This is an automated email from the ASF dual-hosted git repository.
mpetrov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new ffc049c1df7 IGNITE-27754 Replace ad-hoc withSecurityContextOnAllNodes
method with explicit Security Context switch in tests. (#12704)
ffc049c1df7 is described below
commit ffc049c1df7e1ba26d56fbe5f6863fe21bd0e9b2
Author: Mikhail Petrov <[email protected]>
AuthorDate: Sat Feb 7 18:33:02 2026 +0300
IGNITE-27754 Replace ad-hoc withSecurityContextOnAllNodes method with
explicit Security Context switch in tests. (#12704)
---
.../integration/AbstractBasicIntegrationTest.java | 13 +
.../integration/SqlDiagnosticIntegrationTest.java | 16 +-
.../integration/UserDdlIntegrationTest.java | 22 +-
.../JdbcThinAuthenticateConnectionSelfTest.java | 8 +-
.../Authentication1kUsersNodeRestartTest.java | 37 +-
.../AuthenticationOnNotActiveClusterTest.java | 11 +-
.../AuthenticationProcessorNodeRestartTest.java | 190 +++-----
.../AuthenticationProcessorSelfTest.java | 481 +++++++++------------
.../authentication/SqlUserCommandSelfTest.java | 87 ++--
9 files changed, 332 insertions(+), 533 deletions(-)
diff --git
a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/AbstractBasicIntegrationTest.java
b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/AbstractBasicIntegrationTest.java
index 0cac27a032b..51ec53c59a0 100644
---
a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/AbstractBasicIntegrationTest.java
+++
b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/AbstractBasicIntegrationTest.java
@@ -44,11 +44,15 @@ import
org.apache.ignite.internal.processors.query.calcite.prepare.bounds.Search
import org.apache.ignite.internal.processors.query.calcite.schema.IgniteIndex;
import org.apache.ignite.internal.processors.query.calcite.schema.IgniteTable;
import org.apache.ignite.internal.processors.query.calcite.util.Commons;
+import org.apache.ignite.internal.processors.security.OperationSecurityContext;
+import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.G;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.jetbrains.annotations.Nullable;
+import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate;
+import static
org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME;
import static
org.apache.ignite.internal.processors.query.calcite.exec.ExchangeServiceImpl.INBOX_INITIALIZATION_TIMEOUT;
import static
org.apache.ignite.testframework.GridTestUtils.assertThrowsAnyCause;
import static org.apache.ignite.testframework.GridTestUtils.waitForCondition;
@@ -237,6 +241,15 @@ public class AbstractBasicIntegrationTest extends
GridCommonAbstractTest {
return sql(client, sql, params);
}
+ /** */
+ protected List<List<?>> sqlAsRoot(IgniteEx ignite, String sql) throws
Exception {
+ SecurityContext secCtx = authenticate(grid(0), DFAULT_USER_NAME,
"ignite");
+
+ try (OperationSecurityContext ignored =
ignite.context().security().withContext(secCtx)) {
+ return sql(ignite, sql);
+ }
+ }
+
/** */
protected List<List<?>> sql(IgniteEx ignite, String sql, Object... params)
{
// {@code sql} can contain more than one query.
diff --git
a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java
b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java
index 40af652725f..944c7785839 100644
---
a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java
+++
b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/SqlDiagnosticIntegrationTest.java
@@ -70,7 +70,6 @@ import
org.apache.ignite.internal.processors.query.calcite.exec.task.QueryBlocki
import
org.apache.ignite.internal.processors.query.calcite.exec.task.StripedQueryTaskExecutor;
import
org.apache.ignite.internal.processors.query.running.GridRunningQueryInfo;
import org.apache.ignite.internal.processors.query.running.HeavyQueriesTracker;
-import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.GridTestClockTimer;
import org.apache.ignite.internal.util.future.GridCompoundFuture;
import org.apache.ignite.internal.util.typedef.F;
@@ -89,8 +88,6 @@ import static
org.apache.ignite.IgniteSystemProperties.IGNITE_STARVATION_CHECK_I
import static org.apache.ignite.events.EventType.EVT_CACHE_QUERY_EXECUTED;
import static org.apache.ignite.events.EventType.EVT_CACHE_QUERY_OBJECT_READ;
import static org.apache.ignite.events.EventType.EVT_SQL_QUERY_EXECUTION;
-import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate;
-import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes;
import static
org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME;
import static
org.apache.ignite.internal.processors.cache.query.GridCacheQueryType.SQL_FIELDS;
import static
org.apache.ignite.internal.processors.metric.impl.MetricUtils.metricName;
@@ -127,9 +124,6 @@ public class SqlDiagnosticIntegrationTest extends
AbstractBasicIntegrationTest {
/** */
private ListeningTestLogger log;
- /** */
- private SecurityContext secCtxDflt;
-
/** {@inheritDoc} */
@Override protected IgniteConfiguration getConfiguration(String
igniteInstanceName) throws Exception {
return super.getConfiguration(igniteInstanceName)
@@ -164,8 +158,6 @@ public class SqlDiagnosticIntegrationTest extends
AbstractBasicIntegrationTest {
client = startClientGrid();
client.cluster().state(ClusterState.ACTIVE);
-
- secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite");
}
/** {@inheritDoc} */
@@ -223,8 +215,6 @@ public class SqlDiagnosticIntegrationTest extends
AbstractBasicIntegrationTest {
/** */
@Test
public void testBatchParserMetrics() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
-
MetricRegistryImpl mreg0 =
grid(0).context().metric().registry(QUERY_PARSER_METRIC_GROUP_NAME);
MetricRegistryImpl mreg1 =
grid(1).context().metric().registry(QUERY_PARSER_METRIC_GROUP_NAME);
mreg0.reset();
@@ -644,8 +634,6 @@ public class SqlDiagnosticIntegrationTest extends
AbstractBasicIntegrationTest {
/** */
@Test
public void testSensitiveInformationHiding() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
-
cleanPerformanceStatisticsDir();
startCollectStatistics();
@@ -697,8 +685,8 @@ public class SqlDiagnosticIntegrationTest extends
AbstractBasicIntegrationTest {
sql(grid(0), "CREATE TABLE test_sens1 (val) WITH
CACHE_NAME=\"test_sens1\" AS SELECT 'sensitive' AS val");
// Test CREATE/ALTER USER commands rewrite.
- sql(grid(0), "CREATE USER test WITH PASSWORD 'sensitive'");
- sql(grid(0), "ALTER USER test WITH PASSWORD 'sensitive'");
+ sqlAsRoot(grid(0), "CREATE USER test WITH PASSWORD 'sensitive'");
+ sqlAsRoot(grid(0), "ALTER USER test WITH PASSWORD 'sensitive'");
// Test JOIN.
sql(grid(0),
diff --git
a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/UserDdlIntegrationTest.java
b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/UserDdlIntegrationTest.java
index e4b55afb155..b12ed29ad42 100644
---
a/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/UserDdlIntegrationTest.java
+++
b/modules/calcite/src/test/java/org/apache/ignite/internal/processors/query/calcite/integration/UserDdlIntegrationTest.java
@@ -28,16 +28,11 @@ import org.apache.ignite.testframework.GridTestUtils;
import org.junit.Test;
import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate;
-import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes;
-import static
org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME;
/**
* Integration test for CREATE/ALTER/DROP USER DDL commands.
