[GitHub] [ignite] timoninmaxim commented on a change in pull request #8892: IGNITE-14335 Merges APIs of IgniteAuthenticationProcessor and IgniteSecurity.

Sun, 18 Apr 2021 22:56:47 -0700 


timoninmaxim commented on a change in pull request #8892:
URL: https://github.com/apache/ignite/pull/8892#discussion_r615559184



##########
File path: 
modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java
##########
@@ -1335,4 +1332,99 @@ private RefreshUsersStorageWorker(ArrayList<User> usrs) {
             }
         }
     }
+
+    /** Represents {@link SecuritySubject} implementation. */
+    private static class SecuritySubjectImpl implements SecuritySubject {
+        /** */
+        private static final long serialVersionUID = 0L;
+
+        /** Security subject identifier. */
+        private final UUID id;
+
+        /** Security subject login.  */
+        private final Object login;
+
+        /** Security subject type. */
+        private final SecuritySubjectType type;
+
+        /** Security subject address. */
+        private final InetSocketAddress addr;
+
+        /** */
+        public SecuritySubjectImpl(UUID id, Object login, SecuritySubjectType 
type, InetSocketAddress addr) {
+            this.id = id;
+            this.login = login;
+            this.type = type;
+            this.addr = addr;
+        }
+
+        /** {@inheritDoc} */
+        @Override public UUID id() {
+            return id;
+        }
+
+        /** {@inheritDoc} */
+        @Override public Object login() {
+            return login;
+        }
+
+        /** {@inheritDoc} */
+        @Override public SecuritySubjectType type() {
+            return type;
+        }
+
+        /** {@inheritDoc} */
+        @Override public InetSocketAddress address() {
+            return addr;
+        }
+
+        /** {@inheritDoc} */
+        @Override public SecurityPermissionSet permissions() {
+            return null;

Review comment:
       I see a method IgniteAuthenticationProcessor#authenticateNode, that is 
used as authenticator in DiscoverySpi. Maybe there is an if-check that makes 
this authentication unuseful, but it's not obvious. For me default behavior 
that returns NULL is dangerous and lead to NPE, also because method is not 
documented as Nullable.
   
   If it's not used let's replace it with exception like Unsupported, or make 
all methods consistent (if allowPermissions are true then return all 
permissions there, if allowPermissions are false then return empty list there). 
WDYT?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to