RE: Authorization Plugin

[Sergio Hernández Martínez]

Hello!

I'm already putting in authenticate method the security context in 
SecurityContextHolder:

SecurityPluginSecuritySubject securityPluginSecuritySubject = new 
SecurityPluginSecuritySubject(
            authenticationContext.subjectId(),
            authenticationContext.subjectType(),
            authenticationContext.credentials().getLogin(),
            authenticationContext.address()
    );
    SecurityContext securityContext = new 
SecurityPluginSecurityContext(securityPluginSecuritySubject);
    SecurityContextHolder.set(securityContext);

But when I want to authorize, i'm getting NULL on SecurityContextHolder

Thank's you!


________________________________
De: Ilya Kasnacheev <ilya.kasnach...@gmail.com>
Enviado: lunes, 18 de febrero de 2019 12:10
Para: Sergio Hernández Martínez
Cc: user@ignite.apache.org
Asunto: Re: Authorization Plugin

Hello!

I guess you will have to fill this context yourself for calls which supply null 
as context. Then maybe put it in holder.

Regards,
--
Ilya Kasnacheev


сб, 16 февр. 2019 г. в 16:28, Sergio Hernández Martínez 
<serher...@hotmail.com<mailto:serher...@hotmail.com>>:
Hi Ilya,

Thank you for you tip, but push(), pop() is in master code. I'm using stable 
version 2.7.0 and i'm getting the same error. My new code is:

public SecurityContext authenticate(AuthenticationContext 
authenticationContext) throws IgniteCheckedException {

    if (authenticationContext.credentials().getLogin()==null) {
        System.out.println("Usuario: null is not Authorizated to Connect");
        return null;
    }

    System.out.println("subjectId: " + 
authenticationContext.subjectId().toString());

    SecurityPluginSecuritySubject securityPluginSecuritySubject = new 
SecurityPluginSecuritySubject(
            authenticationContext.subjectId(),
            authenticationContext.subjectType(),
            authenticationContext.credentials().getLogin(),
            authenticationContext.address()
    );

    SecurityContext securityContext = new 
SecurityPluginSecurityContext(securityPluginSecuritySubject);

    SecurityContextHolder.set(securityContext);

    return securityContext;
}

public void authorize(String s, SecurityPermission securityPermission, 
@Nullable SecurityContext securityContext) throws SecurityException {
    if (securityContext==null) {
        if (SecurityContextHolder.get().subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            throw new SecurityException("You cannot entry");
        }
    }
}

And the error message in ignite node is:

[14:21:27,829][SEVERE][client-connector-#48][ClientListenerNioListener] Failed 
to process client request 
[req=o.a.i.i.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest@af561fe]
java.lang.NullPointerException
at 
org.serhermar.ignite.security.SecurityPluginProcessor.authorize(SecurityPluginProcessor.java:74)
at 
org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheCreate(GridCacheProcessor.java:3738)
at 
org.apache.ignite.internal.processors.cache.GridCacheProcessor.authorizeCacheChange(GridCacheProcessor.java:3756)
at 
org.apache.ignite.internal.processors.cache.GridCacheProcessor.initiateCacheChanges(GridCacheProcessor.java:3665)
at 
org.apache.ignite.internal.processors.cache.GridCacheProcessor.lambda$dynamicStartCache$0(GridCacheProcessor.java:3232)
at 
org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3245)
at 
org.apache.ignite.internal.processors.cache.GridCacheProcessor.dynamicStartCache(GridCacheProcessor.java:3153)
at org.apache.ignite.internal.IgniteKernal.createCache(IgniteKernal.java:2922)
at 
org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.lambda$process$0(ClientCacheCreateWithConfigurationRequest.java:57)
at 
org.apache.ignite.internal.processors.platform.client.ClientRequest.runWithSecurityExceptionHandler(ClientRequest.java:70)
at 
org.apache.ignite.internal.processors.platform.client.cache.ClientCacheCreateWithConfigurationRequest.process(ClientCacheCreateWithConfigurationRequest.java:57)
at 
org.apache.ignite.internal.processors.platform.client.ClientRequestHandler.handle(ClientRequestHandler.java:57)
at 
org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:162)
at 
org.apache.ignite.internal.processors.odbc.ClientListenerNioListener.onMessage(ClientListenerNioListener.java:45)
at 
org.apache.ignite.internal.util.nio.GridNioFilterChain$TailFilter.onMessageReceived(GridNioFilterChain.java:279)
at 
org.apache.ignite.internal.util.nio.GridNioFilterAdapter.proceedMessageReceived(GridNioFilterAdapter.java:109)
at 
org.apache.ignite.internal.util.nio.GridNioAsyncNotifyFilter$3.body(GridNioAsyncNotifyFilter.java:97)
at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at 
org.apache.ignite.internal.util.worker.GridWorkerPool$1.run(GridWorkerPool.java:70)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

SecurityContextHolder.get().subject().login() is null.

Thanks you!


________________________________
De: Ilya Kasnacheev 
<ilya.kasnach...@gmail.com<mailto:ilya.kasnach...@gmail.com>>
Enviado: jueves, 14 de febrero de 2019 17:11
Para: user@ignite.apache.org<mailto:user@ignite.apache.org>
Asunto: Re: Authorization Plugin

Hello!

Please refer to SecurityContextHolder - get(), push(), pop().

When getting null you can just do SecurityContextHolder.get().

Regards,
--
Ilya Kasnacheev


пт, 8 февр. 2019 г. в 22:45, Sergio Hernández Martínez 
<serher...@hotmail.com<mailto:serher...@hotmail.com>>:
hi everyone,

I'm developing my own authorization plugin. I've arrived to a point that i'm 
blocked.

My code is:

public void authorize(String s, SecurityPermission securityPermission, 
@Nullable SecurityContext securityContext) throws SecurityException {
        if (securityContext.subject().login().equals("test-user")) {
            System.out.println("You can entry");
        } else {
            System.out.println("You cannot entry");
        }
    }

I have a problem, always securityContext is null. But in my code i have:

public SecurityContext authenticate(AuthenticationContext 
authenticationContext) throws IgniteCheckedException {
        SecurityPluginSecuritySubject securityPluginSecuritySubject = new 
SecurityPluginSecuritySubject(
                authenticationContext.subjectId(),
                authenticationContext.subjectType(),
                authenticationContext.credentials().getLogin(),
                authenticationContext.address()
        );

        return new SecurityPluginSecurityContext(securityPluginSecuritySubject);
}

In ignite code 
(https://github.com/apache/ignite/blob/master/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheContext.java)
 i've saw:


 /**
     * @param op Operation to check.
     * @throws SecurityException If security check failed.
     */
    public void checkSecurity(SecurityPermission op) throws SecurityException {
        if (CU.isSystemCache(name()))
            return;

        ctx.security().authorize(name(), op, null);
    }

In security context always is null. Why? Am I missing something in my code?

Thank's for your help.