You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by vo...@apache.org on 2018/10/26 08:32:02 UTC
ignite git commit: IGNITE-9454: Fixed SecurityPermissionSetBuilder.
This closes #5066.
Repository: ignite
Updated Branches:
refs/heads/master b94efd511 -> 1f3648b75
IGNITE-9454: Fixed SecurityPermissionSetBuilder. This closes #5066.
Project: http://git-wip-us.apache.org/repos/asf/ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/1f3648b7
Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/1f3648b7
Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/1f3648b7
Branch: refs/heads/master
Commit: 1f3648b75d36bd8a601b1860c98a1a917b442620
Parents: b94efd5
Author: Ilya Kasnacheev <il...@gmail.com>
Authored: Fri Oct 26 11:31:51 2018 +0300
Committer: devozerov <pp...@gmail.com>
Committed: Fri Oct 26 11:31:51 2018 +0300
----------------------------------------------------------------------
.../security/SecurityPermissionSetBuilder.java | 9 ++++++--
.../SecurityPermissionSetBuilderTest.java | 24 ++++++++++++++++----
2 files changed, 26 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ignite/blob/1f3648b7/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java
index abac541..659613a 100644
--- a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java
+++ b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilder.java
@@ -126,6 +126,11 @@ public class SecurityPermissionSetBuilder {
* @return {@link SecurityPermissionSetBuilder} refer to same permission builder.
*/
public SecurityPermissionSetBuilder appendCachePermissions(String name, SecurityPermission... perms) {
+ for (SecurityPermission perm : perms) {
+ if (perm == SecurityPermission.CACHE_CREATE || perm == SecurityPermission.CACHE_DESTROY)
+ throw new IgniteException(perm + " should be assigned as system permission, not cache permission");
+ }
+
validate(toCollection("CACHE_"), perms);
append(cachePerms, name, toCollection(perms));
@@ -140,7 +145,7 @@ public class SecurityPermissionSetBuilder {
* @return {@link SecurityPermissionSetBuilder} refer to same permission builder.
*/
public SecurityPermissionSetBuilder appendSystemPermissions(SecurityPermission... perms) {
- validate(toCollection("EVENTS_", "ADMIN_"), perms);
+ validate(toCollection("EVENTS_", "ADMIN_", "CACHE_CREATE", "CACHE_DESTROY", "JOIN_AS_SERVER"), perms);
sysPerms.addAll(toCollection(perms));
@@ -194,7 +199,7 @@ public class SecurityPermissionSetBuilder {
private final <T> Collection<T> toCollection(T... perms) {
assert perms != null;
- Collection<T> col = U.newHashSet(perms.length);
+ Collection<T> col = U.newLinkedHashSet(perms.length);
Collections.addAll(col, perms);
http://git-wip-us.apache.org/repos/asf/ignite/blob/1f3648b7/modules/core/src/test/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilderTest.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilderTest.java b/modules/core/src/test/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilderTest.java
index 0ac7bc7..338034f 100644
--- a/modules/core/src/test/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilderTest.java
+++ b/modules/core/src/test/java/org/apache/ignite/plugin/security/SecurityPermissionSetBuilderTest.java
@@ -27,9 +27,12 @@ import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import static org.apache.ignite.plugin.security.SecurityPermission.ADMIN_VIEW;
+import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE;
+import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_DESTROY;
import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT;
import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ;
import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE;
+import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER;
import static org.apache.ignite.plugin.security.SecurityPermission.SERVICE_DEPLOY;
import static org.apache.ignite.plugin.security.SecurityPermission.SERVICE_INVOKE;
import static org.apache.ignite.plugin.security.SecurityPermission.EVENTS_ENABLE;
@@ -65,7 +68,7 @@ public class SecurityPermissionSetBuilderTest extends GridCommonAbstractTest {
exp.setServicePermissions(permSrvc);
- exp.setSystemPermissions(permissions(ADMIN_VIEW, EVENTS_ENABLE));
+ exp.setSystemPermissions(permissions(ADMIN_VIEW, EVENTS_ENABLE, JOIN_AS_SERVER, CACHE_CREATE, CACHE_DESTROY));
final SecurityPermissionSetBuilder permsBuilder = new SecurityPermissionSetBuilder();
@@ -80,7 +83,7 @@ public class SecurityPermissionSetBuilderTest extends GridCommonAbstractTest {
assertThrows(log, new Callable<Object>() {
@Override public Object call() throws Exception {
- permsBuilder.appendTaskPermissions("task", CACHE_READ);
+ permsBuilder.appendTaskPermissions("task", CACHE_READ, JOIN_AS_SERVER);
return null;
}
}, IgniteException.class,
@@ -93,7 +96,7 @@ public class SecurityPermissionSetBuilderTest extends GridCommonAbstractTest {
return null;
}
}, IgniteException.class,
- "you can assign permission only start with [EVENTS_, ADMIN_], but you try TASK_EXECUTE"
+ "you can assign permission only start with [EVENTS_, ADMIN_, CACHE_CREATE, CACHE_DESTROY, JOIN_AS_SERVER], but you try TASK_EXECUTE"
);
assertThrows(log, new Callable<Object>() {
@@ -102,7 +105,16 @@ public class SecurityPermissionSetBuilderTest extends GridCommonAbstractTest {
return null;
}
}, IgniteException.class,
- "you can assign permission only start with [EVENTS_, ADMIN_], but you try SERVICE_INVOKE"
+ "you can assign permission only start with [EVENTS_, ADMIN_, CACHE_CREATE, CACHE_DESTROY, JOIN_AS_SERVER], but you try SERVICE_INVOKE"
+ );
+
+ assertThrows(log, new Callable<Object>() {
+ @Override public Object call() throws Exception {
+ permsBuilder.appendCachePermissions("cache", CACHE_CREATE);
+ return null;
+ }
+ }, IgniteException.class,
+ "CACHE_CREATE should be assigned as system permission, not cache permission"
);
permsBuilder
@@ -116,7 +128,9 @@ public class SecurityPermissionSetBuilderTest extends GridCommonAbstractTest {
.appendServicePermissions("service2", SERVICE_INVOKE)
.appendServicePermissions("service2", SERVICE_INVOKE)
.appendSystemPermissions(ADMIN_VIEW)
- .appendSystemPermissions(ADMIN_VIEW, EVENTS_ENABLE);
+ .appendSystemPermissions(ADMIN_VIEW, EVENTS_ENABLE)
+ .appendSystemPermissions(JOIN_AS_SERVER)
+ .appendSystemPermissions(CACHE_CREATE, CACHE_DESTROY);
SecurityPermissionSet actual = permsBuilder.build();