Search in sources :

Example 6 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class CacheEventSecurityContextTest method testGridClient.

/**
 * Tests cache event security context in case operation is initiated from the {@link GridClient}.
 */
@Test
public void testGridClient() throws Exception {
    Assume.assumeTrue(txIsolation == null && txConcurrency == null);
    operationInitiatorLogin = "grid_client";
    GridClientConfiguration cfg = new GridClientConfiguration().setServers(singletonList("127.0.0.1:11211")).setDataConfigurations(singletonList(new GridClientDataConfiguration().setName(cacheName))).setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials(operationInitiatorLogin, "")));
    try (GridClient cli = GridClientFactory.start(cfg)) {
        GridClientData cache = cli.data(cacheName);
        checkEvents(k -> cache.put(k, "val"), false, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.putAsync(k, "val").get(), false, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.putAll(singletonMap(k, "val")), false, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.putAllAsync(singletonMap(k, "val")).get(), false, EVT_CACHE_OBJECT_PUT);
        checkEvents(cache::remove, true, EVT_CACHE_OBJECT_REMOVED);
        checkEvents(k -> cache.removeAsync(k).get(), true, EVT_CACHE_OBJECT_REMOVED);
        checkEvents(k -> cache.removeAll(of(k)), true, EVT_CACHE_OBJECT_REMOVED);
        checkEvents(k -> cache.removeAllAsync(of(k)).get(), true, EVT_CACHE_OBJECT_REMOVED);
        checkEvents(cache::get, true, EVT_CACHE_OBJECT_READ);
        checkEvents(k -> cache.getAsync(k).get(), true, EVT_CACHE_OBJECT_READ);
        checkEvents(k -> cache.getAll(of(k)), true, EVT_CACHE_OBJECT_READ);
        checkEvents(k -> cache.getAllAsync(of(k)).get(), true, EVT_CACHE_OBJECT_READ);
        checkEvents(k -> cache.replace(k, "val"), true, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.replaceAsync(k, "val").get(), true, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.append(k, "val"), true, EVT_CACHE_OBJECT_READ, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.appendAsync(k, "val").get(), true, EVT_CACHE_OBJECT_READ, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.prepend(k, "val"), true, EVT_CACHE_OBJECT_READ, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.prependAsync(k, "val").get(), true, EVT_CACHE_OBJECT_READ, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.cas(k, "new_val", "val"), true, EVT_CACHE_OBJECT_PUT);
        checkEvents(k -> cache.casAsync(k, "new_val", "val").get(), true, EVT_CACHE_OBJECT_PUT);
    }
}
Also used : SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials) GridClientData(org.apache.ignite.internal.client.GridClientData) GridClient(org.apache.ignite.internal.client.GridClient) SecurityCredentialsBasicProvider(org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider) GridClientConfiguration(org.apache.ignite.internal.client.GridClientConfiguration) GridClientDataConfiguration(org.apache.ignite.internal.client.GridClientDataConfiguration) Test(org.junit.Test)

Example 7 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class GridDiscoveryManager method start.

/**
 * {@inheritDoc}
 */
@Override
public void start() throws IgniteCheckedException {
    ctx.addNodeAttribute(ATTR_OFFHEAP_SIZE, requiredOffheap());
    ctx.addNodeAttribute(ATTR_DATA_REGIONS_OFFHEAP_SIZE, configuredOffheap());
    DiscoverySpi spi = getSpi();
    discoOrdered = discoOrdered();
    histSupported = historySupported();
    isLocDaemon = ctx.isDaemon();
    hasRslvrs = !ctx.config().isClientMode() && !F.isEmpty(ctx.config().getSegmentationResolvers());
    segChkFreq = ctx.config().getSegmentCheckFrequency();
    if (hasRslvrs) {
        if (segChkFreq < 0)
            throw new IgniteCheckedException("Segment check frequency cannot be negative: " + segChkFreq);
        if (segChkFreq > 0 && segChkFreq < 2000)
            U.warn(log, "Configuration parameter 'segmentCheckFrequency' is too low " + "(at least 2000 ms recommended): " + segChkFreq);
        int segResAttemp = ctx.config().getSegmentationResolveAttempts();
        if (segResAttemp < 1)
            throw new IgniteCheckedException("Segment resolve attempts cannot be negative or zero: " + segResAttemp);
        checkSegmentOnStart();
    }
    spi.setMetricsProvider(createMetricsProvider());
    if (ctx.security().enabled()) {
        if (isSecurityCompatibilityMode())
            ctx.addNodeAttribute(ATTR_SECURITY_COMPATIBILITY_MODE, true);
        spi.setAuthenticator(new DiscoverySpiNodeAuthenticator() {

