This is an automated email from the ASF dual-hosted git repository. apkhmv pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/ignite-3.git
The following commit(s) were added to refs/heads/main by this push: new 656af33c83 IGNITE-20814 Implement IgniteSecurityFilter (#2819) 656af33c83 is described below commit 656af33c83f3e0277d1b9f23c0494ebc2ccd9881 Author: Ivan Gagarkin <gagarkin....@gmail.com> AuthorDate: Fri Nov 10 19:24:49 2023 +0700 IGNITE-20814 Implement IgniteSecurityFilter (#2819) Replaced AuthorizationHeaderFilter with IgniteSecurityFilter. This new filter evaluates whether authentication is enabled and, if so, delegates to io.micronaut.security.filters.SecurityFilter. If authentication is disabled, it proceeds the request to the chain. This change eliminates the previous workaround and streamlines request handling. --- .../rest/api/cluster/ClusterManagementApi.java | 3 - .../internal/rest/api/cluster/TopologyApi.java | 3 - .../api/configuration/ClusterConfigurationApi.java | 3 - .../api/configuration/NodeConfigurationApi.java | 3 - .../rest/api/deployment/DeploymentCodeApi.java | 3 - .../internal/rest/api/metric/NodeMetricApi.java | 3 - .../internal/rest/api/node/NodeManagementApi.java | 3 - modules/rest/build.gradle | 1 + .../cluster/ItClusterManagementControllerTest.java | 2 - .../apache/ignite/internal/rest/RestComponent.java | 14 +--- .../AuthenticationProviderFactory.java | 7 +- .../authentication/AuthorizationHeaderFilter.java | 55 ---------------- ...ider.java => IgniteAuthenticationProvider.java} | 9 ++- .../rest/authentication/IgniteSecurityFilter.java | 74 ++++++++++++++++++++++ .../ClusterConfigurationControllerTest.java | 11 +++- .../ConfigurationControllerBaseTest.java | 2 - .../NodeConfigurationControllerTest.java | 11 +++- .../authentication/AuthenticationManager.java | 7 ++ .../authentication/AuthenticationManagerImpl.java | 5 ++ 19 files changed, 117 insertions(+), 102 deletions(-) diff --git a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/ClusterManagementApi.java b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/ClusterManagementApi.java index ff3908364e..665a15515e 100644 --- a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/ClusterManagementApi.java +++ b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/ClusterManagementApi.java @@ -23,8 +23,6 @@ import io.micronaut.http.annotation.Controller; import io.micronaut.http.annotation.Get; import io.micronaut.http.annotation.Post; import io.micronaut.http.annotation.Produces; -import io.micronaut.security.annotation.Secured; -import io.micronaut.security.rules.SecurityRule; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.Schema; @@ -38,7 +36,6 @@ import org.apache.ignite.internal.rest.constants.MediaType; * Cluster management controller. */ @Controller("/management/v1/cluster") -@Secured(SecurityRule.IS_AUTHENTICATED) @Tag(name = "clusterManagement") public interface ClusterManagementApi { /** diff --git a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/TopologyApi.java b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/TopologyApi.java index 2dcd889d8c..b324c16710 100644 --- a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/TopologyApi.java +++ b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/cluster/TopologyApi.java @@ -19,8 +19,6 @@ package org.apache.ignite.internal.rest.api.cluster; import io.micronaut.http.annotation.Controller; import io.micronaut.http.annotation.Get; -import io.micronaut.security.annotation.Secured; -import io.micronaut.security.rules.SecurityRule; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.media.ArraySchema; import io.swagger.v3.oas.annotations.media.Content; @@ -36,7 +34,6 @@ import org.apache.ignite.internal.rest.constants.MediaType; * Cluster topology endpoint. */ @Controller("/management/v1/cluster/topology") -@Secured(SecurityRule.IS_AUTHENTICATED) @Tag(name = "topology") public interface TopologyApi { /** diff --git a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/ClusterConfigurationApi.java b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/ClusterConfigurationApi.java index fbd47a3514..a19641691b 100644 --- a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/ClusterConfigurationApi.java +++ b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/ClusterConfigurationApi.java @@ -24,8 +24,6 @@ import io.micronaut.http.annotation.Get; import io.micronaut.http.annotation.Patch; import io.micronaut.http.annotation.PathVariable; import io.micronaut.http.annotation.Produces; -import io.micronaut.security.annotation.Secured; -import io.micronaut.security.rules.SecurityRule; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; @@ -41,7 +39,6 @@ import org.apache.ignite.internal.rest.constants.MediaType; * Cluster configuration controller. */ @Controller("/management/v1/configuration/cluster/") -@Secured(SecurityRule.IS_AUTHENTICATED) @Tag(name = "clusterConfiguration") public interface ClusterConfigurationApi { /** diff --git a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/NodeConfigurationApi.java b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/NodeConfigurationApi.java index c9448595d0..28dfd3dea7 100644 --- a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/NodeConfigurationApi.java +++ b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/configuration/NodeConfigurationApi.java @@ -24,8 +24,6 @@ import io.micronaut.http.annotation.Get; import io.micronaut.http.annotation.Patch; import io.micronaut.http.annotation.PathVariable; import io.micronaut.http.annotation.Produces; -import io.micronaut.security.annotation.Secured; -import io.micronaut.security.rules.SecurityRule; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; @@ -41,7 +39,6 @@ import org.apache.ignite.internal.rest.constants.MediaType; * Node configuration controller. */ @Controller("/management/v1/configuration/node") -@Secured(SecurityRule.IS_AUTHENTICATED) @Tag(name = "nodeConfiguration") public interface NodeConfigurationApi { /** diff --git a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/deployment/DeploymentCodeApi.java b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/deployment/DeploymentCodeApi.java index e102d1321d..176473ef24 100644 --- a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/deployment/DeploymentCodeApi.java +++ b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/deployment/DeploymentCodeApi.java @@ -29,8 +29,6 @@ import io.micronaut.http.annotation.Get; import io.micronaut.http.annotation.Post; import io.micronaut.http.annotation.QueryValue; import io.micronaut.http.multipart.CompletedFileUpload; -import io.micronaut.security.annotation.Secured; -import io.micronaut.security.rules.SecurityRule; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.media.ArraySchema; import io.swagger.v3.oas.annotations.media.Content; @@ -49,7 +47,6 @@ import org.reactivestreams.Publisher; */ @SuppressWarnings("OptionalContainsCollection") @Controller("/management/v1/deployment/") -@Secured(SecurityRule.IS_AUTHENTICATED) @Tag(name = "deployment") public interface DeploymentCodeApi { diff --git a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/metric/NodeMetricApi.java b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/metric/NodeMetricApi.java index d4858f0648..e21fffe2ae 100644 --- a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/metric/NodeMetricApi.java +++ b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/metric/NodeMetricApi.java @@ -23,8 +23,6 @@ import io.micronaut.http.annotation.Controller; import io.micronaut.http.annotation.Get; import io.micronaut.http.annotation.Post; import io.micronaut.http.annotation.Produces; -import io.micronaut.security.annotation.Secured; -import io.micronaut.security.rules.SecurityRule; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.media.ArraySchema; import io.swagger.v3.oas.annotations.media.Content; @@ -37,7 +35,6 @@ import org.apache.ignite.internal.rest.constants.MediaType; /** Node metric endpoint. */ @Controller("/management/v1/metric/node") -@Secured(SecurityRule.IS_AUTHENTICATED) @Tag(name = "nodeMetric") public interface NodeMetricApi { diff --git a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/node/NodeManagementApi.java b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/node/NodeManagementApi.java index 551e7c3cd2..da8d7db0d4 100644 --- a/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/node/NodeManagementApi.java +++ b/modules/rest-api/src/main/java/org/apache/ignite/internal/rest/api/node/NodeManagementApi.java @@ -20,8 +20,6 @@ package org.apache.ignite.internal.rest.api.node; import io.micronaut.http.annotation.Controller; import