This is an automated email from the ASF dual-hosted git repository.
apkhmv pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ignite-3.git
The following commit(s) were added to refs/heads/main by this push:
new 656af33c83 IGNITE-20814 Implement IgniteSecurityFilter (#2819)
656af33c83 is described below
commit 656af33c83f3e0277d1b9f23c0494ebc2ccd9881
Author: Ivan Gagarkin <gagarkin....@gmail.com>
AuthorDate: Fri Nov 10 19:24:49 2023 +0700
IGNITE-20814 Implement IgniteSecurityFilter (#2819)
Replaced AuthorizationHeaderFilter with IgniteSecurityFilter.
This new filter evaluates whether authentication is enabled and, if so,
delegates to io.micronaut.security.filters.SecurityFilter. If
authentication is disabled,
it proceeds the request to the chain. This change eliminates the previous
workaround and streamlines request handling.
---
.../rest/api/cluster/ClusterManagementApi.java | 3 -
.../internal/rest/api/cluster/TopologyApi.java | 3 -
.../api/configuration/ClusterConfigurationApi.java | 3 -
.../api/configuration/NodeConfigurationApi.java | 3 -
.../rest/api/deployment/DeploymentCodeApi.java | 3 -
.../internal/rest/api/metric/NodeMetricApi.java | 3 -
.../internal/rest/api/node/NodeManagementApi.java | 3 -
modules/rest/build.gradle | 1 +
.../cluster/ItClusterManagementControllerTest.java | 2 -
.../apache/ignite/internal/rest/RestComponent.java | 14 +---
.../AuthenticationProviderFactory.java | 7 +-
.../authentication/AuthorizationHeaderFilter.java | 55 ----------------
...ider.java => IgniteAuthenticationProvider.java} | 9 ++-
.../rest/authentication/IgniteSecurityFilter.java | 74 ++++++++++++++++++++++
.../ClusterConfigurationControllerTest.java | 11 +++-
.../ConfigurationControllerBaseTest.java | 2 -
.../NodeConfigurationControllerTest.java | 11 +++-
.../authentication/AuthenticationManager.java | 7 ++
.../authentication/AuthenticationManagerImpl.java | 5 ++
19 files changed, 117 insertions(+), 102 deletions(-)
diff --git
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/ClusterManagementApi.java
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/ClusterManagementApi.java
index ff3908364e..665a15515e 100644
---
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/ClusterManagementApi.java
+++
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/ClusterManagementApi.java
@@ -23,8 +23,6 @@ import io.micronaut.http.annotation.Controller;
import io.micronaut.http.annotation.Get;
import io.micronaut.http.annotation.Post;
import io.micronaut.http.annotation.Produces;
-import io.micronaut.security.annotation.Secured;
-import io.micronaut.security.rules.SecurityRule;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
@@ -38,7 +36,6 @@ import org.apache.ignite.internal.rest.constants.MediaType;
* Cluster management controller.
*/
@Controller("/management/v1/cluster")
-@Secured(SecurityRule.IS_AUTHENTICATED)
@Tag(name = "clusterManagement")
public interface ClusterManagementApi {
/**
diff --git
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/TopologyApi.java
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/TopologyApi.java
index 2dcd889d8c..b324c16710 100644
---
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/TopologyApi.java
+++
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/TopologyApi.java
@@ -19,8 +19,6 @@ package org.apache.ignite.internal.rest.api.cluster;
import io.micronaut.http.annotation.Controller;
import io.micronaut.http.annotation.Get;
-import io.micronaut.security.annotation.Secured;
-import io.micronaut.security.rules.SecurityRule;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Content;
@@ -36,7 +34,6 @@ import org.apache.ignite.internal.rest.constants.MediaType;
* Cluster topology endpoint.
