Example 1 with SecurityCredentials
use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.
the class GridClientConnectionManagerAdapter method connect.
/**
* Create new connection to specified server.
*
* @param nodeId {@code UUID} of node for mapping with connection.
* {@code null} if no need of mapping.
* @param addr Remote socket to connect.
* @return Established connection.
* @throws IOException If connection failed.
* @throws GridClientException If protocol error happened.
* @throws InterruptedException If thread was interrupted before connection was established.
*/
protected GridClientConnection connect(@Nullable UUID nodeId, InetSocketAddress addr) throws IOException, GridClientException, InterruptedException {
endpointStripedLock.lock(addr);
try {
GridClientConnection old = conns.get(addr);
if (old != null) {
if (old.isClosed()) {
conns.remove(addr, old);
if (nodeId != null)
nodeConns.remove(nodeId, old);
} else {
if (nodeId != null)
nodeConns.put(nodeId, old);
return old;
}
}
SecurityCredentials cred = null;
try {
if (cfg.getSecurityCredentialsProvider() != null)
cred = cfg.getSecurityCredentialsProvider().credentials();
} catch (IgniteCheckedException e) {
throw new GridClientException("Failed to obtain client credentials.", e);
}
GridClientConnection conn;
if (cfg.getProtocol() == GridClientProtocol.TCP) {
GridClientMarshaller marsh = cfg.getMarshaller();
try {
conn = new GridClientNioTcpConnection(srv, clientId, addr, sslCtx, pingExecutor, cfg.getConnectTimeout(), cfg.getPingInterval(), cfg.getPingTimeout(), cfg.isTcpNoDelay(), marsh, marshId, top, cred, cfg.getUserAttributes());
} catch (GridClientException e) {
if (marsh instanceof GridClientZipOptimizedMarshaller) {
log.warning("Failed to connect with GridClientZipOptimizedMarshaller," + " trying to fallback to default marshaller: " + e);
conn = new GridClientNioTcpConnection(srv, clientId, addr, sslCtx, pingExecutor, cfg.getConnectTimeout(), cfg.getPingInterval(), cfg.getPingTimeout(), cfg.isTcpNoDelay(), ((GridClientZipOptimizedMarshaller) marsh).defaultMarshaller(), marshId, top, cred, cfg.getUserAttributes());
} else
throw e;
}
} else
throw new GridServerUnreachableException("Failed to create client (protocol is not supported): " + cfg.getProtocol());
old = conns.putIfAbsent(addr, conn);
assert old == null;
if (nodeId != null)
nodeConns.put(nodeId, conn);
return conn;
} finally {
endpointStripedLock.unlock(addr);
}
}
Also used :
GridClientException(org.apache.ignite.internal.client.GridClientException)
GridServerUnreachableException(org.apache.ignite.internal.client.GridServerUnreachableException)
SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials)
IgniteCheckedException(org.apache.ignite.IgniteCheckedException)
GridClientMarshaller(org.apache.ignite.internal.client.marshaller.GridClientMarshaller)
GridClientZipOptimizedMarshaller(org.apache.ignite.internal.client.marshaller.optimized.GridClientZipOptimizedMarshaller)
Example 2 with SecurityCredentials
use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.
the class GridClientConfiguration method load.
/**
* Load client configuration from the properties map.
*
* @param prefix Prefix for the client properties.
* @param in Properties map to load configuration from.
* @throws GridClientException If parsing configuration failed.
