/** * Constructor. * * @param op Operation. * @param fut Operation finish future. */ private UserOperationWorker(UserManagementOperation op, UserOperationFinishFuture fut) { super(ctx.igniteInstanceName(), "auth-op-" + op.type(), IgniteAuthenticationProcessor.this.log); this.op = op; this.fut = fut; }
/** * @param op User operation to check. * @throws IgniteAccessControlException If operation check fails: user hasn't permissions for user management * or try to remove default user. */ public void checkUserOperation(UserManagementOperation op) throws IgniteAccessControlException { assert op != null; if (user == null) throw new IgniteAccessControlException("Operation not allowed: authorized context is empty."); if (!User.DFAULT_USER_NAME.equals(user.name()) && !(UserManagementOperation.OperationType.UPDATE == op.type() && user.name().equals(op.user().name()))) throw new IgniteAccessControlException("User management operations are not allowed for user. " + "[curUser=" + user.name() + ']'); if (op.type() == UserManagementOperation.OperationType.REMOVE && User.DFAULT_USER_NAME.equals(op.user().name())) throw new IgniteAccessControlException("Default user cannot be removed."); }
/** * @param op The operation with users. * @throws IgniteCheckedException On error. */ private void processOperationLocal(UserManagementOperation op) throws IgniteCheckedException { assert op != null && op.user() != null : "Invalid operation: " + op; switch (op.type()) { case ADD: addUserLocal(op); break; case REMOVE: removeUserLocal(op); break; case UPDATE: updateUserLocal(op); break; } }
/** * Constructor. * * @param op Operation. * @param fut Operation finish future. */ private UserOperationWorker(UserManagementOperation op, UserOperationFinishFuture fut) { super(ctx.igniteInstanceName(), "auth-op-" + op.type(), IgniteAuthenticationProcessor.this.log); this.op = op; this.fut = fut; }
/** * @param op User operation to check. * @throws IgniteAccessControlException If operation check fails: user hasn't permissions for user management * or try to remove default user. */ public void checkUserOperation(UserManagementOperation op) throws IgniteAccessControlException { assert op != null; if (user == null) throw new IgniteAccessControlException("Operation not allowed: authorized context is empty."); if (!User.DFAULT_USER_NAME.equals(user.name()) && !(UserManagementOperation.OperationType.UPDATE == op.type() && user.name().equals(op.user().name()))) throw new IgniteAccessControlException("User management operations are not allowed for user. " + "[curUser=" + user.name() + ']'); if (op.type() == UserManagementOperation.OperationType.REMOVE && User.DFAULT_USER_NAME.equals(op.user().name())) throw new IgniteAccessControlException("Default user cannot be removed."); }
/** * @param op The operation with users. * @throws IgniteCheckedException On error. */ private void processOperationLocal(UserManagementOperation op) throws IgniteCheckedException { assert op != null && op.user() != null : "Invalid operation: " + op; switch (op.type()) { case ADD: addUserLocal(op); break; case REMOVE: removeUserLocal(op); break; case UPDATE: updateUserLocal(op); break; } }