*/
@Controller("/management/v1/cluster/topology")
-@Secured(SecurityRule.IS_AUTHENTICATED)
@Tag(name = "topology")
public interface TopologyApi {
/**
diff --git
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/ClusterConfigurationApi.java
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/ClusterConfigurationApi.java
index fbd47a3514..a19641691b 100644
---
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/ClusterConfigurationApi.java
+++
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/ClusterConfigurationApi.java
@@ -24,8 +24,6 @@ import io.micronaut.http.annotation.Get;
import io.micronaut.http.annotation.Patch;
import io.micronaut.http.annotation.PathVariable;
import io.micronaut.http.annotation.Produces;
-import io.micronaut.security.annotation.Secured;
-import io.micronaut.security.rules.SecurityRule;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
@@ -41,7 +39,6 @@ import org.apache.ignite.internal.rest.constants.MediaType;
* Cluster configuration controller.
*/
@Controller("/management/v1/configuration/cluster/")
-@Secured(SecurityRule.IS_AUTHENTICATED)
@Tag(name = "clusterConfiguration")
public interface ClusterConfigurationApi {
/**
diff --git
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/NodeConfigurationApi.java
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/NodeConfigurationApi.java
index c9448595d0..28dfd3dea7 100644
---
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/NodeConfigurationApi.java
+++
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/NodeConfigurationApi.java
@@ -24,8 +24,6 @@ import io.micronaut.http.annotation.Get;
import io.micronaut.http.annotation.Patch;
import io.micronaut.http.annotation.PathVariable;
import io.micronaut.http.annotation.Produces;
-import io.micronaut.security.annotation.Secured;
-import io.micronaut.security.rules.SecurityRule;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
@@ -41,7 +39,6 @@ import org.apache.ignite.internal.rest.constants.MediaType;
* Node configuration controller.
*/
@Controller("/management/v1/configuration/node")
-@Secured(SecurityRule.IS_AUTHENTICATED)
@Tag(name = "nodeConfiguration")
public interface NodeConfigurationApi {
/**
diff --git
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/deployment/DeploymentCodeApi.java
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/deployment/DeploymentCodeApi.java
index e102d1321d..176473ef24 100644
---
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/deployment/DeploymentCodeApi.java
+++
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/deployment/DeploymentCodeApi.java
@@ -29,8 +29,6 @@ import io.micronaut.http.annotation.Get;
import io.micronaut.http.annotation.Post;
import io.micronaut.http.annotation.QueryValue;
import io.micronaut.http.multipart.CompletedFileUpload;
-import io.micronaut.security.annotation.Secured;
-import io.micronaut.security.rules.SecurityRule;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Content;
@@ -49,7 +47,6 @@ import org.reactivestreams.Publisher;
*/
@SuppressWarnings("OptionalContainsCollection")
@Controller("/management/v1/deployment/")
-@Secured(SecurityRule.IS_AUTHENTICATED)
@Tag(name = "deployment")
public interface DeploymentCodeApi {
diff --git
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/metric/NodeMetricApi.java
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/metric/NodeMetricApi.java
index d4858f0648..e21fffe2ae 100644
---
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/metric/NodeMetricApi.java
+++
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/metric/NodeMetricApi.java
@@ -23,8 +23,6 @@ import io.micronaut.http.annotation.Controller;
import io.micronaut.http.annotation.Get;
import io.micronaut.http.annotation.Post;
import io.micronaut.http.annotation.Produces;
-import io.micronaut.security.annotation.Secured;
-import io.micronaut.security.rules.SecurityRule;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Content;
@@ -37,7 +35,6 @@ import org.apache.ignite.internal.rest.constants.MediaType;
/** Node metric endpoint. */
@Controller("/management/v1/metric/node")
-@Secured(SecurityRule.IS_AUTHENTICATED)
@Tag(name = "nodeMetric")
public interface NodeMetricApi {
diff --git
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/node/NodeManagementApi.java
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/node/NodeManagementApi.java
index 551e7c3cd2..da8d7db0d4 100644
---
a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/node/NodeManagementApi.java
+++
b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/node/NodeManagementApi.java
@@ -20,8 +20,6 @@ package org.apache.ignite.internal.rest.api.node;
import io.micronaut.http.annotation.Controller;
import io.micronaut.http.annotation.Get;
import io.micronaut.http.annotation.Produces;
-import io.micronaut.security.annotation.Secured;
-import io.micronaut.security.rules.SecurityRule;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
@@ -35,7 +33,6 @@ import org.apache.ignite.internal.rest.constants.MediaType;
* REST endpoint allows to read node state.
