ignite-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From voze...@apache.org
Subject ignite git commit: IGNITE-8721: Fixed external security authentication in JDBC and ODBC handlers. This closes #4142.
Date Thu, 07 Jun 2018 08:18:15 GMT
Repository: ignite
Updated Branches:
  refs/heads/master 095f564a9 -> 9d163ed7f


IGNITE-8721: Fixed external security authentication in JDBC and ODBC handlers. This closes
#4142.


Project: http://git-wip-us.apache.org/repos/asf/ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/9d163ed7
Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/9d163ed7
Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/9d163ed7

Branch: refs/heads/master
Commit: 9d163ed7f5496b6a79fc0cfc50f02ca1a4408433
Parents: 095f564
Author: devozerov <vozerov@gridgain.com>
Authored: Thu Jun 7 11:18:08 2018 +0300
Committer: devozerov <vozerov@gridgain.com>
Committed: Thu Jun 7 11:18:08 2018 +0300

----------------------------------------------------------------------
 ...ClientListenerAbstractConnectionContext.java | 116 +++++++++++++++++++
 .../odbc/jdbc/JdbcConnectionContext.java        |  36 ++----
 .../odbc/odbc/OdbcConnectionContext.java        |  32 +----
 .../client/ClientConnectionContext.java         |  80 ++-----------
 4 files changed, 140 insertions(+), 124 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ignite/blob/9d163ed7/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.java
new file mode 100644
index 0000000..b34677a
--- /dev/null
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.java
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.odbc;
+
+import org.apache.ignite.IgniteCheckedException;
+import org.apache.ignite.internal.GridKernalContext;
+import org.apache.ignite.internal.processors.authentication.AuthorizationContext;
+import org.apache.ignite.internal.processors.authentication.IgniteAccessControlException;
+import org.apache.ignite.internal.processors.security.SecurityContext;
+import org.apache.ignite.internal.util.typedef.F;
+import org.apache.ignite.plugin.security.AuthenticationContext;
+import org.apache.ignite.plugin.security.SecurityCredentials;
+import org.jetbrains.annotations.Nullable;
+
+import java.util.Collections;
+import java.util.UUID;
+
+import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_CLIENT;
+
+/**
+ * Base connection context.
+ */
+public abstract class ClientListenerAbstractConnectionContext implements ClientListenerConnectionContext
{
+    /** Kernal context. */
+    protected final GridKernalContext ctx;
+
+    /** Security context or {@code null} if security is disabled. */
+    private SecurityContext secCtx;
+
+    /**
+     * Constructor.
+     *
+     * @param ctx Kernal context.
+     */
+    protected ClientListenerAbstractConnectionContext(GridKernalContext ctx) {
+        this.ctx = ctx;
+    }
+
+    /**
+     * @return Kernal context.
+     */
+    public GridKernalContext kernalContext() {
+        return ctx;
+    }
+
+    /**
+     * @return Security context.
+     */
+    @Nullable public SecurityContext securityContext() {
+        return secCtx;
+    }
+
+    /**
+     * Perform authentication.
+     *
+     * @return Auth context.
+     * @throws IgniteCheckedException If failed.
+     */
+    protected AuthorizationContext authenticate(String user, String pwd) throws IgniteCheckedException
{
+        AuthorizationContext authCtx;
+
+        if (ctx.security().enabled())
+            authCtx = authenticateExternal(user, pwd).authorizationContext();
+        else if (ctx.authentication().enabled()) {
+            if (F.isEmpty(user))
+                throw new IgniteAccessControlException("Unauthenticated sessions are prohibited.");
+
+            authCtx = ctx.authentication().authenticate(user, pwd);
+
+            if (authCtx == null)
+                throw new IgniteAccessControlException("Unknown authentication error.");
+        }
+        else
+            authCtx = null;
+
+        return authCtx;
+    }
+
+    /**
+     * Do 3-rd party authentication.
+     */
+    private AuthenticationContext authenticateExternal(String user, String pwd) throws IgniteCheckedException
{
+        SecurityCredentials cred = new SecurityCredentials(user, pwd);
+
+        AuthenticationContext authCtx = new AuthenticationContext();
+
+        authCtx.subjectType(REMOTE_CLIENT);
+        authCtx.subjectId(UUID.randomUUID());
+        authCtx.nodeAttributes(Collections.emptyMap());
+        authCtx.credentials(cred);
+
+        secCtx = ctx.security().authenticate(authCtx);
+
+        if (secCtx == null)
+            throw new IgniteAccessControlException(
+                String.format("The user name or password is incorrect [userName=%s]", user)
+            );
+
+        return authCtx;
+    }
+}