*/
public class UserDdlIntegrationTest extends AbstractDdlIntegrationTest {
- /** Security context for default user. */
- private SecurityContext secCtxDflt;
-
/** {@inheritDoc} */
@Override protected IgniteConfiguration getConfiguration(String
igniteInstanceName) throws Exception {
IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName);
@@ -55,41 +50,30 @@ public class UserDdlIntegrationTest extends
AbstractDdlIntegrationTest {
return cfg;
}
- /** {@inheritDoc} */
- @Override protected void beforeTest() throws Exception {
- super.beforeTest();
-
- secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite");
-
- assertNotNull(secCtxDflt);
- }
-
/**
* Creates, alter and drops user.
*/
@SuppressWarnings("ThrowableNotThrown")
@Test
public void testCreateAlterDropUser() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
-
for (Ignite ignite : G.allGrids()) {
IgniteEx igniteEx = (IgniteEx)ignite;
- sql(igniteEx, "CREATE USER test WITH PASSWORD 'test'");
+ sqlAsRoot(igniteEx, "CREATE USER test WITH PASSWORD 'test'");
SecurityContext secCtx = authenticate(igniteEx, "TEST", "test");
assertNotNull(secCtx);
assertEquals("TEST", secCtx.subject().login());
- sql(igniteEx, "ALTER USER test WITH PASSWORD 'newpasswd'");
+ sqlAsRoot(igniteEx, "ALTER USER test WITH PASSWORD 'newpasswd'");
secCtx = authenticate(igniteEx, "TEST", "newpasswd");
assertNotNull(secCtx);
assertEquals("TEST", secCtx.subject().login());
- sql(igniteEx, "DROP USER test");
+ sqlAsRoot(igniteEx, "DROP USER test");
GridTestUtils.assertThrowsWithCause(() -> authenticate(igniteEx,
"TEST", "newpasswd"),
IgniteAccessControlException.class);
diff --git
a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java
index d46e1466ad2..d7da1fa4ab2 100644
---
a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java
@@ -28,8 +28,7 @@ import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.testframework.GridTestUtils;
import org.junit.Test;
-import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate;
-import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes;
+import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.asRoot;
/**
* Tests for authenticated an non authenticated JDBC thin connection.
@@ -40,7 +39,6 @@ public class JdbcThinAuthenticateConnectionSelfTest extends
JdbcThinAbstractSelf
private static final String URL = "jdbc:ignite:thin://127.0.0.1";
/** {@inheritDoc} */
- @SuppressWarnings("deprecation")
@Override protected IgniteConfiguration getConfiguration(String
igniteInstanceName) throws Exception {
IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName);
@@ -66,9 +64,7 @@ public class JdbcThinAuthenticateConnectionSelfTest extends
JdbcThinAbstractSelf
grid(0).cluster().state(ClusterState.ACTIVE);
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
- grid(0).context().security().createUser("another_user",
"passwd".toCharArray());
- }
+ asRoot(grid(0), s -> s.createUser("another_user",
"passwd".toCharArray()));
}
/** {@inheritDoc} */
diff --git
a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java
b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java
index 5bb5a2c909a..5c894ca0740 100644
---
a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java
+++
b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java
@@ -18,19 +18,16 @@
package org.apache.ignite.internal.processors.authentication;
import java.util.stream.IntStream;
-import org.apache.ignite.IgniteException;
import org.apache.ignite.cluster.ClusterState;
import org.apache.ignite.configuration.DataRegionConfiguration;
import org.apache.ignite.configuration.DataStorageConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
-import org.apache.ignite.internal.processors.security.IgniteSecurity;
-import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.junit.Test;
+import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.asRoot;
import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate;
-import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes;
/**
* Test for {@link IgniteAuthenticationProcessor} on unstable topology.
@@ -90,33 +87,11 @@ public class Authentication1kUsersNodeRestartTest extends
GridCommonAbstractTest
grid(0).cluster().state(ClusterState.ACTIVE);
- IgniteSecurity sec = grid(0).context().security();
-
- SecurityContext secCtxDflt = authenticate(grid(0),
User.DFAULT_USER_NAME, "ignite");
-
- withSecurityContextOnAllNodes(secCtxDflt);
-
- IntStream.range(0, USERS_COUNT).parallel().forEach(
- i -> {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- sec.createUser("test" + i, "init".toCharArray());
- }
- catch (Exception e) {
- throw new IgniteException(e);
- }
- }
- );
-
- IntStream.range(0, USERS_COUNT).parallel().forEach(
- i -> {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- sec.alterUser("test" + i, ("passwd_" + i).toCharArray());
- }
- catch (Exception e) {
- throw new IgniteException(e);
- }
- }
- );
+ IntStream.range(0, USERS_COUNT).parallel().forEach(i ->
+ asRoot(grid(0), s -> s.createUser("test" + i,
"init".toCharArray())));
+
+ IntStream.range(0, USERS_COUNT).parallel().forEach(i ->
+ asRoot(grid(0), s -> s.alterUser("test" + i, ("passwd_" +
i).toCharArray())));
stopGrid(0);
diff --git
a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationOnNotActiveClusterTest.java
b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationOnNotActiveClusterTest.java
index c6797501c38..2da948b2578 100644
---
a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationOnNotActiveClusterTest.java
+++
b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationOnNotActiveClusterTest.java
@@ -27,8 +27,8 @@ import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.junit.Test;
+import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.asRoot;
import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate;
-import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes;
/**
* Test for {@link IgniteAuthenticationProcessor}.
@@ -109,12 +109,11 @@ public class AuthenticationOnNotActiveClusterTest extends
GridCommonAbstractTest
grid(0).cluster().state(ClusterState.ACTIVE);
- SecurityContext secCtxDflt = authenticate(grid(0),
User.DFAULT_USER_NAME, "ignite");
+ for (int i = 0; i < 10; ++i) {
+ String userName = "test" + i;
- withSecurityContextOnAllNodes(secCtxDflt);
-
- for (int i = 0; i < 10; ++i)
- grid(0).context().security().createUser("test" + i,
"passwd".toCharArray());
+ asRoot(grid(0), s -> s.createUser(userName,
"passwd".toCharArray()));
+ }
stopAllGrids();
diff --git
a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorNodeRestartTest.java
b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorNodeRestartTest.java
index 73401606f97..e776abe2cc2 100644
---
a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorNodeRestartTest.java
+++
b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorNodeRestartTest.java
@@ -33,9 +33,9 @@ import
org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.junit.Ignore;
import org.junit.Test;
+import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.asRoot;
import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate;
-import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes;
-import static
org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME;
+import static org.apache.ignite.testframework.GridTestUtils.runMultiThreaded;
/**
* Test for {@link IgniteAuthenticationProcessor} on unstable topology.
