This is an automated email from the ASF dual-hosted git repository.
alexpl pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new 84edb3d IGNITE-12343 Remote filter and transformer of
ContinuousQueries have to run inside the Ignite Sandbox - Fixes #7677.
84edb3d is described below
commit 84edb3dd3b7140ab1d8bcb6a47456f632aafdd6d
Author: sbt-garus-dg <[email protected]>
AuthorDate: Thu May 28 10:46:33 2020 +0300
IGNITE-12343 Remote filter and transformer of ContinuousQueries have to run
inside the Ignite Sandbox - Fixes #7677.
Signed-off-by: Aleksey Plekhanov <[email protected]>
---
.../ignite/internal/SecurityAwareBiPredicate.java | 8 +-
.../query/continuous/SecurityAwareFilter.java | 22 ++--
.../SecurityAwareTransformerFactory.java | 22 ++--
.../AbstractSecurityAwareExternalizable.java | 17 +++
.../processors/security/SecurityUtils.java | 11 +-
.../main/resources/META-INF/classnames.properties | 4 +
.../AbstractContinuousQuerySandboxTest.java | 132 +++++++++++++++++++++
.../sandbox/ContinuousQuerySandboxTest.java | 64 ++++++++++
.../ContinuousQueryWithTransformerSandboxTest.java | 73 ++++++++++++
.../ignite/testsuites/SecurityTestSuite.java | 4 +
10 files changed, 333 insertions(+), 24 deletions(-)
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/SecurityAwareBiPredicate.java
b/modules/core/src/main/java/org/apache/ignite/internal/SecurityAwareBiPredicate.java
index 5d87d59..5ae1ee1 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/SecurityAwareBiPredicate.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/SecurityAwareBiPredicate.java
@@ -24,7 +24,6 @@ import
org.apache.ignite.internal.processors.security.IgniteSecurity;
import org.apache.ignite.internal.processors.security.OperationSecurityContext;
import org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox;
import org.apache.ignite.lang.IgniteBiPredicate;
-import org.apache.ignite.resources.IgniteInstanceResource;
/**
* Security aware IgniteBiPredicate.
@@ -34,10 +33,6 @@ public class SecurityAwareBiPredicate<E1, E2> extends
AbstractSecurityAwareExter
/** */
private static final long serialVersionUID = 0L;
- /** Ignite. */
- @IgniteInstanceResource
- private transient IgniteEx ignite;
-
/**
* Default constructor.
*/
@@ -63,8 +58,7 @@ public class SecurityAwareBiPredicate<E1, E2> extends
AbstractSecurityAwareExter
return sandbox.enabled() ? sandbox.execute(() ->
original.apply(e1, e2)) : original.apply(e1, e2);
}
catch (AccessControlException e) {
- ignite.context().log(getClass()).error("The operation can't be
executed because the current subject " +
- "doesn't have appropriate permission [subjectId=" + subjectId
+ "].", e);
+ logAccessDeniedMessage(e);
throw e;
}
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/query/continuous/SecurityAwareFilter.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/query/continuous/SecurityAwareFilter.java
index d87b226..481e1bf 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/query/continuous/SecurityAwareFilter.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/query/continuous/SecurityAwareFilter.java
@@ -17,15 +17,16 @@
package org.apache.ignite.internal.processors.cache.query.continuous;
+import java.security.AccessControlException;
import java.util.UUID;
import javax.cache.event.CacheEntryEvent;
import javax.cache.event.CacheEntryEventFilter;
import javax.cache.event.CacheEntryListenerException;
import org.apache.ignite.cache.CacheEntryEventSerializableFilter;
-import org.apache.ignite.internal.IgniteEx;
import
org.apache.ignite.internal.processors.security.AbstractSecurityAwareExternalizable;
+import org.apache.ignite.internal.processors.security.IgniteSecurity;
import org.apache.ignite.internal.processors.security.OperationSecurityContext;
-import org.apache.ignite.resources.IgniteInstanceResource;
+import org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox;
/**
* Security aware remote filter.
