Example 31 with SecurityContext
use of org.apache.ignite.internal.processors.security.SecurityContext in project ignite by apache.
the class ZookeeperDiscoveryImpl method authenticateNode.
/**
* @param node Node.
* @return Validation result.
*/
private ZkNodeValidateResult authenticateNode(ZookeeperClusterNode node) {
DiscoverySpiNodeAuthenticator nodeAuth = spi.getAuthenticator();
if (nodeAuth == null)
return new ZkNodeValidateResult((byte[]) null);
SecurityCredentials cred;
try {
cred = unmarshalCredentials(node);
} catch (Exception e) {
U.error(log, "Failed to unmarshal node credentials: " + e, e);
return new ZkNodeValidateResult("Failed to unmarshal node credentials");
}
SecurityContext subj = nodeAuth.authenticateNode(node, cred);
if (subj == null) {
U.warn(log, "Authentication failed [nodeId=" + node.id() + ", addrs=" + U.addressesAsString(node) + ']');
// Note: exception message test is checked in tests.
return new ZkNodeValidateResult("Authentication failed");
}
if (!(subj instanceof Serializable)) {
U.warn(log, "Authentication subject is not Serializable [nodeId=" + node.id() + ", addrs=" + U.addressesAsString(node) + ']');
return new ZkNodeValidateResult("Authentication subject is not serializable");
}
byte[] secSubjZipBytes;
try {
secSubjZipBytes = marshalZip(subj);
node.setAttributes(withSecurityContext(subj, node.getAttributes(), marsh));
} catch (Exception e) {
U.error(log, "Failed to marshal node security subject: " + e, e);
return new ZkNodeValidateResult("Failed to marshal node security subject");
}
return new ZkNodeValidateResult(secSubjZipBytes);
}
Also used :
SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials)
Serializable(java.io.Serializable)
SecurityUtils.withSecurityContext(org.apache.ignite.internal.processors.security.SecurityUtils.withSecurityContext)
SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext)
DiscoverySpiNodeAuthenticator(org.apache.ignite.spi.discovery.DiscoverySpiNodeAuthenticator)
IgniteClientDisconnectedException(org.apache.ignite.IgniteClientDisconnectedException)
IgniteClientDisconnectedCheckedException(org.apache.ignite.internal.IgniteClientDisconnectedCheckedException)
IgniteCheckedException(org.apache.ignite.IgniteCheckedException)
IgniteException(org.apache.ignite.IgniteException)
IgniteFutureTimeoutCheckedException(org.apache.ignite.internal.IgniteFutureTimeoutCheckedException)
IgniteSpiException(org.apache.ignite.spi.IgniteSpiException)
DataFormatException(java.util.zip.DataFormatException)
IgniteInterruptedException(org.apache.ignite.IgniteInterruptedException)
KeeperException(org.apache.zookeeper.KeeperException)
ClusterTopologyCheckedException(org.apache.ignite.internal.cluster.ClusterTopologyCheckedException)
Example 32 with SecurityContext
use of org.apache.ignite.internal.processors.security.SecurityContext in project ignite by apache.
the class SqlUserCommandSelfTest method testNotAuthorizedOperation.
/**
* @throws Exception If failed.
*/
@Test
public void testNotAuthorizedOperation() throws Exception {
withSecurityContextOnAllNodes(secCtxDflt);
userSql(0, "CREATE USER user0 WITH PASSWORD 'user0'");
SecurityContext secCtx = authenticate(grid(0), "USER0", "user0");
withSecurityContextOnAllNodes(secCtx);
for (int i = 0; i < NODES_COUNT; ++i) {
final int idx = i;
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override
public Void call() throws Exception {
userSql(idx, "CREATE USER test WITH PASSWORD 'test'");
return null;
}
}, IgniteAccessControlException.class, "User management operations are not allowed for user");
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override
public Void call() throws Exception {
userSql(idx, "ALTER USER test WITH PASSWORD 'test'");
return null;
}
}, IgniteAccessControlException.class, "User management operations are not allowed for user");
GridTestUtils.assertThrowsAnyCause(log, new Callable<Void>() {
@Override
public Void call() throws Exception {
userSql(idx, "DROP USER test");
return null;
}
}, IgniteAccessControlException.class, "User management operations are not allowed for user");
}
}
Also used :
SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext)
UserManagementException(org.apache.ignite.internal.processors.authentication.UserManagementException)
IgniteAccessControlException(org.apache.ignite.internal.processors.authentication.IgniteAccessControlException)
GridCommonAbstractTest(org.apache.ignite.testframework.junits.common.GridCommonAbstractTest)
Test(org.junit.Test)
Aggregations
SecurityContext (org.apache.ignite.internal.processors.security.SecurityContext)32
OperationSecurityContext (org.apache.ignite.internal.processors.security.OperationSecurityContext)15
Test (org.junit.Test)15
GridCommonAbstractTest (org.apache.ignite.testframework.junits.common.GridCommonAbstractTest)14
IgniteCheckedException (org.apache.ignite.IgniteCheckedException)10
IgniteException (org.apache.ignite.IgniteException)6
SecurityCredentials (org.apache.ignite.plugin.security.SecurityCredentials)4
IgniteClientDisconnectedException (org.apache.ignite.IgniteClientDisconnectedException)3
IgniteInterruptedException (org.apache.ignite.IgniteInterruptedException)3
ClusterNode (org.apache.ignite.cluster.ClusterNode)3
IgniteClientDisconnectedCheckedException (org.apache.ignite.internal.IgniteClientDisconnectedCheckedException)3
IgniteInternalFuture (org.apache.ignite.internal.IgniteInternalFuture)3
IgniteSpiException (org.apache.ignite.spi.IgniteSpiException)3
InetSocketAddress (java.net.InetSocketAddress)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
CopyOnWriteArrayList (java.util.concurrent.CopyOnWriteArrayList)2
DiscoveryEvent (org.apache.ignite.events.DiscoveryEvent)2
GridComponent (org.apache.ignite.internal.GridComponent)2
IgniteKernal (org.apache.ignite.internal.IgniteKernal)2
