This is an automated email from the ASF dual-hosted git repository.
mpetrov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new a8ec750c4dd IGNITE-18910 Added ability for Security Plugin to extend
pool of Ignite trusted types. (#10565)
a8ec750c4dd is described below
commit a8ec750c4dd059a47112ed8f4d105c1f71e7e412
Author: Mikhail Petrov <[email protected]>
AuthorDate: Tue Mar 14 15:26:21 2023 +0300
IGNITE-18910 Added ability for Security Plugin to extend pool of Ignite
trusted types. (#10565)
---
.../ignite/common/ComputeTaskPermissionsTest.java | 19 +++-----
.../GridResourceProxiedIgniteInjector.java | 8 +++-
.../processors/security/GridSecurityProcessor.java | 12 +++++
.../processors/security/IgniteSecurity.java | 11 +++++
.../processors/security/IgniteSecurityAdapter.java | 54 ++++++++++++++++++++++
.../security/IgniteSecurityProcessor.java | 17 ++++---
.../security/NoOpIgniteSecurityProcessor.java | 3 +-
.../processors/security/SecurityUtils.java | 25 +---------
.../processors/task/GridTaskProcessor.java | 3 +-
.../internal/processors/task/GridTaskWorker.java | 9 ++--
.../security/impl/TestSecurityProcessor.java | 14 ++++++
11 files changed, 120 insertions(+), 55 deletions(-)
diff --git
a/modules/clients/src/test/java/org/apache/ignite/common/ComputeTaskPermissionsTest.java
b/modules/clients/src/test/java/org/apache/ignite/common/ComputeTaskPermissionsTest.java
index d10b78862b0..f130913f2d7 100644
---
a/modules/clients/src/test/java/org/apache/ignite/common/ComputeTaskPermissionsTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/common/ComputeTaskPermissionsTest.java
@@ -22,7 +22,6 @@ import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.UUID;
-import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
@@ -57,7 +56,6 @@ import
org.apache.ignite.internal.processors.security.AbstractSecurityTest;
import org.apache.ignite.internal.processors.security.OperationSecurityContext;
import org.apache.ignite.internal.processors.security.PublicAccessJob;
import org.apache.ignite.internal.processors.security.SecurityContext;
-import org.apache.ignite.internal.processors.security.SecurityUtils;
import
org.apache.ignite.internal.processors.security.compute.ComputePermissionCheckTest;
import org.apache.ignite.internal.processors.security.impl.TestSecurityData;
import
org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider;
@@ -66,7 +64,6 @@ import
org.apache.ignite.internal.util.lang.gridfunc.AtomicIntegerFactoryCallabl
import org.apache.ignite.internal.util.lang.gridfunc.RunnableWrapperClosure;
import org.apache.ignite.internal.util.lang.gridfunc.ToStringClosure;
import org.apache.ignite.internal.util.typedef.X;
-import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.lang.IgniteCallable;
import org.apache.ignite.lang.IgniteClosure;
import org.apache.ignite.lang.IgniteReducer;
@@ -87,6 +84,7 @@ import static
org.apache.ignite.common.AbstractEventSecurityContextTest.sendRest
import static org.apache.ignite.internal.GridClosureCallMode.BROADCAST;
import static
org.apache.ignite.internal.processors.job.GridJobProcessor.COMPUTE_JOB_WORKER_INTERRUPT_TIMEOUT;
import static org.apache.ignite.internal.processors.rest.GridRestCommand.EXE;
+import static
org.apache.ignite.internal.processors.security.impl.TestSecurityProcessor.registerExternalSystemTypes;
import static
org.apache.ignite.internal.processors.task.TaskExecutionOptions.options;
import static org.apache.ignite.plugin.security.SecurityPermission.ADMIN_KILL;
import static org.apache.ignite.plugin.security.SecurityPermission.ADMIN_OPS;
@@ -137,9 +135,11 @@ public class ComputeTaskPermissionsTest extends
AbstractSecurityTest {
@Override protected void beforeTestsStarted() throws Exception {
super.beforeTestsStarted();
