Return-Path: X-Original-To: apmail-ignite-commits-archive@minotaur.apache.org Delivered-To: apmail-ignite-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 119A918400 for ; Wed, 22 Jul 2015 16:12:44 +0000 (UTC) Received: (qmail 91657 invoked by uid 500); 22 Jul 2015 16:12:10 -0000 Delivered-To: apmail-ignite-commits-archive@ignite.apache.org Received: (qmail 91625 invoked by uid 500); 22 Jul 2015 16:12:10 -0000 Mailing-List: contact commits-help@ignite.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ignite.incubator.apache.org Delivered-To: mailing list commits@ignite.incubator.apache.org Received: (qmail 91613 invoked by uid 99); 22 Jul 2015 16:12:10 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Jul 2015 16:12:09 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 8E06C1A767E for ; Wed, 22 Jul 2015 16:12:09 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.791 X-Spam-Level: * X-Spam-Status: No, score=1.791 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id VwXxsIYfFYjj for ; Wed, 22 Jul 2015 16:12:02 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with SMTP id EFA9124971 for ; Wed, 22 Jul 2015 16:12:01 +0000 (UTC) Received: (qmail 90719 invoked by uid 99); 22 Jul 2015 16:12:01 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Jul 2015 16:12:01 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id A1521E33C8; Wed, 22 Jul 2015 16:12:01 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sboikov@apache.org To: commits@ignite.incubator.apache.org Date: Wed, 22 Jul 2015 16:12:02 -0000 Message-Id: <06d7e5038c234dc1a5035618060b4899@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [2/3] incubator-ignite git commit: # gg-10561: session # gg-10561: session Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/f30b111c Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/f30b111c Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/f30b111c Branch: refs/heads/ignite-gg-10561 Commit: f30b111ce85c172ee71a497001b38985b0156807 Parents: 933940a Author: ashutak Authored: Wed Jul 22 16:46:25 2015 +0300 Committer: ashutak Committed: Wed Jul 22 16:46:25 2015 +0300 ---------------------------------------------------------------------- .../processors/rest/GridRestProcessor.java | 146 +++++++++++-------- 1 file changed, 83 insertions(+), 63 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/f30b111c/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index a76a119..bf6c0fb 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -76,7 +76,10 @@ public class GridRestProcessor extends GridProcessorAdapter { private final LongAdder8 workersCnt = new LongAdder8(); /** SecurityContext map. */ - private ConcurrentMap sesMap = new ConcurrentHashMap<>(); + private ConcurrentMap clientId2Session = new ConcurrentHashMap<>(); + + /** SecurityContext map. */ + private ConcurrentMap sesTokId2Session = new ConcurrentHashMap<>(); /** Protocol handler. */ private final GridRestProtocolHandler protoHnd = new GridRestProtocolHandler() { @@ -89,12 +92,6 @@ public class GridRestProcessor extends GridProcessorAdapter { } }; - /** Session token to client ID map. */ - private final ConcurrentMap sesToken2ClientId = new ConcurrentHashMap<>(); - - /** Client ID to session token map */ - private final ConcurrentMap clientId2SesToken = new ConcurrentHashMap<>(); - /** * @param req Request. * @return Future. @@ -178,13 +175,11 @@ public class GridRestProcessor extends GridProcessorAdapter { if (log.isDebugEnabled()) log.debug("Received request from client: " + req); - SecurityContext subjCtx = null; + Session ses = null; if (ctx.security().enabled()) { - IgniteBiTuple clientIdAndSesTok; - try { - clientIdAndSesTok = clientIdAndSessionToken(req); + ses = session(req); } catch (IgniteCheckedException e) { GridRestResponse res = new GridRestResponse(STATUS_FAILED, e.getMessage()); @@ -192,24 +187,26 @@ public class GridRestProcessor extends GridProcessorAdapter { return new GridFinishedFuture<>(res); } - req.clientId(clientIdAndSesTok.get1()); - req.sessionToken(clientIdAndSesTok.get2()); + assert ses != null; + + req.clientId(ses.clientId); + req.sessionToken(ses.sesTok()); if (log.isDebugEnabled()) log.debug("Next clientId and sessionToken were extracted from request: " + "[clientId="+req.clientId()+", sessionToken="+Arrays.toString(req.sessionToken())+"]"); try { - subjCtx = authenticate(req); + if (ses.secCtx == null) + ses.secCtx = authenticate(req); - authorize(req, subjCtx); + authorize(req, ses.secCtx); } catch (SecurityException e) { - assert subjCtx != null; + assert ses.secCtx != null; GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()); - updateSession(req, subjCtx); res.sessionTokenBytes(ZERO_BYTES); return new GridFinishedFuture<>(res); @@ -229,7 +226,7 @@ public class GridRestProcessor extends GridProcessorAdapter { return new GridFinishedFuture<>( new IgniteCheckedException("Failed to find registered handler for command: " + req.command())); - final SecurityContext subjCtx0 = subjCtx; + final SecurityContext subjCtx0 = ses == null ? null : ses.secCtx; return res.chain(new C1, GridRestResponse>() { @Override public GridRestResponse apply(IgniteInternalFuture f) { @@ -251,7 +248,8 @@ public class GridRestProcessor extends GridProcessorAdapter { assert res != null; if (ctx.security().enabled()) { - updateSession(req, subjCtx0); + // TODO review. Why we update it here, not earlier? +// updateSession(req, subjCtx0); res.sessionTokenBytes(req.sessionToken()); } @@ -262,63 +260,64 @@ public class GridRestProcessor extends GridProcessorAdapter { }); } - // TODO add experation - private IgniteBiTuple clientIdAndSessionToken(GridRestRequest req) throws IgniteCheckedException { - UUID clientId = req.clientId(); - byte[] sesTok = req.sessionToken(); + /** + * // TODO expiration + * @param req Request. + * @return Not null session. + * @throws IgniteCheckedException If failed. + */ + private Session session(GridRestRequest req) throws IgniteCheckedException { + final UUID clientId = req.clientId(); + final byte[] sesTok = req.sessionToken(); if (F.isEmpty(sesTok) && clientId == null) { - clientId = UUID.randomUUID(); - - UUID sesTokUuid = UUID.randomUUID(); + Session ses = new Session(); + ses.clientId = UUID.randomUUID(); + ses.sesTokId = UUID.randomUUID(); - UUID oldSesTokUuid = clientId2SesToken.putIfAbsent(clientId, sesTokUuid); + clientId2Session.put(ses.clientId, ses); + sesTokId2Session.put(ses.sesTokId, ses); - assert oldSesTokUuid == null : "Error [oldSesTokUuid=" + oldSesTokUuid + "]"; + // TODO add checks. - sesToken2ClientId.put(sesTokUuid, clientId); - - return new IgniteBiTuple<>(clientId, U.uuidToBytes(sesTokUuid)); + return ses; } if (F.isEmpty(sesTok) && clientId != null) { - UUID sesTokUuid = clientId2SesToken.get(clientId); + Session ses = clientId2Session.get(clientId); - if (sesTokUuid == null) { /** First request with this clientId */ - UUID newSesTokUuid = UUID.randomUUID(); + if (ses == null) { /** First request with this clientId */ + ses = new Session(); + ses.clientId = clientId; + ses.sesTokId = UUID.randomUUID(); - UUID oldSesTokUuid = clientId2SesToken.putIfAbsent(clientId, newSesTokUuid); + clientId2Session.put(ses.clientId, ses); + sesTokId2Session.put(ses.sesTokId, ses); - sesTokUuid = oldSesTokUuid != null ? oldSesTokUuid : newSesTokUuid; + // TODO add checks. - if (oldSesTokUuid == null) - sesToken2ClientId.put(sesTokUuid, clientId); + return ses; } - return new IgniteBiTuple<>(clientId, U.uuidToBytes(sesTokUuid)); + return ses; } if (!F.isEmpty(sesTok) && clientId == null) { UUID sesTokId = U.bytesToUuid(sesTok, 0); - clientId = sesToken2ClientId.get(sesTokId); + Session ses = sesTokId2Session.get(sesTokId); - if (clientId == null) + if (ses == null) throw new IgniteCheckedException("Failed to handle request. Unknown session token " + - "(maybe expired session). [sessionToken=" + Arrays.toString(sesTok) + "]"); + "(maybe expired session). [sessionToken=" + U.byteArray2HexString(sesTok) + "]"); - return new IgniteBiTuple<>(clientId, sesTok); + return ses; } - if (!F.isEmpty(sesTok) && clientId != null) { - UUID sesTokUuid = U.bytesToUuid(sesTok, 0); - - if (sesToken2ClientId.get(sesTokUuid).equals(clientId) && - clientId2SesToken.get(clientId).equals(sesTokUuid)) - throw new IgniteCheckedException("Failed to handle request ");// TODO msg. - } + if (!F.isEmpty(sesTok) && clientId != null) + throw new IgniteCheckedException("Failed to handle request. Unsupported case."); - return new IgniteBiTuple<>(clientId, sesTok); + throw new IgniteCheckedException("Failed to handle request (Unreachable state)."); } /** @@ -540,20 +539,11 @@ public class GridRestProcessor extends GridProcessorAdapter { * @throws IgniteCheckedException If authentication failed. */ private SecurityContext authenticate(GridRestRequest req) throws IgniteCheckedException { - UUID clientId = req.clientId(); - - assert clientId != null; - - SecurityContext secCtx = sesMap.get(clientId); - - if (secCtx != null) - return secCtx; - // Authenticate client if invalid session. AuthenticationContext authCtx = new AuthenticationContext(); authCtx.subjectType(REMOTE_CLIENT); - authCtx.subjectId(clientId); + authCtx.subjectId(req.clientId()); SecurityCredentials cred; @@ -597,8 +587,10 @@ public class GridRestProcessor extends GridProcessorAdapter { * @param sCtx Security context. */ private void updateSession(GridRestRequest req, SecurityContext sCtx) { - if (sCtx != null) - sesMap.put(req.clientId(), sCtx); +// if (sCtx != null) { +// sesMap.put(req.clientId(), sCtx); +// +// } } /** @@ -755,5 +747,33 @@ public class GridRestProcessor extends GridProcessorAdapter { UUID clientId; UUID sesTokId; SecurityContext secCtx; + + byte[] sesTok(){ + return U.uuidToBytes(sesTokId); + } + + /** {@inheritDoc} */ + @Override public boolean equals(Object o) { + if (this == o) + return true; + if (!(o instanceof Session)) + return false; + + Session ses = (Session)o; + + if (clientId != null ? !clientId.equals(ses.clientId) : ses.clientId != null) + return false; + if (sesTokId != null ? !sesTokId.equals(ses.sesTokId) : ses.sesTokId != null) + return false; + + return true; + } + + /** {@inheritDoc} */ + @Override public int hashCode() { + int res = clientId != null ? clientId.hashCode() : 0; + res = 31 * res + (sesTokId != null ? sesTokId.hashCode() : 0); + return res; + } } }