This is an automated email from the ASF dual-hosted git repository. nizhikov pushed a commit to branch IGNITE-25090 in repository https://gitbox.apache.org/repos/asf/ignite.git
commit 8683ec8afa1943c16762eaaa28516a712e836929 Author: Nikolay Izhikov <[email protected]> AuthorDate: Wed Sep 24 12:45:28 2025 +0300 IGNITE-26478 Fix test --- .../processors/security/IgniteSecurityAdapter.java | 32 ++++++++++++++++++---- .../sandbox/IgniteOperationsInsideSandboxTest.java | 5 ++++ 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java index 9cf0a67bb40..c9d7aa28acc 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java @@ -19,19 +19,34 @@ package org.apache.ignite.internal.processors.security; import java.security.CodeSource; import java.security.ProtectionDomain; -import java.util.Objects; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; +import org.apache.ignite.binary.BinaryType; import org.apache.ignite.internal.GridKernalContext; import org.apache.ignite.internal.processors.GridProcessorAdapter; +import org.apache.ignite.internal.util.typedef.internal.U; import static org.apache.ignite.internal.processors.security.SecurityUtils.doPrivileged; import static org.apache.ignite.internal.processors.security.SecurityUtils.isInIgnitePackage; /** */ public abstract class IgniteSecurityAdapter extends GridProcessorAdapter implements IgniteSecurity { - /** Code source for ignite-core module. */ - private static final CodeSource CORE_CODE_SOURCE = SecurityUtils.class.getProtectionDomain().getCodeSource(); + /** Code sources for ignite modules. */ + private static final Set<CodeSource> MODULES = new HashSet<>(Arrays.asList( + SecurityUtils.class.getProtectionDomain().getCodeSource(), //ignite-core + BinaryType.class.getProtectionDomain().getCodeSource() //ignite-binary-api + )); + + static { + // ignite-binary-impl. Theoretically, can be absent in runtime due to other implementation of binary-api. + Class<?> jdkMarshCls = U.classForName("org.apache.ignite.marshaller.jdk.JdkMarshallerImpl", null); + + if (jdkMarshCls != null) + MODULES.add(jdkMarshCls.getProtectionDomain().getCodeSource()); + } /** System types cache. */ private static final ConcurrentMap<Class<?>, Boolean> SYSTEM_TYPES = new ConcurrentHashMap<>(); @@ -48,8 +63,15 @@ public abstract class IgniteSecurityAdapter extends GridProcessorAdapter impleme c -> { ProtectionDomain pd = doPrivileged(c::getProtectionDomain); - return pd != null - && Objects.equals(CORE_CODE_SOURCE, pd.getCodeSource()) + if (pd == null) + return false; + + CodeSource cs = pd.getCodeSource(); + + if (cs == null) + return false; + + return MODULES.contains(cs) // It allows users create an Uber-JAR that includes both Ignite source code and custom classes // and to pass mentioned classes to Ignite via public API (e.g. tasks execution). // Otherwise, Ignite will treat custom classes as internal and block their execution through the diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/IgniteOperationsInsideSandboxTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/IgniteOperationsInsideSandboxTest.java index 9300660d557..f066b51ca7b 100644 --- a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/IgniteOperationsInsideSandboxTest.java +++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/sandbox/IgniteOperationsInsideSandboxTest.java @@ -53,6 +53,8 @@ import org.apache.ignite.internal.util.typedef.T2; import org.apache.ignite.lang.IgniteCallable; import org.apache.ignite.lang.IgniteClosure; import org.apache.ignite.lang.IgniteRunnable; +import org.apache.ignite.marshaller.Marshallers; +import org.apache.ignite.marshaller.jdk.JdkMarshaller; import org.apache.ignite.resources.IgniteInstanceResource; import org.apache.ignite.transactions.Transaction; import org.jetbrains.annotations.Nullable; @@ -304,6 +306,9 @@ public class IgniteOperationsInsideSandboxTest extends AbstractSandboxTest { ignite.cache(TEST_CACHE).put(0, new Object()); BinaryObject obj = (BinaryObject)ignite.cache(TEST_CACHE).withKeepBinary().get(0); obj.toString(); + + JdkMarshaller jdk = Marshallers.jdk(); + jdk.toString(); } }); }