@@ -50,9 +50,6 @@ public class AuthenticationProcessorNodeRestartTest extends
GridCommonAbstractTe
/** Client node. */
private static final int CLI_NODE = NODES_COUNT - 1;
- /** Authorization context for default user. */
- private SecurityContext secCtxDflt;
-
/** Random. */
private static final Random RND = new Random(System.currentTimeMillis());
@@ -94,10 +91,6 @@ public class AuthenticationProcessorNodeRestartTest extends
GridCommonAbstractTe
startClientGrid(CLI_NODE);
grid(0).cluster().state(ClusterState.ACTIVE);
-
- secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite");
-
- assertNotNull(secCtxDflt);
}
/** {@inheritDoc} */
@@ -113,58 +106,48 @@ public class AuthenticationProcessorNodeRestartTest
extends GridCommonAbstractTe
@Ignore("https://issues.apache.org/jira/browse/IGNITE-7472";)
@Test
public void testConcurrentAddUpdateRemoveNodeRestartCoordinator() throws
Exception {
- final IgniteInternalFuture restartFut = restartCoordinator();
-
- withSecurityContextOnAllNodes(secCtxDflt);
+ final IgniteInternalFuture<?> restartFut = restartCoordinator();
final AtomicInteger usrCnt = new AtomicInteger();
- GridTestUtils.runMultiThreaded(() -> {
- withSecurityContextOnAllNodes(secCtxDflt);
-
+ runMultiThreaded(() -> asRoot(grid(CLI_NODE), s -> {
String user = "test" + usrCnt.getAndIncrement();
- try {
- int state = 0;
- while (!restartFut.isDone()) {
- try {
- switch (state) {
- case 0:
-
grid(CLI_NODE).context().security().createUser(user, ("passwd_" +
user).toCharArray());
-
- break;
+ int state = 0;
+ while (!restartFut.isDone()) {
+ try {
+ switch (state) {
+ case 0:
+ s.createUser(user, ("passwd_" +
user).toCharArray());
- case 1:
-
grid(CLI_NODE).context().security().alterUser(user, ("new_passwd_" +
user).toCharArray());
+ break;
- break;
+ case 1:
+ s.alterUser(user, ("new_passwd_" +
user).toCharArray());
- case 2:
-
grid(CLI_NODE).context().security().dropUser(user);
+ break;
- break;
+ case 2:
+ s.dropUser(user);
- default:
- fail("Invalid state: " + state);
- }
+ break;
- state = ++state > 2 ? 0 : state;
- }
- catch (UserManagementException e) {
- U.error(log, e);
- fail("Unexpected exception on user operation");
- }
- catch (IgniteCheckedException e) {
- // Reconnect
- U.error(log, e);
+ default:
+ fail("Invalid state: " + state);
}
+
+ state = ++state > 2 ? 0 : state;
+ }
+ catch (UserManagementException e) {
+ U.error(log, e);
+ fail("Unexpected exception on user operation");
+ }
+ catch (IgniteCheckedException e) {
+ // Reconnect
+ U.error(log, e);
}
}
- catch (Exception e) {
- U.error(log, "Unexpected exception on concurrent add/remove: "
+ user, e);
- fail();
- }
- }, 10, "user-op");
+ }), 10, "user-op");
restartFut.get();
}
@@ -176,12 +159,12 @@ public class AuthenticationProcessorNodeRestartTest
extends GridCommonAbstractTe
public void testConcurrentAuthorize() throws Exception {
final int testUsersCnt = 10;
- withSecurityContextOnAllNodes(secCtxDflt);
-
- for (int i = 0; i < testUsersCnt; ++i)
- grid(CLI_NODE).context().security().createUser("test" + i,
("passwd_test" + i).toCharArray());
+ asRoot(grid(CLI_NODE), s -> {
+ for (int i = 0; i < testUsersCnt; ++i)
+ s.createUser("test" + i, ("passwd_test" + i).toCharArray());
+ });
- final IgniteInternalFuture restartFut = GridTestUtils.runAsync(() -> {
+ final IgniteInternalFuture<?> restartFut = GridTestUtils.runAsync(()
-> {
try {
for (int i = 0; i < RESTARTS; ++i) {
int nodeIdx = RND.nextInt(NODES_COUNT - 1);
@@ -230,7 +213,7 @@ public class AuthenticationProcessorNodeRestartTest extends
GridCommonAbstractTe
/**
* @return Future.
*/
- private IgniteInternalFuture restartCoordinator() {
+ private IgniteInternalFuture<?> restartCoordinator() {
return GridTestUtils.runAsync(() -> {
try {
int restarts = 0;
@@ -264,51 +247,28 @@ public class AuthenticationProcessorNodeRestartTest
extends GridCommonAbstractTe
public void test1kUsersNodeRestartServer() throws Exception {
final AtomicInteger usrCnt = new AtomicInteger();
- GridTestUtils.runMultiThreaded(() -> {
- withSecurityContextOnAllNodes(secCtxDflt);
+ runMultiThreaded(() -> asRoot(grid(0), s -> {
+ while (usrCnt.get() < 200) {
+ String user = "test" + usrCnt.getAndIncrement();
- try {
- while (usrCnt.get() < 200) {
- String user = "test" + usrCnt.getAndIncrement();
-
- System.out.println("+++ CREATE " + user);
- grid(0).context().security().createUser(user,
"init".toCharArray());
- }
+ s.createUser(user, "init".toCharArray());
}
- catch (Exception e) {
- log.error("Unexpected exception.", e);
-
- fail("Unexpected exception on add / remove");
- }
- }, 3, "user-op");
+ }), 3, "user-op");
usrCnt.set(0);
- GridTestUtils.runMultiThreaded(() -> {
- withSecurityContextOnAllNodes(secCtxDflt);
+ runMultiThreaded(() -> asRoot(grid(0), s -> {
+ while (usrCnt.get() < 200) {
+ String user = "test" + usrCnt.getAndIncrement();
- try {
- while (usrCnt.get() < 200) {
- String user = "test" + usrCnt.getAndIncrement();
-
- System.out.println("+++ ALTER " + user);
-
- grid(0).context().security().alterUser(user, ("passwd_" +
user).toCharArray());
- }
- }
- catch (Exception e) {
- log.error("Unexpected exception.", e);
-
- fail("Unexpected exception on add / remove");
+ s.alterUser(user, ("passwd_" + user).toCharArray());
}
- }, 3, "user-op");
+ }), 3, "user-op");
- System.out.println("+++ STOP");
stopGrid(0, true);
U.sleep(1000);
- System.out.println("+++ START");
startGrid(0);
authenticate(grid(0), "ignite", "ignite");
@@ -319,32 +279,19 @@ public class AuthenticationProcessorNodeRestartTest
extends GridCommonAbstractTe
*/
@Test
public void testConcurrentAddUpdateRemoveNodeRestartServer() throws
Exception {
- IgniteInternalFuture restartFut = loopServerRestarts();
-
- withSecurityContextOnAllNodes(secCtxDflt);
+ IgniteInternalFuture<?> restartFut = loopServerRestarts();
final AtomicInteger usrCnt = new AtomicInteger();
- GridTestUtils.runMultiThreaded(() -> {
- withSecurityContextOnAllNodes(secCtxDflt);
-
+ runMultiThreaded(() -> asRoot(grid(CLI_NODE), s -> {
String user = "test" + usrCnt.getAndIncrement();
- try {
- while (!restartFut.isDone()) {
- grid(CLI_NODE).context().security().createUser(user,
"init".toCharArray());
-
- grid(CLI_NODE).context().security().alterUser(user,
("passwd_" + user).toCharArray());
-
- grid(CLI_NODE).context().security().dropUser(user);
- }
- }
- catch (Exception e) {
- log.error("Unexpected exception.", e);
-
- fail("Unexpected exception on add / remove");
+ while (!restartFut.isDone()) {
+ s.createUser(user, "init".toCharArray());
+ s.alterUser(user, ("passwd_" + user).toCharArray());
+ s.dropUser(user);
