IGNITE-23958 Fixed security context propagation for async transactional operations (#11732)

(cherry picked from commit d547038)

Author: petrov-mg

modules/core/src/main/java/org/apache/ignite/IgniteSystemProperties.java

@@ -132,6 +132,7 @@
 import static org.apache.ignite.internal.processors.performancestatistics.FilePerformanceStatisticsWriter.DFLT_CACHED_STRINGS_THRESHOLD;
 import static org.apache.ignite.internal.processors.performancestatistics.FilePerformanceStatisticsWriter.DFLT_FILE_MAX_SIZE;
 import static org.apache.ignite.internal.processors.performancestatistics.FilePerformanceStatisticsWriter.DFLT_FLUSH_SIZE;
+import static org.apache.ignite.internal.processors.platform.client.ClientRequestHandler.DFLT_ASYNC_REQUEST_WAIT_TIMEOUT_MILLIS;
 import static org.apache.ignite.internal.processors.query.QueryUtils.DFLT_INDEXING_DISCOVERY_HISTORY_SIZE;
 import static org.apache.ignite.internal.processors.query.schema.SchemaIndexCachePartitionWorker.DFLT_IGNITE_INDEX_REBUILD_BATCH_SIZE;
 import static org.apache.ignite.internal.processors.rest.GridRestProcessor.DFLT_SES_TIMEOUT;
@@ -1319,6 +1320,17 @@ public final class IgniteSystemProperties {
         defaults = "" + DFLT_JVM_PAUSE_DETECTOR_LAST_EVENTS_COUNT)
     public static final String IGNITE_JVM_PAUSE_DETECTOR_LAST_EVENTS_COUNT = "IGNITE_JVM_PAUSE_DETECTOR_LAST_EVENTS_COUNT";
 
+    /**
+     *  Timeout in milliseconds that determines how long Ignite will synchronously wait for asynchronous thin client
+     *  requests to complete before releasing the thread.
+     */
+    @SystemProperty(
+        value = "Timeout in milliseconds that determines how long Ignite will synchronously wait for" +
+            " asynchronous thin client requests to complete before releasing the thread",
+        type = Long.class,
+        defaults = "" + DFLT_ASYNC_REQUEST_WAIT_TIMEOUT_MILLIS)
+    public static final String IGNITE_THIN_CLIENT_ASYNC_REQUESTS_WAIT_TIMEOUT = "IGNITE_THIN_CLIENT_ASYNC_REQUESTS_WAIT_TIMEOUT";
+
     /**
      * Default value is {@code false}.
      *

modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheAdapter.java

@@ -110,6 +110,8 @@
 import org.apache.ignite.internal.processors.dr.IgniteDrDataStreamerCacheUpdater;
 import org.apache.ignite.internal.processors.performancestatistics.OperationType;
 import org.apache.ignite.internal.processors.platform.cache.PlatformCacheEntryFilter;
+import org.apache.ignite.internal.processors.security.OperationSecurityContext;
+import org.apache.ignite.internal.processors.security.SecurityContext;
 import org.apache.ignite.internal.processors.task.GridInternal;
 import org.apache.ignite.internal.transactions.IgniteTxHeuristicCheckedException;
 import org.apache.ignite.internal.transactions.IgniteTxRollbackCheckedException;
@@ -3850,24 +3852,30 @@ protected <T> IgniteInternalFuture<T> asyncOp(
             };
 
             if (fut != null && !fut.isDone()) {
-                IgniteInternalFuture<T> f = new GridEmbeddedFuture(fut,
-                    (IgniteOutClosure<IgniteInternalFuture>)() -> {
-                        GridFutureAdapter resFut = new GridFutureAdapter();
+                SecurityContext secCtx = ctx.kernalContext().security().securityContext();
+
+                IgniteInternalFuture<T> f = new GridEmbeddedFuture<>(
+                    fut,
+                    (IgniteOutClosure<IgniteInternalFuture<T>>)() -> {
+                        GridFutureAdapter<T> resFut = new GridFutureAdapter<>();
 
                         ctx.kernalContext().closure().runLocalSafe((GridPlainRunnable)() -> {
-                            IgniteInternalFuture fut0;
+                            IgniteInternalFuture<T> opFut;
 
                             if (ctx.kernalContext().isStopping())
-                                fut0 = new GridFinishedFuture<>(
+                                opFut = new GridFinishedFuture<>(
                                     new IgniteCheckedException("Operation has been cancelled (node or cache is stopping)."));
                             else if (ctx.gate().isStopped())
-                                fut0 = new GridFinishedFuture<>(new CacheStoppedException(ctx.name()));
+                                opFut = new GridFinishedFuture<>(new CacheStoppedException(ctx.name()));
                             else {
                                 ctx.operationContextPerCall(opCtx);
                                 ctx.shared().txContextReset();
 
