Example 26 with SecurityContext
use of org.apache.ignite.internal.processors.security.SecurityContext in project ignite by apache.
the class TestCertificateSecurityProcessor method authenticateNode.
/**
* {@inheritDoc}
*/
@Override
public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) {
SecurityContext res = new TestSecurityContext(new TestSecuritySubject().setType(REMOTE_NODE).setId(node.id()).setAddr(new InetSocketAddress(F.first(node.addresses()), 0)).setLogin("").setPerms(ALLOW_ALL));
secCtxs.put(res.subject().id(), res);
return res;
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext)
Example 27 with SecurityContext
use of org.apache.ignite.internal.processors.security.SecurityContext in project ignite by apache.
the class TestCertificateSecurityProcessor method authenticate.
/**
* {@inheritDoc}
*/
@Override
public SecurityContext authenticate(AuthenticationContext ctx) {
Certificate[] certs = ctx.certificates();
assertNotNull(certs);
assertEquals(2, certs.length);
assertTrue(((X509Certificate) certs[0]).getSubjectDN().getName().matches("^CN=[a-z0-9]+$"));
assertTrue(((X509Certificate) certs[0]).getIssuerDN().getName().startsWith("C=RU, ST=SPb, L=SPb, O=Ignite, OU=Dev"));
String cn = ((X509Certificate) certs[0]).getSubjectDN().getName().substring(3);
if (!PERMS.containsKey(cn))
return null;
SecurityContext res = new TestSecurityContext(new TestSecuritySubject().setType(ctx.subjectType()).setId(ctx.subjectId()).setAddr(ctx.address()).setLogin(cn).setPerms(PERMS.get(cn)).setCerts(ctx.certificates()));
secCtxs.put(res.subject().id(), res);
return res;
}
Also used :
SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 28 with SecurityContext
use of org.apache.ignite.internal.processors.security.SecurityContext in project ignite by apache.
the class GridRestProcessor method handleRequest.
/**
* @param req Request.
* @return Future.
*/
private IgniteInternalFuture<GridRestResponse> handleRequest(final GridRestRequest req) {
if (req instanceof GridRestNodeStateBeforeStartRequest) {
if (startLatch.getCount() == 0)
return new GridFinishedFuture<>(new IgniteCheckedException("Node has already started."));
} else if (!(req instanceof GridRestAuthenticationRequest) && startLatch.getCount() > 0) {
try {
startLatch.await();
} catch (InterruptedException e) {
return new GridFinishedFuture<>(new IgniteCheckedException("Failed to handle request " + "(protocol handler was interrupted when awaiting grid start).", e));
}
}
if (log.isDebugEnabled())
log.debug("Received request from client: " + req);
if (securityEnabled) {
Session ses;
try {
ses = session(req);
} catch (IgniteAuthenticationException e) {
return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage()));
} catch (IgniteCheckedException e) {
return new GridFinishedFuture<>(new GridRestResponse(STATUS_FAILED, e.getMessage()));
}
assert ses != null;
req.clientId(ses.clientId);
req.sessionToken(U.uuidToBytes(ses.sesId));
if (log.isDebugEnabled())
log.debug("Next clientId and sessionToken were extracted according to request: " + "[clientId=" + req.clientId() + ", sesTok=" + Arrays.toString(req.sessionToken()) + "]");
SecurityContext secCtx0 = ses.secCtx;
try {
if (secCtx0 == null || ses.isTokenExpired(sesTokTtl))
ses.secCtx = secCtx0 = authenticate(req, ses);
try (OperationSecurityContext s = ctx.security().withContext(secCtx0)) {
authorize(req);
return handleRequest0(req);
}
} catch (SecurityException e) {
assert secCtx0 != null;
return new GridFinishedFuture<>(new GridRestResponse(STATUS_SECURITY_CHECK_FAILED, e.getMessage()));
} catch (IgniteCheckedException e) {
return new GridFinishedFuture<>(new GridRestResponse(STATUS_AUTH_FAILED, e.getMessage()));
}
} else
return handleRequest0(req);
}
Also used :
IgniteAuthenticationException(org.apache.ignite.IgniteAuthenticationException)
IgniteCheckedException(org.apache.ignite.IgniteCheckedException)
OperationSecurityContext(org.apache.ignite.internal.processors.security.OperationSecurityContext)
SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext)
GridRestAuthenticationRequest(org.apache.ignite.internal.processors.rest.request.GridRestAuthenticationRequest)
SecurityException(org.apache.ignite.plugin.security.SecurityException)
GridRestNodeStateBeforeStartRequest(org.apache.ignite.internal.processors.rest.request.GridRestNodeStateBeforeStartRequest)
OperationSecurityContext(org.apache.ignite.internal.processors.security.OperationSecurityContext)
GridFinishedFuture(org.apache.ignite.internal.util.future.GridFinishedFuture)
Example 29 with SecurityContext
use of org.apache.ignite.internal.processors.security.SecurityContext in project ignite by apache.