io.micronaut.http.annotation.Get; import io.micronaut.http.annotation.Produces; -import io.micronaut.security.annotation.Secured; -import io.micronaut.security.rules.SecurityRule; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.Schema; @@ -35,7 +33,6 @@ import org.apache.ignite.internal.rest.constants.MediaType; * REST endpoint allows to read node state. */ @Controller("/management/v1/node") -@Secured(SecurityRule.IS_AUTHENTICATED) @Tag(name = "nodeManagement") public interface NodeManagementApi { diff --git a/modules/rest/build.gradle b/modules/rest/build.gradle index 81bd0e132b..d3001959ac 100644 --- a/modules/rest/build.gradle +++ b/modules/rest/build.gradle @@ -55,6 +55,7 @@ dependencies { testAnnotationProcessor libs.micronaut.inject.annotation.processor testImplementation project(':ignite-configuration') + testImplementation project(':ignite-security') testImplementation testFixtures(project(':ignite-core')) testImplementation testFixtures(project(':ignite-configuration')) testImplementation libs.micronaut.junit5 diff --git a/modules/rest/src/integrationTest/java/org/apache/ignite/internal/rest/cluster/ItClusterManagementControllerTest.java b/modules/rest/src/integrationTest/java/org/apache/ignite/internal/rest/cluster/ItClusterManagementControllerTest.java index 5659478619..40111a8874 100644 --- a/modules/rest/src/integrationTest/java/org/apache/ignite/internal/rest/cluster/ItClusterManagementControllerTest.java +++ b/modules/rest/src/integrationTest/java/org/apache/ignite/internal/rest/cluster/ItClusterManagementControllerTest.java @@ -27,7 +27,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import io.micronaut.context.annotation.Bean; import io.micronaut.context.annotation.Factory; -import io.micronaut.context.annotation.Property; import io.micronaut.context.annotation.Replaces; import io.micronaut.http.HttpRequest; import io.micronaut.http.HttpResponse; @@ -51,7 +50,6 @@ import org.mockito.junit.jupiter.MockitoExtension; /** * Cluster management REST test. */ -@Property(name = "micronaut.security.enabled", value = "false") @ExtendWith(MockitoExtension.class) @ExtendWith(ConfigurationExtension.class) public class ItClusterManagementControllerTest extends RestTestBase { diff --git a/modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java b/modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java index e386fa65c0..9b2ff864d6 100644 --- a/modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java +++ b/modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java @@ -173,12 +173,8 @@ public class RestComponent implements IgniteComponent { Micronaut micronaut = Micronaut.build(""); setFactories(micronaut); - Map<String, Object> properties = new HashMap<>(); - properties.putAll(serverProperties(portCandidate, sslPortCandidate)); - properties.putAll(authProperties()); - return micronaut - .properties(properties) + .properties(serverProperties(portCandidate, sslPortCandidate)) .banner(false) // -1 forces the micronaut to throw an ApplicationStartupException instead of doing System.exit .mapError(ServerStartupException.class, ex -> -1) @@ -199,6 +195,8 @@ public class RestComponent implements IgniteComponent { result.put("micronaut.server.port", port); result.put("micronaut.server.cors.enabled", "true"); result.put("micronaut.server.cors.configurations.web.allowed-headers", "Authorization"); + result.put("micronaut.security.intercept-url-map[0].pattern", "/**"); + result.put("micronaut.security.intercept-url-map[0].access", "isAuthenticated()"); result.put("ignite.endpoints.filter-non-initialized", "true"); if (sslEnabled) { @@ -232,12 +230,6 @@ public class RestComponent implements IgniteComponent { return result; } - private Map<String, Object> authProperties() { - return Map.of("micronaut.security.enabled", true, - "micronaut.security.intercept-url-map[1].pattern", "/**", - "micronaut.security.intercept-url-map[1].access", "isAuthenticated()"); - } - private static String toMicronautClientAuth(ClientAuth clientAuth) { switch (clientAuth) { case OPTIONAL: return ClientAuthentication.WANT.name().toLowerCase(); diff --git a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthenticationProviderFactory.java b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthenticationProviderFactory.java index 87db81ffc2..4d10431e6b 