-                                try {
-                                    fut0 = op.op(tx0).chain(clo);
+                                try (OperationSecurityContext ignored = ctx.kernalContext().security().withContext(secCtx)) {
+                                    opFut = op.op(tx0).chain(clo);
+                                }
+                                catch (Throwable e) {
+                                    opFut = new GridFinishedFuture<>(e);
                                 }
                                 finally {
                                     // It is necessary to clear tx context in this thread as well.
@@ -3876,9 +3884,9 @@ else if (ctx.gate().isStopped())
                                 }
                             }
 
-                            fut0.listen(() -> {
+                            opFut.listen(lsnrFut -> {
                                 try {
-                                    resFut.onDone(fut0.get());
+                                    resFut.onDone(lsnrFut.get());
                                 }
                                 catch (Throwable ex) {
                                     resFut.onDone(ex);

modules/core/src/main/java/org/apache/ignite/internal/processors/platform/client/ClientRequestHandler.java

@@ -20,6 +20,7 @@
 import org.apache.ignite.IgniteCheckedException;
 import org.apache.ignite.IgniteIllegalStateException;
 import org.apache.ignite.IgniteLogger;
+import org.apache.ignite.IgniteSystemProperties;
 import org.apache.ignite.internal.IgniteFutureTimeoutCheckedException;
 import org.apache.ignite.internal.IgniteInternalFuture;
 import org.apache.ignite.internal.binary.BinaryWriterExImpl;
@@ -39,6 +40,7 @@
 import org.apache.ignite.internal.util.typedef.internal.U;
 import org.apache.ignite.plugin.security.SecurityException;
 
+import static org.apache.ignite.IgniteSystemProperties.IGNITE_THIN_CLIENT_ASYNC_REQUESTS_WAIT_TIMEOUT;
 import static org.apache.ignite.internal.processors.platform.client.ClientProtocolVersionFeature.BITMAP_FEATURES;
 import static org.apache.ignite.internal.processors.platform.client.ClientProtocolVersionFeature.PARTITION_AWARENESS;
 
@@ -47,7 +49,13 @@
  */
 public class ClientRequestHandler implements ClientListenerRequestHandler {
     /** Timeout to wait for async requests completion, to handle them as regular sync requests. */
-    private static final long ASYNC_REQUEST_WAIT_TIMEOUT_MILLIS = 10L;
+    public static final long DFLT_ASYNC_REQUEST_WAIT_TIMEOUT_MILLIS = 10L;
+
+    /** */
+    private final long asyncReqWaitTimeout = IgniteSystemProperties.getLong(
+        IGNITE_THIN_CLIENT_ASYNC_REQUESTS_WAIT_TIMEOUT,
+        DFLT_ASYNC_REQUEST_WAIT_TIMEOUT_MILLIS
+    );
 
     /** Client context. */
     private final ClientConnectionContext ctx;
@@ -122,10 +130,13 @@ private ClientListenerResponse handle0(ClientListenerRequest req) {
         if (req0.isAsync(ctx)) {
             IgniteInternalFuture<ClientResponse> fut = req0.processAsync(ctx);
 
+            if (asyncReqWaitTimeout <= 0)
+                return new ClientAsyncResponse(req0.requestId(), fut);
+
             try {
                 // Give request a chance to be executed and response processed by the current thread,
                 // so we can avoid any performance drops caused by async requests execution.
-                return fut.get(ASYNC_REQUEST_WAIT_TIMEOUT_MILLIS);
+                return fut.get(asyncReqWaitTimeout);
             }
             catch (IgniteFutureTimeoutCheckedException ignored) {
                 return new ClientAsyncResponse(req0.requestId(), fut);

modules/core/src/test/java/org/apache/ignite/internal/processors/security/SecurityContextInternalFuturePropagationTest.java