}
- }, 10, "user-op");
+ }), 10, "user-op");
restartFut.get();
}
@@ -354,36 +301,25 @@ public class AuthenticationProcessorNodeRestartTest
extends GridCommonAbstractTe
*/
@Test
public void testConcurrentFailedOperationNodeRestartServer() throws
Exception {
- IgniteInternalFuture restartFut = loopServerRestarts();
-
- withSecurityContextOnAllNodes(secCtxDflt);
+ IgniteInternalFuture<?> restartFut = loopServerRestarts();
- grid(CLI_NODE).context().security().createUser("test",
"test".toCharArray());
-
- GridTestUtils.runMultiThreaded(() -> {
- withSecurityContextOnAllNodes(secCtxDflt);
+ asRoot(grid(CLI_NODE), s -> s.createUser("test",
"test".toCharArray()));
- try {
- while (!restartFut.isDone()) {
- GridTestUtils.assertThrows(log, () -> {
- grid(CLI_NODE).context().security().createUser("test",
"test".toCharArray());
-
- return null;
- }, UserManagementException.class, "User already exists");
- }
- }
- catch (Exception e) {
- log.error("Unexpected exception.", e);
+ runMultiThreaded(() -> asRoot(grid(CLI_NODE), s -> {
+ while (!restartFut.isDone()) {
+ GridTestUtils.assertThrows(log, () -> {
+ s.createUser("test", "test".toCharArray());
- fail("Unexpected error on failed operation");
+ return null;
+ }, UserManagementException.class, "User already exists");
}
- }, 10, "user-op");
+ }), 10, "user-op");
restartFut.get();
}
/** */
- private IgniteInternalFuture loopServerRestarts() {
+ private IgniteInternalFuture<?> loopServerRestarts() {
return GridTestUtils.runAsync(() -> {
try {
for (int i = 0; i < RESTARTS; ++i) {
diff --git
a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java
b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java
index 3cc4cbc001e..9976502b213 100644
---
a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java
+++
b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java
@@ -17,14 +17,11 @@
package org.apache.ignite.internal.processors.authentication;
-import java.util.ArrayList;
import java.util.Base64;
-import java.util.List;
import java.util.Random;
-import java.util.concurrent.Callable;
import java.util.concurrent.atomic.AtomicInteger;
-import org.apache.ignite.Ignite;
import org.apache.ignite.IgniteCheckedException;
+import org.apache.ignite.Ignition;
import org.apache.ignite.cluster.ClusterState;
import org.apache.ignite.configuration.DataRegionConfiguration;
import org.apache.ignite.configuration.DataStorageConfiguration;
@@ -34,7 +31,8 @@ import org.apache.ignite.internal.IgniteInternalFuture;
import org.apache.ignite.internal.processors.security.IgniteSecurity;
import org.apache.ignite.internal.processors.security.OperationSecurityContext;
import org.apache.ignite.internal.processors.security.SecurityContext;
-import org.apache.ignite.internal.util.typedef.G;
+import org.apache.ignite.internal.util.lang.ConsumerX;
+import org.apache.ignite.internal.util.lang.RunnableX;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
@@ -62,9 +60,6 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
/** Random. */
private static final Random RND = new Random(System.currentTimeMillis());
- /** Security context for default user. */
- protected SecurityContext secCtxDflt;
-
/**
* @param len String length.
* @return Random string (Base64 on random bytes).
@@ -115,10 +110,6 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
startClientGrid(CLI_NODE);
grid(0).cluster().state(ClusterState.ACTIVE);
-
- secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite");
-
- assertNotNull(secCtxDflt);
}
/** {@inheritDoc} */
@@ -146,19 +137,27 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testDefaultUserUpdate() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- // Change from all nodes
- for (int nodeIdx = 0; nodeIdx < NODES_COUNT; ++nodeIdx) {
- grid(nodeIdx).context().security().alterUser("ignite",
("ignite" + nodeIdx).toCharArray());
+ String rootPwd = "ignite";
- // Check each change from all nodes
- for (int i = 0; i < NODES_COUNT; ++i) {
- SecurityContext secCtx = authenticate(grid(i), "ignite",
"ignite" + nodeIdx);
+ // Change from all nodes
+ for (int nodeIdx = 0; nodeIdx < NODES_COUNT; ++nodeIdx) {
+ String updRootPwd = "ignite" + nodeIdx;
- assertNotNull(secCtx);
- assertEquals("ignite", secCtx.subject().login());
- }
+ asRoot(
+ grid(nodeIdx),
+ s -> s.alterUser("ignite", updRootPwd.toCharArray()),
+ rootPwd
+ );
+
+ // Check each change from all nodes
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ SecurityContext secCtx = authenticate(grid(i), "ignite",
updRootPwd);
+
+ assertNotNull(secCtx);
+ assertEquals("ignite", secCtx.subject().login());
}
+
+ rootPwd = updRootPwd;
}
}
@@ -167,20 +166,15 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testRemoveDefault() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- for (int i = 0; i < NODES_COUNT; ++i) {
- final int nodeIdx = i;
-
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(nodeIdx).context().security().dropUser("ignite");
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ final int nodeIdx = i;
- return null;
- }
- }, IgniteAccessControlException.class, "Default user cannot be
removed");
+ assertThrows(
+ () -> asRoot(grid(nodeIdx), s -> s.dropUser("ignite")),
+ IgniteAccessControlException.class,
+ "Default user cannot be removed");
- assertNotNull(authenticate(grid(0), "ignite", "ignite"));
- }
+ assertNotNull(authenticate(grid(0), "ignite", "ignite"));
}
}
@@ -189,49 +183,38 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testUserManagementPermission() throws Exception {
- try (AutoCloseable nodeCtxsHnd =
withSecurityContextOnAllNodes(secCtxDflt)) {
- grid(0).context().security().createUser("test",
"test".toCharArray());
-
- final SecurityContext secCtx = authenticate(grid(0), "test",
"test");
+ asRoot(grid(0), s -> s.createUser("test", "test".toCharArray()));
- for (int i = 0; i < NODES_COUNT; ++i) {
- final int nodeIdx = i;
+ final SecurityContext secCtx = authenticate(grid(0), "test", "test");
- AutoCloseable innerNodeCtxsHnd =
withSecurityContextOnAllNodes(secCtx);
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ final int nodeIdx = i;
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(nodeIdx).context().security().createUser("test1",
"test1".toCharArray());
+ try (OperationSecurityContext ignored =
grid(nodeIdx).context().security().withContext(secCtx)) {
+ GridTestUtils.assertThrows(log, () -> {
+ grid(nodeIdx).context().security().createUser("test1",
"test1".toCharArray());
- return null;
- }
+ return null;
}, IgniteAccessControlException.class, "User management
operations are not allowed for user");
