Package org.apache.ignite.internal.processors.security

Class SecurityUtils

java.lang.Object

org.apache.ignite.internal.processors.security.SecurityUtils

public class SecurityUtils
extends Object

Security utilities.

Field Summary

Fields

Modifier and Type	Field	Description
static Permissions	ALL_PERMISSIONS	Permissions that contain AllPermission.
static String	IGNITE_INTERNAL_PACKAGE	Ignite internal package.
static String	MSG_SEC_PROC_CLS_IS_INVALID

Method Summary

Modifier and Type	Method	Description
static SecurityContext	authenticateLocalNode(ClusterNode node, SecurityCredentials cred, DiscoverySpiNodeAuthenticator nodeAuth)	Performs local node authentication.
static void	authorizeAll(IgniteSecurity security, SecurityPermissionSet permissions)
static Map<String,Collection<SecurityPermission>>	compatibleServicePermissions()
static <T,E extends Exception> T	doPrivileged(Callable<T> c)	Computes a result in a privileged action.
static boolean	hasSecurityManager()
static boolean	isInIgnitePackage(Class<?> cls)
static boolean	isInsideSandbox()
static boolean	isSecurityCompatibilityMode()
static boolean	isSystemType(GridKernalContext ctx, Object target, boolean considerWrapperCls)
static SecurityContext	nodeSecurityContext(Marshaller marsh, ClassLoader ldr, ClusterNode node)	Gets the node's security context.
static SecurityContext	remoteSecurityContext(GridKernalContext ctx)
static void	restoreDefaultSerializeVersion()	Sets default serialize version DFLT_SERIALIZE_VERSION.
static <T> T	sandboxedProxy(GridKernalContext ctx, Class cls, T instance)
static UUID	securitySubjectId(GridKernalContext ctx)
static UUID	securitySubjectId(GridCacheContext<?,?> cctx)
static UUID	securitySubjectId(GridCacheSharedContext<?,?> cctx)
static int	serializeVersion()
static void	serializeVersion(int ver)
static Object	unwrap(Object target)
static OperationSecurityContext	withRemoteSecurityContext(GridKernalContext ctx, SecurityContext secCtx)	Sets specified security context as current if it differs from the null.
static Map<String,Object>	withSecurityContext(SecurityContext secCtx, Map<String,Object> nodeAttrs, Marshaller marsh)	Marshals specified security context and adds it to the node attributes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MSG_SEC_PROC_CLS_IS_INVALID

public static final String MSG_SEC_PROC_CLS_IS_INVALID

See Also:

Constant Field Values

IGNITE_INTERNAL_PACKAGE

public static final String IGNITE_INTERNAL_PACKAGE

Ignite internal package.

See Also:

Constant Field Values

ALL_PERMISSIONS

public static final Permissions ALL_PERMISSIONS

Permissions that contain AllPermission.

Method Detail

isSecurityCompatibilityMode

public static boolean isSecurityCompatibilityMode()

Returns:

Security compatibility mode flag.

serializeVersion

public static void serializeVersion(int ver)

Parameters:

ver - Serialize version.

serializeVersion

public static int serializeVersion()

Returns:

Serialize version.

restoreDefaultSerializeVersion

public static void restoreDefaultSerializeVersion()

Sets default serialize version DFLT_SERIALIZE_VERSION.

compatibleServicePermissions

public static Map<String,Collection<SecurityPermission>> compatibleServicePermissions()

Returns:

Allow all service permissions.

nodeSecurityContext

public static SecurityContext nodeSecurityContext(Marshaller marsh,
                                                  ClassLoader ldr,
                                                  ClusterNode node)

Gets the node's security context.

Parameters:

marsh - Marshaller.

ldr - Class loader.

node - Node.

Returns:

Node's security context.

remoteSecurityContext

public static SecurityContext remoteSecurityContext(GridKernalContext ctx)

Returns:

Current security context if it is different from local node security context, otherwise null.

See Also:

withRemoteSecurityContext(GridKernalContext, SecurityContext)

securitySubjectId

public static UUID securitySubjectId(GridKernalContext ctx)

Returns:

Current security subject ID if security is enabled, otherwise null.

securitySubjectId

public static UUID securitySubjectId(GridCacheContext<?,?> cctx)

Returns:

Current security subject id if security is enabled otherwise null.

securitySubjectId

public static UUID securitySubjectId(GridCacheSharedContext<?,?> cctx)

Returns:

Current security subject id if security is enabled otherwise null.

withRemoteSecurityContext

public static OperationSecurityContext withRemoteSecurityContext(GridKernalContext ctx,
                                                                 SecurityContext secCtx)

Sets specified security context as current if it differs from the null. null means that security context of the local node is specified or security is disabled so no security context change is needed. Note that this method is safe to use only when it is known to be called in the security context of the local node (e.g. in system workers).

Returns:

OperationSecurityContext instance if new security context is set, otherwise null.

doPrivileged

public static <T,E extends Exception> T doPrivileged(Callable<T> c)
                                                    throws E extends Exception

Computes a result in a privileged action.

Type Parameters:

T - Type of result.

E - Type of Exception.

Parameters:

c - Instance of SandboxCallable.

Returns:

Computed result.

Throws:

E - if unable to compute a result.

E extends Exception

hasSecurityManager

public static boolean hasSecurityManager()

Returns:

True if SecurityManager is installed.

isSystemType

public static boolean isSystemType(GridKernalContext ctx,
                                   Object target,
                                   boolean considerWrapperCls)

Returns:

True if class of target is a system type.

unwrap

public static Object unwrap(Object target)

isInIgnitePackage

public static boolean isInIgnitePackage(Class<?> cls)

Parameters:

cls - Class instance.

Returns:

Whether specified class is in Ignite package.

isInsideSandbox

public static boolean isInsideSandbox()

Returns:

True if current thread runs inside the Ignite Sandbox.

sandboxedProxy

public static <T> T sandboxedProxy(GridKernalContext ctx,
                                   Class cls,
                                   T instance)

Returns:

Proxy of instance if the sandbox is enabled and class of instance is not a system type otherwise instance.

withSecurityContext

public static Map<String,Object> withSecurityContext(SecurityContext secCtx,
                                                           Map<String,Object> nodeAttrs,
                                                           Marshaller marsh)
                                                    throws IgniteCheckedException

Marshals specified security context and adds it to the node attributes.

Parameters:

secCtx - Security context to be added.

nodeAttrs - Cluster node attributes to which security context attribute is to be added.

marsh - Marshaller.

Returns:

New copy of node attributes with security context attribute added.

Throws:

IgniteCheckedException - If security context serialization exception occurs.

authenticateLocalNode

public static SecurityContext authenticateLocalNode(ClusterNode node,
                                                    SecurityCredentials cred,
                                                    DiscoverySpiNodeAuthenticator nodeAuth)

Performs local node authentication.

Parameters:

node - Cluster node to authenticate.

cred - Node credentials.

nodeAuth - Node authenticator.

Returns:

SecurityContext instance as authentication result.

authorizeAll

public static void authorizeAll(IgniteSecurity security,
                                SecurityPermissionSet permissions)