modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurity.java - ignite - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.ignite.internal.processors.security;

 import java.util.Collection;
 import java.util.UUID;
 import org.apache.ignite.IgniteCheckedException;
 import org.apache.ignite.cluster.ClusterNode;
 import org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox;
 import org.apache.ignite.plugin.security.AuthenticationContext;
 import org.apache.ignite.plugin.security.SecurityCredentials;
 import org.apache.ignite.plugin.security.SecurityException;
 import org.apache.ignite.plugin.security.SecurityPermission;
 import org.apache.ignite.plugin.security.SecuritySubject;

 /**
  * Ignite Security Processor.
  * <p>
  * The differences between {@code IgniteSecurity} and {@code GridSecurityProcessor} are:
  * <ul>
  * <li>{@code IgniteSecurity} allows to define a current security context by
  * {@link #withContext(SecurityContext)} or {@link #withContext(UUID)} methods.
  * <li>{@code IgniteSecurity} doesn't require to pass {@code SecurityContext} to authorize operations.
  * <li>{@code IgniteSecurity} doesn't extend {@code GridProcessor} interface
  * sequentially it doesn't have any methods of the lifecycle of {@code GridProcessor}.
  * </ul>
  */
 public interface IgniteSecurity {
     /**
      * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link
      * #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until
      * holder {@link OperationSecurityContext} will be closed.
      *
      * @param secCtx Security Context.
      * @return Security context holder.
      */
     public OperationSecurityContext withContext(SecurityContext secCtx);

     /**
      * Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link
      * #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by
      * the node with given nodeId until holder {@link OperationSecurityContext} will be closed.
      *
      * @param nodeId Node id.
      * @return Security context holder.
      */
     public OperationSecurityContext withContext(UUID nodeId);

     /** @return {@code True} if current thread executed in default security context. */
     public boolean isDefaultContext();

     /**
      * @return SecurityContext of holder {@link OperationSecurityContext}.
      */
     public SecurityContext securityContext();

     /**
      * Delegates call to {@link GridSecurityProcessor#authenticateNode(org.apache.ignite.cluster.ClusterNode,
      * org.apache.ignite.plugin.security.SecurityCredentials)}
      */
     public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException;

     /**
      * Delegates call to {@link GridSecurityProcessor#isGlobalNodeAuthentication()}
      */
     public boolean isGlobalNodeAuthentication();

     /**
      * Delegates call to {@link GridSecurityProcessor#authenticate(AuthenticationContext)}
      */
     public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException;

     /**
      * Delegates call to {@link GridSecurityProcessor#authenticatedSubjects()}
      */
     public Collection<SecuritySubject> authenticatedSubjects() throws IgniteCheckedException;

     /**
      * Delegates call to {@link GridSecurityProcessor#authenticatedSubject(UUID)}
      */
     public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException;

     /**
      * Delegates call to {@link GridSecurityProcessor#onSessionExpired(UUID)}
      */
     public void onSessionExpired(UUID subjId);

     /**
      * Authorizes grid operation.
      *
      * @param name Cache name or task class name.
      * @param perm Permission to authorize.
      * @throws SecurityException If security check failed.
      */
     public void authorize(String name, SecurityPermission perm) throws SecurityException;

     /**
      * Authorizes grid system operation.
      *
      * @param perm Permission to authorize.
      * @throws SecurityException If security check failed.
      */
     public default void authorize(SecurityPermission perm) throws SecurityException {
         authorize(null, perm);
     }

     /**
      * @return Instance of IgniteSandbox.
      */
     public IgniteSandbox sandbox();

     /**
      * @return True if IgniteSecurity is a plugin implementation,
      * false if it's used a default NoOp implementation.
      */
     public boolean enabled();

     /**
      * Creates user with the specified login and password.
      *
      * @param login Login of the user to be created.
      * @param pwd User password.
      * @throws IgniteCheckedException If error occurred.
      */
     public void createUser(String login, char[] pwd) throws IgniteCheckedException;

     /**
      * Alters password of user with the specified login.
      *
      * @param login Login of the user which password should be altered.
      * @param pwd User password to alter.
      * @throws IgniteCheckedException If error occurred.
      */
     public void alterUser(String login, char[] pwd) throws IgniteCheckedException;

     /**
      * Drops user with the specified login.
      *
      * @param login Login of the user to be dropped.
      * @throws IgniteCheckedException If error occurred.
      */
     public void dropUser(String login) throws IgniteCheckedException;

     /**
      * Callback for local join events for which the regular events are not generated.
      * <p/>
      * Local join event is expected in cases of joining to topology or client reconnect.
      */
     public void onLocalJoin();
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.ignite.internal.processors.security;

	import java.util.Collection;
	import java.util.UUID;
	import org.apache.ignite.IgniteCheckedException;
	import org.apache.ignite.cluster.ClusterNode;
	import org.apache.ignite.internal.processors.security.sandbox.IgniteSandbox;
	import org.apache.ignite.plugin.security.AuthenticationContext;
	import org.apache.ignite.plugin.security.SecurityCredentials;
	import org.apache.ignite.plugin.security.SecurityException;
	import org.apache.ignite.plugin.security.SecurityPermission;
	import org.apache.ignite.plugin.security.SecuritySubject;

