valepakh commented on code in PR #2962:
URL: https://github.com/apache/ignite-3/pull/2962#discussion_r1430349948
##########
modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java:
##########
@@ -47,17 +50,98 @@
/**
* Implementation of {@link Authenticator}.
*/
-public class AuthenticationManagerImpl implements AuthenticationManager {
+public class AuthenticationManagerImpl
+ extends AbstractEventProducer<AuthenticationEvent,
AuthenticationEventParameters>
+ implements AuthenticationManager {
private static final IgniteLogger LOG =
Loggers.forClass(AuthenticationManagerImpl.class);
- private final ReadWriteLock rwLock = new ReentrantReadWriteLock();
+ /**
+ * Security configuration.
+ */
+ private final SecurityConfiguration securityConfiguration;
+
+ /**
+ * Security configuration listener. Refreshes the list of authenticators
when the configuration changes.
+ */
+ private final ConfigurationListener<SecurityView>
securityConfigurationListener;
+
+ /**
+ * Security enabled/disabled event factory. Fires events when security is
enabled/disabled.
+ */
+ private final SecurityEnabledDisabledEventFactory
securityEnabledDisabledEventFactory;
+
+ /**
+ * User event factory. Fires events when a basic user is
created/updated/deleted.
+ */
+ private final UserEventFactory userEventFactory;
- private final List<AuthenticationListener> listeners = new
CopyOnWriteArrayList<>();
+ /**
+ * Authentication provider event factory. Fires events when an
authentication provider is created/updated/deleted.
+ */
+ private final AuthenticationProviderEventFactory providerEventFactory;
+ /**
+ * Read-write lock for the list of authenticators and the authentication
enabled flag.
+ */
+ private final ReadWriteLock rwLock = new ReentrantReadWriteLock();
+
+ /**
+ * List of authenticators.
+ */
private List<Authenticator> authenticators = new ArrayList<>();
+ /**
+ * Authentication enabled flag.
+ */
private boolean authEnabled = false;
+ /**
+ * Constructor.
+ *
+ * @param securityConfiguration Security configuration.
+ */
+ public AuthenticationManagerImpl(SecurityConfiguration
securityConfiguration) {
+ this.securityConfiguration = securityConfiguration;
+
+ this.securityConfigurationListener = ctx -> {
Review Comment:
```suggestion
securityConfigurationListener = ctx -> {
```
##########
modules/client-handler/src/main/java/org/apache/ignite/client/handler/ClientInboundMessageHandler.java:
##########
@@ -849,4 +852,60 @@ private NotificationSender notificationSender(long
requestId) {
// This is fine, because the client registers a listener before
sending the request.
return (writer, err) -> sendNotification(requestId, writer, err);
}
+
+ @Override
+ public CompletableFuture<Boolean> notify(AuthenticationEventParameters
parameters, @Nullable Throwable exception) {
+ if (shouldCloseConnection(parameters)) {
+ LOG.warn("Closing connection due to authentication event
[connectionId=" + connectionId + ", remoteAddress="
+ + channelHandlerContext.channel().remoteAddress() + ",
event=" + parameters.type() + ']');
+ closeConnection();
+ }
+ return CompletableFuture.completedFuture(false);
Review Comment:
```suggestion
return falseCompletedFuture();
```
##########
modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java:
##########
@@ -47,17 +50,98 @@
/**
* Implementation of {@link Authenticator}.
*/
-public class AuthenticationManagerImpl implements AuthenticationManager {
+public class AuthenticationManagerImpl
+ extends AbstractEventProducer<AuthenticationEvent,
AuthenticationEventParameters>
+ implements AuthenticationManager {
private static final IgniteLogger LOG =
Loggers.forClass(AuthenticationManagerImpl.class);
- private final ReadWriteLock rwLock = new ReentrantReadWriteLock();
+ /**
+ * Security configuration.
+ */
+ private final SecurityConfiguration securityConfiguration;
+
+ /**
+ * Security configuration listener. Refreshes the list of authenticators
when the configuration changes.