@@ -0,0 +1,231 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security;
+
+import java.security.Permissions;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.function.Function;
+import com.google.common.collect.ImmutableSet;
+import org.apache.ignite.Ignition;
+import org.apache.ignite.client.ClientAuthorizationException;
+import org.apache.ignite.client.ClientCache;
+import org.apache.ignite.client.ClientException;
+import org.apache.ignite.client.IgniteClient;
+import org.apache.ignite.client.IgniteClientFuture;
+import org.apache.ignite.configuration.CacheConfiguration;
+import org.apache.ignite.configuration.ClientConfiguration;
+import org.apache.ignite.configuration.ClientConnectorConfiguration;
+import org.apache.ignite.configuration.IgniteConfiguration;
+import org.apache.ignite.internal.IgniteEx;
+import org.apache.ignite.internal.IgniteInternalFuture;
+import org.apache.ignite.internal.TestRecordingCommunicationSpi;
+import org.apache.ignite.internal.processors.cache.distributed.GridCacheModuloAffinityFunction;
+import org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsSingleMessage;
+import org.apache.ignite.internal.processors.security.impl.TestSecurityData;
+import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider;
+import org.apache.ignite.internal.util.typedef.X;
+import org.apache.ignite.plugin.security.SecurityPermissionSet;
+import org.apache.ignite.testframework.GridTestUtils;
+import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import static java.util.Collections.singletonMap;
+import static org.apache.ignite.cache.CacheAtomicityMode.TRANSACTIONAL;
+import static org.apache.ignite.internal.processors.cache.distributed.GridCacheModuloAffinityFunction.IDX_ATTR;
+import static org.apache.ignite.plugin.security.SecurityPermission.ADMIN_CLUSTER_STATE;
+import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_CREATE;
+import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_PUT;
+import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_READ;
+import static org.apache.ignite.plugin.security.SecurityPermission.CACHE_REMOVE;
+import static org.apache.ignite.plugin.security.SecurityPermission.JOIN_AS_SERVER;
+import static org.apache.ignite.plugin.security.SecurityPermissionSetBuilder.NO_PERMISSIONS;
+import static org.apache.ignite.plugin.security.SecurityPermissionSetBuilder.create;
+
+/** */
+@RunWith(Parameterized.class)
+public class SecurityContextInternalFuturePropagationTest extends GridCommonAbstractTest {
+    /** */
+    private static final int PRELOADED_KEY_CNT = 100;
+
+    /** */
+    private static final AtomicInteger KEY_CNTR = new AtomicInteger();
+
+    /** */
+    @Parameterized.Parameter()
+    public Function<ClientCache<Object, Object>, IgniteClientFuture<?>> op;
+
+    /** */
+    @Parameterized.Parameters()
+    public static List<Function<ClientCache<Object, Object>, IgniteClientFuture<?>>> data() {
+        return Arrays.asList(
+            cache -> cache.getAllAsync(ImmutableSet.of(nextKey(), nextKey())), // 0
+            cache -> cache.getAndPutAsync(nextKey(), 0), // 1
+            cache -> cache.getAndPutIfAbsentAsync(nextKey(), 0), // 2
+            cache -> cache.getAndPutIfAbsentAsync(PRELOADED_KEY_CNT + nextKey(), 0), // 3
+            cache -> cache.getAndRemoveAsync(nextKey()), // 4
+            cache -> cache.getAndReplaceAsync(nextKey(), 0), // 5
+            cache -> cache.getAsync(nextKey()), // 6
+            cache -> cache.putAllAsync(new HashMap<>() {{ put(nextKey(), 0); put(nextKey(), 0); }}), // 7
+            cache -> cache.putAsync(nextKey(), 0), // 8
+            cache -> cache.putIfAbsentAsync(PRELOADED_KEY_CNT + nextKey(), 0), // 9
+            cache -> cache.removeAsync(nextKey()), // 10
+            cache -> {
+                int key = nextKey();
+                return cache.removeAsync(key, key);
+            }, // 11
+            cache -> cache.replaceAsync(nextKey(), 0), // 12
+            cache -> {
+                int key = nextKey();
+
+                return cache.replaceAsync(key, key, 0);
+            } // 13
+        );
+    }
+
+    /** {@inheritDoc} */
+    @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception {
+        return super.getConfiguration(igniteInstanceName)
+            .setCommunicationSpi(new TestRecordingCommunicationSpi())
+            .setUserAttributes(singletonMap(IDX_ATTR, getTestIgniteInstanceIndex(igniteInstanceName)))
+            .setClientConnectorConfiguration(new ClientConnectorConfiguration()
+                .setThreadPoolSize(1))
+            .setPluginProviders(new TestSecurityPluginProvider(
+                igniteInstanceName,
+                "",
+                create()
+                    .defaultAllowAll(false)
+                    .appendSystemPermissions(JOIN_AS_SERVER, ADMIN_CLUSTER_STATE)
+                    .appendCachePermissions(DEFAULT_CACHE_NAME, CACHE_CREATE)