http://git-wip-us.apache.org/repos/asf/ignite/blob/9d163ed7/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcConnectionContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcConnectionContext.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcConnectionContext.java
index 278a084..d446f22 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcConnectionContext.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcConnectionContext.java
@@ -24,19 +24,18 @@ import org.apache.ignite.IgniteLogger;
 import org.apache.ignite.internal.GridKernalContext;
 import org.apache.ignite.internal.binary.BinaryReaderExImpl;
 import org.apache.ignite.internal.processors.authentication.AuthorizationContext;
-import org.apache.ignite.internal.processors.odbc.ClientListenerConnectionContext;
+import org.apache.ignite.internal.processors.odbc.ClientListenerAbstractConnectionContext;
 import org.apache.ignite.internal.processors.odbc.ClientListenerMessageParser;
 import org.apache.ignite.internal.processors.odbc.ClientListenerProtocolVersion;
 import org.apache.ignite.internal.processors.odbc.ClientListenerRequestHandler;
 import org.apache.ignite.internal.processors.odbc.ClientListenerResponse;
 import org.apache.ignite.internal.util.GridSpinBusyLock;
 import org.apache.ignite.internal.util.nio.GridNioSession;
-import org.apache.ignite.internal.util.typedef.F;
 
 /**
  * JDBC Connection Context.
  */
-public class JdbcConnectionContext implements ClientListenerConnectionContext {
+public class JdbcConnectionContext extends ClientListenerAbstractConnectionContext {
     /** Version 2.1.0. */
     private static final ClientListenerProtocolVersion VER_2_1_0 = ClientListenerProtocolVersion.create(2,
1, 0);
 
@@ -58,9 +57,6 @@ public class JdbcConnectionContext implements ClientListenerConnectionContext
{
     /** Supported versions. */
     private static final Set<ClientListenerProtocolVersion> SUPPORTED_VERS = new HashSet<>();
 
-    /** Context. */
-    private final GridKernalContext ctx;
-
     /** Session. */
     private final GridNioSession ses;
 
@@ -90,13 +86,15 @@ public class JdbcConnectionContext implements ClientListenerConnectionContext
{
 
     /**
      * Constructor.
+     *
      * @param ctx Kernal Context.
      * @param ses Session.
      * @param busyLock Shutdown busy lock.
      * @param maxCursors Maximum allowed cursors.
      */
     public JdbcConnectionContext(GridKernalContext ctx, GridNioSession ses, GridSpinBusyLock
busyLock, int maxCursors) {
-        this.ctx = ctx;
+        super(ctx);
+
         this.ses = ses;
         this.busyLock = busyLock;
         this.maxCursors = maxCursors;
@@ -135,31 +133,21 @@ public class JdbcConnectionContext implements ClientListenerConnectionContext
{
         if (ver.compareTo(VER_2_3_0) >= 0)
             skipReducerOnUpdate = reader.readBoolean();
 
-        AuthorizationContext actx = null;
+        String user = null;
+        String passwd = null;
 
         try {
             if (reader.available() > 0) {
-                String user = reader.readString();
-                String passwd = reader.readString();
-
-                if (ctx.authentication().enabled()) {
-                    if (F.isEmpty(user))
-                        throw new IgniteCheckedException("Unauthenticated sessions are prohibited");
-
-                    actx = ctx.authentication().authenticate(user, passwd);
-
-                    if (actx == null)
-                        throw new IgniteCheckedException("Unknown authentication error");
-                }
-            }
-            else {
-                if (ctx.authentication().enabled())
-                    throw new IgniteCheckedException("Unauthenticated sessions are prohibited");
+                user = reader.readString();
+                passwd = reader.readString();
             }
         }
         catch (Exception e) {
             throw new IgniteCheckedException("Handshake error: " + e.getMessage(), e);
         }
+
+        AuthorizationContext actx = authenticate(user, passwd);
+
         parser = new JdbcMessageParser(ctx);
 
