Skip to content
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
import org.apache.ignite.internal.managers.communication.CompressedMessage;
import org.apache.ignite.internal.managers.communication.ErrorMessage;
import org.apache.ignite.internal.managers.communication.GridIoMessage;
import org.apache.ignite.internal.managers.communication.GridIoSecurityAwareMessage;
import org.apache.ignite.internal.managers.communication.GridIoUserMessage;
import org.apache.ignite.internal.managers.communication.IgniteIoTestMessage;
import org.apache.ignite.internal.managers.communication.SessionChannelMessage;
Expand Down Expand Up @@ -240,6 +239,7 @@
import org.apache.ignite.internal.processors.rollingupgrade.RollingUpgradeNodeData;
import org.apache.ignite.internal.processors.rollingupgrade.feature.IgniteFeatureSet;
import org.apache.ignite.internal.processors.rollingupgrade.feature.IgniteProductFeatures;
import org.apache.ignite.internal.processors.security.SecurityContextImpl;
import org.apache.ignite.internal.processors.service.ServiceChangeBatchRequest;
import org.apache.ignite.internal.processors.service.ServiceClusterDeploymentResult;
import org.apache.ignite.internal.processors.service.ServiceClusterDeploymentResultBatch;
Expand Down Expand Up @@ -608,12 +608,14 @@ public CoreMessagesProvider(Marshaller dfltMarsh, Marshaller schemaAwareMarsh, C
// [11500 - 11600]: IO, networking messages.
msgIdx = NODE_ID_MSG_TYPE;
withNoSchema(NodeIdMessage.class);
msgIdx = HANDSHAKE_MSG_TYPE;
withNoSchema(HandshakeMessage.class);
msgIdx = HANDSHAKE_WAIT_MSG_TYPE;
withNoSchema(HandshakeWaitMessage.class);
withNoSchema(GridIoMessage.class);
withNoSchema(IgniteIoTestMessage.class);
withSchema(GridIoUserMessage.class);
withSchema(GridIoSecurityAwareMessage.class);
++msgIdx; // Former GridIoSecurityAwareMessage
withNoSchema(RecoveryLastReceivedMessage.class);
withNoSchema(TcpInverseConnectionResponseMessage.class);
withNoSchema(SessionChannelMessage.class);
Expand Down Expand Up @@ -690,9 +692,10 @@ public CoreMessagesProvider(Marshaller dfltMarsh, Marshaller schemaAwareMarsh, C
// [13400 - 13500]: Operation context messages.
msgIdx = 13400;
withNoSchema(OperationContextMessage.class);
withNoSchema(SecurityContextImpl.class);

// [13500 - 13600]: Rolling Upgrade messages.
msgIdx = 13500;
// [13600 - 13700]: Rolling Upgrade messages.
msgIdx = 13600;
withNoSchema(IgniteFeatureSet.class);
withNoSchema(IgniteProductFeatures.class);
withNoSchema(RollingUpgradeNodeData.class);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -97,11 +97,14 @@
import org.apache.ignite.internal.processors.cache.persistence.file.RandomAccessFileIOFactory;
import org.apache.ignite.internal.processors.platform.message.PlatformMessageFilter;
import org.apache.ignite.internal.processors.pool.PoolProcessor;
import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor;
import org.apache.ignite.internal.processors.security.SecurityContextImpl;
import org.apache.ignite.internal.processors.timeout.GridTimeoutObject;
import org.apache.ignite.internal.processors.tracing.MTC;
import org.apache.ignite.internal.processors.tracing.MTC.TraceSurroundings;
import org.apache.ignite.internal.processors.tracing.Span;
import org.apache.ignite.internal.processors.tracing.SpanTags;
import org.apache.ignite.internal.thread.context.OperationContext;
import org.apache.ignite.internal.thread.context.Scope;
import org.apache.ignite.internal.util.GridBoundedConcurrentLinkedHashSet;
import org.apache.ignite.internal.util.IgniteUtils;
Expand Down Expand Up @@ -137,7 +140,6 @@
import org.apache.ignite.spi.communication.tcp.internal.ConnectionRequestor;
import org.apache.ignite.spi.communication.tcp.internal.TcpConnectionRequestDiscoveryMessage;
import org.apache.ignite.spi.communication.tcp.internal.TcpInverseConnectionResponseMessage;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

import static org.apache.ignite.events.EventType.EVT_NODE_FAILED;
Expand Down Expand Up @@ -1317,7 +1319,7 @@ private void processP2PMessage(

assert obj != null;

invokeListener(msg.policy(), lsnr, nodeId, obj, secSubjId(msg));
invokeListener(msg.policy(), lsnr, nodeId, obj);
}
finally {
threadProcessingMessage(false, null);
Expand Down Expand Up @@ -1455,7 +1457,7 @@ private void processRegularMessage0(GridIoMessage msg, UUID nodeId) {

assert obj != null;

invokeListener(msg.policy(), lsnr, nodeId, obj, secSubjId(msg));
invokeListener(msg.policy(), lsnr, nodeId, obj);
}