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(nodeIdx).context().security().dropUser("test");
+ GridTestUtils.assertThrows(log, () -> {
+ grid(nodeIdx).context().security().dropUser("test");
- return null;
- }
+ return null;
}, IgniteAccessControlException.class, "User management
operations are not allowed for user");
grid(nodeIdx).context().security().alterUser("test",
"new_password".toCharArray());
grid(nodeIdx).context().security().alterUser("test",
"test".toCharArray());
+ }
- // Check error on empty auth context:
- innerNodeCtxsHnd.close();
- nodeCtxsHnd.close();
-
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(nodeIdx).context().security().dropUser("test");
+ // Check error on empty auth context:
+ GridTestUtils.assertThrows(log, () -> {
+ grid(nodeIdx).context().security().dropUser("test");
- return null;
- }
- }, IgniteAccessControlException.class,
- "User management operations initiated on behalf of the
Ignite node are not expected.");
- }
+ return null;
+ }, IgniteAccessControlException.class,
+ "User management operations initiated on behalf of the Ignite
node are not expected.");
}
}
@@ -240,22 +223,20 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testProceedUsersOnJoinNode() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- grid(0).context().security().createUser("test0",
"test".toCharArray());
- grid(0).context().security().createUser("test1",
"test".toCharArray());
+ asRoot(grid(0), s -> s.createUser("test0", "test".toCharArray()));
+ asRoot(grid(0), s -> s.createUser("test1", "test".toCharArray()));
- int nodeIdx = NODES_COUNT;
+ int nodeIdx = NODES_COUNT;
- startGrid(nodeIdx);
+ startGrid(nodeIdx);
- SecurityContext secCtx0 = authenticate(grid(nodeIdx), "test0",
"test");
- SecurityContext secCtx1 = authenticate(grid(nodeIdx), "test1",
"test");
+ SecurityContext secCtx0 = authenticate(grid(nodeIdx), "test0", "test");
+ SecurityContext secCtx1 = authenticate(grid(nodeIdx), "test1", "test");
- assertNotNull(secCtx0);
- assertEquals("test0", secCtx0.subject().login());
- assertNotNull(secCtx1);
- assertEquals("test1", secCtx1.subject().login());
- }
+ assertNotNull(secCtx0);
+ assertEquals("test0", secCtx0.subject().login());
+ assertNotNull(secCtx1);
+ assertEquals("test1", secCtx1.subject().login());
}
/**
@@ -263,26 +244,20 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testAuthenticationInvalidUser() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- for (int i = 0; i < NODES_COUNT; ++i) {
- final int nodeIdx = i;
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ final int nodeIdx = i;
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- authenticate(grid(nodeIdx), "invalid_name", "test");
+ GridTestUtils.assertThrows(log, () -> {
+ authenticate(grid(nodeIdx), "invalid_name", "test");
- return null;
- }
- }, IgniteAccessControlException.class, "The user name or
password is incorrect");
+ return null;
+ }, IgniteAccessControlException.class, "The user name or password
is incorrect");
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- authenticate(grid(nodeIdx), "test",
"invalid_password");
+ GridTestUtils.assertThrows(log, () -> {
+ authenticate(grid(nodeIdx), "test", "invalid_password");
- return null;
- }
- }, IgniteAccessControlException.class, "The user name or
password is incorrect");
- }
+ return null;
+ }, IgniteAccessControlException.class, "The user name or password
is incorrect");
}
}
@@ -291,11 +266,9 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testAddUpdateRemoveUser() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- for (int i = 0; i < NODES_COUNT; ++i) {
- for (int j = 0; j < NODES_COUNT; ++j)
- checkAddUpdateRemoveUser(grid(i), grid(j));
- }
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ for (int j = 0; j < NODES_COUNT; ++j)
+ checkAddUpdateRemoveUser(grid(i), grid(j));
}
}
@@ -304,15 +277,13 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testUpdateUser() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- grid(0).context().security().createUser("test",
"test".toCharArray());
+ asRoot(grid(0), s -> s.createUser("test", "test".toCharArray()));
- SecurityContext secCtx = authenticate(grid(0), "test", "test");
+ assertNotNull(authenticate(grid(0), "test", "test"));
- for (int i = 0; i < NODES_COUNT; ++i) {
- for (int j = 0; j < NODES_COUNT; ++j)
- checkUpdateUser(secCtx, grid(i), grid(j));
- }
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ for (int j = 0; j < NODES_COUNT; ++j)
+ checkUpdateUser(grid(i), grid(j));
}
}
@@ -321,26 +292,12 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testUpdateRemoveDoesNotExistsUser() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- for (int i = 0; i < NODES_COUNT; ++i) {
- final int nodeIdx = i;
-
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
-
grid(nodeIdx).context().security().alterUser("invalid_name",
"test".toCharArray());
-
- return null;
- }
- }, UserManagementException.class, "User doesn't exist");
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ final int nodeIdx = i;
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
-
grid(nodeIdx).context().security().dropUser("invalid_name");
+ assertThrows(() -> asRoot(grid(nodeIdx), s ->
s.alterUser("invalid_name", "test".toCharArray())), "User doesn't exist");
- return null;
- }
- }, UserManagementException.class, "User doesn't exist");
- }
+ assertThrows(() -> asRoot(grid(nodeIdx), s ->
s.dropUser("invalid_name")), "User doesn't exist");
}
}
@@ -349,20 +306,12 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testAddAlreadyExistsUser() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- grid(0).context().security().createUser("test",
"test".toCharArray());
-
- for (int i = 0; i < NODES_COUNT; ++i) {
- final int nodeIdx = i;
+ asRoot(grid(0), s -> s.createUser("test", "test".toCharArray()));
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(nodeIdx).context().security().createUser("test",
"new_passwd".toCharArray());
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ final int nodeIdx = i;
- return null;
- }
- }, UserManagementException.class, "User already exists");
- }
+ assertThrows(() -> asRoot(grid(nodeIdx), s -> s.createUser("test",
"new_passwd".toCharArray())), "User already exists");
}
}
@@ -371,39 +320,37 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testAuthorizeOnClientDisconnect() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- grid(CLI_NODE).context().security().createUser("test",
"test".toCharArray());
- }
+ asRoot(grid(CLI_NODE), s -> s.createUser("test",