@@ -35,10 +36,6 @@ public class SecurityAwareFilter<K, V> extends
AbstractSecurityAwareExternalizab
/** */
private static final long serialVersionUID = 0L;
- /** Ignite. */
- @IgniteInstanceResource
- private transient IgniteEx ignite;
-
/**
* Default constructor.
*/
@@ -56,8 +53,17 @@ public class SecurityAwareFilter<K, V> extends
AbstractSecurityAwareExternalizab
/** {@inheritDoc} */
@Override public boolean evaluate(CacheEntryEvent<? extends K, ? extends
V> evt) throws CacheEntryListenerException {
- try (OperationSecurityContext c =
ignite.context().security().withContext(subjectId)) {
- return original.evaluate(evt);
+ IgniteSecurity security = ignite.context().security();
+
+ try (OperationSecurityContext c = security.withContext(subjectId)) {
+ IgniteSandbox sandbox = security.sandbox();
+
+ return sandbox.enabled() ? sandbox.execute(() ->
original.evaluate(evt)) : original.evaluate(evt);
+ }
+ catch (AccessControlException e) {
+ logAccessDeniedMessage(e);
+
+ throw e;
}
}
}
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/query/continuous/SecurityAwareTransformerFactory.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/query/continuous/SecurityAwareTransformerFactory.java
index c51a4e8..8e4e858 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/query/continuous/SecurityAwareTransformerFactory.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/query/continuous/SecurityAwareTransformerFactory.java
@@ -17,13 +17,14 @@
package org.apache.ignite.internal.processors.cache.query.continuous;
+import java.security.AccessControlException;
import java.util.UUID;
import javax.cache.configuration.Factory;
-import org.apache.ignite.internal.IgniteEx;
import
org.apache.ignite.internal.processors.security.AbstractSecurityAwareExternalizable;
+import org.apache.ignite.internal.processors.security.IgniteSecurity;
import org.apache.ignite.internal.processors.security.OperationSecurityContext;
+import org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox;
import org.apache.ignite.lang.IgniteClosure;
-import org.apache.ignite.resources.IgniteInstanceResource;
/**
* Security aware transformer factory.
@@ -53,14 +54,19 @@ public class SecurityAwareTransformerFactory<E, R> extends
final IgniteClosure<E, R> cl = original.create();
return new IgniteClosure<E, R>() {
- /** Ignite. */
- @IgniteInstanceResource
- private IgniteEx ignite;
-
/** {@inheritDoc} */
@Override public R apply(E e) {
- try (OperationSecurityContext c =
ignite.context().security().withContext(subjectId)) {
- return cl.apply(e);
+ IgniteSecurity security = ignite.context().security();
+
+ try (OperationSecurityContext c =
security.withContext(subjectId)) {
+ IgniteSandbox sandbox = security.sandbox();
+
+ return sandbox.enabled() ? sandbox.execute(() ->
cl.apply(e)) : cl.apply(e);
+ }
+ catch (AccessControlException ace) {
+ logAccessDeniedMessage(ace);
+
+ throw ace;
}
}
};
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/AbstractSecurityAwareExternalizable.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/AbstractSecurityAwareExternalizable.java
index 18224d1..0963a04 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/AbstractSecurityAwareExternalizable.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/AbstractSecurityAwareExternalizable.java
@@ -21,8 +21,11 @@ import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
+import java.security.AccessControlException;
import java.util.UUID;
+import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.util.typedef.internal.U;
+import org.apache.ignite.resources.IgniteInstanceResource;
import static java.util.Objects.requireNonNull;
@@ -36,6 +39,10 @@ public abstract class AbstractSecurityAwareExternalizable<T>
implements External
/** Original component. */
protected T original;
+ /** Ignite. */
+ @IgniteInstanceResource
+ protected transient IgniteEx ignite;
+
/**
* Default constructor.
*/
@@ -52,6 +59,16 @@ public abstract class AbstractSecurityAwareExternalizable<T>
implements External
this.original = requireNonNull(original, "Parameter 'original' cannot
be null.");
}
+ /**
+ * Writes access denied message.
+ *
+ * @param e Exception to log.
