use of org.apache.ignite.plugin.security.AuthenticationContext in project ignite by apache.
the class GridRestProcessor method authenticate.
/**
* Authenticates remote client.
*
* @param req Request to authenticate.
* @return Authentication subject context.
* @throws IgniteCheckedException If authentication failed.
*/
private SecurityContext authenticate(GridRestRequest req) throws IgniteCheckedException {
assert req.clientId() != null;
AuthenticationContext authCtx = new AuthenticationContext();
authCtx.subjectType(REMOTE_CLIENT);
authCtx.subjectId(req.clientId());
authCtx.nodeAttributes(Collections.<String, Object>emptyMap());
SecurityCredentials cred;
if (req.credentials() instanceof SecurityCredentials)
cred = (SecurityCredentials) req.credentials();
else if (req.credentials() instanceof String) {
String credStr = (String) req.credentials();
int idx = credStr.indexOf(':');
cred = idx >= 0 && idx < credStr.length() ? new SecurityCredentials(credStr.substring(0, idx), credStr.substring(idx + 1)) : new SecurityCredentials(credStr, null);
} else {
cred = new SecurityCredentials();
cred.setUserObject(req.credentials());
}
authCtx.address(req.address());
authCtx.credentials(cred);
SecurityContext subjCtx = ctx.security().authenticate(authCtx);
if (subjCtx == null) {
if (req.credentials() == null)
throw new IgniteCheckedException("Failed to authenticate remote client (secure session SPI not set?): " + req);
else
throw new IgniteCheckedException("Failed to authenticate remote client (invalid credentials?): " + req);
}
return subjCtx;
}
Aggregations