/**
Expand Down Expand Up @@ -1819,9 +1821,8 @@ private void unwindMessageSet(GridCommunicationMessageSet msgSet, GridMessageLis
* @param lsnr Listener.
* @param nodeId Node ID.
* @param msg Message.
* @param secSubjId Security subject that will be used to open a security session.
*/
private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Object msg, UUID secSubjId) {
private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Object msg) {
MTC.span().addLog(() -> "Invoke listener");

Byte oldPlc = CUR_PLC.get();
Expand All @@ -1831,7 +1832,9 @@ private void invokeListener(Byte plc, GridMessageListener lsnr, UUID nodeId, Obj
if (change)
CUR_PLC.set(plc);

UUID newSecSubjId = secSubjId != null ? secSubjId : nodeId;
SecurityContextImpl secCtxMsg = OperationContext.get(IgniteSecurityProcessor.SEC_CTX_ATTR);

UUID newSecSubjId = secCtxMsg == null ? nodeId : secCtxMsg.subjId;

try (Scope ignored = ctx.security().withContext(newSecSubjId)) {
lsnr.onMessage(nodeId, msg, plc);
Expand Down Expand Up @@ -2029,11 +2032,8 @@ private long getInverseConnectionWaitTimeout() {
return ctx.config().getFailureDetectionTimeout();
}

/**
* @return One of two message wrappers. The first is {@link GridIoMessage}, the second is secured version {@link
* GridIoSecurityAwareMessage}.
*/
private @NotNull GridIoMessage createGridIoMessage(
/** @return A {@link GridIoMessage} wrapper for {@code msg}. */
private GridIoMessage createGridIoMessage(
Object topic,
Message msg,
byte plc,
Expand All @@ -2043,18 +2043,16 @@ private long getInverseConnectionWaitTimeout() {
) {
GridIoMessage res;

if (ctx.security().enabled()) {
UUID secSubjId = null;
UUID secSubjId = ctx.security().enabled() && !ctx.security().isDefaultContext()
? ctx.security().securityContext().subject().id()
: null;

if (!ctx.security().isDefaultContext())
secSubjId = ctx.security().securityContext().subject().id();
res = new GridIoMessage(plc, topic, msg, ordered, timeout, skipOnTimeout);

res = new GridIoSecurityAwareMessage(secSubjId, plc, topic, msg, ordered, timeout, skipOnTimeout);
try (Scope ignored = secSubjId == null ? Scope.NOOP_SCOPE
: OperationContext.set(IgniteSecurityProcessor.SEC_CTX_ATTR, new SecurityContextImpl(secSubjId))) {
res.opCtxMsg = ctx.operationContextDispatcher().collectDistributedAttributes();
}
else
res = new GridIoMessage(plc, topic, msg, ordered, timeout, skipOnTimeout);

res.opCtxMsg = ctx.operationContextDispatcher().collectDistributedAttributes();

return res;
}
Expand Down Expand Up @@ -3812,7 +3810,7 @@ void unwind(GridMessageListener lsnr) {

MTC.span().addTag(SpanTags.MESSAGE, () -> traceName(fmc.message));

invokeListener(plc, lsnr, nodeId, mc.message.message(), secSubjId(mc.message));
invokeListener(plc, lsnr, nodeId, mc.message.message());
}
finally {
if (mc.closure != null)
Expand Down Expand Up @@ -4241,19 +4239,6 @@ public long binLatencyMcs() {
}
}

/**
* @return Security subject id.
*/
private UUID secSubjId(GridIoMessage msg) {
if (ctx.security().enabled()) {
assert msg instanceof GridIoSecurityAwareMessage;

return ((GridIoSecurityAwareMessage)msg).securitySubjectId();
}

return null;
}

/**
* Responsible for handling network situation where server cannot open connection to client and
* has to ask client to establish a connection to specific server.
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ public class GridDiscoveryManager extends GridManagerAdapter<DiscoverySpi> {
};

