IGNITE-14675 Refactors IgniteAuthenticationProcessor callbacks. (#9079)
diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java
index b6bcf41..63cef5c 100644
--- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java
+++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinAuthenticateConnectionSelfTest.java
@@ -69,11 +69,9 @@
grid(0).cluster().active(true);
- AutoCloseable secCtxsHnd = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"));
-
- grid(0).context().security().createUser("another_user", "passwd".toCharArray());
-
- secCtxsHnd.close();
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(authenticate(grid(0), "ignite", "ignite"))) {
+ grid(0).context().security().createUser("another_user", "passwd".toCharArray());
+ }
}
/** {@inheritDoc} */
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java
index f7897a4..482c38f 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java
@@ -1250,6 +1250,8 @@
startTimer.finishGlobalStage("Configure binary metadata");
startProcessor(createComponent(IGridClusterStateProcessor.class, ctx));
+ startProcessor(new PerformanceStatisticsProcessor(ctx));
+ startProcessor(new GridCacheProcessor(ctx));
if (cfg.isAuthenticationEnabled()) {
IgniteSecurityProcessor sec = (IgniteSecurityProcessor)ctx.security();
@@ -1257,8 +1259,6 @@
((IgniteAuthenticationProcessor)sec.securityProcessor()).startProcessor();
}
- startProcessor(new PerformanceStatisticsProcessor(ctx));
- startProcessor(new GridCacheProcessor(ctx));
startProcessor(new IndexProcessor(ctx));
startProcessor(new GridQueryProcessor(ctx));
startProcessor(new ClientListenerProcessor(ctx));
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java b/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
index e7ddd3e..38bf3b5 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/managers/discovery/GridDiscoveryManager.java
@@ -75,7 +75,6 @@
import org.apache.ignite.internal.managers.eventstorage.GridLocalEventListener;
import org.apache.ignite.internal.managers.systemview.walker.ClusterNodeViewWalker;
import org.apache.ignite.internal.processors.affinity.AffinityTopologyVersion;
-import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor;
import org.apache.ignite.internal.processors.cache.CacheGroupDescriptor;
import org.apache.ignite.internal.processors.cache.ClientCacheChangeDummyDiscoveryMessage;
import org.apache.ignite.internal.processors.cache.DynamicCacheChangeBatch;
@@ -172,7 +171,6 @@
import static org.apache.ignite.internal.IgniteVersionUtils.VER;
import static org.apache.ignite.internal.events.DiscoveryCustomEvent.EVT_DISCOVERY_CUSTOM_EVT;
import static org.apache.ignite.internal.processors.metric.impl.MetricUtils.metricName;
-import static org.apache.ignite.internal.processors.security.SecurityUtils.ifAuthenticationEnabled;
import static org.apache.ignite.internal.processors.security.SecurityUtils.isSecurityCompatibilityMode;
import static org.apache.ignite.plugin.segmentation.SegmentationPolicy.NOOP;
@@ -770,8 +768,6 @@
ctx.service().onLocalJoin(discoEvt, discoCache);
- ifAuthenticationEnabled(ctx, IgniteAuthenticationProcessor::onLocalJoin);
-
ctx.encryption().onLocalJoin();
ctx.cluster().onLocalJoin();
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java
index f490681..31c7262 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/authentication/IgniteAuthenticationProcessor.java
@@ -48,6 +48,8 @@
import org.apache.ignite.internal.processors.affinity.AffinityTopologyVersion;
import org.apache.ignite.internal.processors.cache.GridCacheSharedContext;
import org.apache.ignite.internal.processors.cache.GridCacheUtils;
+import org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture;
+import org.apache.ignite.internal.processors.cache.distributed.dht.preloader.PartitionsExchangeAware;
import org.apache.ignite.internal.processors.cache.persistence.metastorage.MetastorageLifecycleListener;
import org.apache.ignite.internal.processors.cache.persistence.metastorage.MetastorageTree;
import org.apache.ignite.internal.processors.cache.persistence.metastorage.ReadOnlyMetastorage;
@@ -95,7 +97,7 @@
*
*/
public class IgniteAuthenticationProcessor extends GridProcessorAdapter implements GridSecurityProcessor,
- MetastorageLifecycleListener {
+ MetastorageLifecycleListener, PartitionsExchangeAware {
/** Store user prefix. */
private static final String STORE_USER_PREFIX = "user.";
@@ -169,6 +171,10 @@
ctx.addNodeAttribute(ATTR_AUTHENTICATION_ENABLED, true);
+ sharedCtx = ctx.cache().context();
+
+ sharedCtx.exchange().registerExchangeAwareComponent(this);
+
GridDiscoveryManager discoMgr = ctx.discovery();
GridIoManager ioMgr = ctx.io();
@@ -177,6 +183,8 @@
discoMgr.setCustomEventListener(UserAcceptedMessage.class, new UserAcceptedListener());
+ discoMgr.localJoinFuture().listen(fut -> onLocalJoin());
+
discoLsnr = (evt, discoCache) -> {
if (ctx.isStopping())
return;
@@ -218,13 +226,6 @@
new LinkedBlockingQueue<>());
}
- /**
- * On cache processor started.
