Version: Ignite 2.3-SNAPSHOT from ignite-2.3 branch.
A jar that contains our custom security plugin for the security named
ACSPluginProvider & ACSSecurityProcessor is placed in $IGNITE_HOME/libs
folder.
Run ignite.sh to start the single data node and see
ACSSecurityProcessor.start method is called.
10-23 20:46:16.567 [main ] INFO
apache.ignite.internal.IgniteKernal%cdev_cluster - Configured caches [in
'sysMemPlc' memoryPolicy: ['ignite-sys-cache']]
10-23 20:46:16.601 [main ] INFO
apache.ignite.internal.IgniteKernal%cdev_cluster - 3-rd party licenses can
be found at: /opt/ignite/libs/licenses
10-23 20:46:16.663 [main ] INFO
internal.processors.plugin.IgnitePluginProcessor - Configured plugins:
10-23 20:46:16.664 [main ] INFO
internal.processors.plugin.IgnitePluginProcessor - ^-- ACSPluginProvider
1.0.0
10-23 20:46:16.664 [main ] INFO
internal.processors.plugin.IgnitePluginProcessor - ^-- MaxPoint
10-23 20:46:16.664 [main ] INFO
internal.processors.plugin.IgnitePluginProcessor -
10-23 20:46:16.673 [main ] INFO platform.auth.ignite.ACSSecurityProcessor -
start
10-23 20:46:16.726 [main ] INFO spi.communication.tcp.TcpCommunicationSpi -
Successfully bound communication NIO server to TCP port [port=47100,
locHost=0.0.0.0/0.0.0.0, selectorsCnt=4, selectorSpins=0, pairedConn=false]
Use Ignite JDBC thin driver to connect to the cluster with user & password
properties. Then I see ACSSecurityProcessor - authenticate as shown below.
But the login is null. Also, I can see ACSSecurityProcessor.authorize is
called for CACHE_PUT when I execute INSERT or DELETE statements, but I do
not see ACSSecurityProcessor.authorize is called for CACHE_READ.
/opt/ignite/log$ grep platform.auth.ignite ignite.log
10-25 14:56:35.182 [main ] INFO platform.auth.ignite.ACSSecurityProcessor -
start
10-25 14:56:35.779 [main ] INFO platform.auth.ignite.ACSPluginProvider -
start
10-25 14:56:35.810 [main ] INFO platform.auth.ignite.ACSSecurityProcessor -
authenticateNode: id=cdb8bd19-d1b0-4d54-a982-01abdc83761a, hosts=[shei1],
address=[0:0:0:0:0:0:0:1%lo, 127.0.0.1, 172.16.128.96]
10-25 14:56:35.858 [main ] INFO platform.auth.ignite.ACSSecurityProcessor -
onKernalStart(false)
10-25 14:56:35.891 [main ] INFO platform.auth.ignite.ACSPluginProvider -
onIgniteStart
10-25 14:57:09.417 [rest-#44%cdev_cluster%] INFO
platform.auth.ignite.ACSSecurityProcessor - authenticate:
id=b5052d01-5a1c-47ea-9bb1-0ee89519bde7, login=null
10-25 15:01:21.862 [client-connector-#79%cdev_cluster%] WARN
platform.auth.ignite.ACSSecurityProcessor - authorize:
name=SQL_PUBLIC_TEST1, permission=CACHE_PUT
10-25 15:01:55.818 [client-connector-#80%cdev_cluster%] WARN
platform.auth.ignite.ACSSecurityProcessor - authorize:
name=SQL_PUBLIC_TEST1, permission=CACHE_PUT
The code for ACSSecurityProcessor.authenticate is
@Override
public SecurityContext authenticate(AuthenticationContext authCtx)
throws IgniteCheckedException {
ACSSecuritySubject subject =
(ACSSecuritySubject)userMap.get(authCtx.subjectId());
if(subject == null) {
subject = new ACSSecuritySubject(authCtx.subjectId(),
authCtx.credentials(), authCtx.address());
if(logger.isInfoEnabled()) {
logger.info("authenticate: id=" + subject.id() + ", login="
+ subject.login());
}
userMap.put(authCtx.subjectId(), subject);
}
return new ACSSecurityContext(subject);
}
where subject.login() will return null if authCtx.credentials() is null.
So here, I have two questions:
1. How can I get authCtx.credentials() to return the not null credentials
when I use the thin driver with user/password properties?
2. How can I get ACSSecurityProcessor.authorize invoked for CACHE_READ for
any SELECT query?
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