*/
@Controller("/management/v1/node")
-@Secured(SecurityRule.IS_AUTHENTICATED)
@Tag(name = "nodeManagement")
public interface NodeManagementApi {
diff --git a/modules/rest/build.gradle b/modules/rest/build.gradle
index 81bd0e132b..d3001959ac 100644
--- a/modules/rest/build.gradle
+++ b/modules/rest/build.gradle
@@ -55,6 +55,7 @@ dependencies {
testAnnotationProcessor libs.micronaut.inject.annotation.processor
testImplementation project(':ignite-configuration')
+ testImplementation project(':ignite-security')
testImplementation testFixtures(project(':ignite-core'))
testImplementation testFixtures(project(':ignite-configuration'))
testImplementation libs.micronaut.junit5
diff --git
a/modules/rest/src/integrationTest/java/org/apache/ignite/internal/rest/cluster/ItClusterManagementControllerTest.java
b/modules/rest/src/integrationTest/java/org/apache/ignite/internal/rest/cluster/ItClusterManagementControllerTest.java
index 5659478619..40111a8874 100644
---
a/modules/rest/src/integrationTest/java/org/apache/ignite/internal/rest/cluster/ItClusterManagementControllerTest.java
+++
b/modules/rest/src/integrationTest/java/org/apache/ignite/internal/rest/cluster/ItClusterManagementControllerTest.java
@@ -27,7 +27,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
import io.micronaut.context.annotation.Bean;
import io.micronaut.context.annotation.Factory;
-import io.micronaut.context.annotation.Property;
import io.micronaut.context.annotation.Replaces;
import io.micronaut.http.HttpRequest;
import io.micronaut.http.HttpResponse;
@@ -51,7 +50,6 @@ import org.mockito.junit.jupiter.MockitoExtension;
/**
* Cluster management REST test.
*/
-@Property(name = "micronaut.security.enabled", value = "false")
@ExtendWith(MockitoExtension.class)
@ExtendWith(ConfigurationExtension.class)
public class ItClusterManagementControllerTest extends RestTestBase {
diff --git
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java
index e386fa65c0..9b2ff864d6 100644
---
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java
+++
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java
@@ -173,12 +173,8 @@ public class RestComponent implements IgniteComponent {
Micronaut micronaut = Micronaut.build("");
setFactories(micronaut);
- Map<String, Object> properties = new HashMap<>();
- properties.putAll(serverProperties(portCandidate, sslPortCandidate));
- properties.putAll(authProperties());
-
return micronaut
- .properties(properties)
+ .properties(serverProperties(portCandidate, sslPortCandidate))
.banner(false)
// -1 forces the micronaut to throw an
ApplicationStartupException instead of doing System.exit
.mapError(ServerStartupException.class, ex -> -1)
@@ -199,6 +195,8 @@ public class RestComponent implements IgniteComponent {
result.put("micronaut.server.port", port);
result.put("micronaut.server.cors.enabled", "true");
result.put("micronaut.server.cors.configurations.web.allowed-headers",
"Authorization");
+ result.put("micronaut.security.intercept-url-map[0].pattern", "/**");
+ result.put("micronaut.security.intercept-url-map[0].access",
"isAuthenticated()");
result.put("ignite.endpoints.filter-non-initialized", "true");
if (sslEnabled) {
@@ -232,12 +230,6 @@ public class RestComponent implements IgniteComponent {
return result;
}
- private Map<String, Object> authProperties() {
- return Map.of("micronaut.security.enabled", true,
- "micronaut.security.intercept-url-map[1].pattern",
"/**",
- "micronaut.security.intercept-url-map[1].access",
"isAuthenticated()");
- }
-
private static String toMicronautClientAuth(ClientAuth clientAuth) {
switch (clientAuth) {
case OPTIONAL: return
ClientAuthentication.WANT.name().toLowerCase();
diff --git
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthenticationProviderFactory.java
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthenticationProviderFactory.java
index 87db81ffc2..4d10431e6b 100644
---
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthenticationProviderFactory.java
+++
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthenticationProviderFactory.java
@@ -29,7 +29,6 @@ import
org.apache.ignite.internal.security.authentication.AuthenticationManager;
*/
@Factory
public class AuthenticationProviderFactory implements RestFactory {
-
private AuthenticationManager authenticationManager;
public AuthenticationProviderFactory(AuthenticationManager
authenticationManager) {
@@ -39,12 +38,12 @@ public class AuthenticationProviderFactory implements
RestFactory {
/**
* Create a bean of {@link AuthenticationProvider}.
