You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ignite.apache.org by GitBox <gi...@apache.org> on 2020/02/10 11:05:37 UTC

[GitHub] [ignite] SomeFire commented on a change in pull request #7375: PoC security context spread

SomeFire commented on a change in pull request #7375: PoC security context spread
URL: https://github.com/apache/ignite/pull/7375#discussion_r376275549
 
 

 ##########
 File path: modules/core/src/test/java/org/apache/ignite/internal/processors/security/InvalidServerTest.java
 ##########
 @@ -37,29 +39,43 @@
     /** Test server name. */
     private static final String TEST_SERVER_NAME = "test_server";
 
-    /** {@inheritDoc} */
-    @Override protected IgniteConfiguration getConfiguration(String instanceName,
-            AbstractTestSecurityPluginProvider pluginProv) throws Exception {
-        IgniteConfiguration cfg = super.getConfiguration(instanceName, pluginProv);
+    /** */
+    @Test
+    public void testInvalidServer() throws Exception {
+        globalAuth = true;
+
+        startServerNode("server1");
+        startServerNode("server2");
+
+        assertThrowsWithCause(() -> startServerNode(TEST_SERVER_NAME), IgniteAuthenticationException.class);
+    }
 
-        cfg.setDiscoverySpi(new TcpDiscoverySpi() {
-            @Override protected void startMessageProcess(TcpDiscoveryAbstractMessage msg) {
-                if (msg instanceof TcpDiscoveryNodeAddedMessage && msg.verified())
-                    TestSecurityProcessor.PERMS.remove(new SecurityCredentials(TEST_SERVER_NAME, ""));
+    private IgniteEx startServerNode(String login) throws Exception {
+        TestSecurityPluginProvider provider = new TestSecurityPluginProvider(login, "",
+            ALLOW_ALL, null, globalAuth){
+            @Override protected GridSecurityProcessor securityProcessor(GridKernalContext ctx) {
+                return new InvalidServerSecurityProcessor(ctx, super.securityProcessor(ctx));
             }
-        }.setIpFinder(LOCAL_IP_FINDER));
+        };
 
-        return cfg;
+        return startGrid(getConfiguration(login, provider)
+            .setClientMode(false));
     }
 
-    /** */
-    @Test
-    public void testInvalidServer() throws Exception {
-        globalAuth = true;
+    /* */
+    static class InvalidServerSecurityProcessor extends TestSecurityProcessor.TestSecurityProcessorDelegator {
+
+        public InvalidServerSecurityProcessor(GridKernalContext ctx,
+            GridSecurityProcessor original) {
+            super(ctx, original);
+        }
 
-        startGridAllowAll("server1");
-        startGridAllowAll("server2");
+        @Override public SecurityContext authenticateNode(ClusterNode node,
+            SecurityCredentials cred) throws IgniteCheckedException {
+            if(TEST_SERVER_NAME.equals(cred.getLogin()) && !TEST_SERVER_NAME.equals(ctx.igniteInstanceName()))
 
 Review comment:
   Missed space after `if`.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services