*/
public void load(String prefix, Properties in) throws GridClientException {
while (prefix.endsWith(".")) prefix = prefix.substring(0, prefix.length() - 1);
if (!prefix.isEmpty())
prefix += ".";
String balancer = in.getProperty(prefix + "balancer");
String connectTimeout = in.getProperty(prefix + "connectTimeout");
String cred = in.getProperty(prefix + "credentials");
String autoFetchMetrics = in.getProperty(prefix + "autoFetchMetrics");
String autoFetchAttrs = in.getProperty(prefix + "autoFetchAttributes");
String maxConnIdleTime = in.getProperty(prefix + "idleTimeout");
String proto = in.getProperty(prefix + "protocol");
String srvrs = in.getProperty(prefix + "servers");
String tcpNoDelay = in.getProperty(prefix + "tcp.noDelay");
String topRefreshFreq = in.getProperty(prefix + "topology.refresh");
String sslEnabled = in.getProperty(prefix + "ssl.enabled");
String sslProto = in.getProperty(prefix + "ssl.protocol");
String sslKeyAlg = in.getProperty(prefix + "ssl.key.algorithm");
String keyStorePath = in.getProperty(prefix + "ssl.keystore.location");
String keyStorePwd = in.getProperty(prefix + "ssl.keystore.password");
String keyStoreType = in.getProperty(prefix + "ssl.keystore.type");
String trustStorePath = in.getProperty(prefix + "ssl.truststore.location");
String trustStorePwd = in.getProperty(prefix + "ssl.truststore.password");
String trustStoreType = in.getProperty(prefix + "ssl.truststore.type");
String dataCfgs = in.getProperty(prefix + "data.configurations");
setBalancer(resolveBalancer(balancer));
if (!F.isEmpty(connectTimeout))
setConnectTimeout(Integer.parseInt(connectTimeout));
if (!F.isEmpty(cred)) {
int idx = cred.indexOf(':');
if (idx >= 0 && idx < cred.length() - 1) {
setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials(cred.substring(0, idx), cred.substring(idx + 1))));
} else {
setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials(null, null, cred)));
}
}
if (!F.isEmpty(autoFetchMetrics))
setAutoFetchMetrics(Boolean.parseBoolean(autoFetchMetrics));
if (!F.isEmpty(autoFetchAttrs))
setAutoFetchAttributes(Boolean.parseBoolean(autoFetchAttrs));
if (!F.isEmpty(maxConnIdleTime))
setMaxConnectionIdleTime(Integer.parseInt(maxConnIdleTime));
if (!F.isEmpty(proto))
setProtocol(GridClientProtocol.valueOf(proto));
if (!F.isEmpty(srvrs))
setServers(Arrays.asList(srvrs.replaceAll("\\s+", "").split(",")));
if (!F.isEmpty(tcpNoDelay))
setTcpNoDelay(Boolean.parseBoolean(tcpNoDelay));
if (!F.isEmpty(topRefreshFreq))
setTopologyRefreshFrequency(Long.parseLong(topRefreshFreq));
if (!F.isEmpty(sslEnabled) && Boolean.parseBoolean(sslEnabled)) {
GridSslBasicContextFactory factory = new GridSslBasicContextFactory();
factory.setProtocol(F.isEmpty(sslProto) ? DFLT_SSL_PROTOCOL : sslProto);
factory.setKeyAlgorithm(F.isEmpty(sslKeyAlg) ? DFLT_KEY_ALGORITHM : sslKeyAlg);
if (F.isEmpty(keyStorePath))
throw new IllegalArgumentException("SSL key store location is not specified.");
factory.setKeyStoreFilePath(keyStorePath);
if (keyStorePwd != null)
factory.setKeyStorePassword(keyStorePwd.toCharArray());
factory.setKeyStoreType(F.isEmpty(keyStoreType) ? DFLT_STORE_TYPE : keyStoreType);
if (F.isEmpty(trustStorePath))
factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager());
else {
factory.setTrustStoreFilePath(trustStorePath);
if (trustStorePwd != null)
factory.setTrustStorePassword(trustStorePwd.toCharArray());
factory.setTrustStoreType(F.isEmpty(trustStoreType) ? DFLT_STORE_TYPE : trustStoreType);
}
setSslContextFactory(factory);
}
if (!F.isEmpty(dataCfgs)) {
String[] names = dataCfgs.replaceAll("\\s+", "").split(",");
Collection<GridClientDataConfiguration> list = new ArrayList<>();
for (String cfgName : names) {
if (F.isEmpty(cfgName))
continue;
String name = in.getProperty(prefix + "data." + cfgName + ".name");
String bal = in.getProperty(prefix + "data." + cfgName + ".balancer");
String aff = in.getProperty(prefix + "data." + cfgName + ".affinity");
GridClientDataConfiguration dataCfg = new GridClientDataConfiguration();
dataCfg.setName(F.isEmpty(name) ? null : name);
dataCfg.setBalancer(resolveBalancer(bal));
dataCfg.setAffinity(resolveAffinity(aff));
list.add(dataCfg);
}
setDataConfigurations(list);
}
}
Also used :
SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials)
GridSslBasicContextFactory(org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory)
ArrayList(java.util.ArrayList)
SecurityCredentialsBasicProvider(org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider)
Example 3 with SecurityCredentials
use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.
the class IgniteAuthenticationProcessor method authenticate.