- registerSystemType(SystemRunnable.class);
- registerSystemType(PublicAccessSystemTask.class);
- registerSystemType(PublicAccessSystemJob.class);
+ registerExternalSystemTypes(
+ SystemRunnable.class,
+ PublicAccessSystemTask.class,
+ PublicAccessSystemJob.class
+ );
for (int idx = 0; idx < SRV_NODES_CNT; idx++)
startGrid(idx, false);
@@ -792,13 +792,6 @@ public class ComputeTaskPermissionsTest extends
AbstractSecurityTest {
return grid(0).context().security().authenticate(authCtx);
}
- /** */
- private void registerSystemType(Class<?> cls) throws Exception {
- ConcurrentMap<Class<?>, Boolean> sysTypes =
U.field(SecurityUtils.class, "SYSTEM_TYPES");
-
- sysTypes.put(cls, true);
- }
-
/** */
private IgniteClient startClient(String login) {
return Ignition.startClient(new ClientConfiguration()
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/resource/GridResourceProxiedIgniteInjector.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/resource/GridResourceProxiedIgniteInjector.java
index 9d7a3787d0b..b3be3e6ec07 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/resource/GridResourceProxiedIgniteInjector.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/resource/GridResourceProxiedIgniteInjector.java
@@ -19,6 +19,7 @@ package org.apache.ignite.internal.processors.resource;
import org.apache.ignite.Ignite;
import org.apache.ignite.IgniteCheckedException;
+import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.managers.deployment.GridDeployment;
@@ -36,8 +37,11 @@ public class GridResourceProxiedIgniteInjector extends
GridResourceBasicInjector
/** */
private Ignite ignite(Object target) {
- return isSystemType(((IgniteEx)getResource()).context(), target, false)
- ? getResource() : igniteProxy(getResource());
+ GridKernalContext ctx = ((IgniteEx)getResource()).context();
+
+ return ctx.security().sandbox().enabled() && !isSystemType(ctx,
target, false)
+ ? igniteProxy(getResource())
+ : getResource();
}
/** {@inheritDoc} */
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java
index 2a46b304628..f329ba2a850 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/GridSecurityProcessor.java
@@ -165,4 +165,16 @@ public interface GridSecurityProcessor extends
GridProcessor {
public default void dropUser(String login) throws IgniteCheckedException {
throw new UnsupportedOperationException();
}
+
+ /**
+ * @param cls The class for which the check is to be performed.
+ * @return Whether the specified class can be considered system. System
classes are classes whose source code
+ * can be considered controlled by the Ignite administrator and to which
less stringent security checks can be
+ * applied. This method will be called on classes that are not part of the
Ignite codebase. This allows the
+ * Security Plugin to extend the pool of system classes with user-defined
ones
+ * (e.g. classes that belongs to custom Ignite Plugins).
+ */
+ public default boolean isSystemType(Class<?> cls) {
+ return false;
+ }
}
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java
index 3cecd8a2687..bdcaa966de1 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java
@@ -162,4 +162,15 @@ public interface IgniteSecurity {
* Local join event is expected in cases of joining to topology or client
reconnect.
*/
public void onLocalJoin();
+
+ /**
+ * @param cls The class for which the check is to be performed.
+ * @return Whether the specified class can be considered system. System
classes are classes whose source code
+ * can be considered controlled by the Ignite administrator and to which
less stringent security checks can be
+ * applied. By default, Ignite considers only classes from its own
codebase as system but their pool can be extended
+ * by custom Security Plugin.