"test".toCharArray()));
- final IgniteInternalFuture stopServersFut = GridTestUtils.runAsync(new
Runnable() {
- @Override public void run() {
- try {
- for (int i = 0; i < CLI_NODE; ++i) {
- Thread.sleep(500);
+ final IgniteInternalFuture<?> stopServersFut =
GridTestUtils.runAsync(() -> {
+ try {
+ for (int i = 0; i < CLI_NODE; ++i) {
+ Thread.sleep(500);
- stopGrid(i);
- }
- }
- catch (Exception e) {
- e.printStackTrace();
- fail("Unexpected exception");
+ stopGrid(i);
}
}
- });
+ catch (Exception e) {
+ log.error("Unexpected exception", e);
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- while (!stopServersFut.isDone()) {
- SecurityContext secCtx = authenticate(grid(CLI_NODE),
"test", "test");
+ fail("Unexpected exception");
+ }
+ });
- assertNotNull(secCtx);
- }
+ GridTestUtils.assertThrows(
+ log,
+ () -> {
+ while (!stopServersFut.isDone()) {
+ SecurityContext secCtx = authenticate(grid(CLI_NODE),
"test", "test");
- return null;
+ assertNotNull(secCtx);
}
+
+ return null;
},
IgniteCheckedException.class,
- "Client node was disconnected from topology (operation result is
unknown)");
+ "Client node was disconnected from topology (operation result is
unknown)"
+ );
stopServersFut.get();
}
@@ -415,24 +362,15 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
public void testConcurrentAddRemove() throws Exception {
final AtomicInteger usrCnt = new AtomicInteger();
- GridTestUtils.runMultiThreaded(new Runnable() {
- @Override public void run() {
- withSecurityContextOnAllNodes(secCtxDflt);
- String user = "test" + usrCnt.getAndIncrement();
+ GridTestUtils.runMultiThreaded(() -> asRoot(grid(CLI_NODE), s -> {
+ String user = "test" + usrCnt.getAndIncrement();
- try {
- for (int i = 0; i < ITERATIONS; ++i) {
- grid(CLI_NODE).context().security().createUser(user,
("passwd_" + user).toCharArray());
+ for (int i = 0; i < ITERATIONS; ++i) {
+ s.createUser(user, ("passwd_" + user).toCharArray());
- grid(CLI_NODE).context().security().dropUser(user);
- }
- }
- catch (Exception e) {
- e.printStackTrace();
- fail("Unexpected exception");
- }
+ s.dropUser(user);
}
- }, 10, "user-op");
+ }), 10, "user-op");
}
/**
@@ -440,30 +378,31 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testUserPersistence() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- for (int i = 0; i < NODES_COUNT; ++i)
- grid(i).context().security().createUser("test" + i, ("passwd"
+ i).toCharArray());
-
- grid(CLI_NODE).context().security().alterUser("ignite",
"new_passwd".toCharArray());
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ int finalI = i;
- stopAllGrids();
+ asRoot(grid(CLI_NODE), s -> s.createUser("test" + finalI,
("passwd" + finalI).toCharArray()));
+ }
- startGrids(NODES_COUNT - 1);
- startClientGrid(CLI_NODE);
+ asRoot(grid(CLI_NODE), s -> s.alterUser("ignite",
"new_passwd".toCharArray()));
- for (int i = 0; i < NODES_COUNT; ++i) {
- for (int usrIdx = 0; usrIdx < NODES_COUNT; ++usrIdx) {
- SecurityContext secCtx0 = authenticate(grid(i), "test" +
usrIdx, "passwd" + usrIdx);
+ stopAllGrids();
- assertNotNull(secCtx0);
- assertEquals("test" + usrIdx, secCtx0.subject().login());
- }
+ startGrids(NODES_COUNT - 1);
+ startClientGrid(CLI_NODE);
- SecurityContext secCtx = authenticate(grid(i), "ignite",
"new_passwd");
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ for (int usrIdx = 0; usrIdx < NODES_COUNT; ++usrIdx) {
+ SecurityContext secCtx0 = authenticate(grid(i), "test" +
usrIdx, "passwd" + usrIdx);
- assertNotNull(secCtx);
- assertEquals("ignite", secCtx.subject().login());
+ assertNotNull(secCtx0);
+ assertEquals("test" + usrIdx, secCtx0.subject().login());
}
+
+ SecurityContext secCtx = authenticate(grid(i), "ignite",
"new_passwd");
+
+ assertNotNull(secCtx);
+ assertEquals("ignite", secCtx.subject().login());
}
}
@@ -472,27 +411,25 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testDefaultUserPersistence() throws Exception {
- try (AutoCloseable ignored =
withSecurityContextOnAllNodes(secCtxDflt)) {
- grid(CLI_NODE).context().security().createUser("test",
"passwd".toCharArray());
+ asRoot(grid(CLI_NODE), s -> s.createUser("test",
"passwd".toCharArray()));
- stopAllGrids();
+ stopAllGrids();
- U.sleep(500);
+ U.sleep(500);
- startGrids(NODES_COUNT - 1);
- startClientGrid(CLI_NODE);
+ startGrids(NODES_COUNT - 1);
+ startClientGrid(CLI_NODE);
- for (int i = 0; i < NODES_COUNT; ++i) {
- SecurityContext secCtx = authenticate(grid(i), "ignite",
"ignite");
+ for (int i = 0; i < NODES_COUNT; ++i) {
+ SecurityContext secCtx = authenticate(grid(i), "ignite", "ignite");
- assertNotNull(secCtx);
- assertEquals("ignite", secCtx.subject().login());
+ assertNotNull(secCtx);
+ assertEquals("ignite", secCtx.subject().login());
- secCtx = authenticate(grid(i), "test", "passwd");
+ secCtx = authenticate(grid(i), "test", "passwd");
- assertNotNull(secCtx);
- assertEquals("test", secCtx.subject().login());
- }
+ assertNotNull(secCtx);
+ assertEquals("test", secCtx.subject().login());
}
}
@@ -501,64 +438,24 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testInvalidUserNamePassword() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
-
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(CLI_NODE).context().security().createUser(null,
"test".toCharArray());
-
- return null;
- }
- }, UserManagementException.class, "User name is empty");
-
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(CLI_NODE).context().security().createUser("",
"test".toCharArray());
-
- return null;
- }
- }, UserManagementException.class, "User name is empty");
+ assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser(null,
"test".toCharArray())), "User name is empty");
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(CLI_NODE).context().security().createUser("test", null);
+ assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser("",
"test".toCharArray())), "User name is empty");
- return null;
- }
- }, UserManagementException.class, "Password is empty");
+ assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser("test",
null)), "Password is empty");
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(CLI_NODE).context().security().createUser("test",
"".toCharArray());
-
- return null;
- }
- }, UserManagementException.class, "Password is empty");
-
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(CLI_NODE).context().security().createUser(
-
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
- "a".toCharArray());
-
- return null;
- }
- }, UserManagementException.class, "User name is too long");
- }
-
- /**
- * @param name User name to check.