/** Discovery cached history size. */
private final int DISCOVERY_HISTORY_SIZE = getInteger(IGNITE_DISCOVERY_HISTORY_SIZE, DFLT_DISCOVERY_HISTORY_SIZE);
private final int discHistSz = getInteger(IGNITE_DISCOVERY_HISTORY_SIZE, DFLT_DISCOVERY_HISTORY_SIZE);

/** */
private final Object discoEvtMux = new Object();
Expand Down Expand Up @@ -254,7 +254,7 @@ public class GridDiscoveryManager extends GridManagerAdapter<DiscoverySpi> {

/** Topology cache history. */
private final GridBoundedConcurrentLinkedHashMap<AffinityTopologyVersion, DiscoCache> discoCacheHist =
new GridBoundedConcurrentLinkedHashMap<>(DISCOVERY_HISTORY_SIZE);
new GridBoundedConcurrentLinkedHashMap<>(discHistSz);

/** Topology snapshots history. */
private volatile NavigableMap<Long, Collection<ClusterNode>> topHist = Collections.emptyNavigableMap();
Expand Down Expand Up @@ -1107,7 +1107,7 @@ private boolean skipMessage(int type, @Nullable DiscoveryCustomMessage customMsg

rcvdCustomMsgs.addLast(customMsg.id());

while (rcvdCustomMsgs.size() > DISCOVERY_HISTORY_SIZE)
while (rcvdCustomMsgs.size() > discHistSz)
rcvdCustomMsgs.pollFirst();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@

package org.apache.ignite.internal.processors.authentication;

import java.io.Serializable;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Collection;
Expand Down Expand Up @@ -57,12 +56,12 @@
import org.apache.ignite.internal.processors.security.GridSecurityProcessor;
import org.apache.ignite.internal.processors.security.IgniteSecurityProcessor;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.processors.security.SecurityContextImpl;
import org.apache.ignite.internal.thread.pool.IgniteThreadPoolExecutor;
import org.apache.ignite.internal.util.future.GridFutureAdapter;
import org.apache.ignite.internal.util.tostring.GridToStringExclude;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.internal.CU;
import org.apache.ignite.internal.util.typedef.internal.S;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.internal.util.worker.GridWorker;
import org.apache.ignite.lang.IgniteFuture;
Expand All @@ -73,7 +72,6 @@
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecuritySubject;
import org.apache.ignite.plugin.security.SecuritySubjectType;
import org.apache.ignite.spi.discovery.DiscoveryDataBag;
import org.apache.ignite.spi.discovery.DiscoverySpi;
import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi;
Expand Down Expand Up @@ -1302,7 +1300,7 @@ private RefreshUsersStorageWorker(ArrayList<User> usrs) {
}

/** {@inheritDoc} */
@Override protected void body() throws InterruptedException, IgniteInterruptedCheckedException {
@Override protected void body() {
if (ctx.clientNode())
return;

Expand Down Expand Up @@ -1331,74 +1329,4 @@ private RefreshUsersStorageWorker(ArrayList<User> usrs) {
}
}
}

/** Represents {@link SecuritySubject} implementation. */
private static class SecuritySubjectImpl implements SecuritySubject {
/** */
private static final long serialVersionUID = 0L;

/** Security subject identifier. */
private final UUID id;

/** Security subject login. */
private final String login;

/** Security subject type. */
private final SecuritySubjectType type;

/** Security subject address. */
private final InetSocketAddress addr;

/** */
public SecuritySubjectImpl(UUID id, String login, SecuritySubjectType type, InetSocketAddress addr) {
this.id = id;
this.login = login;
this.type = type;
this.addr = addr;
}

/** {@inheritDoc} */
@Override public UUID id() {
return id;
}

/** {@inheritDoc} */
@Override public String login() {
return login;
}

/** {@inheritDoc} */
@Override public SecuritySubjectType type() {
return type;
}

/** {@inheritDoc} */
@Override public InetSocketAddress address() {
return addr;
}

/** {@inheritDoc} */
@Override public String toString() {
return S.toString(SecuritySubjectImpl.class, this);
}
}

/** Represents {@link SecurityContext} implementation that ignores any security permission checks. */
private static class SecurityContextImpl implements SecurityContext, Serializable {
/** */
private static final long serialVersionUID = 0L;

/** */
private final SecuritySubject subj;

/** */
public SecurityContextImpl(UUID id, String login, SecuritySubjectType type, InetSocketAddress addr) {
subj = new SecuritySubjectImpl(id, login, type, addr);
}

/** {@inheritDoc} */
@Override public SecuritySubject subject() {
return subj;
}
}
}
Loading
Loading