+ */
+ protected void logAccessDeniedMessage(AccessControlException e) {
+ ignite.context().log(getClass()).error("The operation can't be
executed because the current subject " +
+ "doesn't have appropriate permission [subjectId=" + subjectId +
"].", e);
+ }
+
/** {@inheritDoc} */
@Override public void writeExternal(ObjectOutput out) throws IOException {
U.writeUuid(out, subjectId);
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
index 4f3302d..9daab4a 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
@@ -18,6 +18,7 @@
package org.apache.ignite.internal.processors.security;
import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.AccessControlContext;
@@ -34,6 +35,7 @@ import java.util.Map;
import java.util.Objects;
import java.util.concurrent.Callable;
import org.apache.ignite.IgniteCheckedException;
+import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteSystemProperties;
import org.apache.ignite.cluster.ClusterNode;
import org.apache.ignite.internal.GridInternalWrapper;
@@ -255,7 +257,14 @@ public class SecurityUtils {
// Ignore.
}
- return sandbox.execute(() -> (T)mtd.invoke(original, args));
+ return sandbox.execute(() -> {
+ try {
+ return (T)mtd.invoke(original, args);
+ }
+ catch (InvocationTargetException e) {
+ throw new IgniteException(e.getTargetException());
+ }
+ });
}
}
}
diff --git a/modules/core/src/main/resources/META-INF/classnames.properties
b/modules/core/src/main/resources/META-INF/classnames.properties
index 486b660..55b277c 100644
--- a/modules/core/src/main/resources/META-INF/classnames.properties
+++ b/modules/core/src/main/resources/META-INF/classnames.properties
@@ -1174,6 +1174,10 @@
org.apache.ignite.internal.processors.cache.query.continuous.CacheContinuousQuer
org.apache.ignite.internal.processors.cache.query.continuous.CacheContinuousQueryManager$CacheEntryEventImpl
org.apache.ignite.internal.processors.cache.query.continuous.CacheContinuousQueryManager$JCacheQuery$1
org.apache.ignite.internal.processors.cache.query.continuous.CacheContinuousQueryManager$JCacheQueryRemoteFilter
+org.apache.ignite.internal.processors.cache.query.continuous.SecurityAwareFilter
+org.apache.ignite.internal.processors.cache.query.continuous.SecurityAwareFilterFactory
+org.apache.ignite.internal.processors.cache.query.continuous.SecurityAwareTransformerFactory
+org.apache.ignite.internal.processors.cache.query.continuous.SecurityAwareTransformerFactory$1
org.apache.ignite.internal.processors.cache.query.jdbc.GridCacheQueryJdbcMetadataTask
org.apache.ignite.internal.processors.cache.query.jdbc.GridCacheQueryJdbcMetadataTask$JdbcDriverMetadataJob
org.apache.ignite.internal.processors.cache.query.jdbc.GridCacheQueryJdbcTask
diff --git
a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/AbstractContinuousQuerySandboxTest.java
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/AbstractContinuousQuerySandboxTest.java
new file mode 100644
index 0000000..cd5b037
--- /dev/null
+++
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/AbstractContinuousQuerySandboxTest.java
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security.sandbox;
+
+import java.security.AccessControlException;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.function.Supplier;
+import javax.cache.Cache;
+import org.apache.ignite.Ignite;
+import org.apache.ignite.IgniteCache;
+import org.apache.ignite.IgniteCheckedException;
+import org.apache.ignite.cache.CacheEntryEventSerializableFilter;
+import org.apache.ignite.cache.CacheMode;
+import org.apache.ignite.cache.query.Query;
+import org.apache.ignite.cache.query.QueryCursor;
+import org.apache.ignite.configuration.CacheConfiguration;
+import org.apache.ignite.lang.IgniteBiPredicate;
+import org.apache.ignite.testframework.GridTestUtils;
+
+/**
+ * Abstract class to test that a remote filter and transformer of
ContinuousQueries run on a remote node inside the
+ * Ignite Sandbox.