+ *
+ * @see GridSecurityProcessor#isSystemType(Class)
+ */
+ public boolean isSystemType(Class<?> cls);
}
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java
new file mode 100644
index 00000000000..be874b469cc
--- /dev/null
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security;
+
+import java.security.CodeSource;
+import java.security.ProtectionDomain;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import org.apache.ignite.internal.GridKernalContext;
+import org.apache.ignite.internal.processors.GridProcessorAdapter;
+import org.apache.ignite.internal.util.typedef.F;
+
+import static
org.apache.ignite.internal.processors.security.SecurityUtils.doPrivileged;
+
+/** */
+public abstract class IgniteSecurityAdapter extends GridProcessorAdapter
implements IgniteSecurity {
+ /** Code source for ignite-core module. */
+ private static final CodeSource CORE_CODE_SOURCE =
SecurityUtils.class.getProtectionDomain().getCodeSource();
+
+ /** System types cache. */
+ private static final ConcurrentMap<Class<?>, Boolean> SYSTEM_TYPES = new
ConcurrentHashMap<>();
+
+ /** @param ctx Kernal context. */
+ protected IgniteSecurityAdapter(GridKernalContext ctx) {
+ super(ctx);
+ }
+
+ /** {@inheritDoc} */
+ @Override public boolean isSystemType(Class<?> cls) {
+ return SYSTEM_TYPES.computeIfAbsent(
+ cls,
+ c -> {
+ ProtectionDomain pd = doPrivileged(c::getProtectionDomain);
+
+ return pd != null && F.eq(CORE_CODE_SOURCE,
pd.getCodeSource());
+ }
+ );
+ }
+}
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java
index 793cad12b00..11cd00b8cdf 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityProcessor.java
@@ -29,7 +29,6 @@ import org.apache.ignite.IgniteLogger;
import org.apache.ignite.cluster.ClusterNode;
import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.IgniteInternalFuture;
-import org.apache.ignite.internal.processors.GridProcessor;
import
org.apache.ignite.internal.processors.security.sandbox.AccessControllerSandbox;
import org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox;
import org.apache.ignite.internal.processors.security.sandbox.NoOpSandbox;
@@ -68,7 +67,7 @@ import static
org.apache.ignite.plugin.security.SecurityPermission.ADMIN_USER_AC
* <li>Managing sandbox and proving point of entry to the internal sandbox
API.</li>
* </ul>
*/
-public class IgniteSecurityProcessor implements IgniteSecurity, GridProcessor {
+public class IgniteSecurityProcessor extends IgniteSecurityAdapter {
/** */
private static final String FAILED_OBTAIN_SEC_CTX_MSG = "Failed to obtain
a security context.";
@@ -88,9 +87,6 @@ public class IgniteSecurityProcessor implements
IgniteSecurity, GridProcessor {
/** Current security context if differs from {@link #dfltSecCtx}. */
private final ThreadLocal<SecurityContext> curSecCtx = new ThreadLocal<>();
- /** Grid kernal context. */
- private final GridKernalContext ctx;
-
/** Security processor. */
private final GridSecurityProcessor secPrc;
@@ -121,10 +117,10 @@ public class IgniteSecurityProcessor implements
IgniteSecurity, GridProcessor {
* @param secPrc Security processor.
*/
public IgniteSecurityProcessor(GridKernalContext ctx,
GridSecurityProcessor secPrc) {
- assert ctx != null;
+ super(ctx);
+
assert secPrc != null;
- this.ctx = ctx;
this.secPrc = secPrc;
marsh = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName());
@@ -247,6 +243,8 @@ public class IgniteSecurityProcessor implements
IgniteSecurity, GridProcessor {
/** {@inheritDoc} */
@Override public void start() throws IgniteCheckedException {
+ super.start();
+
ctx.addNodeAttribute(ATTR_GRID_SEC_PROC_CLASS,
secPrc.getClass().getName());
secPrc.start();
@@ -409,6 +407,11 @@ public class IgniteSecurityProcessor implements
IgniteSecurity, GridProcessor {
ctx.discovery().localNode());
}
+ /** {@inheritDoc} */
+ @Override public boolean isSystemType(Class<?> cls) {
+ return super.isSystemType(cls) || secPrc.isSystemType(cls);
+ }
+
/**
* Validates that remote node's grid security processor class is the same
as local one.
