Version: Ignite 2.3-SNAPSHOT from ignite-2.3 branch. A jar that contains our custom security plugin for the security named ACSPluginProvider & ACSSecurityProcessor is placed in $IGNITE_HOME/libs folder.
Run ignite.sh to start the single data node and see ACSSecurityProcessor.start method is called. 10-23 20:46:16.567 [main ] INFO apache.ignite.internal.IgniteKernal%cdev_cluster - Configured caches [in 'sysMemPlc' memoryPolicy: ['ignite-sys-cache']] 10-23 20:46:16.601 [main ] INFO apache.ignite.internal.IgniteKernal%cdev_cluster - 3-rd party licenses can be found at: /opt/ignite/libs/licenses 10-23 20:46:16.663 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - Configured plugins: 10-23 20:46:16.664 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - ^-- ACSPluginProvider 1.0.0 10-23 20:46:16.664 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - ^-- MaxPoint 10-23 20:46:16.664 [main ] INFO internal.processors.plugin.IgnitePluginProcessor - 10-23 20:46:16.673 [main ] INFO platform.auth.ignite.ACSSecurityProcessor - start 10-23 20:46:16.726 [main ] INFO spi.communication.tcp.TcpCommunicationSpi - Successfully bound communication NIO server to TCP port [port=47100, locHost=0.0.0.0/0.0.0.0, selectorsCnt=4, selectorSpins=0, pairedConn=false] Use Ignite JDBC thin driver to connect to the cluster with user & password properties. Then I see ACSSecurityProcessor - authenticate as shown below. But the login is null. Also, I can see ACSSecurityProcessor.authorize is called for CACHE_PUT when I execute INSERT or DELETE statements, but I do not see ACSSecurityProcessor.authorize is called for CACHE_READ. /opt/ignite/log$ grep platform.auth.ignite ignite.log 10-25 14:56:35.182 [main ] INFO platform.auth.ignite.ACSSecurityProcessor - start 10-25 14:56:35.779 [main ] INFO platform.auth.ignite.ACSPluginProvider - start 10-25 14:56:35.810 [main ] INFO platform.auth.ignite.ACSSecurityProcessor - authenticateNode: id=cdb8bd19-d1b0-4d54-a982-01abdc83761a, hosts=[shei1], address=[0:0:0:0:0:0:0:1%lo, 127.0.0.1, 172.16.128.96] 10-25 14:56:35.858 [main ] INFO platform.auth.ignite.ACSSecurityProcessor - onKernalStart(false) 10-25 14:56:35.891 [main ] INFO platform.auth.ignite.ACSPluginProvider - onIgniteStart 10-25 14:57:09.417 [rest-#44%cdev_cluster%] INFO platform.auth.ignite.ACSSecurityProcessor - authenticate: id=b5052d01-5a1c-47ea-9bb1-0ee89519bde7, login=null 10-25 15:01:21.862 [client-connector-#79%cdev_cluster%] WARN platform.auth.ignite.ACSSecurityProcessor - authorize: name=SQL_PUBLIC_TEST1, permission=CACHE_PUT 10-25 15:01:55.818 [client-connector-#80%cdev_cluster%] WARN platform.auth.ignite.ACSSecurityProcessor - authorize: name=SQL_PUBLIC_TEST1, permission=CACHE_PUT The code for ACSSecurityProcessor.authenticate is @Override public SecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException { ACSSecuritySubject subject = (ACSSecuritySubject)userMap.get(authCtx.subjectId()); if(subject == null) { subject = new ACSSecuritySubject(authCtx.subjectId(), authCtx.credentials(), authCtx.address()); if(logger.isInfoEnabled()) { logger.info("authenticate: id=" + subject.id() + ", login=" + subject.login()); } userMap.put(authCtx.subjectId(), subject); } return new ACSSecurityContext(subject); } where subject.login() will return null if authCtx.credentials() is null. So here, I have two questions: 1. How can I get authCtx.credentials() to return the not null credentials when I use the thin driver with user/password properties? 2. How can I get ACSSecurityProcessor.authorize invoked for CACHE_READ for any SELECT query? -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/