+ */
+public class AbstractContinuousQuerySandboxTest extends AbstractSandboxTest {
+ /** Cache name for tests. */
+ protected static final String CACHE_NAME = "TEST_CACHE";
+
+ /** Cache index. */
+ private static final AtomicInteger CACHE_INDEX = new AtomicInteger();
+
+ /** Error. */
+ private static volatile AccessControlException error;
+
+ /** Runs control action for CQ tests. */
+ protected static final Runnable CONTROL_ACTION_RUNNER = new Runnable() {
+ @Override public void run() {
+ try {
+ controlAction();
+ }
+ catch (AccessControlException e) {
+ error = e;
+
+ throw e;
+ }
+ }
+ };
+
+ /** Preidacte for inital query tests. */
+ protected static final IgniteBiPredicate<Integer, Integer> INIT_QRY_FILTER
= (k, v) -> {
+ CONTROL_ACTION_RUNNER.run();
+
+ return true;
+ };
+
+ /** Remote filter. */
+ protected static final CacheEntryEventSerializableFilter<Integer, Integer>
RMT_FILTER = ent -> {
+ CONTROL_ACTION_RUNNER.run();
+
+ return true;
+ };
+
+ /** */
+ protected void checkContinuousQuery(Supplier<Query<Cache.Entry<Integer,
Integer>>> s, boolean init) {
+ runOperation(operation(CLNT_ALLOWED_WRITE_PROP, s, init));
+ runForbiddenOperation(operation(CLNT_FORBIDDEN_WRITE_PROP, s, init),
AccessControlException.class);
+ }
+
+ /** */
+ private GridTestUtils.RunnableX operation(String nodeName,
+ Supplier<Query<Cache.Entry<Integer, Integer>>> s, boolean init) {
+ return () -> {
+ error = null;
+
+ executeQuery(grid(nodeName), s.get(), init);
+
+ if (error != null)
+ throw error;
+ };
+ }
+
+ /**
+ * Opens query cursor.
+ *
+ * @param ignite Node.
+ * @param q {@link Query}.
+ * @param init True if needing put data to a cache before openning a
cursor.
+ */
+ private void executeQuery(Ignite ignite, Query<Cache.Entry<Integer,
Integer>> q, boolean init)
+ throws IgniteCheckedException {
+ IgniteCache<Integer, Integer> cache = ignite.getOrCreateCache(
+ new CacheConfiguration<Integer, Integer>()
+ .setName(CACHE_NAME + CACHE_INDEX.incrementAndGet())
+ .setCacheMode(CacheMode.PARTITIONED)
+ );
+
+ Integer key = primaryKey(grid(SRV).cache(cache.getName()));
+
+ if (init)
+ cache.put(key, 100);
+
+ try (QueryCursor<Cache.Entry<Integer, Integer>> cur = cache.query(q)) {
+ if (!init) {
+ try {
+ cache.put(key, 100);
+ }
+ catch (Exception e) {
+ fail(e.getMessage());
+ }
+ }
+
+ cur.getAll();
+ }
+
+ // Put operation should be successful regardless of exceptions inside
a remote filter or transformer.
+ assertEquals(Integer.valueOf(100), cache.get(key));
+ }
+}
diff --git
a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/ContinuousQuerySandboxTest.java
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/ContinuousQuerySandboxTest.java
new file mode 100644
index 0000000..34da323
--- /dev/null
+++
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/ContinuousQuerySandboxTest.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security.sandbox;
+
+import org.apache.ignite.cache.query.ContinuousQuery;
+import org.apache.ignite.cache.query.ScanQuery;
+import org.junit.Test;
+
+/**
+ * Checks that a remote filter of {@code ContinuousQueries} runs on a remote
node inside the Ignite Sandbox.
