From a0d55347b9f41d0c36af50c93f0dc314e0ee031c Mon Sep 17 00:00:00 2001 From: Mikhail Petrov <32207922+petrov-mg@users.noreply.github.com> Date: Wed, 10 Jan 2024 13:59:07 +0300 Subject: [PATCH] IGNITE-21216 Excluded tasks that are not in the Ignite package from system tasks. (#11167) --- .../processors/security/IgniteSecurityAdapter.java | 9 ++++++++- .../internal/processors/security/SecurityUtils.java | 11 +++++++++++ .../org/apache/ignite/internal/util/IgniteUtils.java | 2 +- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java index be874b469cc3e..2c1984629d76c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/IgniteSecurityAdapter.java @@ -26,6 +26,7 @@ import org.apache.ignite.internal.util.typedef.F; import static org.apache.ignite.internal.processors.security.SecurityUtils.doPrivileged; +import static org.apache.ignite.internal.processors.security.SecurityUtils.isInIgnitePackage; /** */ public abstract class IgniteSecurityAdapter extends GridProcessorAdapter implements IgniteSecurity { @@ -47,7 +48,13 @@ protected IgniteSecurityAdapter(GridKernalContext ctx) { c -> { ProtectionDomain pd = doPrivileged(c::getProtectionDomain); - return pd != null && F.eq(CORE_CODE_SOURCE, pd.getCodeSource()); + return pd != null + && F.eq(CORE_CODE_SOURCE, pd.getCodeSource()) + // It allows users create an Uber-JAR that includes both Ignite source code and custom classes + // and to pass mentioned classes to Ignite via public API (e.g. tasks execution). + // Otherwise, Ignite will treat custom classes as internal and block their execution through the + // public API. + && isInIgnitePackage(cls); } ); } diff --git a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java index 384a5153dbf07..0bb26afac202e 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/processors/security/SecurityUtils.java @@ -58,6 +58,9 @@ import org.apache.ignite.spi.IgniteSpiException; import org.apache.ignite.spi.discovery.DiscoverySpiNodeAuthenticator; +import static org.apache.ignite.internal.util.IgniteUtils.IGNITE_PKG; +import static org.apache.ignite.internal.util.IgniteUtils.packageName; + /** * Security utilities. */ @@ -245,6 +248,14 @@ public static Object unwrap(Object target) { return target instanceof GridInternalWrapper ? ((GridInternalWrapper)target).userObject() : target; } + /** + * @param cls Class instance. + * @return Whether specified class is in Ignite package. + */ + public static boolean isInIgnitePackage(Class cls) { + return packageName(cls).startsWith(IGNITE_PKG); + } + /** * @return True if current thread runs inside the Ignite Sandbox. */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java b/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java index 37ca4feabe6ef..695439ab1f36b 100755 --- a/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/util/IgniteUtils.java @@ -10527,7 +10527,7 @@ else if ((mods & Modifier.PRIVATE) != 0) * @param cls Class. * @return Package name. */ - private static String packageName(Class cls) { + public static String packageName(Class cls) { Package pkg = cls.getPackage(); return pkg == null ? "" : pkg.getName();