*
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java
index bb079dc75fb..0dc6151cf6c 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/NoOpIgniteSecurityProcessor.java
@@ -23,7 +23,6 @@ import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.cluster.ClusterNode;
import org.apache.ignite.internal.GridKernalContext;
-import org.apache.ignite.internal.processors.GridProcessorAdapter;
import org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox;
import org.apache.ignite.internal.processors.security.sandbox.NoOpSandbox;
import org.apache.ignite.plugin.security.AuthenticationContext;
@@ -41,7 +40,7 @@ import static
org.apache.ignite.internal.processors.security.SecurityUtils.MSG_S
/**
* No operation IgniteSecurity.
*/
-public class NoOpIgniteSecurityProcessor extends GridProcessorAdapter
implements IgniteSecurity {
+public class NoOpIgniteSecurityProcessor extends IgniteSecurityAdapter {
/** Error message that occurs when trying to perform security operations
if security disabled. */
public static final String SECURITY_DISABLED_ERROR_MSG = "Operation cannot
be performed: Ignite security disabled.";
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
index 8aca68ea20a..384a5153dbf 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
@@ -25,12 +25,10 @@ import java.lang.reflect.Proxy;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.AllPermission;
-import java.security.CodeSource;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
-import java.security.ProtectionDomain;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
@@ -38,8 +36,6 @@ import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.Callable;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteSystemProperties;
@@ -87,12 +83,6 @@ public class SecurityUtils {
/** Permissions that contain {@code AllPermission}. */
public static final Permissions ALL_PERMISSIONS;
- /** Code source for ignite-core module. */
- private static final CodeSource CORE_CODE_SOURCE =
SecurityUtils.class.getProtectionDomain().getCodeSource();
-
- /** System types cache. */
- private static final ConcurrentMap<Class<?>, Boolean> SYSTEM_TYPES = new
ConcurrentHashMap<>();
-
static {
ALL_PERMISSIONS = new Permissions();
@@ -247,20 +237,7 @@ public class SecurityUtils {
if (considerWrapperCls)
target = unwrap(target);
- return isSystemType(ctx, target.getClass());
- }
-
- /** @return Whether specified class is a system type. */
- public static boolean isSystemType(GridKernalContext ctx, Class<?> cls) {
- Boolean isSysType = SYSTEM_TYPES.get(cls);
-
- if (isSysType == null) {
- ProtectionDomain pd = doPrivileged(cls::getProtectionDomain);
-
- SYSTEM_TYPES.put(cls, isSysType = (pd == null) ||
F.eq(CORE_CODE_SOURCE, pd.getCodeSource()));
- }
-
- return isSysType;
+ return ctx.security().isSystemType(target.getClass());
}
/** */
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java
index 9ee434fb111..9e51179cc22 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskProcessor.java
@@ -70,7 +70,6 @@ import
org.apache.ignite.internal.processors.cluster.IgniteChangeGlobalStateSupp
import org.apache.ignite.internal.processors.job.ComputeJobStatusEnum;
import org.apache.ignite.internal.processors.metric.MetricRegistry;
import org.apache.ignite.internal.processors.metric.impl.LongAdderMetric;
-import org.apache.ignite.internal.processors.security.SecurityUtils;
import org.apache.ignite.internal.processors.task.monitor.ComputeGridMonitor;
import org.apache.ignite.internal.processors.task.monitor.ComputeTaskStatus;
import
org.apache.ignite.internal.processors.task.monitor.ComputeTaskStatusSnapshot;
@@ -1589,7 +1588,7 @@ public class GridTaskProcessor extends
GridProcessorAdapter implements IgniteCha
) {
taskCls = resolveTaskClass(taskName, taskCls, task);
- if (taskCls == null || !SecurityUtils.isSystemType(ctx, taskCls)) {
+ if (taskCls == null || !ctx.security().isSystemType(taskCls)) {
assert opts.isPublicRequest();
ctx.security().authorize(taskCls == null ? taskName :
