You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by vo...@apache.org on 2018/11/01 09:14:39 UTC
ignite git commit: IGNITE-9988: Enhancements in thin client handlers.
This closes #5075.
Repository: ignite
Updated Branches:
refs/heads/master e8ec99622 -> 035a027b2
IGNITE-9988: Enhancements in thin client handlers. This closes #5075.
Project: http://git-wip-us.apache.org/repos/asf/ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/035a027b
Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/035a027b
Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/035a027b
Branch: refs/heads/master
Commit: 035a027b23559156221db1481b920baf84da9167
Parents: e8ec996
Author: devozerov <vo...@gridgain.com>
Authored: Thu Nov 1 12:14:19 2018 +0300
Committer: devozerov <vo...@gridgain.com>
Committed: Thu Nov 1 12:14:19 2018 +0300
----------------------------------------------------------------------
...ClientListenerAbstractConnectionContext.java | 6 +--
.../odbc/ClientListenerConnectionContext.java | 6 +++
.../odbc/ClientListenerNioListener.java | 21 ++++++++-
.../odbc/jdbc/JdbcRequestHandler.java | 49 ++++++++------------
.../processors/odbc/odbc/OdbcUtils.java | 1 +
.../platform/client/ClientRequest.java | 8 ++--
.../platform/client/ClientRequestHandler.java | 18 +++----
.../security/SecurityContextHolder.java | 15 ++++--
.../query/h2/ddl/DdlStatementsProcessor.java | 4 +-
9 files changed, 73 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ignite/blob/035a027b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.java
index 1c19d55..856868d 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerAbstractConnectionContext.java
@@ -65,10 +65,8 @@ public abstract class ClientListenerAbstractConnectionContext implements ClientL
return ctx;
}
- /**
- * @return Security context.
- */
- @Nullable public SecurityContext securityContext() {
+ /** {@inheritDoc} */
+ @Nullable @Override public SecurityContext securityContext() {
return secCtx;
}
http://git-wip-us.apache.org/repos/asf/ignite/blob/035a027b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerConnectionContext.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerConnectionContext.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerConnectionContext.java
index b693cb6..c39bfe2 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerConnectionContext.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerConnectionContext.java
@@ -20,6 +20,7 @@ package org.apache.ignite.internal.processors.odbc;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.internal.binary.BinaryReaderExImpl;
import org.apache.ignite.internal.processors.authentication.AuthorizationContext;
+import org.apache.ignite.internal.processors.security.SecurityContext;
import org.jetbrains.annotations.Nullable;
/**
@@ -76,4 +77,9 @@ public interface ClientListenerConnectionContext {
* @return authorization context.
*/
@Nullable AuthorizationContext authorizationContext();
+
+ /**
+ * @return Security context.
+ */
+ @Nullable SecurityContext securityContext();
}
http://git-wip-us.apache.org/repos/asf/ignite/blob/035a027b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java
index 0eb6ac4..debef42 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/ClientListenerNioListener.java
@@ -27,11 +27,14 @@ import org.apache.ignite.internal.binary.BinaryWriterExImpl;
import org.apache.ignite.internal.binary.streams.BinaryHeapInputStream;
import org.apache.ignite.internal.binary.streams.BinaryHeapOutputStream;
import org.apache.ignite.internal.binary.streams.BinaryInputStream;
+import org.apache.ignite.internal.processors.authentication.AuthorizationContext;
import org.apache.ignite.internal.processors.authentication.IgniteAccessControlException;
import org.apache.ignite.internal.processors.odbc.jdbc.JdbcConnectionContext;
import org.apache.ignite.internal.processors.odbc.odbc.OdbcConnectionContext;
import org.apache.ignite.internal.processors.platform.client.ClientConnectionContext;
import org.apache.ignite.internal.processors.platform.client.ClientStatus;
