Fix AuthManager will find other nodes when init store (#1381)

Change-Id: I4437c89da5290a14a8233c082bd9922714a027b9

hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeGraphAuthProxy.java

@@ -684,7 +684,7 @@ public void truncateBackend() {
         try {
             this.hugegraph.truncateBackend();
         } finally {
-            if (admin != null && userManager instanceof StandardAuthManager) {
+            if (admin != null && StandardAuthManager.isLocal(userManager)) {
                 // Restore admin user to continue to do any operation
                 userManager.createUser(admin);
             }

hugegraph-api/src/main/java/com/baidu/hugegraph/auth/StandardAuthenticator.java

@@ -52,7 +52,9 @@ private void initAdminUser() throws Exception {
         E.checkState(caller.equals("main"), "Invalid caller '%s'", caller);
 
         AuthManager authManager = this.graph().hugegraph().authManager();
-        if (authManager.findUser(HugeAuthenticator.USER_ADMIN) == null) {
+        // Only init user when local mode and user has not been initialized
+        if (StandardAuthManager.isLocal(authManager) &&
+            authManager.findUser(HugeAuthenticator.USER_ADMIN) == null) {
             HugeUser admin = new HugeUser(HugeAuthenticator.USER_ADMIN);
             admin.password(StringEncoding.hashPassword(this.inputPassword()));
             admin.creator(HugeAuthenticator.USER_SYSTEM);

hugegraph-core/src/main/java/com/baidu/hugegraph/StandardHugeGraph.java

@@ -40,8 +40,8 @@
 
 import com.baidu.hugegraph.analyzer.Analyzer;
 import com.baidu.hugegraph.analyzer.AnalyzerFactory;
-import com.baidu.hugegraph.auth.StandardAuthManager;
 import com.baidu.hugegraph.auth.AuthManager;
+import com.baidu.hugegraph.auth.StandardAuthManager;
 import com.baidu.hugegraph.backend.BackendException;
 import com.baidu.hugegraph.backend.cache.CachedGraphTransaction;
 import com.baidu.hugegraph.backend.cache.CachedSchemaTransaction;
@@ -816,7 +816,9 @@ public synchronized void close() throws Exception {
         }
 
         LOG.info("Close graph {}", this);
-        this.authManager.close();
+        if (StandardAuthManager.isLocal(this.authManager)) {
+            this.authManager.close();
+        }
         this.taskManager.closeScheduler(this.params);
         try {
             this.closeTx();

hugegraph-core/src/main/java/com/baidu/hugegraph/auth/StandardAuthManager.java

@@ -420,4 +420,11 @@ public RolePermission loginUser(String username, String password) {
         }
         return this.rolePermission(user);
     }
+
+    /**
+     * Maybe can define an proxy class to choose forward or call local
+     */
+    public static boolean isLocal(AuthManager authManager) {
+        return authManager instanceof StandardAuthManager;
+    }
 }

hugegraph-core/src/main/java/com/baidu/hugegraph/security/HugeSecurityManager.java

@@ -109,6 +109,10 @@ public class HugeSecurityManager extends SecurityManager {
             "com.baidu.hugegraph.backend.store.raft.rpc.RpcForwarder"
     );
 