+ */
+ private final ConfigurationListener<SecurityView>
securityConfigurationListener;
+
+ /**
+ * Security enabled/disabled event factory. Fires events when security is
enabled/disabled.
+ */
+ private final SecurityEnabledDisabledEventFactory
securityEnabledDisabledEventFactory;
+
+ /**
+ * User event factory. Fires events when a basic user is
created/updated/deleted.
+ */
+ private final UserEventFactory userEventFactory;
- private final List<AuthenticationListener> listeners = new
CopyOnWriteArrayList<>();
+ /**
+ * Authentication provider event factory. Fires events when an
authentication provider is created/updated/deleted.
+ */
+ private final AuthenticationProviderEventFactory providerEventFactory;
+ /**
+ * Read-write lock for the list of authenticators and the authentication
enabled flag.
+ */
+ private final ReadWriteLock rwLock = new ReentrantReadWriteLock();
+
+ /**
+ * List of authenticators.
+ */
private List<Authenticator> authenticators = new ArrayList<>();
+ /**
+ * Authentication enabled flag.
+ */
private boolean authEnabled = false;
+ /**
+ * Constructor.
+ *
+ * @param securityConfiguration Security configuration.
+ */
+ public AuthenticationManagerImpl(SecurityConfiguration
securityConfiguration) {
+ this.securityConfiguration = securityConfiguration;
+
+ this.securityConfigurationListener = ctx -> {
+ refreshProviders(ctx.newValue());
+ return nullCompletedFuture();
+ };
+
+ this.securityEnabledDisabledEventFactory = new
SecurityEnabledDisabledEventFactory(this::fireEvent);
Review Comment:
```suggestion
securityEnabledDisabledEventFactory = new
SecurityEnabledDisabledEventFactory(this::fireEvent);
```
##########
modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java:
##########
@@ -47,17 +50,98 @@
/**
* Implementation of {@link Authenticator}.
*/
-public class AuthenticationManagerImpl implements AuthenticationManager {
+public class AuthenticationManagerImpl
+ extends AbstractEventProducer<AuthenticationEvent,
AuthenticationEventParameters>
+ implements AuthenticationManager {
private static final IgniteLogger LOG =
Loggers.forClass(AuthenticationManagerImpl.class);
- private final ReadWriteLock rwLock = new ReentrantReadWriteLock();
+ /**
+ * Security configuration.
+ */
+ private final SecurityConfiguration securityConfiguration;
+
+ /**
+ * Security configuration listener. Refreshes the list of authenticators
when the configuration changes.
+ */
+ private final ConfigurationListener<SecurityView>
securityConfigurationListener;
+
+ /**
+ * Security enabled/disabled event factory. Fires events when security is
enabled/disabled.
+ */
+ private final SecurityEnabledDisabledEventFactory
securityEnabledDisabledEventFactory;
+
+ /**
+ * User event factory. Fires events when a basic user is
created/updated/deleted.
+ */
+ private final UserEventFactory userEventFactory;
- private final List<AuthenticationListener> listeners = new
CopyOnWriteArrayList<>();
+ /**
+ * Authentication provider event factory. Fires events when an
authentication provider is created/updated/deleted.
+ */
+ private final AuthenticationProviderEventFactory providerEventFactory;
+ /**
+ * Read-write lock for the list of authenticators and the authentication
enabled flag.
+ */
+ private final ReadWriteLock rwLock = new ReentrantReadWriteLock();
+
+ /**
+ * List of authenticators.
+ */
private List<Authenticator> authenticators = new ArrayList<>();
+ /**
+ * Authentication enabled flag.
+ */
private boolean authEnabled = false;
+ /**
+ * Constructor.
+ *
+ * @param securityConfiguration Security configuration.
+ */
+ public AuthenticationManagerImpl(SecurityConfiguration
securityConfiguration) {
+ this.securityConfiguration = securityConfiguration;
+
+ this.securityConfigurationListener = ctx -> {
+ refreshProviders(ctx.newValue());
+ return nullCompletedFuture();
+ };
+
+ this.securityEnabledDisabledEventFactory = new
SecurityEnabledDisabledEventFactory(this::fireEvent);
+
+ this.userEventFactory = new UserEventFactory(this::fireEvent);
Review Comment:
```suggestion
userEventFactory = new UserEventFactory(this::fireEvent);
```
##########
modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java:
##########
@@ -47,17 +50,98 @@
/**
* Implementation of {@link Authenticator}.