            @Override
            public SecurityContext authenticateNode(ClusterNode node, SecurityCredentials cred) {
                try {
                    return ctx.security().authenticateNode(node, cred);
                } catch (IgniteCheckedException e) {
                    throw U.convertException(e);
                }
            }

            @Override
            public boolean isGlobalNodeAuthentication() {
                return ctx.security().isGlobalNodeAuthentication();
            }
        });
    }
    if (ctx.config().getCommunicationFailureResolver() != null)
        ctx.resource().injectGeneric(ctx.config().getCommunicationFailureResolver());
    // Shared reference between DiscoverySpiListener and DiscoverySpiDataExchange.
    AtomicReference<IgniteFuture<?>> lastStateChangeEvtLsnrFutRef = new AtomicReference<>();
    spi.setListener(new DiscoverySpiListener() {

        private long gridStartTime;

        private final Marshaller marshaller = MarshallerUtils.jdkMarshaller(ctx.igniteInstanceName());

        /**
         * {@inheritDoc}
         */
        @Override
        public void onLocalNodeInitialized(ClusterNode locNode) {
            for (IgniteInClosure<ClusterNode> lsnr : locNodeInitLsnrs) lsnr.apply(locNode);
            if (locNode instanceof IgniteClusterNode) {
                final IgniteClusterNode node = (IgniteClusterNode) locNode;
                if (consistentId != null)
                    node.setConsistentId(consistentId);
            }
        }

        /**
         * {@inheritDoc}
         */
        @Override
        public IgniteFuture<?> onDiscovery(DiscoveryNotification notification) {
            GridFutureAdapter<?> notificationFut = new GridFutureAdapter<>();
            discoNtfWrk.submit(notificationFut, ctx.security().enabled() ? new SecurityAwareNotificationTask(notification) : new NotificationTask(notification));
            IgniteFuture<?> fut = new IgniteFutureImpl<>(notificationFut);
            // TODO could be optimized with more specific conditions.
            switch(notification.type()) {
                case EVT_NODE_JOINED:
                case EVT_NODE_LEFT:
                case EVT_NODE_FAILED:
                    if (!CU.isPersistenceEnabled(ctx.config()))
                        lastStateChangeEvtLsnrFutRef.set(fut);
                    break;
                case EVT_DISCOVERY_CUSTOM_EVT:
                    lastStateChangeEvtLsnrFutRef.set(fut);
            }
            return fut;
        }

