You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by iv...@apache.org on 2015/07/28 12:45:56 UTC

incubator-ignite git commit: #ignite-gg-10610: add security checks for streaming.

Repository: incubator-ignite
Updated Branches:
  refs/heads/ignite-gg-10610 [created] 67f9cce4e


#ignite-gg-10610: add security checks for streaming.


Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/67f9cce4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/67f9cce4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/67f9cce4

Branch: refs/heads/ignite-gg-10610
Commit: 67f9cce4e122e0ffd79576c7a56833596796ba7d
Parents: a127756
Author: ivasilinets <iv...@gridgain.com>
Authored: Tue Jul 28 13:45:40 2015 +0300
Committer: ivasilinets <iv...@gridgain.com>
Committed: Tue Jul 28 13:45:40 2015 +0300

----------------------------------------------------------------------
 .../datastreamer/DataStreamerImpl.java          | 23 ++++++++++++++++++++
 .../plugin/security/SecurityPermission.java     |  6 +++++
 2 files changed, 29 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/67f9cce4/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
index 605f478..13223fd 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
@@ -39,6 +39,7 @@ import org.apache.ignite.internal.util.tostring.*;
 import org.apache.ignite.internal.util.typedef.*;
 import org.apache.ignite.internal.util.typedef.internal.*;
 import org.apache.ignite.lang.*;
+import org.apache.ignite.plugin.security.*;
 import org.apache.ignite.stream.*;
 import org.jetbrains.annotations.*;
 import org.jsr166.*;
@@ -413,6 +414,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
     @Override public IgniteFuture<?> addData(Collection<? extends Map.Entry<K, V>> entries) {
         A.notEmpty(entries, "entries");
 
+        checkSecurityPermission(SecurityPermission.STREAMING_ADD);
+
         enterBusy();
 
         try {
@@ -513,6 +516,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
     @Override public IgniteFuture<?> addData(Map.Entry<K, V> entry) {
         A.notNull(entry, "entry");
 
+        checkSecurityPermission(SecurityPermission.STREAMING_ADD);
+
         return addData(F.asList(entry));
     }
 
@@ -520,6 +525,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
     @Override public IgniteFuture<?> addData(K key, V val) {
         A.notNull(key, "key");
 
+        checkSecurityPermission(SecurityPermission.STREAMING_ADD);
+
         KeyCacheObject key0 = cacheObjProc.toCacheKeyObject(cacheObjCtx, key, true);
         CacheObject val0 = cacheObjProc.toCacheObject(cacheObjCtx, val, true);
 
@@ -528,6 +535,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
 
     /** {@inheritDoc} */
     @Override public IgniteFuture<?> removeData(K key) {
+        checkSecurityPermission(SecurityPermission.STREAMING_REMOVE);
+
         return addData(key, null);
     }
 
@@ -980,6 +989,20 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
     }
 
     /**
+     * Check permissions for streaming.
+     *
+     * @param perm Security permission.
+     * @throws org.apache.ignite.plugin.security.SecurityException If permissions are not enough for streaming.
+     */
+    private void checkSecurityPermission(SecurityPermission perm)
+        throws org.apache.ignite.plugin.security.SecurityException{
+        if (!ctx.security().enabled())
+            return;
+
+        ctx.security().authorize(cacheName, perm, null);
+    }
+
+    /**
      *
      */
     private class Buffer {

http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/67f9cce4/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java
index 0e660d2..5738133 100644
--- a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java
+++ b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java
@@ -33,6 +33,12 @@ public enum SecurityPermission {
     /** Cache {@code remove} permission. */
     CACHE_REMOVE,
 
+    /** Streaming permission for add. */
+    STREAMING_ADD,
+
+    /** Streaming permission for remove. */
+    STREAMING_REMOVE,
+
     /** Task {@code execute} permission. */
     TASK_EXECUTE,