taskCls.getName(), TASK_EXECUTE);
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskWorker.java
b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskWorker.java
index bdff41be3d4..5c5f71889a3 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskWorker.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/processors/task/GridTaskWorker.java
@@ -112,7 +112,6 @@ import static
org.apache.ignite.internal.processors.job.ComputeJobStatusEnum.CAN
import static
org.apache.ignite.internal.processors.job.ComputeJobStatusEnum.FAILED;
import static
org.apache.ignite.internal.processors.job.ComputeJobStatusEnum.FINISHED;
import static
org.apache.ignite.internal.processors.security.SecurityUtils.authorizeAll;
-import static
org.apache.ignite.internal.processors.security.SecurityUtils.isSystemType;
import static
org.apache.ignite.internal.processors.security.SecurityUtils.unwrap;
import static org.apache.ignite.plugin.security.SecurityPermission.ADMIN_KILL;
import static org.apache.ignite.plugin.security.SecurityPermission.TASK_CANCEL;
@@ -1765,12 +1764,12 @@ public class GridTaskWorker<T, R> extends GridWorker
implements GridTimeoutObjec
/** */
private void authorizeSystemTaskJob(ComputeJob job) {
- if (!isSystemType(ctx, task.getClass()))
+ if (!ctx.security().isSystemType(task.getClass()))
return;
Object executable = unwrap(job);
- if (!isSystemType(ctx, executable.getClass())) {
+ if (!ctx.security().isSystemType(executable.getClass())) {
assert opts.isPublicRequest();
ctx.security().authorize(executable.getClass().getName(),
TASK_EXECUTE);
@@ -1789,7 +1788,7 @@ public class GridTaskWorker<T, R> extends GridWorker
implements GridTimeoutObjec
if (!ctx.security().enabled())
return;
- if (!isSystemType(ctx, task.getClass()))
+ if (!ctx.security().isSystemType(task.getClass()))
ctx.security().authorize(task.getClass().getName(), TASK_CANCEL);
else {
boolean isClosedByInitiator = Objects.equals(
@@ -1799,7 +1798,7 @@ public class GridTaskWorker<T, R> extends GridWorker
implements GridTimeoutObjec
for (GridJobResultImpl jobRes : jobRes.values()) {
Object executable = unwrap(jobRes.getJob());
- if (!isSystemType(ctx, executable.getClass()))
+ if (!ctx.security().isSystemType(executable.getClass()))
ctx.security().authorize(executable.getClass().getName(),
TASK_CANCEL);
else if (!isClosedByInitiator)
ctx.security().authorize(ADMIN_KILL);
diff --git
a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessor.java
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessor.java
index 1774044aa1d..e0b2ce60b89 100644
---
a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessor.java
+++
b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/impl/TestSecurityProcessor.java
@@ -20,6 +20,7 @@ package org.apache.ignite.internal.processors.security.impl;
import java.net.InetSocketAddress;
import java.security.Permissions;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
@@ -54,6 +55,9 @@ public class TestSecurityProcessor extends
GridProcessorAdapter implements GridS
/** */
private static final Map<UUID, SecurityContext> SECURITY_CONTEXTS = new
ConcurrentHashMap<>();
+ /** */
+ private static final Collection<Class<?>> EXT_SYS_CLASSES =
ConcurrentHashMap.newKeySet();
+
/** Node security data. */
private final TestSecurityData nodeSecData;
@@ -105,6 +109,11 @@ public class TestSecurityProcessor extends
GridProcessorAdapter implements GridS
return globalAuth;
}
+ /** {@inheritDoc} */
+ @Override public boolean isSystemType(Class<?> cls) {
+ return EXT_SYS_CLASSES.contains(cls);
+ }
+
/** {@inheritDoc} */
@Override public SecurityContext authenticate(AuthenticationContext ctx)
throws IgniteCheckedException {
TestSecurityData data = USERS.get(ctx.credentials().getLogin());
@@ -205,4 +214,9 @@ public class TestSecurityProcessor extends
GridProcessorAdapter implements GridS
@Override public void dropUser(String login) {
USERS.remove(login);
}
+
+ /** */
+ public static void registerExternalSystemTypes(Class<?>... cls) {
+ EXT_SYS_CLASSES.addAll(Arrays.asList(cls));
+ }
}