*
- * @return {@link DelegatingAuthenticationProvider}
+ * @return {@link IgniteAuthenticationProvider}
*/
@Bean
@Singleton
- public DelegatingAuthenticationProvider authenticationProvider() {
- return new DelegatingAuthenticationProvider(authenticationManager);
+ public IgniteAuthenticationProvider authenticationProvider() {
+ return new IgniteAuthenticationProvider(authenticationManager);
}
@Override
diff --git
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthorizationHeaderFilter.java
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthorizationHeaderFilter.java
deleted file mode 100644
index 0e8f7cc1a4..0000000000
---
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthorizationHeaderFilter.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.rest.authentication;
-
-import io.micronaut.http.HttpRequest;
-import io.micronaut.http.MutableHttpResponse;
-import io.micronaut.http.annotation.Filter;
-import io.micronaut.http.filter.HttpServerFilter;
-import io.micronaut.http.filter.ServerFilterChain;
-import io.micronaut.http.filter.ServerFilterPhase;
-import org.reactivestreams.Publisher;
-
-/**
- * Implementation of {@link HttpServerFilter}. Checks {@link HttpRequest}
- * and adds empty {@link io.micronaut.http.HttpHeaders#AUTHORIZATION}
- * header if it's absent. We need this workaround, because Micronaut always
returns 403,
- * when the authentication is enabled and the request doesn't have
- * {@link io.micronaut.http.HttpHeaders#AUTHORIZATION} header.
- */
-@Filter(Filter.MATCH_ALL_PATTERN)
-public class AuthorizationHeaderFilter implements HttpServerFilter {
-
- @Override
- public Publisher<MutableHttpResponse<?>> doFilter(HttpRequest<?> request,
ServerFilterChain chain) {
- return chain.proceed(addAuthorizationHeaderIfAbsent(request));
- }
-
- @Override
- public int getOrder() {
- return ServerFilterPhase.SECURITY.before();
- }
-
- private static HttpRequest<?>
addAuthorizationHeaderIfAbsent(HttpRequest<?> request) {
- if (request.getHeaders().getAuthorization().isPresent()) {
- return request;
- } else {
- return request.mutate().basicAuth("", "");
- }
- }
-}
diff --git
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/DelegatingAuthenticationProvider.java
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteAuthenticationProvider.java
similarity index 92%
rename from
modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/DelegatingAuthenticationProvider.java
rename to
modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteAuthenticationProvider.java
index cd42ac0ccf..c229d420ba 100644
---
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/DelegatingAuthenticationProvider.java
+++
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteAuthenticationProvider.java
@@ -33,14 +33,17 @@ import reactor.core.publisher.FluxSink;
/**
* Implementation of {@link AuthenticationProvider}. Delegates authentication
to {@link AuthenticationManager}.
