+                                    U.addressesAsString(node));
 
                             try {
                                 trySendMessageDirectly(node, new TcpDiscoveryAuthFailedMessage(locNodeId,
locHost));
@@ -3119,27 +3095,54 @@ public class TcpDiscoverySpi extends TcpDiscoverySpiAdapter implements
TcpDiscov
 
                             // Ignore join request.
                             return;
-                        }
+                        } else {
+                            if (!(subj instanceof Serializable)) {
+                                // Node has not pass authentication.
+                                LT.warn(log, null,
+                                    "Authentication subject is not Serializable [nodeId="
+ node.id() +
+                                        ", addrs=" + U.addressesAsString(node) + ']',
+                                    "Authentication subject is not Serializable [nodeId="
+ U.id8(node.id()) +
+                                        ", addrs=" +
+                                        U.addressesAsString(node) + ']');
 
-                        // Stick in authentication subject to node (use security-safe attributes
for copy).
-                        Map<String, Object> attrs = new HashMap<>(node.getAttributes());
+                                // Always output in debug.
+                                if (log.isDebugEnabled())
+                                    log.debug("Authentication subject is not serializable
[nodeId=" + node.id() +
+                                        ", addrs=" + U.addressesAsString(node));
 
-                        attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT,
-                            ignite.configuration().getMarshaller().marshal(subj));
+                                try {
+                                    trySendMessageDirectly(node, new TcpDiscoveryAuthFailedMessage(locNodeId,
locHost));
+                                }
+                                catch (IgniteSpiException e) {
+                                    if (log.isDebugEnabled())
+                                        log.debug("Failed to send unauthenticated message
to node " +
+                                            "[node=" + node + ", err=" + e.getMessage() +
']');
+                                }
+
+                                // Ignore join request.
+                                return;
+                            }
+
+                            // Stick in authentication subject to node (use security-safe
attributes for copy).
+                            Map<String, Object> attrs = new HashMap<>(node.getAttributes());
 
-                        node.setAttributes(attrs);
+                            attrs.put(IgniteNodeAttributes.ATTR_SECURITY_SUBJECT,
+                                ignite.configuration().getMarshaller().marshal(subj));
+
+                            node.setAttributes(attrs);
+                        }
                     }
-                }
-                catch (IgniteException | IgniteCheckedException e) {
-                    LT.error(log, e, "Authentication failed [nodeId=" + node.id() + ", addrs="
+
-                        U.addressesAsString(node) + ']');
+                    catch (IgniteException | IgniteCheckedException e) {
+                        LT.error(log, e, "Authentication failed [nodeId=" + node.id() + ",
addrs=" +
+                            U.addressesAsString(node) + ']');
 
-                    if (log.isDebugEnabled())
-                        log.debug("Failed to authenticate node (will ignore join request)
[node=" + node +
-                            ", err=" + e + ']');
+                        if (log.isDebugEnabled())
+                            log.debug("Failed to authenticate node (will ignore join request)
[node=" + node +
+                                ", err=" + e + ']');
 
-                    // Ignore join request.
-                    return;
+                        // Ignore join request.
+                        return;
+                    }
                 }
 
                 IgniteSpiNodeValidationResult err = getSpiContext().validateNode(node);
@@ -3492,7 +3495,8 @@ public class TcpDiscoverySpi extends TcpDiscoverySpiAdapter implements
TcpDiscov
                     return;
                 }
 
-                if (!isLocalNodeCoordinator() && nodeAuth.isGlobalNodeAuthentication())
{
+                if (!isLocalNodeCoordinator() && ((IgniteKernal)ignite).context().security().enabled()
&&
+                    nodeAuth.isGlobalNodeAuthentication()) {
                     boolean authFailed = true;
 
                     try {

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/b387122e/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java
b/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java
index ff497da..58478d3 100644
--- a/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java
+++ b/modules/core/src/test/java/org/apache/ignite/testframework/junits/IgniteMock.java
@@ -18,7 +18,6 @@
 package org.apache.ignite.testframework.junits;
 
 import org.apache.ignite.*;
-import org.apache.ignite.cache.*;
 import org.apache.ignite.cache.affinity.*;
 import org.apache.ignite.cluster.*;
 import org.apache.ignite.configuration.*;


Mime
View raw message