IGNITE-21216 Excluded tasks that are not in the Ignite package from s…

…ystem tasks. (#11167)
apache · Jan 10, 2024 · a0d5534 · a0d5534
1 parent 06e80f4
commit a0d5534
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/...e/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java b/...e/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java
@@ -26,6 +26,7 @@
 import org.apache.ignite.internal.util.typedef.F;
 
 import static org.apache.ignite.internal.processors.security.SecurityUtils.doPrivileged;
+import static org.apache.ignite.internal.processors.security.SecurityUtils.isInIgnitePackage;
 
 /** */
 public abstract class IgniteSecurityAdapter extends GridProcessorAdapter implements IgniteSecurity {
@@ -47,7 +48,13 @@ protected IgniteSecurityAdapter(GridKernalContext ctx) {
             c -> {
                 ProtectionDomain pd = doPrivileged(c::getProtectionDomain);
 
-                return pd != null && F.eq(CORE_CODE_SOURCE, pd.getCodeSource());
+                return pd != null
+                    && F.eq(CORE_CODE_SOURCE, pd.getCodeSource())
+                    // It allows users create an Uber-JAR that includes both Ignite source code and custom classes
+                    // and to pass mentioned classes to Ignite via public API (e.g. tasks execution).
+                    // Otherwise, Ignite will treat custom classes as internal and block their execution through the
+                    // public API.
+                    && isInIgnitePackage(cls);
             }
         );
     }

diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java
@@ -58,6 +58,9 @@
 import org.apache.ignite.spi.IgniteSpiException;
 import org.apache.ignite.spi.discovery.DiscoverySpiNodeAuthenticator;
 
+import static org.apache.ignite.internal.util.IgniteUtils.IGNITE_PKG;
+import static org.apache.ignite.internal.util.IgniteUtils.packageName;
+
 /**
  * Security utilities.
  */
@@ -245,6 +248,14 @@ public static Object unwrap(Object target) {
         return target instanceof GridInternalWrapper ? ((GridInternalWrapper<?>)target).userObject() : target;
     }
 
+    /**
+     * @param cls Class instance.
+     * @return Whether specified class is in Ignite package.
+     */
+    public static boolean isInIgnitePackage(Class<?> cls) {
+        return packageName(cls).startsWith(IGNITE_PKG);
+    }
+
     /**
      * @return True if current thread runs inside the Ignite Sandbox.
      */

diff --git a/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java
@@ -10527,7 +10527,7 @@ else if ((mods & Modifier.PRIVATE) != 0)
      * @param cls Class.
      * @return Package name.
      */
-    private static String packageName(Class<?> cls) {
+    public static String packageName(Class<?> cls) {
         Package pkg = cls.getPackage();
 
         return pkg == null ? "" : pkg.getName();