100644 --- a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthenticationProviderFactory.java +++ b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthenticationProviderFactory.java @@ -29,7 +29,6 @@ import org.apache.ignite.internal.security.authentication.AuthenticationManager; */ @Factory public class AuthenticationProviderFactory implements RestFactory { - private AuthenticationManager authenticationManager; public AuthenticationProviderFactory(AuthenticationManager authenticationManager) { @@ -39,12 +38,12 @@ public class AuthenticationProviderFactory implements RestFactory { /** * Create a bean of {@link AuthenticationProvider}. * - * @return {@link DelegatingAuthenticationProvider} + * @return {@link IgniteAuthenticationProvider} */ @Bean @Singleton - public DelegatingAuthenticationProvider authenticationProvider() { - return new DelegatingAuthenticationProvider(authenticationManager); + public IgniteAuthenticationProvider authenticationProvider() { + return new IgniteAuthenticationProvider(authenticationManager); } @Override diff --git a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthorizationHeaderFilter.java b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthorizationHeaderFilter.java deleted file mode 100644 index 0e8f7cc1a4..0000000000 --- a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/AuthorizationHeaderFilter.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.rest.authentication; - -import io.micronaut.http.HttpRequest; -import io.micronaut.http.MutableHttpResponse; -import io.micronaut.http.annotation.Filter; -import io.micronaut.http.filter.HttpServerFilter; -import io.micronaut.http.filter.ServerFilterChain; -import io.micronaut.http.filter.ServerFilterPhase; -import org.reactivestreams.Publisher; - -/** - * Implementation of {@link HttpServerFilter}. Checks {@link HttpRequest} - * and adds empty {@link io.micronaut.http.HttpHeaders#AUTHORIZATION} - * header if it's absent. We need this workaround, because Micronaut always returns 403, - * when the authentication is enabled and the request doesn't have - * {@link io.micronaut.http.HttpHeaders#AUTHORIZATION} header. - */ -@Filter(Filter.MATCH_ALL_PATTERN) -public class AuthorizationHeaderFilter implements HttpServerFilter { - - @Override - public Publisher<MutableHttpResponse<?>> doFilter(HttpRequest<?> request, ServerFilterChain chain) { - return chain.proceed(addAuthorizationHeaderIfAbsent(request)); - } - - @Override - public int getOrder() { - return ServerFilterPhase.SECURITY.before(); - } - - private static HttpRequest<?> addAuthorizationHeaderIfAbsent(HttpRequest<?> request) { - if (request.getHeaders().getAuthorization().isPresent()) { - return request; - } else { - return request.mutate().basicAuth("", ""); - } - } -} diff --git a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/DelegatingAuthenticationProvider.java b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteAuthenticationProvider.java similarity index 92% rename from modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/DelegatingAuthenticationProvider.java rename to modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteAuthenticationProvider.java index cd42ac0ccf..c229d420ba 100644 --- a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/DelegatingAuthenticationProvider.java +++ b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteAuthenticationProvider.java @@ -33,14 +33,17 @@ import reactor.core.publisher.FluxSink; /** * Implementation of {@link AuthenticationProvider}. Delegates authentication to {@link AuthenticationManager}. */ -public class DelegatingAuthenticationProvider implements AuthenticationProvider { - +public class IgniteAuthenticationProvider implements AuthenticationProvider { private final AuthenticationManager authenticationManager; - public DelegatingAuthenticationProvider(AuthenticationManager authenticationManager) { + IgniteAuthenticationProvider(AuthenticationManager authenticationManager) { this.authenticationManager = authenticationManager; } + boolean authenticationEnabled() { + return authenticationManager.authenticationEnabled(); + } + @Override public Publisher<AuthenticationResponse> authenticate(HttpRequest<?> httpRequest, AuthenticationRequest<?, ?