- */
- public void cacheProcessorStarted() {
- sharedCtx = ctx.cache().context();
- }
-
/** {@inheritDoc} */
@Override public void stop(boolean cancel) throws IgniteCheckedException {
if (ioLsnr != null)
@@ -791,8 +792,8 @@
* Local node joined to topology. Discovery cache is available but no discovery custom message are received.
* Initial user set and initial user operation (received on join) are processed here.
*/
- public void onLocalJoin() {
- if (coordinator() == null)
+ private void onLocalJoin() {
+ if (ctx.isDaemon() || ctx.clientDisconnected() || coordinator() == null)
return;
if (F.eq(coordinator().id(), ctx.localNodeId())) {
@@ -829,10 +830,8 @@
readyForAuthFut.onDone();
}
- /**
- * Called on node activate.
- */
- public void onActivate() {
+ /** {@inheritDoc} */
+ @Override public void onDoneBeforeTopologyUnlock(GridDhtPartitionsExchangeFuture fut) {
activateFut.onDone();
}
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java
index 8dc4a75..e8ee3f1 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java
@@ -90,7 +90,6 @@
import org.apache.ignite.internal.processors.GridProcessorAdapter;
import org.apache.ignite.internal.processors.affinity.AffinityTopologyVersion;
import org.apache.ignite.internal.processors.affinity.GridAffinityAssignmentCache;
-import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor;
import org.apache.ignite.internal.processors.cache.binary.CacheObjectBinaryProcessorImpl;
import org.apache.ignite.internal.processors.cache.datastructures.CacheDataStructuresManager;
import org.apache.ignite.internal.processors.cache.distributed.dht.GridDhtCache;
@@ -220,7 +219,6 @@
import static org.apache.ignite.internal.processors.cache.GridCacheUtils.isPersistentCache;
import static org.apache.ignite.internal.processors.cache.ValidationOnNodeJoinUtils.validateHashIdResolvers;
import static org.apache.ignite.internal.processors.cache.distributed.dht.topology.GridDhtLocalPartition.DFLT_CACHE_REMOVE_ENTRIES_TTL;
-import static org.apache.ignite.internal.processors.security.SecurityUtils.ifAuthenticationEnabled;
import static org.apache.ignite.internal.util.IgniteUtils.doInParallel;
/**
@@ -630,7 +628,6 @@
log.debug("Started cache processor.");
ctx.state().cacheProcessorStarted();
- ifAuthenticationEnabled(ctx, IgniteAuthenticationProcessor::cacheProcessorStarted);
ctx.systemView().registerFiltrableView(
CACHE_GRP_PAGE_LIST_VIEW,
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/distributed/dht/preloader/GridDhtPartitionsExchangeFuture.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/distributed/dht/preloader/GridDhtPartitionsExchangeFuture.java
index a4ba32e..b3642c1 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/distributed/dht/preloader/GridDhtPartitionsExchangeFuture.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/distributed/dht/preloader/GridDhtPartitionsExchangeFuture.java
@@ -72,7 +72,6 @@
import org.apache.ignite.internal.pagemem.wal.record.ExchangeRecord;
import org.apache.ignite.internal.processors.affinity.AffinityTopologyVersion;
import org.apache.ignite.internal.processors.affinity.GridAffinityAssignmentCache;
-import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor;
import org.apache.ignite.internal.processors.cache.CacheAffinityChangeMessage;
import org.apache.ignite.internal.processors.cache.CacheGroupContext;
import org.apache.ignite.internal.processors.cache.CacheGroupDescriptor;
@@ -149,7 +148,6 @@
import static org.apache.ignite.internal.processors.cache.ExchangeDiscoveryEvents.serverLeftEvent;
import static org.apache.ignite.internal.processors.cache.distributed.dht.preloader.CachePartitionPartialCountersMap.PARTIAL_COUNTERS_MAP_SINCE;
import static org.apache.ignite.internal.processors.cache.persistence.snapshot.IgniteSnapshotManager.isSnapshotOperation;
-import static org.apache.ignite.internal.processors.security.SecurityUtils.ifAuthenticationEnabled;
import static org.apache.ignite.internal.util.IgniteUtils.doInParallel;
import static org.apache.ignite.internal.util.IgniteUtils.doInParallelUninterruptibly;
@@ -2516,8 +2514,6 @@
// Create and destroy caches and cache proxies.
