Version: Ignite 2.2.
Partial Ignite Config:
<bean id="grid.cfg"
class="org.apache.ignite.configuration.IgniteConfiguration">
....
<property name="persistentStoreConfiguration">
<bean
class="org.apache.ignite.configuration.PersistentStoreConfiguration">
<property name="persistentStorePath"
value="/tmp/ignite/work"/>
</bean>
</property>
</bean>
A jar that contains our custom security plugin for the security named
ACSPluginProvider & ACSSecurityProcessor is placed in $IGNITE_HOME/libs
folder.
Run ignite.sh to start the single data node and see
ACSSecurityProcessor.start method is called.
10-23 20:46:16.567 [main ] INFO
apache.ignite.internal.IgniteKernal%cdev_cluster - Configured caches [in
'sysMemPlc' memoryPolicy: ['ignite-sys-cache']]
10-23 20:46:16.601 [main ] INFO
apache.ignite.internal.IgniteKernal%cdev_cluster - 3-rd party licenses can
be found at: /opt/ignite/libs/licenses
10-23 20:46:16.663 [main ] INFO
internal.processors.plugin.IgnitePluginProcessor - Configured plugins:
10-23 20:46:16.664 [main ] INFO
internal.processors.plugin.IgnitePluginProcessor - ^-- ACSPluginProvider
1.0.0
10-23 20:46:16.664 [main ] INFO
internal.processors.plugin.IgnitePluginProcessor - ^-- MaxPoint
10-23 20:46:16.664 [main ] INFO
internal.processors.plugin.IgnitePluginProcessor -
10-23 20:46:16.673 [main ] INFO platform.auth.ignite.ACSSecurityProcessor -
start
10-23 20:46:16.726 [main ] INFO spi.communication.tcp.TcpCommunicationSpi -
Successfully bound communication NIO server to TCP port [port=47100,
locHost=0.0.0.0/0.0.0.0, selectorsCnt=4, selectorSpins=0, pairedConn=false]
Then run control.sh to activate
/opt/ignite$ control.sh --port 11211 --activate
Oct 23, 2017 8:48:29 PM
org.apache.ignite.internal.client.impl.connection.GridClientNioTcpConnection
<init>
INFO: Client TCP connection established: /127.0.0.1:11211
Oct 23, 2017 8:48:30 PM
org.apache.ignite.internal.client.impl.GridClientImpl <init>
INFO: Client started [id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae, protocol=TCP]
Then, I see ACSSecurityProcessor.authenticate is called, but then followed
by Unexpected command: CLUSTER_ACTIVE exception.
10-23 20:48:29.688 [rest-#46%cdev_cluster%] INFO
platform.auth.ignite.ACSSecurityProcessor - authenticate:
id=d2e2b816-61e3-47ff-9d88-ae4c8b3eb2ae, login=null
10-23 20:48:30.051 [rest-#47%cdev_cluster%] ERROR
internal.processors.rest.GridRestProcessor - Client request execution failed
with error.
java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize(GridRestProcessor.java:817)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.handleRequest(GridRestProcessor.java:250)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100(GridRestProcessor.java:91)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body(GridRestProcessor.java:157)
at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
10-23 20:48:30.056 [rest-#47%cdev_cluster%] ERROR
internal.processors.rest.GridRestProcessor - Runtime error caught during
grid runnable execution: GridWorker [name=rest-proc-worker,
igniteInstanceName=cdev_cluster, finished=false, hashCode=328132029,
interrupted=false, runner=rest-#47%cdev_cluster%]
java.lang.AssertionError: Unexpected command: CLUSTER_ACTIVE
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.authorize(GridRestProcessor.java:817)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.handleRequest(GridRestProcessor.java:250)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor.access$100(GridRestProcessor.java:91)
at
org.apache.ignite.internal.processors.rest.GridRestProcessor$2.body(GridRestProcessor.java:157)
at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
As I examine the source code of GridRestProcessor at line 817
/**
* @param req REST request.
* @param sCtx Security context.
* @throws SecurityException If authorization failed.
*/
private void authorize(GridRestRequest req, SecurityContext sCtx) throws
SecurityException {
SecurityPermission perm = null;
String name = null;
switch (req.command()) {
case CACHE_GET:
case CACHE_CONTAINS_KEY:
case CACHE_CONTAINS_KEYS:
....
case NAME:
case LOG:
break;
default:
throw new AssertionError("Unexpected command: " +
req.command()); <----- line 817
}
if (perm != null)
ctx.security().authorize(name, perm, sCtx);
}
So, why command CLUSTER_ACTIVE is not handled here?
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