        /**
         * @param notification Notification.
         */
        private void onDiscovery0(DiscoveryNotification notification) {
            int type = notification.type();
            ClusterNode node = notification.getNode();
            long topVer = notification.getTopVer();
            DiscoveryCustomMessage customMsg = notification.getCustomMsgData() == null ? null : ((CustomMessageWrapper) notification.getCustomMsgData()).delegate();
            if (skipMessage(notification.type(), customMsg))
                return;
            final ClusterNode locNode = localNode();
            if (notification.getTopHist() != null)
                topHist = notification.getTopHist();
            boolean verChanged;
            if (type == EVT_NODE_METRICS_UPDATED)
                verChanged = false;
            else {
                if (type != EVT_NODE_SEGMENTED && type != EVT_CLIENT_NODE_DISCONNECTED && type != EVT_CLIENT_NODE_RECONNECTED && type != EVT_DISCOVERY_CUSTOM_EVT) {
                    minorTopVer = 0;
                    verChanged = true;
                } else
                    verChanged = false;
            }
            if (type == EVT_NODE_FAILED || type == EVT_NODE_LEFT) {
                for (DiscoCache c : discoCacheHist.values()) c.updateAlives(node);
                updateClientNodes(node.id());
            }
            boolean locJoinEvt = type == EVT_NODE_JOINED && node.id().equals(locNode.id());
            ChangeGlobalStateFinishMessage stateFinishMsg = null;
            if (type == EVT_NODE_FAILED || type == EVT_NODE_LEFT)
                stateFinishMsg = ctx.state().onNodeLeft(node);
            final AffinityTopologyVersion nextTopVer;
            if (type == EVT_DISCOVERY_CUSTOM_EVT) {
                assert customMsg != null;
                boolean incMinorTopVer;
                if (customMsg instanceof ChangeGlobalStateMessage) {
                    incMinorTopVer = ctx.state().onStateChangeMessage(new AffinityTopologyVersion(topVer, minorTopVer), (ChangeGlobalStateMessage) customMsg, discoCache());
                } else if (customMsg instanceof ChangeGlobalStateFinishMessage) {
                    ctx.state().onStateFinishMessage((ChangeGlobalStateFinishMessage) customMsg);
                    Snapshot snapshot = topSnap.get();
                    // Topology version does not change, but need create DiscoCache with new state.
                    DiscoCache discoCache = snapshot.discoCache.copy(snapshot.topVer, ctx.state().clusterState());
                    topSnap.set(new Snapshot(snapshot.topVer, discoCache));
                    incMinorTopVer = false;
                } else {
                    incMinorTopVer = ctx.cache().onCustomEvent(customMsg, new AffinityTopologyVersion(topVer, minorTopVer), node);
                }
                if (incMinorTopVer) {
                    minorTopVer++;
                    verChanged = true;
                }
                nextTopVer = new AffinityTopologyVersion(topVer, minorTopVer);
                if (incMinorTopVer)
                    ctx.cache().onDiscoveryEvent(type, customMsg, node, nextTopVer, ctx.state().clusterState());
            } else {
                nextTopVer = new AffinityTopologyVersion(topVer, minorTopVer);
                ctx.cache().onDiscoveryEvent(type, customMsg, node, nextTopVer, ctx.state().clusterState());
            }
            DiscoCache discoCache;
            // event notifications, since SPI notifies manager about all events from this listener.
            if (verChanged) {
                Snapshot snapshot = topSnap.get();
                if (customMsg == null) {
                    discoCache = createDiscoCache(nextTopVer, ctx.state().clusterState(), locNode, notification.getTopSnapshot());
                } else if (customMsg instanceof ChangeGlobalStateMessage) {
                    discoCache = createDiscoCache(nextTopVer, ctx.state().pendingState((ChangeGlobalStateMessage) customMsg), locNode, notification.getTopSnapshot());
                } else
                    discoCache = customMsg.createDiscoCache(GridDiscoveryManager.this, nextTopVer, snapshot.discoCache);
                discoCacheHist.put(nextTopVer, discoCache);
                assert snapshot.topVer.compareTo(nextTopVer) < 0 : "Topology version out of order [this.topVer=" + topSnap + ", topVer=" + topVer + ", node=" + node + ", nextTopVer=" + nextTopVer + ", evt=" + U.gridEventName(type) + ']';
                topSnap.set(new Snapshot(nextTopVer, discoCache));
            } else
                // Current version.
                discoCache = discoCache();
            if (locJoinEvt || !node.isClient() && !node.isDaemon()) {
                if (type == EVT_NODE_LEFT || type == EVT_NODE_FAILED || type == EVT_NODE_JOINED) {
                    boolean discoCacheRecalculationRequired = ctx.state().autoAdjustInMemoryClusterState(node.id(), notification.getTopSnapshot(), discoCache, topVer, minorTopVer);