+import org.apache.ignite.internal.processors.security.SecurityContext;
+import org.apache.ignite.internal.processors.security.SecurityContextHolder;
import org.apache.ignite.internal.util.GridSpinBusyLock;
import org.apache.ignite.internal.util.nio.GridNioServerListenerAdapter;
import org.apache.ignite.internal.util.nio.GridNioSession;
@@ -159,7 +162,23 @@ public class ClientListenerNioListener extends GridNioServerListenerAdapter<byte
ses.remoteAddress() + ", req=" + req + ']');
}
- ClientListenerResponse resp = handler.handle(req);
+ ClientListenerResponse resp;
+
+ AuthorizationContext authCtx = connCtx.authorizationContext();
+ SecurityContext oldSecCtx = SecurityContextHolder.push(connCtx.securityContext());
+
+ if (authCtx != null)
+ AuthorizationContext.context(authCtx);
+
+ try {
+ resp = handler.handle(req);
+ }
+ finally {
+ SecurityContextHolder.pop(oldSecCtx);
+
+ if (authCtx != null)
+ AuthorizationContext.clear();
+ }
if (resp != null) {
if (log.isDebugEnabled()) {
http://git-wip-us.apache.org/repos/asf/ignite/blob/035a027b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcRequestHandler.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcRequestHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcRequestHandler.java
index d5a277e..e58b7ef 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcRequestHandler.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/jdbc/JdbcRequestHandler.java
@@ -404,41 +404,32 @@ public class JdbcRequestHandler implements ClientListenerRequestHandler {
* or due to {@code IOException} during network operations.
*/
public void onDisconnect() {
- if (busyLock.enterBusy())
- {
- if (worker != null) {
- worker.cancel();
+ if (worker != null) {
+ worker.cancel();
- try {
- worker.join();
- }
- catch (InterruptedException e) {
- // No-op.
- }
+ try {
+ worker.join();
}
+ catch (InterruptedException e) {
+ // No-op.
+ }
+ }
- try
- {
- for (JdbcQueryCursor cursor : qryCursors.values())
- cursor.close();
-
- for (JdbcBulkLoadProcessor processor : bulkLoadRequests.values()) {
- try {
- processor.close();
- }
- catch (Exception e) {
- U.error(null, "Error closing JDBC bulk load processor.", e);
- }
- }
-
- bulkLoadRequests.clear();
+ for (JdbcQueryCursor cursor : qryCursors.values())
+ cursor.close();
- U.close(cliCtx, log);
+ for (JdbcBulkLoadProcessor processor : bulkLoadRequests.values()) {
+ try {
+ processor.close();
}
- finally {
- busyLock.leaveBusy();
+ catch (Exception e) {
+ U.error(null, "Error closing JDBC bulk load processor.", e);
}
}
+
+ bulkLoadRequests.clear();
+
+ U.close(cliCtx, log);
}
/**
@@ -1082,7 +1073,7 @@ public class JdbcRequestHandler implements ClientListenerRequestHandler {
if (e instanceof IgniteSQLException)
return new JdbcResponse(((IgniteSQLException) e).statusCode(), e.getMessage());
else
- return new JdbcResponse(IgniteQueryErrorCode.UNKNOWN, e.toString());
+ return new JdbcResponse(IgniteQueryErrorCode.UNKNOWN, e.getMessage());
}
/**
http://git-wip-us.apache.org/repos/asf/ignite/blob/035a027b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcUtils.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcUtils.java
index a1c67aa..966d7bb 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcUtils.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/odbc/odbc/OdbcUtils.java
@@ -173,6 +173,7 @@ public class OdbcUtils {
String msg = err.getMessage();
Throwable e = err.getCause();
+
while (e != null) {
if (e.getClass().getCanonicalName().equals("org.h2.jdbc.JdbcSQLException")) {
msg = e.getMessage();
http://git-wip-us.apache.org/repos/asf/ignite/blob/035a027b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequest.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequest.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequest.java
index 799b3e7..a4000ef 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequest.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequest.java
@@ -82,9 +82,9 @@ public class ClientRequest implements ClientListenerRequest {
* Authorize for specified permission.
