You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by iv...@apache.org on 2015/07/28 12:45:56 UTC
incubator-ignite git commit: #ignite-gg-10610: add security checks
for streaming.
Repository: incubator-ignite
Updated Branches:
refs/heads/ignite-gg-10610 [created] 67f9cce4e
#ignite-gg-10610: add security checks for streaming.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/67f9cce4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/67f9cce4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/67f9cce4
Branch: refs/heads/ignite-gg-10610
Commit: 67f9cce4e122e0ffd79576c7a56833596796ba7d
Parents: a127756
Author: ivasilinets <iv...@gridgain.com>
Authored: Tue Jul 28 13:45:40 2015 +0300
Committer: ivasilinets <iv...@gridgain.com>
Committed: Tue Jul 28 13:45:40 2015 +0300
----------------------------------------------------------------------
.../datastreamer/DataStreamerImpl.java | 23 ++++++++++++++++++++
.../plugin/security/SecurityPermission.java | 6 +++++
2 files changed, 29 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/67f9cce4/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
index 605f478..13223fd 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/datastreamer/DataStreamerImpl.java
@@ -39,6 +39,7 @@ import org.apache.ignite.internal.util.tostring.*;
import org.apache.ignite.internal.util.typedef.*;
import org.apache.ignite.internal.util.typedef.internal.*;
import org.apache.ignite.lang.*;
+import org.apache.ignite.plugin.security.*;
import org.apache.ignite.stream.*;
import org.jetbrains.annotations.*;
import org.jsr166.*;
@@ -413,6 +414,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
@Override public IgniteFuture<?> addData(Collection<? extends Map.Entry<K, V>> entries) {
A.notEmpty(entries, "entries");
+ checkSecurityPermission(SecurityPermission.STREAMING_ADD);
+
enterBusy();
try {
@@ -513,6 +516,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
@Override public IgniteFuture<?> addData(Map.Entry<K, V> entry) {
A.notNull(entry, "entry");
+ checkSecurityPermission(SecurityPermission.STREAMING_ADD);
+
return addData(F.asList(entry));
}
@@ -520,6 +525,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
@Override public IgniteFuture<?> addData(K key, V val) {
A.notNull(key, "key");
+ checkSecurityPermission(SecurityPermission.STREAMING_ADD);
+
KeyCacheObject key0 = cacheObjProc.toCacheKeyObject(cacheObjCtx, key, true);
CacheObject val0 = cacheObjProc.toCacheObject(cacheObjCtx, val, true);
@@ -528,6 +535,8 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
/** {@inheritDoc} */
@Override public IgniteFuture<?> removeData(K key) {
+ checkSecurityPermission(SecurityPermission.STREAMING_REMOVE);
+
return addData(key, null);
}
@@ -980,6 +989,20 @@ public class DataStreamerImpl<K, V> implements IgniteDataStreamer<K, V>, Delayed
}
/**
+ * Check permissions for streaming.
+ *
+ * @param perm Security permission.
+ * @throws org.apache.ignite.plugin.security.SecurityException If permissions are not enough for streaming.
+ */
+ private void checkSecurityPermission(SecurityPermission perm)
+ throws org.apache.ignite.plugin.security.SecurityException{
+ if (!ctx.security().enabled())
+ return;
+
+ ctx.security().authorize(cacheName, perm, null);
+ }
+
+ /**
*
*/
private class Buffer {
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/67f9cce4/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java
index 0e660d2..5738133 100644
--- a/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java
+++ b/modules/core/src/main/java/org/apache/ignite/plugin/security/SecurityPermission.java
@@ -33,6 +33,12 @@ public enum SecurityPermission {
/** Cache {@code remove} permission. */
CACHE_REMOVE,
+ /** Streaming permission for add. */
+ STREAMING_ADD,
+
+ /** Streaming permission for remove. */
+ STREAMING_REMOVE,
+
/** Task {@code execute} permission. */
TASK_EXECUTE,