                    if (discoCacheRecalculationRequired) {
                        discoCache = createDiscoCache(nextTopVer, ctx.state().clusterState(), locNode, notification.getTopSnapshot());
                        discoCacheHist.put(nextTopVer, discoCache);
                        topSnap.set(new Snapshot(nextTopVer, discoCache));
                    }
                }
            }
            if (type == EVT_DISCOVERY_CUSTOM_EVT) {
                for (Class cls = customMsg.getClass(); cls != null; cls = cls.getSuperclass()) {
                    List<CustomEventListener<DiscoveryCustomMessage>> list = customEvtLsnrs.get(cls);
                    if (list != null) {
                        for (CustomEventListener<DiscoveryCustomMessage> lsnr : list) {
                            try {
                                lsnr.onCustomEvent(nextTopVer, node, customMsg);
                            } catch (Exception e) {
                                U.error(log, "Failed to notify direct custom event listener: " + customMsg, e);
                            }
                        }
                    }
                }
            }
            SecurityContext secCtx = remoteSecurityContext(ctx);
            // If this is a local join event, just save it and do not notify listeners.
            if (locJoinEvt) {
                if (gridStartTime == 0)
                    gridStartTime = getSpi().getGridStartTime();
                topSnap.set(new Snapshot(nextTopVer, discoCache));
                startLatch.countDown();
                DiscoveryEvent discoEvt = new DiscoveryEvent();
                discoEvt.node(ctx.discovery().localNode());
                discoEvt.eventNode(node);
                discoEvt.type(EVT_NODE_JOINED);
                discoEvt.topologySnapshot(topVer, new ArrayList<>(F.view(notification.getTopSnapshot(), FILTER_NOT_DAEMON)));
                if (notification.getSpanContainer() != null)
                    discoEvt.span(notification.getSpanContainer().span());
                discoWrk.discoCache = discoCache;
                if (!ctx.clientDisconnected()) {
                    // The security processor must be notified first, since {@link IgniteSecurity#onLocalJoin}
                    // finishes local node security context initialization that can be demanded by other Ignite
                    // components.
                    ctx.security().onLocalJoin();
                    if (!isLocDaemon) {
                        ctx.cache().context().versions().onLocalJoin(topVer);
                        ctx.cache().context().coordinators().onLocalJoin(discoEvt, discoCache);
                        ctx.cache().context().exchange().onLocalJoin(discoEvt, discoCache);
                        ctx.service().onLocalJoin(discoEvt, discoCache);
                        ctx.encryption().onLocalJoin();
                        ctx.cluster().onLocalJoin();
                    }
                }
                IgniteInternalFuture<Boolean> transitionWaitFut = ctx.state().onLocalJoin(discoCache);
                locJoin.onDone(new DiscoveryLocalJoinData(discoEvt, discoCache, transitionWaitFut, ctx.state().clusterState().active()));
                return;
            } else if (type == EVT_CLIENT_NODE_DISCONNECTED) {
                assert locNode.isClient() : locNode;
                assert node.isClient() : node;
                ((IgniteKernal) ctx.grid()).onDisconnected();
                if (!locJoin.isDone())
                    locJoin.onDone(new IgniteCheckedException("Node disconnected"));
                locJoin = new GridFutureAdapter<>();
                registeredCaches.clear();
                registeredCacheGrps.clear();
                for (AffinityTopologyVersion histVer : discoCacheHist.keySet()) {
                    Object rmvd = discoCacheHist.remove(histVer);
                    assert rmvd != null : histVer;
                }
                topHist.clear();
                topSnap.set(new Snapshot(AffinityTopologyVersion.ZERO, createDiscoCache(AffinityTopologyVersion.ZERO, ctx.state().clusterState(), locNode, Collections.singleton(locNode))));
            } else if (type == EVT_CLIENT_NODE_RECONNECTED) {
                assert locNode.isClient() : locNode;
                assert node.isClient() : node;
                ctx.security().onLocalJoin();
                boolean clusterRestarted = gridStartTime != getSpi().getGridStartTime();
                gridStartTime = getSpi().getGridStartTime();
                ((IgniteKernal) ctx.grid()).onReconnected(clusterRestarted);
                ctx.cache().context().coordinators().onLocalJoin(localJoinEvent(), discoCache);
                ctx.cache().context().exchange().onLocalJoin(localJoinEvent(), discoCache);
                ctx.service().onLocalJoin(localJoinEvent(), discoCache);
                DiscoCache discoCache0 = discoCache;
                ctx.cluster().clientReconnectFuture().listen(new CI1<IgniteFuture<?>>() {