*/
-public class AuthenticationManagerImpl implements AuthenticationManager {
+public class AuthenticationManagerImpl
+ extends AbstractEventProducer<AuthenticationEvent,
AuthenticationEventParameters>
+ implements AuthenticationManager {
private static final IgniteLogger LOG =
Loggers.forClass(AuthenticationManagerImpl.class);
- private final ReadWriteLock rwLock = new ReentrantReadWriteLock();
+ /**
+ * Security configuration.
+ */
+ private final SecurityConfiguration securityConfiguration;
+
+ /**
+ * Security configuration listener. Refreshes the list of authenticators
when the configuration changes.
+ */
+ private final ConfigurationListener<SecurityView>
securityConfigurationListener;
+
+ /**
+ * Security enabled/disabled event factory. Fires events when security is
enabled/disabled.
+ */
+ private final SecurityEnabledDisabledEventFactory
securityEnabledDisabledEventFactory;
+
+ /**
+ * User event factory. Fires events when a basic user is
created/updated/deleted.
+ */
+ private final UserEventFactory userEventFactory;
- private final List<AuthenticationListener> listeners = new
CopyOnWriteArrayList<>();
+ /**
+ * Authentication provider event factory. Fires events when an
authentication provider is created/updated/deleted.
+ */
+ private final AuthenticationProviderEventFactory providerEventFactory;
+ /**
+ * Read-write lock for the list of authenticators and the authentication
enabled flag.
+ */
+ private final ReadWriteLock rwLock = new ReentrantReadWriteLock();
+
+ /**
+ * List of authenticators.
+ */
private List<Authenticator> authenticators = new ArrayList<>();
+ /**
+ * Authentication enabled flag.
+ */
private boolean authEnabled = false;
+ /**
+ * Constructor.
+ *
+ * @param securityConfiguration Security configuration.
+ */
+ public AuthenticationManagerImpl(SecurityConfiguration
securityConfiguration) {
+ this.securityConfiguration = securityConfiguration;
+
+ this.securityConfigurationListener = ctx -> {
+ refreshProviders(ctx.newValue());
+ return nullCompletedFuture();
+ };
+
+ this.securityEnabledDisabledEventFactory = new
SecurityEnabledDisabledEventFactory(this::fireEvent);
+
+ this.userEventFactory = new UserEventFactory(this::fireEvent);
+
+ this.providerEventFactory = new AuthenticationProviderEventFactory(
Review Comment:
```suggestion
providerEventFactory = new AuthenticationProviderEventFactory(
```
##########
modules/security/build.gradle:
##########
@@ -29,6 +29,7 @@ dependencies {
implementation project(':ignite-configuration-api')
implementation libs.jetbrains.annotations
implementation libs.auto.service.annotations
+ testImplementation project(path: ':ignite-security')
Review Comment:
Is this really needed?
##########
modules/security/src/main/java/org/apache/ignite/internal/security/authentication/event/EventFactory.java:
##########
@@ -17,12 +17,16 @@
package org.apache.ignite.internal.security.authentication.event;
+import java.util.List;
+import java.util.function.BiFunction;
+import org.apache.ignite.internal.security.configuration.SecurityView;
+import org.jetbrains.annotations.Nullable;
+
/**
- * Represents the authentication event type.
+ * Event producer for security configuration changes.
*/
-public enum EventType {
- AUTHENTICATION_ENABLED,
- AUTHENTICATION_DISABLED,
- AUTHENTICATION_PROVIDER_REMOVED,
- AUTHENTICATION_PROVIDER_UPDATED
+@FunctionalInterface
+public interface EventFactory extends BiFunction<SecurityView, SecurityView,
List<? extends AuthenticationEventParameters>> {
Review Comment:
This interface is unused.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
