Repository: ignite Updated Branches: refs/heads/master 7338445ac -> abe8e67e6
Corrected fix for REST processor wrt authentication Project: http://git-wip-us.apache.org/repos/asf/ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/707c454a Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/707c454a Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/707c454a Branch: refs/heads/master Commit: 707c454ad9c3b4132e2d0a20d15dc1eb2ed295b0 Parents: 478d3b5 Author: Alexey Goncharuk <alexey.goncha...@gmail.com> Authored: Wed Jul 12 10:53:46 2017 +0300 Committer: Alexey Goncharuk <alexey.goncha...@gmail.com> Committed: Wed Jul 12 10:53:46 2017 +0300 ---------------------------------------------------------------------- .../processors/rest/GridRestProcessor.java | 45 ++++++-------------- 1 file changed, 12 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ignite/blob/707c454a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java index fd5583d..9842883 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java @@ -243,23 +243,21 @@ public class GridRestProcessor extends GridProcessorAdapter { SecurityContext secCtx0 = ses.secCtx; - if (ctx.state().publicApiActiveState() || !isClusterActivateTaskRequest(req)) { - try { - if (secCtx0 == null) - ses.secCtx = secCtx0 = authenticate(req); + try { + if (secCtx0 == null) + ses.secCtx = secCtx0 = authenticate(req); - authorize(req, secCtx0); - } - catch (SecurityException e) { - assert secCtx0 != null; + authorize(req, secCtx0); + } + catch (SecurityException e) { + assert secCtx0 != null; - GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()); + GridRestResponse res = new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()); - return new GridFinishedFuture<>(res); - } - catch (IgniteCheckedException e) { - return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage())); - } + return new GridFinishedFuture<>(res); + } + catch (IgniteCheckedException e) { + return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage())); } } @@ -321,25 +319,6 @@ public class GridRestProcessor extends GridProcessorAdapter { } /** - * We skip authentication for activate cluster request. - * It's necessary workaround to make possible cluster activation through Visor, - * as security checks require working caches. - * - * @param req Request. - */ - private boolean isClusterActivateTaskRequest(GridRestRequest req) { - if (req instanceof GridRestTaskRequest) { - GridRestTaskRequest taskReq = (GridRestTaskRequest)req; - - if (VisorGatewayTask.class.getCanonicalName().equals(taskReq.taskName()) && - taskReq.params().contains(VisorChangeGridActiveStateTask.class.getCanonicalName())) - return true; - } - - return false; - } - - /** * @param req Request. * @return Not null session. * @throws IgniteCheckedException If failed.