                    @Override
                    public void apply(IgniteFuture<?> fut) {
                        try {
                            fut.get();
                            discoWrk.addEvent(new NotificationEvent(EVT_CLIENT_NODE_RECONNECTED, nextTopVer, node, discoCache0, notification.getTopSnapshot(), null, notification.getSpanContainer(), secCtx));
                        } catch (IgniteException ignore) {
                        // No-op.
                        }
                    }
                });
                return;
            }
            if (type == EVT_CLIENT_NODE_DISCONNECTED || type == EVT_NODE_SEGMENTED || !ctx.clientDisconnected())
                discoWrk.addEvent(new NotificationEvent(type, nextTopVer, node, discoCache, notification.getTopSnapshot(), customMsg, notification.getSpanContainer(), secCtx));
            if (stateFinishMsg != null)
                discoWrk.addEvent(new NotificationEvent(EVT_DISCOVERY_CUSTOM_EVT, nextTopVer, node, discoCache, notification.getTopSnapshot(), stateFinishMsg, notification.getSpanContainer(), secCtx));
            if (type == EVT_CLIENT_NODE_DISCONNECTED)
                discoWrk.awaitDisconnectEvent();
        }

        /**
         * Extends {@link NotificationTask} to run in a security context owned by the initiator of the
         * discovery event.
         */
        class SecurityAwareNotificationTask extends NotificationTask {

            /**
             */
            public SecurityAwareNotificationTask(DiscoveryNotification notification) {
                super(notification);
            }

            /**
             */
            @Override
            public void run() {
                DiscoverySpiCustomMessage customMsg = notification.getCustomMsgData();
                if (customMsg instanceof SecurityAwareCustomMessageWrapper) {
                    UUID secSubjId = ((SecurityAwareCustomMessageWrapper) customMsg).securitySubjectId();
                    try (OperationSecurityContext ignored = ctx.security().withContext(secSubjId)) {
                        super.run();
                    }
                } else {
                    SecurityContext initiatorNodeSecCtx = nodeSecurityContext(marshaller, U.resolveClassLoader(ctx.config()), notification.getNode());
                    try (OperationSecurityContext ignored = ctx.security().withContext(initiatorNodeSecCtx)) {
                        super.run();
                    }
                }
            }
        }

        /**
         * Represents task to handle discovery notification asynchronously.
         */
        class NotificationTask implements Runnable {

            /**
             */
            protected final DiscoveryNotification notification;

            /**
             */
            public NotificationTask(DiscoveryNotification notification) {
                this.notification = notification;
            }

            /**
             * {@inheritDoc}
             */
            @Override
            public void run() {
                synchronized (discoEvtMux) {
                    onDiscovery0(notification);
                }
            }
        }
    });
    spi.setDataExchange(new DiscoverySpiDataExchange() {

        @Override
        public DiscoveryDataBag collect(DiscoveryDataBag dataBag) {
            assert dataBag != null;
            assert dataBag.joiningNodeId() != null;
            if (ctx.localNodeId().equals(dataBag.joiningNodeId())) {
                for (GridComponent c : ctx.components()) c.collectJoiningNodeData(dataBag);
            } else {
                waitForLastStateChangeEventFuture();
                for (GridComponent c : ctx.components()) c.collectGridNodeData(dataBag);
            }
            return dataBag;
        }