- */
- private void checkInvalidUsername(final String name) {
+ assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser("test",
"".toCharArray())), "Password is empty");
+ assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser(
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+ "a".toCharArray())),
+ "User name is too long");
}
/** Test the ability to obtain the security context ot an authenticated
user on the remote server node. */
@Test
public void testRemoteNodeSecurityContext() throws Exception {
- try (OperationSecurityContext ignored =
grid(CLI_NODE).context().security().withContext(secCtxDflt)) {
- grid(CLI_NODE).context().security().createUser("test",
"pwd".toCharArray());
- }
+ asRoot(grid(CLI_NODE), s -> s.createUser("test", "pwd".toCharArray()));
SecuritySubject subj = authenticate(grid(0), "test", "pwd").subject();
@@ -579,15 +476,7 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
* @param passwd User's password to check.
*/
private void checkInvalidPassword(final String passwd) {
- withSecurityContextOnAllNodes(secCtxDflt);
-
- GridTestUtils.assertThrows(log, new Callable<Object>() {
- @Override public Object call() throws Exception {
- grid(CLI_NODE).context().security().createUser("test",
passwd.toCharArray());
-
- return null;
- }
- }, UserManagementException.class, "Invalid user name");
+ assertThrows(() -> asRoot(grid(CLI_NODE), s -> s.createUser("test",
passwd.toCharArray())), "Invalid user name");
}
/**
@@ -596,38 +485,37 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
* @throws Exception On error.
*/
private void checkAddUpdateRemoveUser(IgniteEx createNode, IgniteEx
authNode) throws Exception {
- createNode.context().security().createUser("test",
"test".toCharArray());
+ asRoot(createNode, s -> s.createUser("test", "test".toCharArray()));
SecurityContext newSecCtx = authenticate(authNode, "test", "test");
assertNotNull(newSecCtx);
assertEquals("test", newSecCtx.subject().login());
- createNode.context().security().alterUser("test",
"newpasswd".toCharArray());
+ asRoot(createNode, s -> s.alterUser("test",
"newpasswd".toCharArray()));
newSecCtx = authenticate(authNode, "test", "newpasswd");
assertNotNull(newSecCtx);
assertEquals("test", newSecCtx.subject().login());
- createNode.context().security().dropUser("test");
+ asRoot(createNode, s -> s.dropUser("test"));
}
/**
- * @param secCtx Security context.
* @param updNode Node to execute update operation.
* @param authNode Node to execute authentication.
* @throws Exception On error.
*/
- private void checkUpdateUser(SecurityContext secCtx, IgniteEx updNode,
IgniteEx authNode) throws Exception {
+ private void checkUpdateUser(IgniteEx updNode, IgniteEx authNode) throws
Exception {
String newPasswd = randomString(16);
- updNode.context().security().alterUser("test",
newPasswd.toCharArray());
+ asRoot(updNode, s -> s.alterUser("test", newPasswd.toCharArray()));
- SecurityContext secCtxNew = authenticate(authNode, "test", newPasswd);
+ SecurityContext secCtx = authenticate(authNode, "test", newPasswd);
- assertNotNull(secCtxNew);
- assertEquals("test", secCtxNew.subject().login());
+ assertNotNull(secCtx);
+ assertEquals("test", secCtx.subject().login());
}
/** Authenticates user on the specified node. */
@@ -640,21 +528,50 @@ public class AuthenticationProcessorSelfTest extends
GridCommonAbstractTest {
return ignite.context().security().authenticate(authCtx);
}
- /**
- * Sets specified security context on all nodes.
- *
- * @return Holder of current security contexts. If closed, all security
context will bew restored.
- */
- public static AutoCloseable withSecurityContextOnAllNodes(SecurityContext
ctx) {
- List<OperationSecurityContext> oldSecCtxs = new ArrayList<>();
+ /** */
+ public static void asRoot(IgniteEx ignite, ConsumerX<IgniteSecurity>
action) {
+ asRoot(ignite, action, "ignite");
+ }
+
+ /** */
+ public static void asRoot(IgniteEx ignite, ConsumerX<IgniteSecurity>
action, String rootPwd) {
+ try {
+ IgniteEx srv = (IgniteEx)Ignition.allGrids().stream()
+ .filter(g -> !g.configuration().isClientMode())
+ .findFirst()
+ .orElseThrow();
+
+ SecurityContext secCtx = authenticate(srv, DFAULT_USER_NAME,
rootPwd);
- for (Ignite node : G.allGrids())
-
oldSecCtxs.add(((IgniteEx)node).context().security().withContext(ctx));
+ assertNotNull(secCtx);
- return new AutoCloseable() {
- @Override public void close() throws Exception {
- oldSecCtxs.forEach(OperationSecurityContext::close);
+ try (OperationSecurityContext ignored =
ignite.context().security().withContext(secCtx)) {
+ action.accept(ignite.context().security());
}
- };
+ }
+ catch (Exception e) {
+ log.error("Operation failed", e);
+
+ throw new RuntimeException(e);
+ }
+ }
+
+ /** */
+ private void assertThrows(RunnableX action, String msg) {
+ assertThrows(action, UserManagementException.class, msg);
+ }
+
+ /** */
+ private void assertThrows(RunnableX action, Class<? extends Throwable>
errCls, String msg) {
+ GridTestUtils.assertThrowsAnyCause(
+ log,
+ () -> {
+ action.run();
+
+ return null;
+ },
+ errCls,
+ msg
+ );
}
}
diff --git
a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/authentication/SqlUserCommandSelfTest.java
b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/authentication/SqlUserCommandSelfTest.java
index 1cf41f20f16..524e9992736 100644
---
a/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/authentication/SqlUserCommandSelfTest.java
+++
b/modules/indexing/src/test/java/org/apache/ignite/internal/processors/cache/authentication/SqlUserCommandSelfTest.java
@@ -26,13 +26,13 @@ import
org.apache.ignite.configuration.DataStorageConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import
org.apache.ignite.internal.processors.authentication.IgniteAccessControlException;
import
org.apache.ignite.internal.processors.authentication.UserManagementException;
+import org.apache.ignite.internal.processors.security.OperationSecurityContext;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.junit.Test;
import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.authenticate;
-import static
org.apache.ignite.internal.processors.authentication.AuthenticationProcessorSelfTest.withSecurityContextOnAllNodes;
import static