the class AuthenticationOnNotActiveClusterTest method testDefaultUser.
/**
* @throws Exception If failed.
*/
@Test
public void testDefaultUser() throws Exception {
startGrids(NODES_COUNT - 1);
startClientGrid(CLI_NODE);
for (int i = 0; i < NODES_COUNT; ++i) {
SecurityContext secCtx = authenticate(grid(i), "ignite", "ignite");
assertNotNull(secCtx);
assertEquals("ignite", secCtx.subject().login());
}
}
Also used :
SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext)
GridCommonAbstractTest(org.apache.ignite.testframework.junits.common.GridCommonAbstractTest)
Test(org.junit.Test)
Example 30 with SecurityContext
use of org.apache.ignite.internal.processors.security.SecurityContext in project ignite by apache.
the class AuthenticationOnNotActiveClusterTest method testNotDefaultUser.
/**
* @throws Exception If failed.
*/
@Test
public void testNotDefaultUser() throws Exception {
startGrids(NODES_COUNT - 1);
startClientGrid(CLI_NODE);
startGrid(NODES_COUNT);
grid(0).cluster().active(true);
SecurityContext secCtxDflt = authenticate(grid(0), User.DFAULT_USER_NAME, "ignite");
withSecurityContextOnAllNodes(secCtxDflt);
for (int i = 0; i < 10; ++i) grid(0).context().security().createUser("test" + i, "passwd".toCharArray());
stopAllGrids();
U.sleep(500);
startGrids(NODES_COUNT - 1);
startClientGrid(CLI_NODE);
for (int i = 0; i < NODES_COUNT; ++i) {
for (int usrCnt = 0; usrCnt < 10; ++usrCnt) {
SecurityContext secCtx = authenticate(grid(i), "test" + usrCnt, "passwd");
assertNotNull(secCtx);
assertEquals("test" + usrCnt, secCtx.subject().login());
}
}
}
Also used :
SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext)
GridCommonAbstractTest(org.apache.ignite.testframework.junits.common.GridCommonAbstractTest)
Test(org.junit.Test)
Aggregations
SecurityContext (org.apache.ignite.internal.processors.security.SecurityContext)32
OperationSecurityContext (org.apache.ignite.internal.processors.security.OperationSecurityContext)15
Test (org.junit.Test)15
GridCommonAbstractTest (org.apache.ignite.testframework.junits.common.GridCommonAbstractTest)14
IgniteCheckedException (org.apache.ignite.IgniteCheckedException)10
IgniteException (org.apache.ignite.IgniteException)6
SecurityCredentials (org.apache.ignite.plugin.security.SecurityCredentials)4
IgniteClientDisconnectedException (org.apache.ignite.IgniteClientDisconnectedException)3
IgniteInterruptedException (org.apache.ignite.IgniteInterruptedException)3
ClusterNode (org.apache.ignite.cluster.ClusterNode)3
IgniteClientDisconnectedCheckedException (org.apache.ignite.internal.IgniteClientDisconnectedCheckedException)3
IgniteInternalFuture (org.apache.ignite.internal.IgniteInternalFuture)3
IgniteSpiException (org.apache.ignite.spi.IgniteSpiException)3
InetSocketAddress (java.net.InetSocketAddress)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
CopyOnWriteArrayList (java.util.concurrent.CopyOnWriteArrayList)2
DiscoveryEvent (org.apache.ignite.events.DiscoveryEvent)2
GridComponent (org.apache.ignite.internal.GridComponent)2
IgniteKernal (org.apache.ignite.internal.IgniteKernal)2
