feat: add ingore security check api

apache · Mar 17, 2022 · 61d28bf · 61d28bf
1 parent 58b3ebe
commit 61d28bf
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/security/HugeSecurityManager.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/security/HugeSecurityManager.java
@@ -24,6 +24,7 @@
 import java.security.Permission;
 import java.util.Map;
 import java.util.Set;
+import java.util.concurrent.CopyOnWriteArraySet;
 
 import org.slf4j.Logger;
 
@@ -126,6 +127,17 @@ public class HugeSecurityManager extends SecurityManager {
             ImmutableSet.of("newSecurityException")
     );
 
+    private static final Set<String> ignoreCheck = new CopyOnWriteArraySet<>();
+
+    public static void addIgnoreCheck(String clazz) {
+        if (callFromGremlin()) {
+            throw newSecurityException(
+                  "Not allowed to add ignore check via Gremlin");
+        }
+
+        ignoreCheck.add(clazz);
+    }
+
     @Override
     public void checkPermission(Permission permission) {
         if (DENIED_PERMISSIONS.contains(permission.getName()) &&
@@ -167,7 +179,7 @@ public void checkAccess(Thread thread) {
         if (callFromGremlin() && !callFromCaffeine() &&
             !callFromAsyncTasks() && !callFromEventHubNotify() &&
             !callFromBackendThread() && !callFromBackendHbase() &&
-            !callFromRaft() && !callFromSofaRpc()) {
+            !callFromRaft() && !callFromSofaRpc() && callFromIgnore()) {
             throw newSecurityException(
                   "Not allowed to access thread via Gremlin");
         }
@@ -179,7 +191,7 @@ public void checkAccess(ThreadGroup threadGroup) {
         if (callFromGremlin() && !callFromCaffeine() &&
             !callFromAsyncTasks() && !callFromEventHubNotify() &&
             !callFromBackendThread() && !callFromBackendHbase() &&
-            !callFromRaft() && !callFromSofaRpc()) {
+            !callFromRaft() && !callFromSofaRpc() && callFromIgnore()) {
             throw newSecurityException(
                   "Not allowed to access thread group via Gremlin");
         }
@@ -475,6 +487,10 @@ private static boolean callFromNewSecurityException() {
         return callFromMethods(NEW_SECURITY_EXCEPTION);
     }
 
+    private static boolean callFromIgnore() {
+        return !callFromWorkerWithClass(ignoreCheck);
+    }
+
     private static boolean callFromWorkerWithClass(Set<String> classes) {
         Thread curThread = Thread.currentThread();
         if (curThread.getName().startsWith(GREMLIN_SERVER_WORKER) ||