         JdbcResponseSender sender = new JdbcResponseSender() {

http://git-wip-us.apache.org/repos/asf/ignite/blob/9d163ed7/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcConnectionContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcConnectionContext.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcConnectionContext.java
index ef2371e..bcae690 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcConnectionContext.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcConnectionContext.java
@@ -23,7 +23,7 @@ import org.apache.ignite.IgniteCheckedException;
 import org.apache.ignite.internal.GridKernalContext;
 import org.apache.ignite.internal.binary.BinaryReaderExImpl;
 import org.apache.ignite.internal.processors.authentication.AuthorizationContext;
-import org.apache.ignite.internal.processors.odbc.ClientListenerConnectionContext;
+import org.apache.ignite.internal.processors.odbc.ClientListenerAbstractConnectionContext;
 import org.apache.ignite.internal.processors.odbc.ClientListenerMessageParser;
 import org.apache.ignite.internal.processors.odbc.ClientListenerProtocolVersion;
 import org.apache.ignite.internal.processors.odbc.ClientListenerRequestHandler;
@@ -33,7 +33,7 @@ import org.apache.ignite.internal.util.typedef.F;
 /**
  * ODBC Connection Context.
  */
-public class OdbcConnectionContext implements ClientListenerConnectionContext {
+public class OdbcConnectionContext extends ClientListenerAbstractConnectionContext {
     /** Version 2.1.0. */
     public static final ClientListenerProtocolVersion VER_2_1_0 = ClientListenerProtocolVersion.create(2,
1, 0);
 
@@ -55,9 +55,6 @@ public class OdbcConnectionContext implements ClientListenerConnectionContext
{
     /** Supported versions. */
     private static final Set<ClientListenerProtocolVersion> SUPPORTED_VERS = new HashSet<>();
 
-    /** Context. */
-    private final GridKernalContext ctx;
-
     /** Shutdown busy lock. */
     private final GridSpinBusyLock busyLock;
 
@@ -85,7 +82,8 @@ public class OdbcConnectionContext implements ClientListenerConnectionContext
{
      * @param maxCursors Maximum allowed cursors.
      */
     public OdbcConnectionContext(GridKernalContext ctx, GridSpinBusyLock busyLock, int maxCursors)
{
-        this.ctx = ctx;
+        super(ctx);
+
         this.busyLock = busyLock;
         this.maxCursors = maxCursors;
     }
@@ -127,27 +125,7 @@ public class OdbcConnectionContext implements ClientListenerConnectionContext
{
             passwd = reader.readString();
         }
 
-        AuthorizationContext actx = null;
-
-        try {
-            if (ctx.authentication().enabled())
-            {
-                if (F.isEmpty(user))
-                    throw new IgniteCheckedException("Unauthenticated sessions are prohibited");
-
-                actx = ctx.authentication().authenticate(user, passwd);
-
-                if (actx == null)
-                    throw new IgniteCheckedException("Unknown authentication error");
-            }
-            else {
-                if (!F.isEmpty(user))
-                    throw new IgniteCheckedException("Authentication is disabled for the
node.");
-            }
-        }
-        catch (Exception e) {
-            throw new IgniteCheckedException("Handshake error: " + e.getMessage(), e);
-        }
+        AuthorizationContext actx = authenticate(user, passwd);
 
         handler = new OdbcRequestHandler(ctx, busyLock, maxCursors, distributedJoins,
                 enforceJoinOrder, replicatedOnly, collocated, lazy, skipReducerOnUpdate,
actx);

http://git-wip-us.apache.org/repos/asf/ignite/blob/9d163ed7/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientConnectionContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientConnectionContext.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientConnectionContext.java
index 056ea83..55a4a3a 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientConnectionContext.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientConnectionContext.java
@@ -17,32 +17,24 @@
 
 package org.apache.ignite.internal.processors.platform.client;
 
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.UUID;
 import org.apache.ignite.IgniteCheckedException;
 import org.apache.ignite.internal.GridKernalContext;
 import org.apache.ignite.internal.binary.BinaryReaderExImpl;
 import org.apache.ignite.internal.processors.authentication.AuthorizationContext;
-import org.apache.ignite.internal.processors.authentication.IgniteAccessControlException;
-import org.apache.ignite.internal.processors.odbc.ClientListenerConnectionContext;
+import org.apache.ignite.internal.processors.odbc.ClientListenerAbstractConnectionContext;
 import org.apache.ignite.internal.processors.odbc.ClientListenerMessageParser;
 import org.apache.ignite.internal.processors.odbc.ClientListenerProtocolVersion;
 import org.apache.ignite.internal.processors.odbc.ClientListenerRequestHandler;
 