+    private static final Set<String> SOFA_RPC_CLASSES = ImmutableSet.of(
+            "com.alipay.sofa.rpc.tracer.sofatracer.RpcSofaTracer"
+    );
+
     @Override
     public void checkPermission(Permission permission) {
         if (DENIED_PERMISSIONS.contains(permission.getName()) &&
@@ -150,7 +154,7 @@ public void checkAccess(Thread thread) {
         if (callFromGremlin() && !callFromCaffeine() &&
             !callFromAsyncTasks() && !callFromEventHubNotify() &&
             !callFromBackendThread() && !callFromBackendHbase() &&
-            !callFromRaft()) {
+            !callFromRaft() && !callFromSofaRpc()) {
             throw newSecurityException(
                   "Not allowed to access thread via Gremlin");
         }
@@ -162,7 +166,7 @@ public void checkAccess(ThreadGroup threadGroup) {
         if (callFromGremlin() && !callFromCaffeine() &&
             !callFromAsyncTasks() && !callFromEventHubNotify() &&
             !callFromBackendThread() && !callFromBackendHbase() &&
-            !callFromRaft()) {
+            !callFromRaft() && !callFromSofaRpc()) {
             throw newSecurityException(
                   "Not allowed to access thread group via Gremlin");
         }
@@ -190,7 +194,7 @@ public void checkExec(String cmd) {
     @Override
     public void checkRead(FileDescriptor fd) {
         if (callFromGremlin() && !callFromBackendSocket() &&
-            !callFromRaft()) {
+            !callFromRaft() && !callFromSofaRpc()) {
             throw newSecurityException("Not allowed to read fd via Gremlin");
         }
         super.checkRead(fd);
@@ -200,7 +204,7 @@ public void checkRead(FileDescriptor fd) {
     public void checkRead(String file) {
         if (callFromGremlin() && !callFromCaffeine() &&
             !readGroovyInCurrentDir(file) && !callFromBackendHbase() &&
-            !callFromRaft()) {
+            !callFromRaft() && !callFromSofaRpc()) {
             throw newSecurityException(
                   "Not allowed to read file via Gremlin: %s", file);
         }
@@ -209,7 +213,7 @@ public void checkRead(String file) {
 
     @Override
     public void checkRead(String file, Object context) {
-        if (callFromGremlin() && !callFromRaft()) {
+        if (callFromGremlin() && !callFromRaft() && !callFromSofaRpc()) {
             throw newSecurityException(
                   "Not allowed to read file via Gremlin: %s", file);
         }
@@ -219,15 +223,15 @@ public void checkRead(String file, Object context) {
     @Override
     public void checkWrite(FileDescriptor fd) {
         if (callFromGremlin() && !callFromBackendSocket() &&
-            !callFromRaft()) {
+            !callFromRaft() && !callFromSofaRpc()) {
             throw newSecurityException("Not allowed to write fd via Gremlin");
         }
         super.checkWrite(fd);
     }
 
     @Override
     public void checkWrite(String file) {
-        if (callFromGremlin() && !callFromRaft()) {
+        if (callFromGremlin() && !callFromRaft() && !callFromSofaRpc()) {
             throw newSecurityException("Not allowed to write file via Gremlin");
         }
         super.checkWrite(file);
@@ -263,7 +267,7 @@ public void checkAccept(String host, int port) {
     @Override
     public void checkConnect(String host, int port) {
         if (callFromGremlin() && !callFromBackendSocket() &&
-            !callFromBackendHbase() && !callFromRaft()) {
+            !callFromBackendHbase() && !callFromRaft() && !callFromSofaRpc()) {
             throw newSecurityException(
                   "Not allowed to connect socket via Gremlin");
         }
@@ -307,7 +311,7 @@ public void checkSetFactory() {
 
     @Override
     public void checkPropertiesAccess() {
-        if (callFromGremlin()) {
+        if (callFromGremlin() && !callFromSofaRpc()) {
             throw newSecurityException(
                   "Not allowed to access system properties via Gremlin");
         }
@@ -318,7 +322,7 @@ public void checkPropertiesAccess() {
     public void checkPropertyAccess(String key) {
         if (!callFromAcceptClassLoaders() && callFromGremlin() &&
             !WHITE_SYSTEM_PROPERTYS.contains(key) && !callFromBackendHbase() &&
-            !callFromRaft()) {
+            !callFromRaft() && !callFromSofaRpc()) {
             throw newSecurityException(
                   "Not allowed to access system property(%s) via Gremlin", key);
         }
@@ -442,6 +446,10 @@ private static boolean callFromRaft() {
         return callFromWorkerWithClass(RAFT_CLASSES);
     }
 
+    private static boolean callFromSofaRpc() {
+        return callFromWorkerWithClass(SOFA_RPC_CLASSES);
+    }
+
     private static boolean callFromWorkerWithClass(Set<String> classes) {
         Thread curThread = Thread.currentThread();
         if (curThread.getName().startsWith(GREMLIN_SERVER_WORKER) ||