cctx.cache().onExchangeDone(initialVersion(), exchActions, err);
- ifAuthenticationEnabled(cctx.kernalContext(), IgniteAuthenticationProcessor::onActivate);
-
Map<T2<Integer, Integer>, Long> localReserved = partHistSuppliers.getReservations(cctx.localNodeId());
if (localReserved != null) {
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
index 05cc40c..10970a6 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
@@ -38,7 +38,6 @@
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
-import java.util.function.Consumer;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteSystemProperties;
@@ -46,7 +45,6 @@
import org.apache.ignite.internal.GridInternalWrapper;
import org.apache.ignite.internal.GridKernalContext;
import org.apache.ignite.internal.IgniteNodeAttributes;
-import org.apache.ignite.internal.processors.authentication.IgniteAuthenticationProcessor;
import org.apache.ignite.internal.processors.security.sandbox.IgniteDomainCombiner;
import org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox;
import org.apache.ignite.internal.util.typedef.F;
@@ -287,14 +285,4 @@
});
}
}
-
- /** Executes specified operation if authentication is enabled. */
- public static void ifAuthenticationEnabled(GridKernalContext ctx, Consumer<IgniteAuthenticationProcessor> op) {
- if (!ctx.config().isAuthenticationEnabled())
- return;
-
- IgniteSecurityProcessor sec = (IgniteSecurityProcessor)ctx.security();
-
- op.accept((IgniteAuthenticationProcessor)sec.securityProcessor());
- }
}
diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java
index 927f752..28ba469 100644
--- a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java
+++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/Authentication1kUsersNodeRestartTest.java
@@ -18,14 +18,12 @@
package org.apache.ignite.internal.processors.authentication;
import java.util.stream.IntStream;
-import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.configuration.DataRegionConfiguration;
import org.apache.ignite.configuration.DataStorageConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.processors.security.IgniteSecurity;
import org.apache.ignite.internal.processors.security.SecurityContext;
-import org.apache.ignite.internal.util.IgniteUtils;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
@@ -100,33 +98,23 @@
IntStream.range(0, USERS_COUNT).parallel().forEach(
i -> {
- AutoCloseable innerNodeSecHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
sec.createUser("test" + i, "init".toCharArray());
}
- catch (IgniteCheckedException e) {
+ catch (Exception e) {
throw new IgniteException(e);
}
- finally {
- IgniteUtils.closeQuiet(innerNodeSecHnd);
- }
}
);
IntStream.range(0, USERS_COUNT).parallel().forEach(
i -> {
- AutoCloseable innerNodeSecHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
sec.alterUser("test" + i, ("passwd_" + i).toCharArray());
}
- catch (IgniteCheckedException e) {
+ catch (Exception e) {
throw new IgniteException(e);
}
- finally {
- IgniteUtils.closeQuiet(innerNodeSecHnd);
- }
}
);
diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java
index b11ee47..a74e58c 100644
--- a/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java
+++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/authentication/AuthenticationProcessorSelfTest.java
@@ -145,9 +145,7 @@
*/
@Test
public void testDefaultUserUpdate() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
// Change from all nodes
for (int nodeIdx = 0; nodeIdx < NODES_COUNT; ++nodeIdx) {
grid(nodeIdx).context().security().alterUser("ignite", ("ignite" + nodeIdx).toCharArray());
@@ -161,9 +159,6 @@
}
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -171,9 +166,7 @@
*/
@Test
public void testRemoveDefault() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
for (int i = 0; i < NODES_COUNT; ++i) {
final int nodeIdx = i;
@@ -188,9 +181,6 @@
assertNotNull(authenticate(grid(0), "ignite", "ignite"));