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.concurrent.atomic.AtomicLong;
-import org.apache.ignite.internal.processors.security.SecurityContext;
-import org.apache.ignite.plugin.security.AuthenticationContext;
-import org.apache.ignite.plugin.security.SecurityCredentials;
-
-import static org.apache.ignite.plugin.security.SecuritySubjectType.REMOTE_CLIENT;
 
 /**
  * Thin Client connection context.
  */
-public class ClientConnectionContext implements ClientListenerConnectionContext {
+public class ClientConnectionContext extends ClientListenerAbstractConnectionContext {
     /** Version 1.0.0. */
     public static final ClientListenerProtocolVersion VER_1_0_0 = ClientListenerProtocolVersion.create(1,
0, 0);
 
@@ -61,18 +53,12 @@ public class ClientConnectionContext implements ClientListenerConnectionContext
     /** Handle registry. */
     private final ClientResourceRegistry resReg = new ClientResourceRegistry();
 
-    /** Kernal context. */
-    private final GridKernalContext kernalCtx;
-
     /** Max cursors. */
     private final int maxCursors;
 
     /** Cursor counter. */
     private final AtomicLong curCnt = new AtomicLong();
 
-    /** Security context or {@code null} if security is disabled. */
-    private SecurityContext secCtx = null;
-
     /**
      * Ctor.
      *
@@ -80,9 +66,7 @@ public class ClientConnectionContext implements ClientListenerConnectionContext
      * @param maxCursors Max active cursors.
      */
     public ClientConnectionContext(GridKernalContext ctx, int maxCursors) {
-        assert ctx != null;
-
-        kernalCtx = ctx;
+        super(ctx);
 
         parser = new ClientMessageParser(ctx);
 
@@ -98,15 +82,6 @@ public class ClientConnectionContext implements ClientListenerConnectionContext
         return resReg;
     }
 
-    /**
-     * Gets the kernal context.
-     *
-     * @return Kernal context.
-     */
-    public GridKernalContext kernalContext() {
-        return kernalCtx;
-    }
-
     /** {@inheritDoc} */
     @Override public boolean isVersionSupported(ClientListenerProtocolVersion ver) {
         return SUPPORTED_VERS.contains(ver);
@@ -124,7 +99,6 @@ public class ClientConnectionContext implements ClientListenerConnectionContext
 
         String user = null;
         String pwd = null;
-        AuthorizationContext authCtx = null;
 
         if (ver.compareTo(VER_1_1_0) >= 0) {
             try {
@@ -140,17 +114,7 @@ public class ClientConnectionContext implements ClientListenerConnectionContext
             }
         }
 
-        if (kernalCtx.security().enabled())
-            authCtx = thirdPartyAuthentication(user, pwd).authorizationContext();
-        else if (kernalCtx.authentication().enabled()) {
-            if (user == null || user.length() == 0)
-                throw new IgniteAccessControlException("Unauthenticated sessions are prohibited.");
-
-            authCtx = kernalCtx.authentication().authenticate(user, pwd);
-
-            if (authCtx == null)
-                throw new IgniteAccessControlException("Unknown authentication error.");
-        }
+        AuthorizationContext authCtx = authenticate(user, pwd);
 
         handler = new ClientRequestHandler(this, authCtx);
     }
@@ -192,34 +156,4 @@ public class ClientConnectionContext implements ClientListenerConnectionContext
     public void decrementCursors() {
         curCnt.decrementAndGet();
     }
-
-    /**
-     * @return Security context or {@code null} if security is disabled.
-     */
-    public SecurityContext securityContext() {
-        return secCtx;
-    }
-
-    /**
-     * Do 3-rd party authentication.
-     */
-    private AuthenticationContext thirdPartyAuthentication(String user, String pwd) throws
IgniteCheckedException {
-        SecurityCredentials cred = new SecurityCredentials(user, pwd);
-
-        AuthenticationContext authCtx = new AuthenticationContext();
-
-        authCtx.subjectType(REMOTE_CLIENT);
-        authCtx.subjectId(UUID.randomUUID());
-        authCtx.nodeAttributes(Collections.emptyMap());
-        authCtx.credentials(cred);
-
-        secCtx = kernalCtx.security().authenticate(authCtx);
-
-        if (secCtx == null)
-            throw new IgniteAccessControlException(
-                String.format("The user name or password is incorrect [userName=%s]", user)
-            );
-
-        return authCtx;
-    }
 }


Mime
View raw message