	/**
	* Ignite Security Processor.
	* <p>
	* The differences between {@code IgniteSecurity} and {@code GridSecurityProcessor} are:
	* <ul>
	* <li>{@code IgniteSecurity} allows to define a current security context by
	* {@link #withContext(SecurityContext)} or {@link #withContext(UUID)} methods.
	* <li>{@code IgniteSecurity} doesn't require to pass {@code SecurityContext} to authorize operations.
	* <li>{@code IgniteSecurity} doesn't extend {@code GridProcessor} interface
	* sequentially it doesn't have any methods of the lifecycle of {@code GridProcessor}.
	* </ul>
	*/
	public interface IgniteSecurity {
	/**
	* Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link
	* #authorize(SecurityPermission)} will be processed into the context of passed {@link SecurityContext} until
	* holder {@link OperationSecurityContext} will be closed.
	*
	* @param secCtx Security Context.
	* @return Security context holder.
	*/
	public OperationSecurityContext withContext(SecurityContext secCtx);

	/**
	* Creates {@link OperationSecurityContext}. All calls of methods {@link #authorize(String, SecurityPermission)} or {@link
	* #authorize(SecurityPermission)} will be processed into the context of {@link SecurityContext} that is owned by
	* the node with given nodeId until holder {@link OperationSecurityContext} will be closed.
	*
	* @param nodeId Node id.
	* @return Security context holder.
	*/
	public OperationSecurityContext withContext(UUID nodeId);

	/** @return {@code True} if current thread executed in default security context. */
	public boolean isDefaultContext();

	/**
	* @return SecurityContext of holder {@link OperationSecurityContext}.
	*/
	public SecurityContext securityContext();

	/**
	* Delegates call to {@link GridSecurityProcessor#authenticateNode(org.apache.ignite.cluster.ClusterNode,
	* org.apache.ignite.plugin.security.SecurityCredentials)}
	*/
	public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) throws IgniteCheckedException;

	/**
	* Delegates call to {@link GridSecurityProcessor#isGlobalNodeAuthentication()}
	*/
	public boolean isGlobalNodeAuthentication();

	/**
	* Delegates call to {@link GridSecurityProcessor#authenticate(AuthenticationContext)}
	*/
	public SecurityContext authenticate(AuthenticationContext ctx) throws IgniteCheckedException;

	/**
	* Delegates call to {@link GridSecurityProcessor#authenticatedSubjects()}
	*/
	public Collection<SecuritySubject> authenticatedSubjects() throws IgniteCheckedException;

	/**
	* Delegates call to {@link GridSecurityProcessor#authenticatedSubject(UUID)}
	*/
	public SecuritySubject authenticatedSubject(UUID subjId) throws IgniteCheckedException;

	/**
	* Delegates call to {@link GridSecurityProcessor#onSessionExpired(UUID)}
	*/
	public void onSessionExpired(UUID subjId);

	/**
	* Authorizes grid operation.
	*
	* @param name Cache name or task class name.
	* @param perm Permission to authorize.
	* @throws SecurityException If security check failed.
	*/
	public void authorize(String name, SecurityPermission perm) throws SecurityException;

	/**
	* Authorizes grid system operation.
	*
	* @param perm Permission to authorize.
	* @throws SecurityException If security check failed.
	*/
	public default void authorize(SecurityPermission perm) throws SecurityException {
	authorize(null, perm);
	}

	/**
	* @return Instance of IgniteSandbox.
	*/
	public IgniteSandbox sandbox();

	/**
	* @return True if IgniteSecurity is a plugin implementation,
	* false if it's used a default NoOp implementation.
	*/
	public boolean enabled();

	/**
	* Creates user with the specified login and password.
	*
	* @param login Login of the user to be created.
	* @param pwd User password.
	* @throws IgniteCheckedException If error occurred.
	*/
	public void createUser(String login, char[] pwd) throws IgniteCheckedException;

	/**
	* Alters password of user with the specified login.
	*
	* @param login Login of the user which password should be altered.
	* @param pwd User password to alter.
	* @throws IgniteCheckedException If error occurred.
	*/
	public void alterUser(String login, char[] pwd) throws IgniteCheckedException;

	/**
	* Drops user with the specified login.
	*
	* @param login Login of the user to be dropped.
	* @throws IgniteCheckedException If error occurred.
	*/
	public void dropUser(String login) throws IgniteCheckedException;

	/**
	* Callback for local join events for which the regular events are not generated.
	* <p/>
	* Local join event is expected in cases of joining to topology or client reconnect.
	*/
	public void onLocalJoin();
	}