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -198,9 +188,7 @@
*/
@Test
public void testUserManagementPermission() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt)) {
grid(0).context().security().createUser("test", "test".toCharArray());
final SecurityContext secCtx = authenticate(grid(0), "test", "test");
@@ -244,9 +232,6 @@
"User management operations initiated on behalf of the Ignite node are not expected.");
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -254,9 +239,7 @@
*/
@Test
public void testProceedUsersOnJoinNode() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
grid(0).context().security().createUser("test0", "test".toCharArray());
grid(0).context().security().createUser("test1", "test".toCharArray());
@@ -272,9 +255,6 @@
assertNotNull(secCtx1);
assertEquals("test1", secCtx1.subject().login());
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -282,9 +262,7 @@
*/
@Test
public void testAuthenticationInvalidUser() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
for (int i = 0; i < NODES_COUNT; ++i) {
final int nodeIdx = i;
@@ -305,9 +283,6 @@
}, IgniteAccessControlException.class, "The user name or password is incorrect");
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -315,17 +290,12 @@
*/
@Test
public void testAddUpdateRemoveUser() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
for (int i = 0; i < NODES_COUNT; ++i) {
for (int j = 0; j < NODES_COUNT; ++j)
checkAddUpdateRemoveUser(grid(i), grid(j));
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -333,9 +303,7 @@
*/
@Test
public void testUpdateUser() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
grid(0).context().security().createUser("test", "test".toCharArray());
SecurityContext secCtx = authenticate(grid(0), "test", "test");
@@ -345,9 +313,6 @@
checkUpdateUser(secCtx, grid(i), grid(j));
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -355,9 +320,7 @@
*/
@Test
public void testUpdateRemoveDoesNotExistsUser() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
for (int i = 0; i < NODES_COUNT; ++i) {
final int nodeIdx = i;
@@ -378,9 +341,6 @@
}, UserManagementException.class, "User doesn't exist");
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -388,9 +348,7 @@
*/
@Test
public void testAddAlreadyExistsUser() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
grid(0).context().security().createUser("test", "test".toCharArray());
for (int i = 0; i < NODES_COUNT; ++i) {
@@ -405,9 +363,6 @@
}, UserManagementException.class, "User already exists");
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -415,11 +370,9 @@
*/
@Test
public void testAuthorizeOnClientDisconnect() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- grid(CLI_NODE).context().security().createUser("test", "test".toCharArray());
-
- nodeCtxsHnd.close();
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
+ grid(CLI_NODE).context().security().createUser("test", "test".toCharArray());
+ }
final IgniteInternalFuture stopServersFut = GridTestUtils.runAsync(new Runnable() {
@Override public void run() {
@@ -486,9 +439,7 @@
*/
@Test
public void testUserPersistence() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
for (int i = 0; i < NODES_COUNT; ++i)
grid(i).context().security().createUser("test" + i, ("passwd" + i).toCharArray());
@@ -513,9 +464,6 @@
assertEquals("ignite", secCtx.subject().login());
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**
@@ -523,9 +471,7 @@
*/
@Test
public void testDefaultUserPersistence() throws Exception {
- AutoCloseable nodeCtxsHnd = withSecurityContextOnAllNodes(secCtxDflt);
-
- try {
+ try (AutoCloseable ignored = withSecurityContextOnAllNodes(secCtxDflt)) {
grid(CLI_NODE).context().security().createUser("test", "passwd".toCharArray());
stopAllGrids();
@@ -547,9 +493,6 @@
assertEquals("test", secCtx.subject().login());
}
}
- finally {
- nodeCtxsHnd.close();
- }
}
/**