        @Override
        public void onExchange(DiscoveryDataBag dataBag) {
            assert dataBag != null;
            assert dataBag.joiningNodeId() != null;
            if (ctx.localNodeId().equals(dataBag.joiningNodeId())) {
                // NodeAdded msg reached joining node after round-trip over the ring.
                IGridClusterStateProcessor stateProc = ctx.state();
                stateProc.onGridDataReceived(dataBag.gridDiscoveryData(stateProc.discoveryDataType().ordinal()));
                for (GridComponent c : ctx.components()) {
                    if (c.discoveryDataType() != null && c != stateProc)
                        c.onGridDataReceived(dataBag.gridDiscoveryData(c.discoveryDataType().ordinal()));
                }
            } else {
                // Discovery data from newly joined node has to be applied to the current old node.
                IGridClusterStateProcessor stateProc = ctx.state();
                JoiningNodeDiscoveryData data0 = dataBag.newJoinerDiscoveryData(stateProc.discoveryDataType().ordinal());
                assert data0 != null;
                stateProc.onJoiningNodeDataReceived(data0);
                for (GridComponent c : ctx.components()) {
                    if (c.discoveryDataType() != null && c != stateProc) {
                        JoiningNodeDiscoveryData data = dataBag.newJoinerDiscoveryData(c.discoveryDataType().ordinal());
                        if (data != null)
                            c.onJoiningNodeDataReceived(data);
                    }
                }
            }
        }

        /**
         */
        private void waitForLastStateChangeEventFuture() {
            IgniteFuture<?> lastStateChangeEvtLsnrFut = lastStateChangeEvtLsnrFutRef.get();
            if (lastStateChangeEvtLsnrFut != null) {
                Thread currThread = Thread.currentThread();
                GridWorker worker = currThread instanceof IgniteDiscoveryThread ? ((IgniteDiscoveryThread) currThread).worker() : null;
                if (worker != null)
                    worker.blockingSectionBegin();
                try {
                    lastStateChangeEvtLsnrFut.get();
                } finally {
                    // Guaranteed to be invoked in the same thread as DiscoverySpiListener#onDiscovery.
                    // No additional synchronization for reference is required.
                    lastStateChangeEvtLsnrFutRef.set(null);
                    if (worker != null)
                        worker.blockingSectionEnd();
                }
            }
        }
    });
    new DiscoveryMessageNotifierThread(discoNtfWrk).start();
    startSpi();
    registeredDiscoSpi = true;
    try {
        U.await(startLatch);
    } catch (IgniteInterruptedException e) {
        throw new IgniteCheckedException("Failed to start discovery manager (thread has been interrupted).", e);
    }
    // Start segment check worker only if frequency is greater than 0.
    if (hasRslvrs && segChkFreq > 0) {
        segChkWrk = new SegmentCheckWorker();
        segChkThread = new IgniteThread(segChkWrk);
        segChkThread.setUncaughtExceptionHandler(new OomExceptionHandler(ctx));
        segChkThread.start();
    }
    locNode = spi.getLocalNode();
    checkAttributes(discoCache().remoteNodes());
    // Start discovery worker.
    new IgniteThread(discoWrk).start();
    if (log.isDebugEnabled())
        log.debug(startInfo());
}
Also used : CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList) ArrayList(java.util.ArrayList) CI1(org.apache.ignite.internal.util.typedef.CI1) IgniteInternalFuture(org.apache.ignite.internal.IgniteInternalFuture) IgniteCheckedException(org.apache.ignite.IgniteCheckedException) IgniteException(org.apache.ignite.IgniteException) GridFutureAdapter(org.apache.ignite.internal.util.future.GridFutureAdapter) CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList) ArrayList(java.util.ArrayList) List(java.util.List) UUID(java.util.UUID) OperationSecurityContext(org.apache.ignite.internal.processors.security.OperationSecurityContext) ClusterNode(org.apache.ignite.cluster.ClusterNode) AffinityTopologyVersion(org.apache.ignite.internal.processors.affinity.AffinityTopologyVersion) DiscoverySpiNodeAuthenticator(org.apache.ignite.spi.discovery.DiscoverySpiNodeAuthenticator) IgniteInterruptedException(org.apache.ignite.IgniteInterruptedException) IgniteDiscoveryThread(org.apache.ignite.spi.discovery.IgniteDiscoveryThread) SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials) DiscoverySpiDataExchange(org.apache.ignite.spi.discovery.DiscoverySpiDataExchange) IgniteThread(org.apache.ignite.thread.IgniteThread) OomExceptionHandler(org.apache.ignite.thread.OomExceptionHandler) GridComponent(org.apache.ignite.internal.GridComponent) IgniteFuture(org.apache.ignite.lang.IgniteFuture) DiscoveryEvent(org.apache.ignite.events.DiscoveryEvent) JoiningNodeDiscoveryData(org.apache.ignite.spi.discovery.DiscoveryDataBag.JoiningNodeDiscoveryData) DiscoveryDataBag(org.apache.ignite.spi.discovery.DiscoveryDataBag) IGridClusterStateProcessor(org.apache.ignite.internal.processors.cluster.IGridClusterStateProcessor) IgniteKernal(org.apache.ignite.internal.IgniteKernal) Marshaller(org.apache.ignite.marshaller.Marshaller) ChangeGlobalStateMessage(org.apache.ignite.internal.processors.cluster.ChangeGlobalStateMessage) AtomicReference(java.util.concurrent.atomic.AtomicReference) DiscoverySpiListener(org.apache.ignite.spi.discovery.DiscoverySpiListener) GridWorker(org.apache.ignite.internal.util.worker.GridWorker) IgniteClientDisconnectedException(org.apache.ignite.IgniteClientDisconnectedException) IgniteCheckedException(org.apache.ignite.IgniteCheckedException) IgniteSpiException(org.apache.ignite.spi.IgniteSpiException) IgniteInterruptedException(org.apache.ignite.IgniteInterruptedException) IgniteInterruptedCheckedException(org.apache.ignite.internal.IgniteInterruptedCheckedException) IgniteClientDisconnectedCheckedException(org.apache.ignite.internal.IgniteClientDisconnectedCheckedException) IgniteException(org.apache.ignite.IgniteException) NodeStoppingException(org.apache.ignite.internal.NodeStoppingException) IgniteThread(org.apache.ignite.thread.IgniteThread) IgniteDiscoveryThread(org.apache.ignite.spi.discovery.IgniteDiscoveryThread) DiscoverySpiCustomMessage(org.apache.ignite.spi.discovery.DiscoverySpiCustomMessage) DiscoverySpi(org.apache.ignite.spi.discovery.DiscoverySpi) TcpDiscoverySpi(org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi) SecurityContext(org.apache.ignite.internal.processors.security.SecurityContext) SecurityUtils.remoteSecurityContext(org.apache.ignite.internal.processors.security.SecurityUtils.remoteSecurityContext) SecurityUtils.withRemoteSecurityContext(org.apache.ignite.internal.processors.security.SecurityUtils.withRemoteSecurityContext) OperationSecurityContext(org.apache.ignite.internal.processors.security.OperationSecurityContext) SecurityUtils.nodeSecurityContext(org.apache.ignite.internal.processors.security.SecurityUtils.nodeSecurityContext) IgniteInClosure(org.apache.ignite.lang.IgniteInClosure) DiscoveryNotification(org.apache.ignite.spi.discovery.DiscoveryNotification) ChangeGlobalStateFinishMessage(org.apache.ignite.internal.processors.cluster.ChangeGlobalStateFinishMessage)