org.apache.ignite.internal.processors.authentication.User.DFAULT_USER_NAME;
/**
@@ -42,9 +42,6 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
/** Nodes count. */
private static final int NODES_COUNT = 3;
- /** Security context for default user. */
- private SecurityContext secCtxDflt;
-
/** {@inheritDoc} */
@Override protected IgniteConfiguration getConfiguration(String
igniteInstanceName) throws Exception {
IgniteConfiguration cfg = super.getConfiguration(igniteInstanceName);
@@ -73,10 +70,6 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
startClientGrid(NODES_COUNT - 1);
grid(0).cluster().state(ClusterState.ACTIVE);
-
- secCtxDflt = authenticate(grid(0), DFAULT_USER_NAME, "ignite");
-
- assertNotNull(secCtxDflt);
}
/** {@inheritDoc} */
@@ -91,24 +84,22 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testCreateUpdateDropUser() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
-
for (int i = 0; i < NODES_COUNT; ++i) {
- userSql(i, "CREATE USER test WITH PASSWORD 'test'");
+ doSqlAsRoot(i, "CREATE USER test WITH PASSWORD 'test'");
SecurityContext secCtx = authenticate(grid(i), "TEST", "test");
assertNotNull(secCtx);
assertEquals("TEST", secCtx.subject().login());
- userSql(i, "ALTER USER test WITH PASSWORD 'newpasswd'");
+ doSqlAsRoot(i, "ALTER USER test WITH PASSWORD 'newpasswd'");
secCtx = authenticate(grid(i), "TEST", "newpasswd");
assertNotNull(secCtx);
assertEquals("TEST", secCtx.subject().login());
- userSql(i, "DROP USER test");
+ doSqlAsRoot(i, "DROP USER test");
}
}
@@ -117,15 +108,14 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testCreateWithAlreadyExistUser() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
- userSql(0, "CREATE USER test WITH PASSWORD 'test'");
+ doSqlAsRoot(0, "CREATE USER test WITH PASSWORD 'test'");
for (int i = 0; i < NODES_COUNT; ++i) {
final int idx = i;
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "CREATE USER test WITH PASSWORD 'test'");
+ doSqlAsRoot(idx, "CREATE USER test WITH PASSWORD 'test'");
return null;
}
@@ -138,14 +128,12 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testAlterDropNotExistUser() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
-
for (int i = 0; i < NODES_COUNT; ++i) {
final int idx = i;
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "ALTER USER test WITH PASSWORD 'test'");
+ doSqlAsRoot(idx, "ALTER USER test WITH PASSWORD 'test'");
return null;
}
@@ -153,7 +141,7 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "DROP USER test");
+ doSqlAsRoot(idx, "DROP USER test");
return null;
}
@@ -171,7 +159,7 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "CREATE USER test WITH PASSWORD 'test'");
+ doSql(idx, "CREATE USER test WITH PASSWORD 'test'");
return null;
}
@@ -180,7 +168,7 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "ALTER USER test WITH PASSWORD 'test'");
+ doSql(idx, "ALTER USER test WITH PASSWORD 'test'");
return null;
}
@@ -189,7 +177,7 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "DROP USER test");
+ doSql(idx, "DROP USER test");
return null;
}
@@ -203,20 +191,17 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testNotAuthorizedOperation() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
-
- userSql(0, "CREATE USER user0 WITH PASSWORD 'user0'");
+ String login = "USER0";
+ String pwd = "user0";
- SecurityContext secCtx = authenticate(grid(0), "USER0", "user0");
-
- withSecurityContextOnAllNodes(secCtx);
+ doSqlAsRoot(0, "CREATE USER " + login + " WITH PASSWORD '" + pwd +
"'");
for (int i = 0; i < NODES_COUNT; ++i) {
final int idx = i;
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "CREATE USER test WITH PASSWORD 'test'");
+ doSqlAs(idx, "CREATE USER test WITH PASSWORD 'test'",
login, pwd);
return null;
}
@@ -224,7 +209,7 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "ALTER USER test WITH PASSWORD 'test'");
+ doSqlAs(idx, "ALTER USER test WITH PASSWORD 'test'",
login, pwd);
return null;
}
@@ -232,7 +217,7 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "DROP USER test");
+ doSqlAs(idx, "DROP USER test", login, pwd);
return null;
}
@@ -245,14 +230,12 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testDropDefaultUser() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
-
for (int i = 0; i < NODES_COUNT; ++i) {
final int idx = i;
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override public Void call() throws Exception {
- userSql(idx, "DROP USER \"ignite\"");
+ doSqlAsRoot(idx, "DROP USER \"ignite\"");
return null;
}
@@ -265,26 +248,34 @@ public class SqlUserCommandSelfTest extends
GridCommonAbstractTest {
*/
@Test
public void testQuotedUsername() throws Exception {
- withSecurityContextOnAllNodes(secCtxDflt);
+ doSqlAsRoot(0, "CREATE USER \"test\" with password 'test'");
- userSql(0, "CREATE USER \"test\" with password 'test'");
+ doSqlAsRoot(0, "CREATE USER \" test\" with password 'test'");
- userSql(0, "CREATE USER \" test\" with password 'test'");
+ doSqlAsRoot(0, "CREATE USER \" test \" with password 'test'");
- userSql(0, "CREATE USER \" test \" with password 'test'");
+ doSqlAsRoot(0, "CREATE USER \"test \" with password 'test'");
- userSql(0, "CREATE USER \"test \" with password 'test'");
+ doSqlAsRoot(0, "CREATE USER \"111\" with password 'test'");
+ }
- userSql(0, "CREATE USER \"111\" with password 'test'");
+ /** */
+ private void doSqlAsRoot(int nodeIdx, String sql) throws Exception {
+ doSqlAs(nodeIdx, sql, DFAULT_USER_NAME, "ignite");
}
- /**
- * @param nodeIdx Node index.
- * @param sql Sql query.
- */
- private void userSql(int nodeIdx, String sql) {
- List<List<?>> res = grid(nodeIdx).context().query().querySqlFields(
- new SqlFieldsQuery(sql), false).getAll();
+ /** */
+ private void doSqlAs(int nodeIdx, String sql, String login, String pwd)
throws Exception {
+ SecurityContext secCtx = authenticate(grid(0), login, pwd);
+
+ try (OperationSecurityContext ignored =
grid(nodeIdx).context().security().withContext(secCtx)) {
+ doSql(nodeIdx, sql);
+ }
+ }
+
+ /** */
+ private void doSql(int nodeIdx, String sql) {
+ List<List<?>> res = grid(nodeIdx).context().query().querySqlFields(new
SqlFieldsQuery(sql), false).getAll();
assertEquals(1, res.size());
assertEquals(1, res.get(0).size());