+                    .build(),
+                null,
+                false,
+                userData("forbidden_client", NO_PERMISSIONS),
+                userData("allowed_client", create()
+                    .defaultAllowAll(false)
+                    .appendCachePermissions(DEFAULT_CACHE_NAME, CACHE_READ, CACHE_PUT, CACHE_REMOVE)
+                    .build())
+            ));
+    }
+
+    /** {@inheritDoc} */
+    @Override protected void afterTest() throws Exception {
+        super.afterTest();
+
+        stopAllGrids();
+    }
+
+    /** */
+    @Test
+    public void testSecurityContextInternalFuturePropagation() throws Exception {
+        IgniteEx ignite = startGrids(2);
+
+        prepareCache(ignite);
+
+        TestRecordingCommunicationSpi spi = TestRecordingCommunicationSpi.spi(grid(1));
+
+        spi.blockMessages(GridDhtPartitionsSingleMessage.class, ignite.name());
+
+        IgniteInternalFuture<IgniteEx> joinFut = GridTestUtils.runAsync(() -> startGrid(2));
+
+        spi.waitForBlocked();
+
+        try (
+            IgniteClient allowedCli = startClient("allowed_client");
+            IgniteClient forbiddenCli = startClient("forbidden_client")
+        ) {
+            ClientCache<Object, Object> allowedCliCache = allowedCli.cache(DEFAULT_CACHE_NAME);
+            ClientCache<Object, Object> forbiddenCliCache = forbiddenCli.cache(DEFAULT_CACHE_NAME);
+
+            IgniteClientFuture<?> op0Fut = op.apply(allowedCliCache);
+
+            // The following operation previously was executed with security context associated with the joining node user.
+            IgniteClientFuture<?> op1Fut = op.apply(allowedCliCache);
+
+            // Simulates failure of a chained operation.
+            IgniteClientFuture<?> op2Fut = op.apply(forbiddenCliCache);
+
+            // The failure of one operation in a chain should not leave the entire chain in a broken state.
+            IgniteClientFuture<?> op3Fut = op.apply(allowedCliCache);
+
+            spi.stopBlock();
+
+            joinFut.get(getTestTimeout(), TimeUnit.MILLISECONDS);
+
+            op0Fut.get(getTestTimeout(), TimeUnit.MILLISECONDS);
+            op1Fut.get(getTestTimeout(), TimeUnit.MILLISECONDS);
+
+            try {
+                op2Fut.get(getTestTimeout(), TimeUnit.MILLISECONDS);
+
+                fail();
+            }
+            catch (Exception e) {
+                assertTrue(X.hasCause(e, "Authorization failed", ClientException.class)
+                    || X.hasCause(e, "User is not authorized to perform this operation", ClientAuthorizationException.class));
+            }
+
+            op3Fut.get(getTestTimeout(), TimeUnit.MILLISECONDS);
+        }
+    }
+
+    /** */
+    private void prepareCache(IgniteEx ignite) throws Exception {
+        ignite.createCache(new CacheConfiguration<>()
+            .setName(DEFAULT_CACHE_NAME)
+            .setAtomicityMode(TRANSACTIONAL)
+            .setReadFromBackup(false)
+            .setBackups(1)
+            .setAffinity(new GridCacheModuloAffinityFunction(2, 1)));
+
+        awaitPartitionMapExchange();
+
+        try (IgniteClient cli = startClient("allowed_client")) {
+            for (int i = 0; i < PRELOADED_KEY_CNT; i++)
+                cli.cache(DEFAULT_CACHE_NAME).put(i, i);
+        }
+    }
+
+    /** */
+    private static int nextKey() {
+        return KEY_CNTR.incrementAndGet();
+    }
+
+    /** */
+    private static IgniteClient startClient(String login) {
+        return Ignition.startClient(new ClientConfiguration()
+            .setAddresses("127.0.0.1:10800")
+            .setUserName(login)
+            .setUserPassword(""));
+    }
+
+    /** */
+    private static TestSecurityData userData(String login, SecurityPermissionSet perms) {
+        return new TestSecurityData(
+            login,
+            "",
+            perms,
+            new Permissions()
+        );
+    }
+}

modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java

@@ -20,6 +20,7 @@
 import org.apache.ignite.internal.processors.security.IgniteSecurityProcessorTest;
 import org.apache.ignite.internal.processors.security.InvalidServerTest;
 import org.apache.ignite.internal.processors.security.NodeSecurityContextPropagationTest;
+import org.apache.ignite.internal.processors.security.SecurityContextInternalFuturePropagationTest;
 import org.apache.ignite.internal.processors.security.cache.CacheOperationPermissionCheckTest;
 import org.apache.ignite.internal.processors.security.cache.CacheOperationPermissionCreateDestroyCheckTest;
 import org.apache.ignite.internal.processors.security.cache.ContinuousQueryPermissionCheckTest;
@@ -143,6 +144,7 @@
     NodeSecurityContextPropagationTest.class,
     NodeJoinPermissionsTest.class,
     ActivationOnJoinWithoutPermissionsWithPersistenceTest.class,
+    SecurityContextInternalFuturePropagationTest.class,
 })
 public class SecurityTestSuite {
     /** */