Example 8 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class ClientListenerAbstractConnectionContext method authenticate.

/**
 * Perform authentication.
 *
 * @throws IgniteCheckedException If failed.
 */
protected void authenticate(GridNioSession ses, String user, String pwd) throws IgniteCheckedException {
    if (!ctx.security().enabled())
        return;
    SecurityCredentials cred = new SecurityCredentials(user, pwd);
    AuthenticationContext authCtx = new AuthenticationContext();
    authCtx.subjectType(REMOTE_CLIENT);
    authCtx.subjectId(UUID.randomUUID());
    authCtx.nodeAttributes(F.isEmpty(userAttrs) ? Collections.emptyMap() : userAttrs);
    authCtx.credentials(cred);
    authCtx.address(ses.remoteAddress());
    authCtx.certificates(ses.certificates());
    secCtx = ctx.security().authenticate(authCtx);
    if (secCtx == null) {
        throw new IgniteAccessControlException(String.format("The user name or password is incorrect [userName=%s]", user));
    }
}
Also used : SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials) AuthenticationContext(org.apache.ignite.plugin.security.AuthenticationContext) IgniteAccessControlException(org.apache.ignite.internal.processors.authentication.IgniteAccessControlException)

Example 9 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class AuthenticationProcessorSelfTest method authenticate.