/**
* {@inheritDoc}
*/
@Override
public SecurityContext authenticate(AuthenticationContext authCtx) throws IgniteCheckedException {
SecurityCredentials creds = authCtx.credentials();
String login = (String) creds.getLogin();
if (F.isEmpty(login))
throw new IgniteAccessControlException("The user name or password is incorrect [userName=" + login + ']');
String passwd = (String) creds.getPassword();
UUID subjId;
if (ctx.clientNode()) {
if (ctx.discovery().aliveServerNodes().isEmpty()) {
throw new IgniteAccessControlException("No alive server node was found to which the authentication" + " operation could be delegated. It is possible that the client node has been started with the" + " \"forceServerMode\" flag enabled and no server node had been started yet.");
}
AuthenticateFuture fut;
do {
synchronized (mux) {
ClusterNode rndNode = U.randomServerNode(ctx);
fut = new AuthenticateFuture(rndNode.id());
UserAuthenticateRequestMessage msg = new UserAuthenticateRequestMessage(login, passwd);
authFuts.put(msg.id(), fut);
ctx.io().sendToGridTopic(rndNode, GridTopic.TOPIC_AUTH, msg, GridIoPolicy.SYSTEM_POOL);
}
fut.get();
} while (fut.retry());
subjId = toSubjectId(login);
} else
subjId = authenticateOnServer(login, passwd);
return new SecurityContextImpl(subjId, login, authCtx.subjectType(), authCtx.address());
}
Also used :
ClusterNode(org.apache.ignite.cluster.ClusterNode)
SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials)
UUID(java.util.UUID)
Example 4 with SecurityCredentials
use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.
the class GridRestProcessor method authenticate.
/**
* Authenticates remote client.
*
* @param req Request to authenticate.
* @return Authentication subject context.
* @throws IgniteCheckedException If authentication failed.
*/
private SecurityContext authenticate(GridRestRequest req, Session ses) throws IgniteCheckedException {
assert req.clientId() != null;
AuthenticationContext authCtx = new AuthenticationContext();
authCtx.subjectType(REMOTE_CLIENT);
authCtx.subjectId(req.clientId());
authCtx.nodeAttributes(req.userAttributes());
authCtx.address(req.address());
authCtx.certificates(req.certificates());
SecurityCredentials creds = credentials(req);
if (creds.getLogin() == null) {
SecurityCredentials sesCreds = ses.creds;
if (sesCreds != null)
creds = ses.creds;
} else
ses.creds = creds;
authCtx.credentials(creds);
SecurityContext subjCtx = ctx.security().authenticate(authCtx);
ses.lastInvalidateTime.set(U.currentTimeMillis());
if (subjCtx == null) {
if (req.credentials() == null)
throw new IgniteCheckedException("Failed to authenticate remote client (secure session SPI not set?): " + req);
throw new IgniteCheckedException("Failed to authenticate remote client (invalid credentials?): " + req);
}
return subjCtx;
}
Also used :
SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials)
AuthenticationContext(org.apache.ignite.plugin.security.AuthenticationContext)
IgniteCheckedException(org.apache.ignite.IgniteCheckedException)
OperationSecurityContext(org.apache.ignite.internal.processors.security.OperationSecurityContext)
SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext)
Example 5 with SecurityCredentials
use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.
the class GridRestProcessor method credentials.
/**
* Extract credentials from request.
*
* @param req Request.
* @return Security credentials.
*/
private SecurityCredentials credentials(GridRestRequest req) {
Object creds = req.credentials();
if (creds instanceof SecurityCredentials)
return (SecurityCredentials) creds;
if (creds instanceof String) {
String credStr = (String) creds;
int idx = credStr.indexOf(':');
return idx >= 0 && idx < credStr.length() ? new SecurityCredentials(credStr.substring(0, idx), credStr.substring(idx + 1)) : new SecurityCredentials(credStr, null);
}
SecurityCredentials cred = new SecurityCredentials();
cred.setUserObject(creds);
return cred;
}
Also used :
SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials)
Aggregations
SecurityCredentials (org.apache.ignite.plugin.security.SecurityCredentials)21
IgniteCheckedException (org.apache.ignite.IgniteCheckedException)8
SecurityCredentialsBasicProvider (org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider)5
ClusterNode (org.apache.ignite.cluster.ClusterNode)4
SecurityContext (org.apache.ignite.internal.processors.security.SecurityContext)4
IgniteSpiException (org.apache.ignite.spi.IgniteSpiException)4
ArrayList (java.util.ArrayList)3
List (java.util.List)3
UUID (java.util.UUID)3
IgniteClientDisconnectedException (org.apache.ignite.IgniteClientDisconnectedException)3
IgniteException (org.apache.ignite.IgniteException)3
IgniteInterruptedException (org.apache.ignite.IgniteInterruptedException)3
DiscoveryEvent (org.apache.ignite.events.DiscoveryEvent)3
IgniteClientDisconnectedCheckedException (org.apache.ignite.internal.IgniteClientDisconnectedCheckedException)3
IgniteKernal (org.apache.ignite.internal.IgniteKernal)3
GridClient (org.apache.ignite.internal.client.GridClient)3
GridClientConfiguration (org.apache.ignite.internal.client.GridClientConfiguration)3
AuthenticationContext (org.apache.ignite.plugin.security.AuthenticationContext)3
Map (java.util.Map)2
CopyOnWriteArrayList (java.util.concurrent.CopyOnWriteArrayList)2