+ */
+public class ContinuousQuerySandboxTest extends
AbstractContinuousQuerySandboxTest {
+ /** */
+ @Test
+ public void testInitialQueryFilter() {
+ checkContinuousQuery(() -> {
+ ContinuousQuery<Integer, Integer> cq = new ContinuousQuery<>();
+
+ cq.setInitialQuery(new ScanQuery<>(INIT_QRY_FILTER));
+ cq.setLocalListener(e -> {/* No-op. */});
+
+ return cq;
+ }, true);
+ }
+
+ /** */
+ @Test
+ public void testRemoteFilterFactory() {
+ checkContinuousQuery(() -> {
+ ContinuousQuery<Integer, Integer> cq = new ContinuousQuery<>();
+
+ cq.setRemoteFilterFactory(() -> RMT_FILTER);
+
+ return cq;
+ }, false);
+ }
+
+ /** */
+ @Test
+ public void testRemoteFilter() {
+ checkContinuousQuery(() -> {
+ ContinuousQuery<Integer, Integer> cq = new ContinuousQuery<>();
+
+ cq.setRemoteFilter(RMT_FILTER);
+
+ return cq;
+ }, false);
+ }
+}
diff --git
a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/ContinuousQueryWithTransformerSandboxTest.java
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/ContinuousQueryWithTransformerSandboxTest.java
new file mode 100644
index 0000000..1c38333
--- /dev/null
+++
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/ContinuousQueryWithTransformerSandboxTest.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security.sandbox;
+
+import javax.cache.Cache;
+import org.apache.ignite.cache.query.ContinuousQueryWithTransformer;
+import org.apache.ignite.cache.query.ScanQuery;
+import org.junit.Test;
+
+/**
+ * Checks that a remote filter and transformer of {@code
ContinuousQueryWithTransformer} run on a remote node inside the
+ * Ignite Sandbox.
+ */
+public class ContinuousQueryWithTransformerSandboxTest extends
AbstractContinuousQuerySandboxTest {
+ /** */
+ @Test
+ public void testInitialQuery() {
+ checkContinuousQuery(() -> {
+ ContinuousQueryWithTransformer<Integer, Integer, Integer> q = new
ContinuousQueryWithTransformer<>();
+
+ q.setInitialQuery(new ScanQuery<>(INIT_QRY_FILTER));
+ q.setRemoteTransformerFactory(() -> Cache.Entry::getValue);
+ q.setLocalListener(e -> {/* No-op. */});
+
+ return q;
+ }, true);
+ }
+
+ /** */
+ @Test
+ public void testRemoteFilterFactory() {
+ checkContinuousQuery(() -> {
+ ContinuousQueryWithTransformer<Integer, Integer, Integer> q = new
ContinuousQueryWithTransformer<>();
+
+ q.setRemoteFilterFactory(() -> RMT_FILTER);
+ q.setRemoteTransformerFactory(() -> Cache.Entry::getValue);
+
+ return q;
+ }, false);
+ }
+
+ /** */
+ @Test
+ public void testTransformerFactory() {
+ checkContinuousQuery(() -> {
+ ContinuousQueryWithTransformer<Integer, Integer, Integer> q = new
ContinuousQueryWithTransformer<>();
+
+ q.setRemoteTransformerFactory(() -> e -> {
+ CONTROL_ACTION_RUNNER.run();
+
+ return e.getValue();
+ });
+ q.setLocalListener(e -> {/* No-op. */});
+
+ return q;
+ }, false);
+ }
+}
diff --git
a/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
index 551114b..faeba43 100644
---
a/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
+++
b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
@@ -48,6 +48,8 @@ import
org.apache.ignite.internal.processors.security.messaging.MessagingRemoteS
import
org.apache.ignite.internal.processors.security.sandbox.AccessToClassesInsideInternalPackageTest;
import org.apache.ignite.internal.processors.security.sandbox.CacheSandboxTest;
import
org.apache.ignite.internal.processors.security.sandbox.ComputeSandboxTest;
+import
org.apache.ignite.internal.processors.security.sandbox.ContinuousQuerySandboxTest;
+import
org.apache.ignite.internal.processors.security.sandbox.ContinuousQueryWithTransformerSandboxTest;
import
org.apache.ignite.internal.processors.security.sandbox.DataStreamerSandboxTest;
import
org.apache.ignite.internal.processors.security.sandbox.DoPrivilegedOnRemoteNodeTest;
import
org.apache.ignite.internal.processors.security.sandbox.IgniteOperationsInsideSandboxTest;
@@ -101,6 +103,8 @@ import org.junit.runners.Suite;
SecuritySubjectPermissionsTest.class,
IgnitionComponentProxyTest.class,
MessagingSandboxTest.class,
+ ContinuousQuerySandboxTest.class,
+ ContinuousQueryWithTransformerSandboxTest.class,
IgniteSecurityProcessorTest.class,
GridCommandHandlerSslWithSecurityTest.class,
