Silberfuchs1 commented on a change in pull request #8237: URL: https://github.com/apache/ignite/pull/8237#discussion_r490716285
########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation Review comment: I don't think you need an article here. ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. Review comment: 'Due to the fact, that Ignite Sandbox is based on the Java Sandbox model, and the SecurityManager is an important part of that model, you need to have it installed.' ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. Review comment: There is also a `-Djava.security.policy` command-line argument, defining, which policy files are utilized. or There is also a `-Djava.security.policy` command-line argument. It determines the utilized policy files. The first option is better IMHO. ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. Review comment: '...include `-Djava.security.policy` into the command line...' ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. + +You can read more about link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[Security Management,window=_blank]. + +NOTE: It may be convenient adding the security manager and the policy command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script. +Read more about link:/quick-start/java#starting_a_node[starting a node]. + +NOTE: The Ignite must have enough permissions to work correctly. +You may apply the most straightforward way that is granting to Ignite the `java.security.AllPermission` permission, +but you should remember about the "giving permissions as low as possible" security principle. + +- The second condition to activate the Ignite Sandbox is _an implementation of the `GridSecurityProcessor` interface must be installed_. + +Currently, the Apache Ignite does not provide an implementation of the `GridSecurityProcessor` interface out-of-the-box. +But, you can implement this interface as part of link:/plugins[a custom plugin]. + +The `GridSecurityProcessor` interface has the `sandboxEnabled` method that manages a user-defined code executing inside the Ignite Sandbox. +By default, this method returns `false`, which means no-sandbox. +If you are going to use the Ignite Sandbox, your overridden `sandboxEnabled` method should return `true`. If the Ignite Sandbox is turned on, you can see the following trace line: [source,text] ---- [INFO] Security status [authentication=on, sandbox=on, tls/ssl=off] ---- +== Permissions + A user-defined code is always executed on behalf of the security subject that initiates its execution. -The security subject's sandbox link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions] define actions that a user-defined code can perform. -The Ignite Sandbox gets these permissions using the _SecuritySubject#sandboxPermissions_ method. +The security subject's sandbox link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions,window=_blank] define actions that a user-defined code can perform. +The Ignite Sandbox gets these permissions using the `SecuritySubject#sandboxPermissions` method. + +NOTE: A user-defined code, when running inside the Ignite Sandbox, may use the public API of Ignite without granting any additional permissions. If a security subject doesn't have enough permissions to perform a security-sensitive operation, an AcccessControlException appears. -NOTE: A user-defined code, when running inside the Ignite Sandbox, may use the public API of Ignite without granting any additional permissions. +[source,java] +---- +// Get compute instance over all nodes in the cluster. +IgniteCompute compute = Ignition.ignite().compute(); + +compute.broadcast(() -> { + // If the Ignite Sandbox is turned on, the lambda code executes with restrictions. + + // You can use the public API of Ignite without granting any permissions. + Ignition.localIgnite().cache("some.cache").get("key"); + + // If the current security subject doesn't have the java.util.PropertyPermission("secret.property", "read") permission, + // an java.security.AccessControlException appears here. Review comment: 'a java.security.AccessControlException appears here.' ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. + +You can read more about link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[Security Management,window=_blank]. + +NOTE: It may be convenient adding the security manager and the policy command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script. +Read more about link:/quick-start/java#starting_a_node[starting a node]. + +NOTE: The Ignite must have enough permissions to work correctly. +You may apply the most straightforward way that is granting to Ignite the `java.security.AllPermission` permission, +but you should remember about the "giving permissions as low as possible" security principle. + +- The second condition to activate the Ignite Sandbox is _an implementation of the `GridSecurityProcessor` interface must be installed_. + +Currently, the Apache Ignite does not provide an implementation of the `GridSecurityProcessor` interface out-of-the-box. +But, you can implement this interface as part of link:/plugins[a custom plugin]. Review comment: '...as a part of...' ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. Review comment: There are some conditions... 'some' is used in affirmative sentences with plural countable nouns. 'a few' is a synonym of 'some', but it gives another accent, like 'not so many'. ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. Review comment: Maybe 'The SecurityManager is responsible for checking, which security policy is currently in effect. It also performs access control checks.' But I think, we don't need 'checks'. Just '...performs access control.' But it's up to you. ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, Review comment: 'The security manager...' You've been talking about security manager before. ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. + +You can read more about link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[Security Management,window=_blank]. Review comment: You can read more about Security Management link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[here,window=_blank]. ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. + +You can read more about link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[Security Management,window=_blank]. + +NOTE: It may be convenient adding the security manager and the policy command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script. +Read more about link:/quick-start/java#starting_a_node[starting a node]. + +NOTE: The Ignite must have enough permissions to work correctly. Review comment: 'NOTE: Ignite should have enough permissions to work correctly.' must is rude:) ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. + +You can read more about link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[Security Management,window=_blank]. + +NOTE: It may be convenient adding the security manager and the policy command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script. +Read more about link:/quick-start/java#starting_a_node[starting a node]. + +NOTE: The Ignite must have enough permissions to work correctly. +You may apply the most straightforward way that is granting to Ignite the `java.security.AllPermission` permission, +but you should remember about the "giving permissions as low as possible" security principle. Review comment: '....remember the "giving permissions as low as possible" security principle.' ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. + +You can read more about link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[Security Management,window=_blank]. + +NOTE: It may be convenient adding the security manager and the policy command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script. +Read more about link:/quick-start/java#starting_a_node[starting a node]. + +NOTE: The Ignite must have enough permissions to work correctly. +You may apply the most straightforward way that is granting to Ignite the `java.security.AllPermission` permission, +but you should remember about the "giving permissions as low as possible" security principle. + +- The second condition to activate the Ignite Sandbox is _an implementation of the `GridSecurityProcessor` interface must be installed_. + +Currently, the Apache Ignite does not provide an implementation of the `GridSecurityProcessor` interface out-of-the-box. Review comment: you don't need 'the' here. ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. + +You can read more about link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[Security Management,window=_blank]. + +NOTE: It may be convenient adding the security manager and the policy command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script. +Read more about link:/quick-start/java#starting_a_node[starting a node]. + +NOTE: The Ignite must have enough permissions to work correctly. +You may apply the most straightforward way that is granting to Ignite the `java.security.AllPermission` permission, +but you should remember about the "giving permissions as low as possible" security principle. + +- The second condition to activate the Ignite Sandbox is _an implementation of the `GridSecurityProcessor` interface must be installed_. + +Currently, the Apache Ignite does not provide an implementation of the `GridSecurityProcessor` interface out-of-the-box. +But, you can implement this interface as part of link:/plugins[a custom plugin]. + +The `GridSecurityProcessor` interface has the `sandboxEnabled` method that manages a user-defined code executing inside the Ignite Sandbox. Review comment: 'code execution...' ? ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. + +You can read more about link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[Security Management,window=_blank]. + +NOTE: It may be convenient adding the security manager and the policy command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script. +Read more about link:/quick-start/java#starting_a_node[starting a node]. + +NOTE: The Ignite must have enough permissions to work correctly. +You may apply the most straightforward way that is granting to Ignite the `java.security.AllPermission` permission, +but you should remember about the "giving permissions as low as possible" security principle. + +- The second condition to activate the Ignite Sandbox is _an implementation of the `GridSecurityProcessor` interface must be installed_. + +Currently, the Apache Ignite does not provide an implementation of the `GridSecurityProcessor` interface out-of-the-box. +But, you can implement this interface as part of link:/plugins[a custom plugin]. + +The `GridSecurityProcessor` interface has the `sandboxEnabled` method that manages a user-defined code executing inside the Ignite Sandbox. +By default, this method returns `false`, which means no-sandbox. +If you are going to use the Ignite Sandbox, your overridden `sandboxEnabled` method should return `true`. If the Ignite Sandbox is turned on, you can see the following trace line: [source,text] ---- [INFO] Security status [authentication=on, sandbox=on, tls/ssl=off] ---- +== Permissions + A user-defined code is always executed on behalf of the security subject that initiates its execution. -The security subject's sandbox link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions] define actions that a user-defined code can perform. -The Ignite Sandbox gets these permissions using the _SecuritySubject#sandboxPermissions_ method. +The security subject's sandbox link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions,window=_blank] define actions that a user-defined code can perform. +The Ignite Sandbox gets these permissions using the `SecuritySubject#sandboxPermissions` method. + +NOTE: A user-defined code, when running inside the Ignite Sandbox, may use the public API of Ignite without granting any additional permissions. If a security subject doesn't have enough permissions to perform a security-sensitive operation, an AcccessControlException appears. -NOTE: A user-defined code, when running inside the Ignite Sandbox, may use the public API of Ignite without granting any additional permissions. +[source,java] +---- +// Get compute instance over all nodes in the cluster. +IgniteCompute compute = Ignition.ignite().compute(); + +compute.broadcast(() -> { + // If the Ignite Sandbox is turned on, the lambda code executes with restrictions. Review comment: '...the lambda code is executed with restrictions.' ########## File path: docs/_docs/security/sandbox.adoc ########## @@ -6,26 +6,75 @@ This user-defined code can utilize Java features to get access to host resources For example, it can create/update/delete files; create sockets; read/update/delete system properties; use reflection API and so on. To restrict user-defined code options you may use the Ignite Sandbox based on the Java Sandbox model. -You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here]. +You can read about the Java Sandbox model link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-C203D80F-C730-45C3-AB95-D4E61FD6D89C[here,window=_blank]. -There are a few conditions to run user-defined code with restrictions: +== The Ignite Sandbox activation -- link:/security/authentication[GridSecurityProcessor] is installed; -- the method _GridSecurityProcessor#sandboxEnabled_ returns true; -- link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager] is installed. +There are a few conditions to activate the Ignite Sandbox. +- The first condition is _the SecurityManager must be installed_. + +Due to the Ignite Sandbox is based on the Java Sandbox model, you need to have installed the SecurityManager that is an important part of that model. +The SecurityManager is responsible for checking the security policy currently in effect and perform access control checks. +A security manager is not automatically installed when an application is running. If you run Ignite as a separate application, +you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). +There is also a `-Djava.security.policy` command-line argument whose usage determines what policy files are utilized. +If you don't include `-Djava.security.policy` on the command line, then the policy files specified in the security properties file will be used. + +You can read more about link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[Security Management,window=_blank]. + +NOTE: It may be convenient adding the security manager and the policy command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script. +Read more about link:/quick-start/java#starting_a_node[starting a node]. + +NOTE: The Ignite must have enough permissions to work correctly. +You may apply the most straightforward way that is granting to Ignite the `java.security.AllPermission` permission, +but you should remember about the "giving permissions as low as possible" security principle. + +- The second condition to activate the Ignite Sandbox is _an implementation of the `GridSecurityProcessor` interface must be installed_. + +Currently, the Apache Ignite does not provide an implementation of the `GridSecurityProcessor` interface out-of-the-box. +But, you can implement this interface as part of link:/plugins[a custom plugin]. + +The `GridSecurityProcessor` interface has the `sandboxEnabled` method that manages a user-defined code executing inside the Ignite Sandbox. +By default, this method returns `false`, which means no-sandbox. +If you are going to use the Ignite Sandbox, your overridden `sandboxEnabled` method should return `true`. If the Ignite Sandbox is turned on, you can see the following trace line: [source,text] ---- [INFO] Security status [authentication=on, sandbox=on, tls/ssl=off] ---- +== Permissions + A user-defined code is always executed on behalf of the security subject that initiates its execution. -The security subject's sandbox link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions] define actions that a user-defined code can perform. -The Ignite Sandbox gets these permissions using the _SecuritySubject#sandboxPermissions_ method. +The security subject's sandbox link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions,window=_blank] define actions that a user-defined code can perform. +The Ignite Sandbox gets these permissions using the `SecuritySubject#sandboxPermissions` method. + +NOTE: A user-defined code, when running inside the Ignite Sandbox, may use the public API of Ignite without granting any additional permissions. If a security subject doesn't have enough permissions to perform a security-sensitive operation, an AcccessControlException appears. -NOTE: A user-defined code, when running inside the Ignite Sandbox, may use the public API of Ignite without granting any additional permissions. +[source,java] +---- +// Get compute instance over all nodes in the cluster. +IgniteCompute compute = Ignition.ignite().compute(); + +compute.broadcast(() -> { + // If the Ignite Sandbox is turned on, the lambda code executes with restrictions. + + // You can use the public API of Ignite without granting any permissions. + Ignition.localIgnite().cache("some.cache").get("key"); + + // If the current security subject doesn't have the java.util.PropertyPermission("secret.property", "read") permission, + // an java.security.AccessControlException appears here. + System.getProperty("secret.property"); +}); +---- + +In the case of accessing to the system property shown in the snippet above, you can see the following trace line with an exception: Review comment: 'In the case of accessing the system property...' ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
