/** * @param login User name. * @param passwd User password. * @throws IgniteCheckedException On error. */ public void updateUser(String login, String passwd) throws IgniteCheckedException { UserManagementOperation op = new UserManagementOperation(User.create(login, passwd), UserManagementOperation.OperationType.UPDATE); execUserOperation(op).get(); }
/** * Adds new user locally. * * @param op User operation. * @throws IgniteCheckedException On error. */ private void addUserLocal(final UserManagementOperation op) throws IgniteCheckedException { User usr = op.user(); String userName = usr.name(); if (users.containsKey(userName)) throw new UserManagementException("User already exists [login=" + userName + ']'); metastorage.write(STORE_USER_PREFIX + userName, usr); synchronized (mux) { activeOps.remove(op.id()); users.put(userName, usr); } }
/** * @param op The operation with users. * @throws IgniteCheckedException On error. */ private void processOperationLocal(UserManagementOperation op) throws IgniteCheckedException { assert op != null && op.user() != null : "Invalid operation: " + op; switch (op.type()) { case ADD: addUserLocal(op); break; case REMOVE: removeUserLocal(op); break; case UPDATE: updateUserLocal(op); break; } }
/** * Register operation, future and add operation worker to execute queue. * * @param op User operation. */ private void submitOperation(UserManagementOperation op) { synchronized (mux) { UserOperationFinishFuture fut = opFinishFuts.get(op.id()); if (fut == null) { fut = new UserOperationFinishFuture(op.id()); opFinishFuts.put(op.id(), fut); } if (!fut.workerSubmitted()) { fut.workerSubmitted(true); activeOps.put(op.id(), op); exec.execute(new UserOperationWorker(op, fut)); } } }
/** * Constructor. * * @param op Operation. * @param fut Operation finish future. */ private UserOperationWorker(UserManagementOperation op, UserOperationFinishFuture fut) { super(ctx.igniteInstanceName(), "auth-op-" + op.type(), IgniteAuthenticationProcessor.this.log); this.op = op; this.fut = fut; }
/** * Constructor. * * @param op Operation. * @param fut Operation finish future. */ private UserOperationWorker(UserManagementOperation op, UserOperationFinishFuture fut) { super(ctx.igniteInstanceName(), "auth-op-" + op.type(), IgniteAuthenticationProcessor.this.log); this.op = op; this.fut = fut; }
/** * Remove user from MetaStorage. * * @param op Operation. * @throws IgniteCheckedException On error. */ private void removeUserLocal(UserManagementOperation op) throws IgniteCheckedException { User usr = op.user(); if (!users.containsKey(usr.name())) throw new UserManagementException("User doesn't exist [userName=" + usr.name() + ']'); metastorage.remove(STORE_USER_PREFIX + usr.name()); synchronized (mux) { activeOps.remove(op.id()); users.remove(usr.name()); } }
/** * @param op User operation to check. * @throws IgniteAccessControlException If operation check fails: user hasn't permissions for user management * or try to remove default user. */ public void checkUserOperation(UserManagementOperation op) throws IgniteAccessControlException { assert op != null; if (user == null) throw new IgniteAccessControlException("Operation not allowed: authorized context is empty."); if (!User.DFAULT_USER_NAME.equals(user.name()) && !(UserManagementOperation.OperationType.UPDATE == op.type() && user.name().equals(op.user().name()))) throw new IgniteAccessControlException("User management operations are not allowed for user. " + "[curUser=" + user.name() + ']'); if (op.type() == UserManagementOperation.OperationType.REMOVE && User.DFAULT_USER_NAME.equals(op.user().name())) throw new IgniteAccessControlException("Default user cannot be removed."); }
/** * @param login User name. * @throws IgniteCheckedException On error. */ public void removeUser(String login) throws IgniteCheckedException { UserManagementOperation op = new UserManagementOperation(User.create(login), UserManagementOperation.OperationType.REMOVE); execUserOperation(op).get(); }
