@Override public Result execute(Session session) throws StatementException { GlobalAuthorizationConfiguration gac = session.getCacheManager().getCacheManagerConfiguration().security().authorization(); if (!gac.enabled()) { throw log.authorizationNotEnabledOnContainer(); } if (!(gac.principalRoleMapper() instanceof ClusterRoleMapper)) { throw log.noClusterPrincipalMapper("GRANT"); } ClusterRoleMapper cpm = (ClusterRoleMapper) gac.principalRoleMapper(); cpm.grant(roleName, principalName); return EmptyResult.RESULT; }
private ConfigurationBuilder getScriptCacheConfiguration() { GlobalConfiguration globalConfiguration = cacheManager.getGlobalComponentRegistry().getGlobalConfiguration(); ConfigurationBuilder cfg = new ConfigurationBuilder(); cfg.encoding().key().mediaType(APPLICATION_OBJECT_TYPE); cfg.encoding().value().mediaType(APPLICATION_OBJECT_TYPE); cfg.customInterceptors().addInterceptor().interceptor(new ScriptingInterceptor()).before(CacheMgmtInterceptor.class); if (globalConfiguration.security().authorization().enabled()) { globalConfiguration.security().authorization().roles().put(SCRIPT_MANAGER_ROLE, new CacheRoleImpl(SCRIPT_MANAGER_ROLE, AuthorizationPermission.ALL)); cfg.security().authorization().enable().role(SCRIPT_MANAGER_ROLE); globalAuthzHelper = cacheManager.getGlobalComponentRegistry().getComponent(AuthorizationHelper.class); } return cfg; }
@Start public void start() { this.useSecurity = cacheManager.getCacheManagerConfiguration().security().authorization().enabled(); }
@Override public ClusterRoleMapper run() throws Exception { cacheManager = createCacheManager(); cpm = (ClusterRoleMapper) cacheManager.getCacheManagerConfiguration().security().authorization().principalRoleMapper(); cpm.grant("admin", "admin"); cache = cacheManager.getCache(); return cpm; } });
compareAttributeSets("Global", globalConfigurationBefore.globalState().attributes(), globalConfigurationAfter.globalState().attributes(), "localConfigurationStorage"); compareAttributeSets("Global", globalConfigurationBefore.globalJmxStatistics().attributes(), globalConfigurationAfter.globalJmxStatistics().attributes(), "mBeanServerLookup"); compareAttributeSets("Global", globalConfigurationBefore.security().authorization().attributes(), globalConfigurationAfter.security().authorization().attributes()); compareAttributeSets("Global", globalConfigurationBefore.serialization().attributes(), globalConfigurationAfter.serialization().attributes(), "marshaller", "classResolver"); compareAttributeSets("Global", globalConfigurationBefore.transport().attributes(), globalConfigurationAfter.transport().attributes(), "transport");
private void preStartCaches() { // Start defined caches to avoid issues with lazily started caches. Skip internal caches if authorization is not // enabled InternalCacheRegistry icr = cacheManager.getGlobalComponentRegistry().getComponent(InternalCacheRegistry.class); boolean authz = cacheManager.getCacheManagerConfiguration().security().authorization().enabled(); for (String cacheName : cacheManager.getCacheNames()) { getCacheInstance(UNKNOWN_TYPES, null, cacheName, cacheManager, false, (!icr.internalCacheHasFlag(cacheName, InternalCacheRegistry.Flag.PROTECTED) || authz)); } }
@Override protected void setup() throws Exception { cpm = Security.doAs(ADMIN, (PrivilegedExceptionAction<ClusterRoleMapper>) () -> { cacheManager = createCacheManager(); cpm = (ClusterRoleMapper) cacheManager.getCacheManagerConfiguration().security().authorization().principalRoleMapper(); cpm.grant("admin", "admin"); cache = cacheManager.getCache(); return cpm; }); }
@Override public Result execute(Session session) throws StatementException { GlobalAuthorizationConfiguration gac = session.getCacheManager().getCacheManagerConfiguration().security().authorization(); if (!gac.enabled()) { throw log.authorizationNotEnabledOnContainer(); } if (!(gac.principalRoleMapper() instanceof ClusterRoleMapper)) { throw log.noClusterPrincipalMapper("DENY"); } ClusterRoleMapper cpm = (ClusterRoleMapper) gac.principalRoleMapper(); cpm.deny(roleName, principalName); return EmptyResult.RESULT; }
@Override public Result execute(Session session) throws StatementException { GlobalAuthorizationConfiguration gac = session.getCacheManager().getCacheManagerConfiguration().security().authorization(); if (!gac.enabled()) { throw log.authorizationNotEnabledOnContainer(); } if (!(gac.principalRoleMapper() instanceof ClusterRoleMapper)) { throw log.noClusterPrincipalMapper("ROLES"); } ClusterRoleMapper cpm = (ClusterRoleMapper) gac.principalRoleMapper(); if (principalName != null) { return new StringResult(cpm.list(principalName).toString()); } else { return new StringResult(cpm.listAll()); } }