*/
protected void authorize(ClientConnectionContext ctx, SecurityPermission perm) {
- SecurityContext secCtx = ctx.securityContext();
-
- if (secCtx != null)
- runWithSecurityExceptionHandler(() -> ctx.kernalContext().security().authorize(null, perm, secCtx));
+// SecurityContext secCtx = ctx.securityContext();
+//
+// if (secCtx != null)
+// runWithSecurityExceptionHandler(() -> ctx.kernalContext().security().authorize(null, perm, secCtx));
}
}
http://git-wip-us.apache.org/repos/asf/ignite/blob/035a027b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequestHandler.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequestHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequestHandler.java
index 5ed0d38..8fe4e5d 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequestHandler.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequestHandler.java
@@ -22,7 +22,7 @@ import org.apache.ignite.internal.processors.authentication.AuthorizationContext
import org.apache.ignite.internal.processors.odbc.ClientListenerRequest;
import org.apache.ignite.internal.processors.odbc.ClientListenerRequestHandler;
import org.apache.ignite.internal.processors.odbc.ClientListenerResponse;
-import org.apache.ignite.internal.processors.security.SecurityContextHolder;
+import org.apache.ignite.plugin.security.SecurityException;
/**
* Thin client request handler.
@@ -48,19 +48,15 @@ public class ClientRequestHandler implements ClientListenerRequestHandler {
/** {@inheritDoc} */
@Override public ClientListenerResponse handle(ClientListenerRequest req) {
- if (authCtx != null) {
- AuthorizationContext.context(authCtx);
- SecurityContextHolder.set(ctx.securityContext());
- }
-
try {
return ((ClientRequest)req).process(ctx);
}
- finally {
- if (authCtx != null)
- AuthorizationContext.clear();
-
- SecurityContextHolder.clear();
+ catch (SecurityException ex) {
+ throw new IgniteClientException(
+ ClientStatus.SECURITY_VIOLATION,
+ "Client is not authorized to perform this operation",
+ ex
+ );
}
}
http://git-wip-us.apache.org/repos/asf/ignite/blob/035a027b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java
index 14d70c9..d010711 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityContextHolder.java
@@ -39,15 +39,22 @@ public class SecurityContextHolder {
* Set security context.
*
* @param ctx Context.
+ * @return Old context.
*/
- public static void set(@Nullable SecurityContext ctx) {
+ public static SecurityContext push(@Nullable SecurityContext ctx) {
+ SecurityContext oldCtx = CTX.get();
+
CTX.set(ctx);
+
+ return oldCtx;
}
/**
- * Clear security context.
+ * Pop security context.
+ *
+ * @param oldCtx Old context.
*/
- public static void clear() {
- set(null);
+ public static void pop(@Nullable SecurityContext oldCtx) {
+ CTX.set(oldCtx);
}
}
http://git-wip-us.apache.org/repos/asf/ignite/blob/035a027b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java
----------------------------------------------------------------------
diff --git a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java
index 5c2865a..94e39ef 100644
--- a/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java
+++ b/modules/indexing/src/main/java/org/apache/ignite/internal/processors/query/h2/ddl/DdlStatementsProcessor.java
@@ -328,7 +328,7 @@ public class DdlStatementsProcessor {
}
}
else if (stmt0 instanceof GridSqlCreateTable) {
- ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, SecurityContextHolder.get());
+ ctx.security().authorize(null, SecurityPermission.CACHE_CREATE, null);
GridSqlCreateTable cmd = (GridSqlCreateTable)stmt0;
@@ -361,7 +361,7 @@ public class DdlStatementsProcessor {
}
}
else if (stmt0 instanceof GridSqlDropTable) {
- ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, SecurityContextHolder.get());
+ ctx.security().authorize(null, SecurityPermission.CACHE_DESTROY, null);
GridSqlDropTable cmd = (GridSqlDropTable)stmt0;