/** * @param op User operation. * @return Operation future. * @throws IgniteCheckedException On error. */ private UserOperationFinishFuture execUserOperation(UserManagementOperation op) throws IgniteCheckedException { checkActivate(); checkEnabled(); synchronized (mux) { if (disconnected) { throw new UserManagementException("Failed to initiate user management operation because " + "client node is disconnected."); } AuthorizationContext actx = AuthorizationContext.context(); if (actx == null) throw new IgniteAccessControlException("Operation not allowed: authorized context is empty."); actx.checkUserOperation(op); UserOperationFinishFuture fut = new UserOperationFinishFuture(op.id()); opFinishFuts.put(op.id(), fut); UserProposedMessage msg = new UserProposedMessage(op); ctx.discovery().sendCustomEvent(msg); return fut; } }
/** * Remove user from MetaStorage. * * @param op Operation. * @throws IgniteCheckedException On error. */ private void updateUserLocal(UserManagementOperation op) throws IgniteCheckedException { User usr = op.user(); if (!users.containsKey(usr.name())) throw new UserManagementException("User doesn't exist [userName=" + usr.name() + ']'); metastorage.write(STORE_USER_PREFIX + usr.name(), usr); synchronized (mux) { activeOps.remove(op.id()); users.put(usr.name(), usr); } }
/** * @param op The operation with users. * @throws IgniteCheckedException On error. */ private void processOperationLocal(UserManagementOperation op) throws IgniteCheckedException { assert op != null && op.user() != null : "Invalid operation: " + op; switch (op.type()) { case ADD: addUserLocal(op); break; case REMOVE: removeUserLocal(op); break; case UPDATE: updateUserLocal(op); break; } }
/** * Adds new user. * * @param login User's login. * @param passwd Plain text password. * @throws IgniteCheckedException On error. */ public void addUser(String login, String passwd) throws IgniteCheckedException { validate(login, passwd); UserManagementOperation op = new UserManagementOperation(User.create(login, passwd), UserManagementOperation.OperationType.ADD); execUserOperation(op).get(); }
/** * Register operation, future and add operation worker to execute queue. * * @param op User operation. */ private void submitOperation(UserManagementOperation op) { synchronized (mux) { UserOperationFinishFuture fut = opFinishFuts.get(op.id()); if (fut == null) { fut = new UserOperationFinishFuture(op.id()); opFinishFuts.put(op.id(), fut); } if (!fut.workerSubmitted()) { fut.workerSubmitted(true); activeOps.put(op.id(), op); exec.execute(new UserOperationWorker(op, fut)); } } }
/** * Adds new user locally. * * @param op User operation. * @throws IgniteCheckedException On error. */ private void addUserLocal(final UserManagementOperation op) throws IgniteCheckedException { User usr = op.user(); String userName = usr.name(); if (users.containsKey(userName)) throw new UserManagementException("User already exists [login=" + userName + ']'); metastorage.write(STORE_USER_PREFIX + userName, usr); synchronized (mux) { activeOps.remove(op.id()); users.put(userName, usr); } }
/** * @param op User operation to check. * @throws IgniteAccessControlException If operation check fails: user hasn't permissions for user management * or try to remove default user. */ public void checkUserOperation(UserManagementOperation op) throws IgniteAccessControlException { assert op != null; if (user == null) throw new IgniteAccessControlException("Operation not allowed: authorized context is empty."); if (!User.DFAULT_USER_NAME.equals(user.name()) && !(UserManagementOperation.OperationType.UPDATE == op.type() && user.name().equals(op.user().name()))) throw new IgniteAccessControlException("User management operations are not allowed for user. " + "[curUser=" + user.name() + ']'); if (op.type() == UserManagementOperation.OperationType.REMOVE && User.DFAULT_USER_NAME.equals(op.user().name())) throw new IgniteAccessControlException("Default user cannot be removed."); }
/** * @param login User name. * @throws IgniteCheckedException On error. */ public void removeUser(String login) throws IgniteCheckedException { UserManagementOperation op = new UserManagementOperation(User.create(login), UserManagementOperation.OperationType.REMOVE); execUserOperation(op).get(); }
/** * Remove user from MetaStorage. * * @param op Operation. * @throws IgniteCheckedException On error. */ private void updateUserLocal(UserManagementOperation op) throws IgniteCheckedException { User usr = op.user(); if (!users.containsKey(usr.name())) throw new UserManagementException("User doesn't exist [userName=" + usr.name() + ']'); metastorage.write(STORE_USER_PREFIX + usr.name(), usr); synchronized (mux) { activeOps.remove(op.id()); users.put(usr.name(), usr); } }