> authenticationRequest) { return Flux.create(emitter -> { diff --git a/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteSecurityFilter.java b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteSecurityFilter.java new file mode 100644 index 0000000000..0b687eddc1 --- /dev/null +++ b/modules/rest/src/main/java/org/apache/ignite/internal/rest/authentication/IgniteSecurityFilter.java @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.internal.rest.authentication; + +import io.micronaut.context.annotation.Replaces; +import io.micronaut.http.HttpRequest; +import io.micronaut.http.MutableHttpResponse; +import io.micronaut.http.annotation.Filter; +import io.micronaut.http.filter.HttpServerFilter; +import io.micronaut.http.filter.ServerFilterChain; +import io.micronaut.security.config.SecurityConfiguration; +import io.micronaut.security.filters.AuthenticationFetcher; +import io.micronaut.security.filters.SecurityFilter; +import io.micronaut.security.rules.SecurityRule; +import java.util.Collection; +import org.reactivestreams.Publisher; + +/** + * Replaces {@link SecurityFilter} to disable authentication if it is disabled in Ignite. + */ +@Replaces(SecurityFilter.class) +@Filter(Filter.MATCH_ALL_PATTERN) +public class IgniteSecurityFilter implements HttpServerFilter { + private final SecurityFilter securityFilter; + + private final IgniteAuthenticationProvider igniteAuthenticationProvider; + + /** + * Constructor. + * + * @param securityRules The list of security rules that will allow or reject the request. + * @param authenticationFetchers List of {@link AuthenticationFetcher} beans in the context. + * @param securityConfiguration The security configuration. + * @param igniteAuthenticationProvider The authentication provider. + */ + public IgniteSecurityFilter( + Collection<SecurityRule> securityRules, + Collection<AuthenticationFetcher> authenticationFetchers, + SecurityConfiguration securityConfiguration, + IgniteAuthenticationProvider igniteAuthenticationProvider + ) { + this.securityFilter = new SecurityFilter(securityRules, authenticationFetchers, securityConfiguration); + this.igniteAuthenticationProvider = igniteAuthenticationProvider; + } + + @Override + public Publisher<MutableHttpResponse<?>> doFilter(HttpRequest<?> request, ServerFilterChain chain) { + if (igniteAuthenticationProvider.authenticationEnabled()) { + return securityFilter.doFilter(request, chain); + } else { + return chain.proceed(request); + } + } + + @Override + public int getOrder() { + return securityFilter.getOrder(); + } +} diff --git a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ClusterConfigurationControllerTest.java b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ClusterConfigurationControllerTest.java index 101f2ba9e6..9d4f033e60 100644 --- a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ClusterConfigurationControllerTest.java +++ b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ClusterConfigurationControllerTest.java @@ -18,7 +18,7 @@ package org.apache.ignite.internal.rest.configuration; import io.micronaut.context.annotation.Bean; -import io.micronaut.context.annotation.Property; +import io.micronaut.context.annotation.Factory; import io.micronaut.context.annotation.Replaces; import io.micronaut.http.client.HttpClient; import io.micronaut.http.client.annotation.Client; @@ -28,12 +28,13 @@ import jakarta.inject.Named; import org.apache.ignite.internal.configuration.ConfigurationRegistry; import org.apache.ignite.internal.configuration.presentation.ConfigurationPresentation; import org.apache.ignite.internal.configuration.presentation.HoconPresentation; +import org.apache.ignite.internal.security.authentication.AuthenticationManager; +import org.apache.ignite.internal.security.authentication.AuthenticationManagerImpl; /** * Functional test for {@link ClusterConfigurationController}. */ @MicronautTest -@Property(name = "micronaut.security.enabled", value = "false") class ClusterConfigurationControllerTest extends ConfigurationControllerBaseTest { @Inject @@ -54,4 +55,10 @@ class ClusterConfigurationControllerTest extends ConfigurationControllerBaseTest public ConfigurationPresentation<String> cfgPresentation(ConfigurationRegistry configurationRegistry) { return new HoconPresentation(configurationRegistry); } + + @Bean + @Factory + AuthenticationManager authenticationManager() { + return new AuthenticationManagerImpl(); + } } diff --git a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ConfigurationControllerBaseTest.java b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ConfigurationControllerBaseTest.java index b75d39d39b..ce98aec9ae 100644 --- a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ConfigurationControllerBaseTest.java +++ b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/ConfigurationControllerBaseTest.java @@ -27,7 +27,6 @@ import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; import io.micronaut.context.ApplicationContext; -import io.micronaut.context.annotation.Property; import io.micronaut.http.HttpRequest; import io.micronaut.http.HttpStatus; import io.micronaut.http.MediaType; @@ -48,7 +47,6 @@ import org.junit.jupiter.api.Test; * The base test for configuration controllers. */ @MicronautTest -@Property(name = "micronaut.security.enabled", value = "false") public abstract class ConfigurationControllerBaseTest { private final Set<String> secretKeys = Set.of("password"); diff --git a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/NodeConfigurationControllerTest.java b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/NodeConfigurationControllerTest.java index 2bc377deb8..eff3aba485 100644 --- a/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/NodeConfigurationControllerTest.java +++ b/modules/rest/src/test/java/org/apache/ignite/internal/rest/configuration/NodeConfigurationControllerTest.java @@ -18,7 +18,7 @@ package org.apache.ignite.internal.rest.configuration; import io.micronaut.context.annotation.Bean; -import io.micronaut.context.annotation.Property; +import io.micronaut.context.annotation.Factory; import io.micronaut.context.annotation.Replaces; import io.micronaut.http.client.HttpClient; import io.micronaut.http.client.annotation.Client; @@ -28,12 +28,13 @@ import jakarta.inject.Named; import org.apache.ignite.internal.configuration.ConfigurationRegistry; import org.apache.ignite.internal.configuration.presentation.ConfigurationPresentation; import org.apache.ignite.internal.configuration.presentation.HoconPresentation; +import org.apache.ignite.internal.security.authentication.AuthenticationManager; +import org.apache.ignite.internal.security.authentication.AuthenticationManagerImpl; /** * Functional test for {@link NodeConfigurationController}. */ @MicronautTest -@Property(name = "micronaut.security.enabled", value = "false") class NodeConfigurationControllerTest extends ConfigurationControllerBaseTest { @Inject @@ -54,4 +55,10 @@ class NodeConfigurationControllerTest extends ConfigurationControllerBaseTest { public ConfigurationPresentation<String> cfgPresentation(ConfigurationRegistry configurationRegistry) { return new HoconPresentation(configurationRegistry); } + + @Bean + @Factory + AuthenticationManager authenticationManager() { + return new AuthenticationManagerImpl(); + } } diff --git a/modules/security-api/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManager.java b/modules/security-api/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManager.java index defc291f87..6e43af0a80 100644 --- a/modules/security-api/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManager.java +++ b/modules/security-api/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManager.java @@ -25,6 +25,13 @@ import org.apache.ignite.internal.security.configuration.SecurityView; * Authentication manager. */ public interface AuthenticationManager extends Authenticator, ConfigurationListener<SecurityView> { + /** + * Check if authentication is enabled. + * + * @return {@code true} if authentication is enabled. + */ + boolean authenticationEnabled(); + /** * Listen to authentication events. * diff --git a/modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java b/modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java index 420cddaa9d..3d371cd2a4 100644 --- a/modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java +++ b/modules/security/src/main/java/org/apache/ignite/internal/security/authentication/AuthenticationManagerImpl.java @@ -177,6 +177,11 @@ public class AuthenticationManagerImpl implements AuthenticationManager { }); } + @Override + public boolean authenticationEnabled() { + return authEnabled; + } + @Override public void listen(AuthenticationListener listener) { listeners.add(listener);