/**
 * Authenticates user on the specified node.
 */
public static SecurityContext authenticate(IgniteEx ignite, String login, String pwd) throws IgniteCheckedException {
    AuthenticationContext authCtx = new AuthenticationContext();
    authCtx.credentials(new SecurityCredentials(login, pwd));
    authCtx.subjectType(REMOTE_CLIENT);
    return ignite.context().security().authenticate(authCtx);
}
Also used : SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials) AuthenticationContext(org.apache.ignite.plugin.security.AuthenticationContext)

Example 10 with SecurityCredentials

use of org.apache.ignite.plugin.security.SecurityCredentials in project ignite by apache.

the class ComputeTaskRemoteSecurityContextTest method testGridClient.

/**
 * Tests task execution security context in case task was initiated from the {@link GridClient}.
 */
@Test
public void testGridClient() throws Exception {
    Assume.assumeFalse(failWithTimeout);
    String login = "grid_client";
    GridClientConfiguration cfg = new GridClientConfiguration().setServers(singletonList("127.0.0.1:11211")).setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(new SecurityCredentials(login, "")));
    try (GridClient cli = GridClientFactory.start(cfg)) {
        GridClientNode taskReqRecipient = cli.compute().nodes().stream().filter(n -> "crd".equals(n.attribute(ATTR_IGNITE_INSTANCE_NAME))).findFirst().orElseThrow(NoSuchElementException::new);
        GridClientCompute comp = cli.compute().projection(taskReqRecipient);
        String taskName = mapAsync ? MapAsyncTestTask.class.getName() : TestTask.class.getName();
        if (async)
            comp.executeAsync(taskName, login).get();
        else
            comp.execute(taskName, login);
        checkTaskEvents("crd", login, REDUCER_SUCCEEDED_TASK_EVENTS, MAP_NODE_SUCCEEDED_TASK_EVENTS);
    }
}
Also used : GridClientNode(org.apache.ignite.internal.client.GridClientNode) GridClientCompute(org.apache.ignite.internal.client.GridClientCompute) SecurityCredentials(org.apache.ignite.plugin.security.SecurityCredentials) GridClient(org.apache.ignite.internal.client.GridClient) SecurityCredentialsBasicProvider(org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider) GridClientConfiguration(org.apache.ignite.internal.client.GridClientConfiguration) NoSuchElementException(java.util.NoSuchElementException) Test(org.junit.Test)

Aggregations

SecurityCredentials (org.apache.ignite.plugin.security.SecurityCredentials)21 IgniteCheckedException (org.apache.ignite.IgniteCheckedException)8 SecurityCredentialsBasicProvider (org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider)5 ClusterNode (org.apache.ignite.cluster.ClusterNode)4 SecurityContext (org.apache.ignite.internal.processors.security.SecurityContext)4 IgniteSpiException (org.apache.ignite.spi.IgniteSpiException)4 ArrayList (java.util.ArrayList)3 List (java.util.List)3 UUID (java.util.UUID)3 IgniteClientDisconnectedException (org.apache.ignite.IgniteClientDisconnectedException)3 IgniteException (org.apache.ignite.IgniteException)3 IgniteInterruptedException (org.apache.ignite.IgniteInterruptedException)3 DiscoveryEvent (org.apache.ignite.events.DiscoveryEvent)3 IgniteClientDisconnectedCheckedException (org.apache.ignite.internal.IgniteClientDisconnectedCheckedException)3 IgniteKernal (org.apache.ignite.internal.IgniteKernal)3 GridClient (org.apache.ignite.internal.client.GridClient)3 GridClientConfiguration (org.apache.ignite.internal.client.GridClientConfiguration)3 AuthenticationContext (org.apache.ignite.plugin.security.AuthenticationContext)3 Map (java.util.Map)2 CopyOnWriteArrayList (java.util.concurrent.CopyOnWriteArrayList)2