*/
-public class DelegatingAuthenticationProvider implements
AuthenticationProvider {
-
+public class IgniteAuthenticationProvider implements AuthenticationProvider {
private final AuthenticationManager authenticationManager;
- public DelegatingAuthenticationProvider(AuthenticationManager
authenticationManager) {
+ IgniteAuthenticationProvider(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
+ boolean authenticationEnabled() {
+ return authenticationManager.authenticationEnabled();
+ }
+
@Override
public Publisher<AuthenticationResponse> authenticate(HttpRequest<?>
httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
return Flux.create(emitter -> {
diff --git
a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteSecurityFilter.java
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteSecurityFilter.java
new file mode 100644
index 0000000000..0b687eddc1
--- /dev/null
+++
b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteSecurityFilter.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.rest.authentication;
+
+import io.micronaut.context.annotation.Replaces;
+import io.micronaut.http.HttpRequest;
+import io.micronaut.http.MutableHttpResponse;
+import io.micronaut.http.annotation.Filter;
+import io.micronaut.http.filter.HttpServerFilter;
+import io.micronaut.http.filter.ServerFilterChain;
+import io.micronaut.security.config.SecurityConfiguration;
+import io.micronaut.security.filters.AuthenticationFetcher;
+import io.micronaut.security.filters.SecurityFilter;
+import io.micronaut.security.rules.SecurityRule;
+import java.util.Collection;
+import org.reactivestreams.Publisher;
+
+/**
+ * Replaces {@link SecurityFilter} to disable authentication if it is disabled
in Ignite.
+ */
+@Replaces(SecurityFilter.class)
+@Filter(Filter.MATCH_ALL_PATTERN)
+public class IgniteSecurityFilter implements HttpServerFilter {
+ private final SecurityFilter securityFilter;
+
+ private final IgniteAuthenticationProvider igniteAuthenticationProvider;
+
+ /**
+ * Constructor.
+ *
+ * @param securityRules The list of security rules that will allow or
reject the request.
+ * @param authenticationFetchers List of {@link AuthenticationFetcher}
beans in the context.
+ * @param securityConfiguration The security configuration.
+ * @param igniteAuthenticationProvider The authentication provider.
+ */
+ public IgniteSecurityFilter(
+ Collection<SecurityRule> securityRules,
+ Collection<AuthenticationFetcher> authenticationFetchers,
+ SecurityConfiguration securityConfiguration,
+ IgniteAuthenticationProvider igniteAuthenticationProvider
+ ) {
+ this.securityFilter = new SecurityFilter(securityRules,
authenticationFetchers, securityConfiguration);
+ this.igniteAuthenticationProvider = igniteAuthenticationProvider;
+ }
+
+ @Override
+ public Publisher<MutableHttpResponse<?>> doFilter(HttpRequest<?> request,
ServerFilterChain chain) {
+ if (igniteAuthenticationProvider.authenticationEnabled()) {
+ return securityFilter.doFilter(request, chain);
+ } else {
+ return chain.proceed(request);
+ }
+ }
+
+ @Override
+ public int getOrder() {
+ return securityFilter.getOrder();
+ }
+}
diff --git
a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ClusterConfigurationControllerTest.java
b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ClusterConfigurationControllerTest.java
index 101f2ba9e6..9d4f033e60 100644
---
a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ClusterConfigurationControllerTest.java
+++
b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ClusterConfigurationControllerTest.java
@@ -18,7 +18,7 @@
package org.apache.ignite.internal.rest.configuration;
import io.micronaut.context.annotation.Bean;
-import io.micronaut.context.annotation.Property;
+import io.micronaut.context.annotation.Factory;
import io.micronaut.context.annotation.Replaces;
import io.micronaut.http.client.HttpClient;
import io.micronaut.http.client.annotation.Client;
@@ -28,12 +28,13 @@ import jakarta.inject.Named;
import org.apache.ignite.internal.configuration.ConfigurationRegistry;
import
org.apache.ignite.internal.configuration.presentation.ConfigurationPresentation;
import org.apache.ignite.internal.configuration.presentation.HoconPresentation;
+import
org.apache.ignite.internal.security.authentication.AuthenticationManager;
+import
org.apache.ignite.internal.security.authentication.AuthenticationManagerImpl;
/**
* Functional test for {@link ClusterConfigurationController}.
*/
@MicronautTest
-@Property(name = "micronaut.security.enabled", value = "false")
class ClusterConfigurationControllerTest extends
ConfigurationControllerBaseTest {
@Inject
@@ -54,4 +55,10 @@ class ClusterConfigurationControllerTest extends
ConfigurationControllerBaseTest
public ConfigurationPresentation<String>
cfgPresentation(ConfigurationRegistry configurationRegistry) {
return new HoconPresentation(configurationRegistry);
}
+
+ @Bean
+ @Factory
+ AuthenticationManager authenticationManager() {
+ return new AuthenticationManagerImpl();
+ }
}
diff --git
a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ConfigurationControllerBaseTest.java
b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ConfigurationControllerBaseTest.java
index b75d39d39b..ce98aec9ae 100644
---
a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ConfigurationControllerBaseTest.java
+++
b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ConfigurationControllerBaseTest.java
@@ -27,7 +27,6 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import io.micronaut.context.ApplicationContext;
-import io.micronaut.context.annotation.Property;
import io.micronaut.http.HttpRequest;
import io.micronaut.http.HttpStatus;
import io.micronaut.http.MediaType;
@@ -48,7 +47,6 @@ import org.junit.jupiter.api.Test;
* The base test for configuration controllers.
*/
@MicronautTest
-@Property(name = "micronaut.security.enabled", value = "false")
public abstract class ConfigurationControllerBaseTest {
private final Set<String> secretKeys = Set.of("password");
diff --git
a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/NodeConfigurationControllerTest.java
b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/NodeConfigurationControllerTest.java
index 2bc377deb8..eff3aba485 100644
---
a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/NodeConfigurationControllerTest.java
+++
b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/NodeConfigurationControllerTest.java
@@ -18,7 +18,7 @@
package org.apache.ignite.internal.rest.configuration;
import io.micronaut.context.annotation.Bean;
-import io.micronaut.context.annotation.Property;
+import io.micronaut.context.annotation.Factory;
import io.micronaut.context.annotation.Replaces;
import io.micronaut.http.client.HttpClient;
import io.micronaut.http.client.annotation.Client;
@@ -28,12 +28,13 @@ import jakarta.inject.Named;
import org.apache.ignite.internal.configuration.ConfigurationRegistry;
import
org.apache.ignite.internal.configuration.presentation.ConfigurationPresentation;
import org.apache.ignite.internal.configuration.presentation.HoconPresentation;
+import
org.apache.ignite.internal.security.authentication.AuthenticationManager;
+import
org.apache.ignite.internal.security.authentication.AuthenticationManagerImpl;
/**
* Functional test for {@link NodeConfigurationController}.
*/
@MicronautTest
-@Property(name = "micronaut.security.enabled", value = "false")
class NodeConfigurationControllerTest extends ConfigurationControllerBaseTest {
@Inject
@@ -54,4 +55,10 @@ class NodeConfigurationControllerTest extends
ConfigurationControllerBaseTest {
public ConfigurationPresentation<String>
cfgPresentation(ConfigurationRegistry configurationRegistry) {
return new HoconPresentation(configurationRegistry);
}
+
+ @Bean
+ @Factory
+ AuthenticationManager authenticationManager() {
+ return new AuthenticationManagerImpl();
+ }
}
diff --git
a/modules/security-api/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManager.java
b/modules/security-api/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManager.java
index defc291f87..6e43af0a80 100644
---
a/modules/security-api/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManager.java
+++
b/modules/security-api/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManager.java
@@ -25,6 +25,13 @@ import
org.apache.ignite.internal.security.configuration.SecurityView;
* Authentication manager.
*/
public interface AuthenticationManager extends Authenticator,
ConfigurationListener<SecurityView> {
+ /**
+ * Check if authentication is enabled.
+ *
+ * @return {@code true} if authentication is enabled.
+ */
+ boolean authenticationEnabled();
+
/**
* Listen to authentication events.
*
diff --git
a/modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java
b/modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java
index 420cddaa9d..3d371cd2a4 100644
---
a/modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java
+++
b/modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java
@@ -177,6 +177,11 @@ public class AuthenticationManagerImpl implements
AuthenticationManager {
});
}
+ @Override
+ public boolean authenticationEnabled() {
+ return authEnabled;
+ }
+
@Override
public void listen(AuthenticationListener listener) {
listeners.add(listener);
